Modified: trunk/Source/WebCore/ChangeLog (258659 => 258660)
--- trunk/Source/WebCore/ChangeLog 2020-03-18 19:31:20 UTC (rev 258659)
+++ trunk/Source/WebCore/ChangeLog 2020-03-18 19:40:23 UTC (rev 258660)
@@ -1,3 +1,21 @@
+2020-03-18 Youenn Fablet <[email protected]>
+
+ CrossOriginPreflightResultCacheItem::allows methods should not use out parameters
+ https://bugs.webkit.org/show_bug.cgi?id=209224
+
+ Reviewed by Alex Christensen.
+
+ Instead of having an out parameter for the error description, either return whether there is an error or not.
+ Covered by existing tests.
+
+ * loader/CrossOriginPreflightResultCache.cpp:
+ (WebCore::CrossOriginPreflightResultCacheItem::validateMethodAndHeaders const):
+ (WebCore::CrossOriginPreflightResultCacheItem::allowsCrossOriginMethod const):
+ (WebCore::CrossOriginPreflightResultCacheItem::validateCrossOriginHeaders const):
+ (WebCore::CrossOriginPreflightResultCacheItem::allowsRequest const):
+ (WebCore::CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders const): Deleted.
+ * loader/CrossOriginPreflightResultCache.h:
+
2020-03-18 Peng Liu <[email protected]>
The value of [AVPlayerViewController isPictureInPicturePossible] is NO in the first attempt to enter PiP
Modified: trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp (258659 => 258660)
--- trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp 2020-03-18 19:31:20 UTC (rev 258659)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp 2020-03-18 19:40:23 UTC (rev 258660)
@@ -74,47 +74,40 @@
Optional<String> CrossOriginPreflightResultCacheItem::validateMethodAndHeaders(const String& method, const HTTPHeaderMap& requestHeaders) const
{
- String errorDescription;
- if (!allowsCrossOriginMethod(method, m_storedCredentialsPolicy, errorDescription))
- return WTFMove(errorDescription);
- if (!allowsCrossOriginHeaders(requestHeaders, m_storedCredentialsPolicy, errorDescription))
- return WTFMove(errorDescription);
+ if (!allowsCrossOriginMethod(method, m_storedCredentialsPolicy))
+ return makeString("Method ", method, " is not allowed by Access-Control-Allow-Methods.");
+
+ if (auto badHeader = validateCrossOriginHeaders(requestHeaders, m_storedCredentialsPolicy))
+ return makeString("Request header field ", *badHeader, " is not allowed by Access-Control-Allow-Headers.");
return { };
}
-bool CrossOriginPreflightResultCacheItem::allowsCrossOriginMethod(const String& method, StoredCredentialsPolicy storedCredentialsPolicy, String& errorDescription) const
+bool CrossOriginPreflightResultCacheItem::allowsCrossOriginMethod(const String& method, StoredCredentialsPolicy storedCredentialsPolicy) const
{
- if (m_methods.contains(method) || (m_methods.contains("*") && storedCredentialsPolicy != StoredCredentialsPolicy::Use) || isOnAccessControlSimpleRequestMethodWhitelist(method))
- return true;
-
- errorDescription = "Method " + method + " is not allowed by Access-Control-Allow-Methods.";
- return false;
+ return m_methods.contains(method) || (m_methods.contains("*") && storedCredentialsPolicy != StoredCredentialsPolicy::Use) || isOnAccessControlSimpleRequestMethodWhitelist(method);
}
-bool CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders(const HTTPHeaderMap& requestHeaders, StoredCredentialsPolicy storedCredentialsPolicy, String& errorDescription) const
+Optional<String> CrossOriginPreflightResultCacheItem::validateCrossOriginHeaders(const HTTPHeaderMap& requestHeaders, StoredCredentialsPolicy storedCredentialsPolicy) const
{
bool validWildcard = m_headers.contains("*") && storedCredentialsPolicy != StoredCredentialsPolicy::Use;
for (const auto& header : requestHeaders) {
if (header.keyAsHTTPHeaderName && isCrossOriginSafeRequestHeader(header.keyAsHTTPHeaderName.value(), header.value))
continue;
- if (!m_headers.contains(header.key) && !validWildcard) {
- errorDescription = "Request header field " + header.key + " is not allowed by Access-Control-Allow-Headers.";
- return false;
- }
+ if (!m_headers.contains(header.key) && !validWildcard)
+ return header.key;
}
- return true;
+ return { };
}
bool CrossOriginPreflightResultCacheItem::allowsRequest(StoredCredentialsPolicy storedCredentialsPolicy, const String& method, const HTTPHeaderMap& requestHeaders) const
{
- String ignoredExplanation;
if (m_absoluteExpiryTime < MonotonicTime::now())
return false;
if (storedCredentialsPolicy == StoredCredentialsPolicy::Use && m_storedCredentialsPolicy == StoredCredentialsPolicy::DoNotUse)
return false;
- if (!allowsCrossOriginMethod(method, storedCredentialsPolicy, ignoredExplanation))
+ if (!allowsCrossOriginMethod(method, storedCredentialsPolicy))
return false;
- if (!allowsCrossOriginHeaders(requestHeaders, storedCredentialsPolicy, ignoredExplanation))
+ if (auto badHeader = validateCrossOriginHeaders(requestHeaders, storedCredentialsPolicy))
return false;
return true;
}
Modified: trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.h (258659 => 258660)
--- trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.h 2020-03-18 19:31:20 UTC (rev 258659)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.h 2020-03-18 19:40:23 UTC (rev 258660)
@@ -50,8 +50,8 @@
bool allowsRequest(StoredCredentialsPolicy, const String& method, const HTTPHeaderMap&) const;
private:
- bool allowsCrossOriginMethod(const String&, StoredCredentialsPolicy, String& errorDescription) const;
- bool allowsCrossOriginHeaders(const HTTPHeaderMap&, StoredCredentialsPolicy, String& errorDescription) const;
+ bool allowsCrossOriginMethod(const String&, StoredCredentialsPolicy) const;
+ Optional<String> validateCrossOriginHeaders(const HTTPHeaderMap&, StoredCredentialsPolicy) const;
// FIXME: A better solution to holding onto the absolute expiration time might be
// to start a timer for the expiration delta that removes this from the cache when
