Diff
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (258193 => 258194)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2020-03-10 11:27:15 UTC (rev 258194)
@@ -1,3 +1,34 @@
+2020-03-10 Rob Buis <[email protected]>
+
+ Align with Origin header changes
+ https://bugs.webkit.org/show_bug.cgi?id=199261
+
+ Reviewed by Darin Adler.
+
+ Import fetch/origin tests.
+
+ * resources/import-expectations.json:
+ * web-platform-tests/fetch/origin/assorted.window-expected.txt: Added.
+ * web-platform-tests/fetch/origin/assorted.window.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.html.
+ * web-platform-tests/fetch/origin/assorted.window.js: Added.
+ (promise_test.async const):
+ (promise_test):
+ (await.new.Promise):
+ (async const):
+ (navigationReferrerPolicy):
+ (fetchReferrerPolicy):
+ (referrerPolicyTestString):
+ * web-platform-tests/fetch/origin/no-cors.any-expected.txt: Removed.
+ * web-platform-tests/fetch/origin/no-cors.any.js: Removed.
+ * web-platform-tests/fetch/origin/no-cors.any.worker-expected.txt: Removed.
+ * web-platform-tests/fetch/origin/no-cors.any.worker.html: Removed.
+ * web-platform-tests/fetch/origin/resources/redirect-and-stash.py:
+ (main):
+ * web-platform-tests/fetch/origin/resources/referrer-policy.py: Added.
+ (main):
+ * web-platform-tests/fetch/origin/resources/w3c-import.log:
+ * web-platform-tests/fetch/origin/w3c-import.log:
+
2020-03-09 Rob Buis <[email protected]>
Fix WPT test redirect-mode.any.html
Modified: trunk/LayoutTests/imported/w3c/resources/import-expectations.json (258193 => 258194)
--- trunk/LayoutTests/imported/w3c/resources/import-expectations.json 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/LayoutTests/imported/w3c/resources/import-expectations.json 2020-03-10 11:27:15 UTC (rev 258194)
@@ -178,6 +178,7 @@
"web-platform-tests/fetch": "import",
"web-platform-tests/fetch/api": "import",
"web-platform-tests/fetch/api/cors": "import",
+ "web-platform-tests/fetch/origin": "import",
"web-platform-tests/fetch/range": "import",
"web-platform-tests/fetch/stale-while-revalidate": "import",
"web-platform-tests/fullscreen": "skip",
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/assorted.window-expected.txt (0 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/assorted.window-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/assorted.window-expected.txt 2020-03-10 11:27:15 UTC (rev 258194)
@@ -0,0 +1,35 @@
+
+FAIL Origin header and 308 redirect assert_equals: expected "null" but got "no Origin header"
+PASS Origin header and GET navigation
+FAIL Origin header and POST navigation assert_equals: expected "null" but got "no Origin header"
+PASS Origin header and POST same-origin navigation with Referrer-Policy no-referrer
+PASS Origin header and POST same-origin fetch no-cors mode with Referrer-Policy no-referrer
+PASS Origin header and POST same-origin fetch cors mode with Referrer-Policy no-referrer
+PASS Origin header and POST cross-origin navigation with Referrer-Policy no-referrer
+PASS Origin header and POST cross-origin fetch no-cors mode with Referrer-Policy no-referrer
+PASS Origin header and POST cross-origin fetch cors mode with Referrer-Policy no-referrer
+PASS Origin header and POST same-origin navigation with Referrer-Policy same-origin
+PASS Origin header and POST same-origin fetch no-cors mode with Referrer-Policy same-origin
+PASS Origin header and POST same-origin fetch cors mode with Referrer-Policy same-origin
+PASS Origin header and POST cross-origin navigation with Referrer-Policy same-origin
+PASS Origin header and POST cross-origin fetch no-cors mode with Referrer-Policy same-origin
+PASS Origin header and POST cross-origin fetch cors mode with Referrer-Policy same-origin
+PASS Origin header and POST same-origin navigation with Referrer-Policy origin-when-cross-origin
+PASS Origin header and POST same-origin fetch no-cors mode with Referrer-Policy origin-when-cross-origin
+PASS Origin header and POST same-origin fetch cors mode with Referrer-Policy origin-when-cross-origin
+PASS Origin header and POST cross-origin navigation with Referrer-Policy origin-when-cross-origin
+PASS Origin header and POST cross-origin fetch no-cors mode with Referrer-Policy origin-when-cross-origin
+PASS Origin header and POST cross-origin fetch cors mode with Referrer-Policy origin-when-cross-origin
+PASS Origin header and POST same-origin navigation with Referrer-Policy no-referrer-when-downgrade
+PASS Origin header and POST same-origin fetch no-cors mode with Referrer-Policy no-referrer-when-downgrade
+PASS Origin header and POST same-origin fetch cors mode with Referrer-Policy no-referrer-when-downgrade
+PASS Origin header and POST cross-origin navigation with Referrer-Policy no-referrer-when-downgrade
+PASS Origin header and POST cross-origin fetch no-cors mode with Referrer-Policy no-referrer-when-downgrade
+PASS Origin header and POST cross-origin fetch cors mode with Referrer-Policy no-referrer-when-downgrade
+PASS Origin header and POST same-origin navigation with Referrer-Policy unsafe-url
+PASS Origin header and POST same-origin fetch no-cors mode with Referrer-Policy unsafe-url
+PASS Origin header and POST same-origin fetch cors mode with Referrer-Policy unsafe-url
+PASS Origin header and POST cross-origin navigation with Referrer-Policy unsafe-url
+PASS Origin header and POST cross-origin fetch no-cors mode with Referrer-Policy unsafe-url
+PASS Origin header and POST cross-origin fetch cors mode with Referrer-Policy unsafe-url
+
Copied: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/assorted.window.html (from rev 258191, trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.html) (0 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/assorted.window.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/assorted.window.html 2020-03-10 11:27:15 UTC (rev 258194)
@@ -0,0 +1 @@
+<!-- This file is required for WebKit test infrastructure to run the templated test -->
\ No newline at end of file
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/assorted.window.js (0 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/assorted.window.js (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/assorted.window.js 2020-03-10 11:27:15 UTC (rev 258194)
@@ -0,0 +1,202 @@
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+
+const origins = get_host_info();
+
+promise_test(async function () {
+ const stash = token(),
+ redirectPath = "/fetch/origin/resources/redirect-and-stash.py";
+
+ // Cross-origin -> same-origin will result in setting the tainted origin flag for the second
+ // request.
+ let url = "" + redirectPath + "?stash=" + stash;
+ url = "" + redirectPath + "?stash=" + stash + "&location=" + encodeURIComponent(url);
+
+ await fetch(url, { mode: "no-cors", method: "POST" });
+
+ const json = await (await fetch(redirectPath + "?dump&stash=" + stash)).json();
+
+ assert_equals(json[0], origins.HTTP_ORIGIN);
+ assert_equals(json[1], "null");
+}, "Origin header and 308 redirect");
+
+promise_test(async function () {
+ const stash = token(),
+ redirectPath = "/fetch/origin/resources/redirect-and-stash.py";
+
+ let url = "" + redirectPath + "?stash=" + stash;
+ url = "" + redirectPath + "?stash=" + stash + "&location=" + encodeURIComponent(url);
+
+ await new Promise(resolve => {
+ const frame = document.createElement("iframe");
+ frame.src = ""
+ frame._onload_ = () => {
+ resolve();
+ frame.remove();
+ }
+ document.body.appendChild(frame);
+ });
+
+ const json = await (await fetch(redirectPath + "?dump&stash=" + stash)).json();
+
+ assert_equals(json[0], "no Origin header");
+ assert_equals(json[1], "no Origin header");
+}, "Origin header and GET navigation");
+
+promise_test(async function () {
+ const stash = token(),
+ redirectPath = "/fetch/origin/resources/redirect-and-stash.py";
+
+ let url = "" + redirectPath + "?stash=" + stash;
+ url = "" + redirectPath + "?stash=" + stash + "&location=" + encodeURIComponent(url);
+
+ await new Promise(resolve => {
+ const frame = document.createElement("iframe");
+ self.addEventListener("message", e => {
+ if (e.data ="" "loaded") {
+ resolve();
+ frame.remove();
+ }
+ }, { once: true });
+ frame._onload_ = () => {
+ const doc = frame.contentDocument,
+ form = doc.body.appendChild(doc.createElement("form")),
+ submit = form.appendChild(doc.createElement("input"));
+ form.action = ""
+ form.method = "POST";
+ submit.type = "submit";
+ submit.click();
+ }
+ document.body.appendChild(frame);
+ });
+
+ const json = await (await fetch(redirectPath + "?dump&stash=" + stash)).json();
+
+ assert_equals(json[0], origins.HTTP_ORIGIN);
+ assert_equals(json[1], "null");
+}, "Origin header and POST navigation");
+
+function navigationReferrerPolicy(referrerPolicy, destination, expectedOrigin) {
+ return async function () {
+ const stash = token();
+ const referrerPolicyPath = "/fetch/origin/resources/referrer-policy.py";
+ const redirectPath = "/fetch/origin/resources/redirect-and-stash.py";
+
+ let postUrl =
+ (destination === "same-origin" ? origins.HTTP_ORIGIN
+ : origins.HTTP_REMOTE_ORIGIN) +
+ redirectPath + "?stash=" + stash;
+
+ await new Promise(resolve => {
+ const frame = document.createElement("iframe");
+ document.body.appendChild(frame);
+ frame.src = "" + referrerPolicyPath +
+ "?referrerPolicy=" + referrerPolicy;
+ self.addEventListener("message", function listener(e) {
+ if (e.data ="" "loaded") {
+ resolve();
+ frame.remove();
+ self.removeEventListener("message", listener);
+ } else if (e.data ="" "action") {
+ const doc = frame.contentDocument,
+ form = doc.body.appendChild(doc.createElement("form")),
+ submit = form.appendChild(doc.createElement("input"));
+ form.action = ""
+ form.method = "POST";
+ submit.type = "submit";
+ submit.click();
+ }
+ });
+ });
+
+ const json = await (await fetch(redirectPath + "?dump&stash=" + stash)).json();
+
+ assert_equals(json[0], expectedOrigin);
+ };
+}
+
+function fetchReferrerPolicy(referrerPolicy, destination, fetchMode, expectedOrigin) {
+ return async function () {
+ const stash = token();
+ const referrerPolicyPath = "/fetch/origin/resources/referrer-policy.py";
+ const redirectPath = "/fetch/origin/resources/redirect-and-stash.py";
+
+ let fetchUrl =
+ (destination === "same-origin" ? origins.HTTP_ORIGIN
+ : origins.HTTP_REMOTE_ORIGIN) +
+ redirectPath + "?stash=" + stash;
+
+ await fetch(fetchUrl, { mode: fetchMode, method: "POST" , "referrerPolicy": referrerPolicy});
+
+ const json = await (await fetch(redirectPath + "?dump&stash=" + stash)).json();
+
+ assert_equals(json[0], expectedOrigin);
+ };
+}
+
+function referrerPolicyTestString(referrerPolicy, destination) {
+ return "Origin header and POST " + destination + " with Referrer-Policy " +
+ referrerPolicy;
+}
+
+[
+ {
+ "policy": "no-referrer",
+ "expectedOriginForSameOrigin": "null",
+ "expectedOriginForCrossOrigin": "null"
+ },
+ {
+ "policy": "same-origin",
+ "expectedOriginForSameOrigin": origins.HTTP_ORIGIN,
+ "expectedOriginForCrossOrigin": "null"
+ },
+ {
+ "policy": "origin-when-cross-origin",
+ "expectedOriginForSameOrigin": origins.HTTP_ORIGIN,
+ "expectedOriginForCrossOrigin": origins.HTTP_ORIGIN
+ },
+ {
+ "policy": "no-referrer-when-downgrade",
+ "expectedOriginForSameOrigin": origins.HTTP_ORIGIN,
+ "expectedOriginForCrossOrigin": origins.HTTP_ORIGIN
+ },
+ {
+ "policy": "unsafe-url",
+ "expectedOriginForSameOrigin": origins.HTTP_ORIGIN,
+ "expectedOriginForCrossOrigin": origins.HTTP_ORIGIN
+ },
+].forEach(testObj => {
+ [
+ {
+ "name": "same-origin",
+ "expectedOrigin": testObj.expectedOriginForSameOrigin
+ },
+ {
+ "name": "cross-origin",
+ "expectedOrigin": testObj.expectedOriginForCrossOrigin
+ }
+ ].forEach(destination => {
+ // Test form POST navigation
+ promise_test(navigationReferrerPolicy(testObj.policy,
+ destination.name,
+ destination.expectedOrigin),
+ referrerPolicyTestString(testObj.policy,
+ destination.name + " navigation"));
+ // Test fetch
+ promise_test(fetchReferrerPolicy(testObj.policy,
+ destination.name,
+ "no-cors",
+ destination.expectedOrigin),
+ referrerPolicyTestString(testObj.policy,
+ destination.name + " fetch no-cors mode"));
+
+ // When we're dealing with CORS (mode is "cors"), we shouldn't take the
+ // Referrer-Policy into account
+ promise_test(fetchReferrerPolicy(testObj.policy,
+ destination.name,
+ "cors",
+ origins.HTTP_ORIGIN),
+ referrerPolicyTestString(testObj.policy,
+ destination.name + " fetch cors mode"));
+ });
+});
Deleted: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any-expected.txt (258193 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any-expected.txt 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any-expected.txt 2020-03-10 11:27:15 UTC (rev 258194)
@@ -1,3 +0,0 @@
-
-FAIL Origin header and 308 redirect assert_equals: second origin should be opaque and therefore null expected "null" but got "no Origin header"
-
Deleted: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.html (258193 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.html 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.html 2020-03-10 11:27:15 UTC (rev 258194)
@@ -1 +0,0 @@
-<!-- This file is required for WebKit test infrastructure to run the templated test -->
\ No newline at end of file
Deleted: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.js (258193 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.js 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.js 2020-03-10 11:27:15 UTC (rev 258194)
@@ -1,20 +0,0 @@
-// META: script=/common/utils.js
-// META: script=/common/get-host-info.sub.js
-
-promise_test(async function() {
- const stash = token(),
- origins = get_host_info(),
- redirectPath = "/fetch/origin/resources/redirect-and-stash.py";
-
- // Cross-origin -> same-origin will result in setting the tainted origin flag for the second
- // request.
- let url = "" + redirectPath + "?stash=" + stash;
- url = "" + redirectPath + "?stash=" + stash + "&location=" + encodeURIComponent(url);
-
- await fetch(url, { mode: "no-cors", method: "POST" });
-
- const json = await (await fetch(redirectPath + "?dump&stash=" + stash)).json();
-
- assert_equals(json[0], origins.HTTP_ORIGIN, "first origin should equal this origin");
- assert_equals(json[1], "null", "second origin should be opaque and therefore null");
-}, "Origin header and 308 redirect");
Deleted: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.worker-expected.txt (258193 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.worker-expected.txt 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.worker-expected.txt 2020-03-10 11:27:15 UTC (rev 258194)
@@ -1,3 +0,0 @@
-
-FAIL Origin header and 308 redirect assert_equals: second origin should be opaque and therefore null expected "null" but got "no Origin header"
-
Deleted: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.worker.html (258193 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.worker.html 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.worker.html 2020-03-10 11:27:15 UTC (rev 258194)
@@ -1 +0,0 @@
-<!-- This file is required for WebKit test infrastructure to run the templated test -->
\ No newline at end of file
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/redirect-and-stash.py (258193 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/redirect-and-stash.py 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/redirect-and-stash.py 2020-03-10 11:27:15 UTC (rev 258194)
@@ -9,7 +9,7 @@
origin_list = request.server.stash.take(key)
if "dump" in request.GET:
- response.headers.set("content-Type", "application/json")
+ response.headers.set("Content-Type", "application/json")
response.content = json.dumps(origin_list)
return
@@ -25,5 +25,6 @@
response.headers.set("Location", request.GET.first("location"))
return
- response.headers.set("content-Type", "text/plain")
- response.content = "Fix https://github.com/whatwg/fetch/issues/737..."
+ response.headers.set("Content-Type", "text/html")
+ response.headers.set("Access-Control-Allow-Origin", "*")
+ response.content = "<meta charset=utf-8>\n<body><script>parent.postMessage('loaded','*')</script></body>"
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/referrer-policy.py (0 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/referrer-policy.py (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/referrer-policy.py 2020-03-10 11:27:15 UTC (rev 258194)
@@ -0,0 +1,7 @@
+def main(request, response):
+ if "referrerPolicy" in request.GET:
+ response.headers.set("Referrer-Policy",
+ request.GET.first("referrerPolicy"))
+ response.status = 200
+ response.headers.set("Content-Type", "text/html")
+ response.content = "<meta charset=utf-8>\n<body><script>parent.postMessage('action','*')</script></body>"
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/w3c-import.log (258193 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/w3c-import.log 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/w3c-import.log 2020-03-10 11:27:15 UTC (rev 258194)
@@ -15,3 +15,4 @@
------------------------------------------------------------------------
List of files:
/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/redirect-and-stash.py
+/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/resources/referrer-policy.py
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/w3c-import.log (258193 => 258194)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/w3c-import.log 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/w3c-import.log 2020-03-10 11:27:15 UTC (rev 258194)
@@ -14,4 +14,4 @@
None
------------------------------------------------------------------------
List of files:
-/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.js
+/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/assorted.window.js
Modified: trunk/Source/WebCore/ChangeLog (258193 => 258194)
--- trunk/Source/WebCore/ChangeLog 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/Source/WebCore/ChangeLog 2020-03-10 11:27:15 UTC (rev 258194)
@@ -1,3 +1,22 @@
+2020-03-10 Rob Buis <[email protected]>
+
+ Align with Origin header changes
+ https://bugs.webkit.org/show_bug.cgi?id=199261
+
+ Reviewed by Darin Adler.
+
+ Call generateOriginHeader in more places so that we comply
+ more with "append a request `Origin` header" algorithm [1].
+
+ Test: imported/w3c/web-platform-tests/fetch/origin/assorted.window.html
+
+ [1] https://fetch.spec.whatwg.org/#append-a-request-origin-header
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::submitForm):
+ * loader/cache/CachedResourceRequest.cpp:
+ (WebCore::CachedResourceRequest::updateReferrerOriginAndUserAgentHeaders):
+
2020-03-09 Yusuke Suzuki <[email protected]>
REGRESSION: (r257905) [ Mac wk2 Debug ] ASSERTION FAILED: !m_isolatedWorld->isNormal() || m_wrapper || !m_jsFunction
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (258193 => 258194)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2020-03-10 11:27:15 UTC (rev 258194)
@@ -496,7 +496,7 @@
m_submittedFormURL = submission->requestURL();
submission->setReferrer(outgoingReferrer());
- submission->setOrigin(outgoingOrigin());
+ submission->setOrigin(SecurityPolicy::generateOriginHeader(m_frame.document()->referrerPolicy(), submission->requestURL(), m_frame.document()->securityOrigin()));
targetFrame->navigationScheduler().scheduleFormSubmission(WTFMove(submission));
}
Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp (258193 => 258194)
--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2020-03-10 11:10:24 UTC (rev 258193)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2020-03-10 11:27:15 UTC (rev 258194)
@@ -224,16 +224,19 @@
{
// Implementing step 9 to 11 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch as of 16 March 2018
String outgoingReferrer = frameLoader.outgoingReferrer();
- String outgoingOrigin = frameLoader.outgoingOrigin();
- if (m_resourceRequest.hasHTTPReferrer()) {
+ if (m_resourceRequest.hasHTTPReferrer())
outgoingReferrer = m_resourceRequest.httpReferrer();
- outgoingOrigin = SecurityOrigin::createFromString(outgoingReferrer)->toString();
- }
updateRequestReferrer(m_resourceRequest, m_options.referrerPolicy, outgoingReferrer);
+ frameLoader.applyUserAgentIfNeeded(m_resourceRequest);
+ if (!m_resourceRequest.httpOrigin().isEmpty())
+ return;
+ String outgoingOrigin;
+ if (m_options.mode == FetchOptions::Mode::Cors)
+ outgoingOrigin = SecurityOrigin::createFromString(outgoingReferrer)->toString();
+ else
+ outgoingOrigin = SecurityPolicy::generateOriginHeader(m_options.referrerPolicy, m_resourceRequest.url(), SecurityOrigin::createFromString(outgoingReferrer));
FrameLoader::addHTTPOriginIfNeeded(m_resourceRequest, outgoingOrigin);
-
- frameLoader.applyUserAgentIfNeeded(m_resourceRequest);
}
bool isRequestCrossOrigin(SecurityOrigin* origin, const URL& requestURL, const ResourceLoaderOptions& options)
