[webkit-changes] [258488] trunk/Source/WebCore

Mon, 16 Mar 2020 01:12:27 -0700

Title: [258488] trunk/Source/WebCore
Revision
258488
Author
[email protected]
Date
2020-03-16 01:11:26 -0700 (Mon, 16 Mar 2020)

Log Message

Remove addHTTPOriginIfNeeded calls
https://bugs.webkit.org/show_bug.cgi?id=209127

Patch by Rob Buis <[email protected]> on 2020-03-16
Reviewed by Darin Adler.

Remove addHTTPOriginIfNeeded calls since they are get requests and navigations and the spec [1]
indicates that the Origin header should not be written out, making these calls no-ops.

       [1] https://fetch.spec.whatwg.org/#append-a-request-origin-header

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::changeLocation):
(WebCore::FrameLoader::loadURL):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (258487 => 258488)


--- trunk/Source/WebCore/ChangeLog	2020-03-16 07:20:28 UTC (rev 258487)
+++ trunk/Source/WebCore/ChangeLog	2020-03-16 08:11:26 UTC (rev 258488)
@@ -1,5 +1,21 @@
 2020-03-16  Rob Buis  <[email protected]>
 
+        Remove addHTTPOriginIfNeeded calls
+        https://bugs.webkit.org/show_bug.cgi?id=209127
+
+        Reviewed by Darin Adler.
+
+        Remove addHTTPOriginIfNeeded calls since they are get requests and navigations and the spec [1]
+        indicates that the Origin header should not be written out, making these calls no-ops.
+
+       [1] https://fetch.spec.whatwg.org/#append-a-request-origin-header
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::changeLocation):
+        (WebCore::FrameLoader::loadURL):
+
+2020-03-16  Rob Buis  <[email protected]>
+
         Simplify ChromeClient.createWindow
         https://bugs.webkit.org/show_bug.cgi?id=209123

Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (258487 => 258488)


--- trunk/Source/WebCore/loader/FrameLoader.cpp	2020-03-16 07:20:28 UTC (rev 258487)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp	2020-03-16 08:11:26 UTC (rev 258488)
@@ -426,6 +426,7 @@
 void FrameLoader::changeLocation(FrameLoadRequest&& frameRequest, Event* triggeringEvent, Optional<AdClickAttribution>&& adClickAttribution)
 {
     FRAMELOADER_RELEASE_LOG_IF_ALLOWED(ResourceLoading, "changeLocation: frame load started");
+    ASSERT(frameRequest.resourceRequest().httpMethod() == "GET");
 
     Ref<Frame> protect(m_frame);
 
@@ -437,7 +438,6 @@
     if (frameRequest.frameName().isEmpty())
         frameRequest.setFrameName(m_frame.document()->baseTarget());
 
-    addHTTPOriginIfNeeded(frameRequest.resourceRequest(), outgoingOrigin());
     m_frame.document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(frameRequest.resourceRequest(), ContentSecurityPolicy::InsecureRequestType::Navigation);
 
     loadFrameRequest(WTFMove(frameRequest), triggeringEvent, { }, WTFMove(adClickAttribution));
@@ -1337,6 +1337,7 @@
 void FrameLoader::loadURL(FrameLoadRequest&& frameLoadRequest, const String& referrer, FrameLoadType newLoadType, Event* event, RefPtr<FormState>&& formState, Optional<AdClickAttribution>&& adClickAttribution, CompletionHandler<void()>&& completionHandler)
 {
     FRAMELOADER_RELEASE_LOG_IF_ALLOWED(ResourceLoading, "loadURL: frame load started");
+    ASSERT(frameLoadRequest.resourceRequest().httpMethod() == "GET");
 
     CompletionHandlerCallingScope completionHandlerCaller(WTFMove(completionHandler));
     if (m_inStopAllLoaders || m_inClearProvisionalLoadForPolicyCheck)
@@ -1356,7 +1357,6 @@
     if (!referrer.isEmpty()) {
         request.setHTTPReferrer(referrer);
         auto referrerOrigin = SecurityOrigin::createFromString(referrer);
-        addHTTPOriginIfNeeded(request, referrerOrigin->toString());
     }
     if (&m_frame.tree().top() != &m_frame)
         request.setDomainForCachePartition(m_frame.tree().top().document()->domainForCachePartition());
@@ -4100,6 +4100,7 @@
 RefPtr<Frame> createWindow(Frame& openerFrame, Frame& lookupFrame, FrameLoadRequest&& request, const WindowFeatures& features, bool& created)
 {
     ASSERT(!features.dialog || request.frameName().isEmpty());
+    ASSERT(request.resourceRequest().httpMethod() == "GET");
 
     created = false;
 
@@ -4128,7 +4129,6 @@
     String referrer = SecurityPolicy::generateReferrerHeader(openerFrame.document()->referrerPolicy(), request.resourceRequest().url(), openerFrame.loader().outgoingReferrer());
     if (!referrer.isEmpty())
         request.resourceRequest().setHTTPReferrer(referrer);
-    FrameLoader::addHTTPOriginIfNeeded(request.resourceRequest(), openerFrame.loader().outgoingOrigin());
     FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded(request.resourceRequest());
     FrameLoader::addSameSiteInfoToRequestIfNeeded(request.resourceRequest(), openerFrame.document());
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to