[webkit-changes] [289672] trunk

Fri, 11 Feb 2022 14:58:24 -0800

Title: [289672] trunk
Revision
289672
Author
[email protected]
Date
2022-02-11 14:57:33 -0800 (Fri, 11 Feb 2022)

Log Message

Fix MIME type check for classic worker script fetches
https://bugs.webkit.org/show_bug.cgi?id=236411

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

* web-platform-tests/workers/Worker_script_mimetype-expected.txt:
* web-platform-tests/workers/importscripts_mime.any.sharedworker-expected.txt:
* web-platform-tests/workers/importscripts_mime.any.worker-expected.txt:
Rebaseline WPT tests now that more checks are passing.

* web-platform-tests/workers/constructors/SharedWorker/Infinity.headers: Added.
* web-platform-tests/workers/constructors/SharedWorker/NaN.headers: Added.
Merge upstream fix from https://github.com/web-platform-tests/wpt/pull/32782.

Source/WebCore:

Fix MIME type check for classic worker script fetches and classic worker script imports, so that we are
now aligned with the specification:
- https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-script (Step 5)
- https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-imported-script (Step 5)

This was causing us to fail some Web Platform Tests.

No new tests, rebaselined existing tests.

* bindings/js/WorkerModuleScriptLoader.cpp:
(WebCore::WorkerModuleScriptLoader::load):
* loader/FetchOptions.h:
(WebCore::isScriptLikeDestination):
* workers/Worker.cpp:
(WebCore::Worker::create):
* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::importScripts):
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadSynchronously):
(WebCore::WorkerScriptLoader::loadAsynchronously):
(WebCore::constructJavaScriptMIMETypeError):
(WebCore::WorkerScriptLoader::validateWorkerResponse):
(WebCore::WorkerScriptLoader::didReceiveResponse):
* workers/WorkerScriptLoader.h:
* workers/service/ServiceWorkerJob.cpp:
(WebCore::ServiceWorkerJob::fetchScriptWithContext):
* workers/shared/SharedWorkerScriptLoader.cpp:
(WebCore::SharedWorkerScriptLoader::load):

Source/WebKit:

* NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp:
(WebKit::ServiceWorkerSoftUpdateLoader::processResponse):

LayoutTests:

Fix existing layout tests to make sure that worker scripts are served with a _javascript_ mime type.

* http/tests/resourceLoadStatistics/resources/script-revealing-cookies.py:
* http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.py:
* http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.py:
* http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.py:
* http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.py:
* http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.py:
* http/tests/security/contentSecurityPolicy/resources/worker.py:
* http/tests/workers/resources/subworker-encoded.py:

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (289671 => 289672)


--- trunk/LayoutTests/ChangeLog	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/ChangeLog	2022-02-11 22:57:33 UTC (rev 289672)
@@ -1,3 +1,21 @@
+2022-02-11  Chris Dumez  <[email protected]>
+
+        Fix MIME type check for classic worker script fetches
+        https://bugs.webkit.org/show_bug.cgi?id=236411
+
+        Reviewed by Alex Christensen.
+
+        Fix existing layout tests to make sure that worker scripts are served with a _javascript_ mime type.
+
+        * http/tests/resourceLoadStatistics/resources/script-revealing-cookies.py:
+        * http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.py:
+        * http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.py:
+        * http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.py:
+        * http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.py:
+        * http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.py:
+        * http/tests/security/contentSecurityPolicy/resources/worker.py:
+        * http/tests/workers/resources/subworker-encoded.py:
+
 2022-02-11  Antoine Quint  <[email protected]>
 
         [model] rewrite http/tests/model/model-document.html using testharness.js

Modified: trunk/LayoutTests/http/tests/resourceLoadStatistics/resources/script-revealing-cookies.py (289671 => 289672)


--- trunk/LayoutTests/http/tests/resourceLoadStatistics/resources/script-revealing-cookies.py	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/http/tests/resourceLoadStatistics/resources/script-revealing-cookies.py	2022-02-11 22:57:33 UTC (rev 289672)
@@ -18,7 +18,7 @@
         
 first_party_cookie = cookies.get('firstPartyCookie', None)
 
-sys.stdout.write('Content-Type: text/html\r\n\r\n')
+sys.stdout.write('Content-Type: text/_javascript_\r\n\r\n')
 
 if first_party_cookie:
     sys.stdout.write('let cookieResult = \'{}Did receive firstPartyCookie == {}\';'.format('PASS ' if should_receive_cookies is not None else 'FAIL ', first_party_cookie))
@@ -25,4 +25,4 @@
 else:
     sys.stdout.write('let cookieResult = \'{}Did not receive cookie named firstPartyCookie\';'.format('FAIL ' if should_receive_cookies is not None else 'PASS '))
 
-sys.stdout.write('postMessage(cookieResult);\n')
\ No newline at end of file
+sys.stdout.write('postMessage(cookieResult);\n')

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.py (289671 => 289672)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.py	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.py	2022-02-11 22:57:33 UTC (rev 289672)
@@ -5,7 +5,7 @@
 
 determine_content_security_policy_header()
 sys.stdout.write(
-    'Content-Type: text/html\r\n\r\n'
+    'Content-Type: text/_javascript_\r\n\r\n'
     'self.result = false;\n'
     'var exception;\n'
     'try {\n'
@@ -21,4 +21,4 @@
     '    else\n'
     '        self.postMessage("FAIL did not import script from different origin.");\n'
     '}\n'
-)
\ No newline at end of file
+)

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.py (289671 => 289672)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.py	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.py	2022-02-11 22:57:33 UTC (rev 289672)
@@ -5,7 +5,7 @@
 
 determine_content_security_policy_header()
 sys.stdout.write(
-    'Content-Type: text/html\r\n\r\n'
+    'Content-Type: text/_javascript_\r\n\r\n'
     'var exception;\n'
     'try {\n'
     '    importScripts("http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.py?url=""
@@ -21,4 +21,4 @@
     '    else\n'
     '        self.postMessage("FAIL should throw " + expectedExceptionCode + ". Threw exception " + exception + ".");\n'
     '}\n'
-)
\ No newline at end of file
+)

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.py (289671 => 289672)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.py	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.py	2022-02-11 22:57:33 UTC (rev 289672)
@@ -5,7 +5,7 @@
 
 determine_content_security_policy_header()
 sys.stdout.write(
-    'Content-Type: text/html\r\n\r\n'
+    'Content-Type: text/_javascript_\r\n\r\n'
     'var isAsynchronous = false;\n'
     'var xhr = new XMLHttpRequest;\n'
     'try {\n'
@@ -15,4 +15,4 @@
     '} catch (exception) {\n'
     '    self.postMessage("FAIL should not have thrown an exception. Threw exception " + exception + ".");\n'
     '}\n'
-)
\ No newline at end of file
+)

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.py (289671 => 289672)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.py	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.py	2022-02-11 22:57:33 UTC (rev 289672)
@@ -4,7 +4,7 @@
 from utils import determine_content_security_policy_header
 
 sys.stdout.write(
-    'Content-Type: text/html\r\n\r\n'
+    'Content-Type: text/_javascript_\r\n\r\n'
     'var isAsynchronous = false;\n'
     'var xhr = new XMLHttpRequest;\n'
     'try {\n'
@@ -14,4 +14,4 @@
     '} catch (exception) {\n'
     '    self.postMessage("FAIL should not have thrown an exception. Threw exception " + exception + ".");\n'
     '}\n'
-)
\ No newline at end of file
+)

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.py (289671 => 289672)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.py	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.py	2022-02-11 22:57:33 UTC (rev 289672)
@@ -5,7 +5,7 @@
 
 determine_content_security_policy_header()
 sys.stdout.write(
-    'Content-Type: text/html\r\n\r\n'
+    'Content-Type: text/_javascript_\r\n\r\n'
     'var expectedExceptionCode = 19; // DOMException.NETWORK_ERR\n'
     'var isAsynchronous = false;\n'
     'var xhr = new XMLHttpRequest;\n'
@@ -19,4 +19,4 @@
     '    else\n'
     '        self.postMessage("FAIL should throw " + expectedExceptionCode + ". Threw exception " + exception + ".");\n'
     '}\n'
-)
\ No newline at end of file
+)

Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.py (289671 => 289672)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.py	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.py	2022-02-11 22:57:33 UTC (rev 289672)
@@ -12,7 +12,7 @@
     'Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n'
     'Cache-Control: no-cache, must-revalidate\r\n'
     'Pragma: no-cache\r\n'
-    'Content-Type: text/html\r\n'
+    'Content-Type: text/_javascript_\r\n'
 )
 
 if csp is not None:

Modified: trunk/LayoutTests/http/tests/workers/resources/subworker-encoded.py (289671 => 289672)


--- trunk/LayoutTests/http/tests/workers/resources/subworker-encoded.py	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/http/tests/workers/resources/subworker-encoded.py	2022-02-11 22:57:33 UTC (rev 289672)
@@ -10,9 +10,9 @@
     'Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n'
     'Cache-Control: no-cache, must-revalidate\r\n'
     'Pragma: no-cache\r\n'
-    'Content-Type: text/html\r\n\r\n'
+    'Content-Type: text/_javascript_\r\n\r\n'
     'postMessage(\'Sub: Original test string: \' + String.fromCharCode(0x41F, 0x440, 0x438, 0x432, 0x435, 0x442));'
     'postMessage(\'Sub: Test string encoded using koi8-r: {}.\');'
     'postMessage(\'Sub: Test string encoded using Windows-1251: {}.\');'
     'postMessage(\'Sub: Test string encoded using UTF-8: {}.\');'.format(koi8, windows, utf)
-)
\ No newline at end of file
+)

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (289671 => 289672)


--- trunk/LayoutTests/imported/w3c/ChangeLog	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2022-02-11 22:57:33 UTC (rev 289672)
@@ -1,3 +1,19 @@
+2022-02-11  Chris Dumez  <[email protected]>
+
+        Fix MIME type check for classic worker script fetches
+        https://bugs.webkit.org/show_bug.cgi?id=236411
+
+        Reviewed by Alex Christensen.
+
+        * web-platform-tests/workers/Worker_script_mimetype-expected.txt:
+        * web-platform-tests/workers/importscripts_mime.any.sharedworker-expected.txt:
+        * web-platform-tests/workers/importscripts_mime.any.worker-expected.txt:
+        Rebaseline WPT tests now that more checks are passing.
+
+        * web-platform-tests/workers/constructors/SharedWorker/Infinity.headers: Added.
+        * web-platform-tests/workers/constructors/SharedWorker/NaN.headers: Added.
+        Merge upstream fix from https://github.com/web-platform-tests/wpt/pull/32782.
+
 2022-02-11  Jon Lee  <[email protected]>
 
         Unreviewed gardening.

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/workers/Worker_script_mimetype-expected.txt (289671 => 289672)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/workers/Worker_script_mimetype-expected.txt	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/workers/Worker_script_mimetype-expected.txt	2022-02-11 22:57:33 UTC (rev 289672)
@@ -1,5 +1,5 @@
 
-FAIL HTTP(S) URLs which respond with text/plain MIME type must not work assert_unreached: Worker should not recieve messages Reached unreachable code
+PASS HTTP(S) URLs which respond with text/plain MIME type must not work
 PASS blob: URLs should load, despite no MIME type for the backing Blob
 PASS blob: URLs should load, despite the wrong MIME type for the backing Blob
 PASS data: URLs should load, despite the wrong MIME type

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/Infinity.headers (0 => 289672)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/Infinity.headers	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/Infinity.headers	2022-02-11 22:57:33 UTC (rev 289672)
@@ -0,0 +1 @@
+Content-Type: text/_javascript_; charset=utf-8

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/NaN.headers (0 => 289672)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/NaN.headers	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/NaN.headers	2022-02-11 22:57:33 UTC (rev 289672)
@@ -0,0 +1 @@
+Content-Type: text/_javascript_; charset=utf-8

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/workers/importscripts_mime.any.sharedworker-expected.txt (289671 => 289672)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/workers/importscripts_mime.any.sharedworker-expected.txt	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/workers/importscripts_mime.any.sharedworker-expected.txt	2022-02-11 22:57:33 UTC (rev 289672)
@@ -5,14 +5,14 @@
 PASS importScripts() requires scripty MIME types: image/png is blocked.
 PASS importScripts() requires scripty MIME types: text/csv is blocked.
 PASS importScripts() requires scripty MIME types: video/mpeg is blocked.
-FAIL importScripts() requires scripty MIME types: text/html is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: text/plain is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: application/xml is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: application/octet-stream is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: text/potato is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: potato/text is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: aaa/aaa is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: zzz/zzz is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
+PASS importScripts() requires scripty MIME types: text/html is blocked.
+PASS importScripts() requires scripty MIME types: text/plain is blocked.
+PASS importScripts() requires scripty MIME types: application/xml is blocked.
+PASS importScripts() requires scripty MIME types: application/octet-stream is blocked.
+PASS importScripts() requires scripty MIME types: text/potato is blocked.
+PASS importScripts() requires scripty MIME types: potato/text is blocked.
+PASS importScripts() requires scripty MIME types: aaa/aaa is blocked.
+PASS importScripts() requires scripty MIME types: zzz/zzz is blocked.
 PASS importScripts() requires scripty MIME types: text/_javascript_; charset=utf-8 is allowed.
 PASS importScripts() requires scripty MIME types: text/_javascript_;charset=utf-8 is allowed.
 PASS importScripts() requires scripty MIME types: text/_javascript_;bla;bla is allowed.
@@ -19,8 +19,8 @@
 PASS importScripts() requires scripty MIME types: text/csv; charset=utf-8 is blocked.
 PASS importScripts() requires scripty MIME types: text/csv;charset=utf-8 is blocked.
 PASS importScripts() requires scripty MIME types: text/csv;bla;bla is blocked.
-FAIL importScripts() requires scripty MIME types: Text/html is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: text/Html is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: TeXt/HtMl is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: TEXT/HTML is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
+PASS importScripts() requires scripty MIME types: Text/html is blocked.
+PASS importScripts() requires scripty MIME types: text/Html is blocked.
+PASS importScripts() requires scripty MIME types: TeXt/HtMl is blocked.
+PASS importScripts() requires scripty MIME types: TEXT/HTML is blocked.

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/workers/importscripts_mime.any.worker-expected.txt (289671 => 289672)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/workers/importscripts_mime.any.worker-expected.txt	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/workers/importscripts_mime.any.worker-expected.txt	2022-02-11 22:57:33 UTC (rev 289672)
@@ -5,14 +5,14 @@
 PASS importScripts() requires scripty MIME types: image/png is blocked.
 PASS importScripts() requires scripty MIME types: text/csv is blocked.
 PASS importScripts() requires scripty MIME types: video/mpeg is blocked.
-FAIL importScripts() requires scripty MIME types: text/html is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: text/plain is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: application/xml is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: application/octet-stream is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: text/potato is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: potato/text is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: aaa/aaa is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: zzz/zzz is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
+PASS importScripts() requires scripty MIME types: text/html is blocked.
+PASS importScripts() requires scripty MIME types: text/plain is blocked.
+PASS importScripts() requires scripty MIME types: application/xml is blocked.
+PASS importScripts() requires scripty MIME types: application/octet-stream is blocked.
+PASS importScripts() requires scripty MIME types: text/potato is blocked.
+PASS importScripts() requires scripty MIME types: potato/text is blocked.
+PASS importScripts() requires scripty MIME types: aaa/aaa is blocked.
+PASS importScripts() requires scripty MIME types: zzz/zzz is blocked.
 PASS importScripts() requires scripty MIME types: text/_javascript_; charset=utf-8 is allowed.
 PASS importScripts() requires scripty MIME types: text/_javascript_;charset=utf-8 is allowed.
 PASS importScripts() requires scripty MIME types: text/_javascript_;bla;bla is allowed.
@@ -19,8 +19,8 @@
 PASS importScripts() requires scripty MIME types: text/csv; charset=utf-8 is blocked.
 PASS importScripts() requires scripty MIME types: text/csv;charset=utf-8 is blocked.
 PASS importScripts() requires scripty MIME types: text/csv;bla;bla is blocked.
-FAIL importScripts() requires scripty MIME types: Text/html is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: text/Html is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: TeXt/HtMl is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
-FAIL importScripts() requires scripty MIME types: TEXT/HTML is blocked. assert_throws_dom: function "_ => { importScripts(import_url) }" did not throw
+PASS importScripts() requires scripty MIME types: Text/html is blocked.
+PASS importScripts() requires scripty MIME types: text/Html is blocked.
+PASS importScripts() requires scripty MIME types: TeXt/HtMl is blocked.
+PASS importScripts() requires scripty MIME types: TEXT/HTML is blocked.

Modified: trunk/Source/WebCore/ChangeLog (289671 => 289672)


--- trunk/Source/WebCore/ChangeLog	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebCore/ChangeLog	2022-02-11 22:57:33 UTC (rev 289672)
@@ -1,3 +1,39 @@
+2022-02-11  Chris Dumez  <[email protected]>
+
+        Fix MIME type check for classic worker script fetches
+        https://bugs.webkit.org/show_bug.cgi?id=236411
+
+        Reviewed by Alex Christensen.
+
+        Fix MIME type check for classic worker script fetches and classic worker script imports, so that we are
+        now aligned with the specification:
+        - https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-script (Step 5)
+        - https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-imported-script (Step 5)
+
+        This was causing us to fail some Web Platform Tests.
+
+        No new tests, rebaselined existing tests.
+
+        * bindings/js/WorkerModuleScriptLoader.cpp:
+        (WebCore::WorkerModuleScriptLoader::load):
+        * loader/FetchOptions.h:
+        (WebCore::isScriptLikeDestination):
+        * workers/Worker.cpp:
+        (WebCore::Worker::create):
+        * workers/WorkerGlobalScope.cpp:
+        (WebCore::WorkerGlobalScope::importScripts):
+        * workers/WorkerScriptLoader.cpp:
+        (WebCore::WorkerScriptLoader::loadSynchronously):
+        (WebCore::WorkerScriptLoader::loadAsynchronously):
+        (WebCore::constructJavaScriptMIMETypeError):
+        (WebCore::WorkerScriptLoader::validateWorkerResponse):
+        (WebCore::WorkerScriptLoader::didReceiveResponse):
+        * workers/WorkerScriptLoader.h:
+        * workers/service/ServiceWorkerJob.cpp:
+        (WebCore::ServiceWorkerJob::fetchScriptWithContext):
+        * workers/shared/SharedWorkerScriptLoader.cpp:
+        (WebCore::SharedWorkerScriptLoader::load):
+
 2022-02-11  Antoine Quint  <[email protected]>
 
         [model] standalone model documents should be interactive

Modified: trunk/Source/WebCore/bindings/js/WorkerModuleScriptLoader.cpp (289671 => 289672)


--- trunk/Source/WebCore/bindings/js/WorkerModuleScriptLoader.cpp	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebCore/bindings/js/WorkerModuleScriptLoader.cpp	2022-02-11 22:57:33 UTC (rev 289672)
@@ -93,7 +93,7 @@
             fetchOptions.mode = FetchOptions::Mode::SameOrigin;
     }
 
-    m_scriptLoader->loadAsynchronously(context, WTFMove(request), WTFMove(fetchOptions), contentSecurityPolicyEnforcement, ServiceWorkersMode::All, *this, taskMode());
+    m_scriptLoader->loadAsynchronously(context, WTFMove(request), WorkerScriptLoader::Source::ModuleScript, WTFMove(fetchOptions), contentSecurityPolicyEnforcement, ServiceWorkersMode::All, *this, taskMode());
     return true;
 }

Modified: trunk/Source/WebCore/loader/FetchOptions.h (289671 => 289672)


--- trunk/Source/WebCore/loader/FetchOptions.h	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebCore/loader/FetchOptions.h	2022-02-11 22:57:33 UTC (rev 289672)
@@ -107,6 +107,7 @@
         || destination == FetchOptions::Destination::Paintworklet
         || destination == FetchOptions::Destination::Script
         || destination == FetchOptions::Destination::Serviceworker
+        || destination == FetchOptions::Destination::Sharedworker
         || destination == FetchOptions::Destination::Worker;
 }

Modified: trunk/Source/WebCore/workers/Worker.cpp (289671 => 289672)


--- trunk/Source/WebCore/workers/Worker.cpp	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebCore/workers/Worker.cpp	2022-02-11 22:57:33 UTC (rev 289672)
@@ -113,7 +113,8 @@
     ResourceRequest request { scriptURL.releaseReturnValue() };
     request.setInitiatorIdentifier(worker->m_identifier);
 
-    worker->m_scriptLoader->loadAsynchronously(context, WTFMove(request), workerFetchOptions(worker->m_options, FetchOptions::Destination::Worker), contentSecurityPolicyEnforcement, ServiceWorkersMode::All, worker.get(), WorkerRunLoop::defaultMode());
+    auto source = options.type == WorkerType::Module ? WorkerScriptLoader::Source::ModuleScript : WorkerScriptLoader::Source::ClassicWorkerScript;
+    worker->m_scriptLoader->loadAsynchronously(context, WTFMove(request), source, workerFetchOptions(worker->m_options, FetchOptions::Destination::Worker), contentSecurityPolicyEnforcement, ServiceWorkersMode::All, worker.get(), WorkerRunLoop::defaultMode());
 
     return worker;
 }

Modified: trunk/Source/WebCore/workers/WorkerGlobalScope.cpp (289671 => 289672)


--- trunk/Source/WebCore/workers/WorkerGlobalScope.cpp	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebCore/workers/WorkerGlobalScope.cpp	2022-02-11 22:57:33 UTC (rev 289672)
@@ -382,7 +382,7 @@
 
         auto scriptLoader = WorkerScriptLoader::create();
         auto cspEnforcement = shouldBypassMainWorldContentSecurityPolicy ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective;
-        if (auto exception = scriptLoader->loadSynchronously(this, url, FetchOptions::Mode::NoCors, cachePolicy, cspEnforcement, resourceRequestIdentifier()))
+        if (auto exception = scriptLoader->loadSynchronously(this, url, WorkerScriptLoader::Source::ClassicWorkerImport, FetchOptions::Mode::NoCors, cachePolicy, cspEnforcement, resourceRequestIdentifier()))
             return WTFMove(*exception);
 
         InspectorInstrumentation::scriptImported(*this, scriptLoader->identifier(), scriptLoader->script().toString());

Modified: trunk/Source/WebCore/workers/WorkerScriptLoader.cpp (289671 => 289672)


--- trunk/Source/WebCore/workers/WorkerScriptLoader.cpp	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebCore/workers/WorkerScriptLoader.cpp	2022-02-11 22:57:33 UTC (rev 289672)
@@ -52,7 +52,7 @@
 
 WorkerScriptLoader::~WorkerScriptLoader() = default;
 
-std::optional<Exception> WorkerScriptLoader::loadSynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, FetchOptions::Mode mode, FetchOptions::Cache cachePolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, const String& initiatorIdentifier)
+std::optional<Exception> WorkerScriptLoader::loadSynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, Source source, FetchOptions::Mode mode, FetchOptions::Cache cachePolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, const String& initiatorIdentifier)
 {
     ASSERT(scriptExecutionContext);
     auto& workerGlobalScope = downcast<WorkerGlobalScope>(*scriptExecutionContext);
@@ -59,6 +59,7 @@
 
     m_url = url;
     m_lastRequestURL = url;
+    m_source = source;
     m_destination = FetchOptions::Destination::Script;
     m_isCOEPEnabled = scriptExecutionContext->settingsValues().crossOriginEmbedderPolicyEnabled;
 
@@ -114,11 +115,12 @@
     return std::nullopt;
 }
 
-void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext& scriptExecutionContext, ResourceRequest&& scriptRequest, FetchOptions&& fetchOptions, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, ServiceWorkersMode serviceWorkerMode, WorkerScriptLoaderClient& client, String&& taskMode)
+void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext& scriptExecutionContext, ResourceRequest&& scriptRequest, Source source, FetchOptions&& fetchOptions, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, ServiceWorkersMode serviceWorkerMode, WorkerScriptLoaderClient& client, String&& taskMode)
 {
     m_client = &client;
     m_url = scriptRequest.url();
     m_lastRequestURL = scriptRequest.url();
+    m_source = source;
     m_destination = fetchOptions.destination;
     m_isCOEPEnabled = scriptExecutionContext.settingsValues().crossOriginEmbedderPolicyEnabled;
 
@@ -163,8 +165,14 @@
     return request;
 }
 
-ResourceError WorkerScriptLoader::validateWorkerResponse(const ResourceResponse& response, FetchOptions::Destination destination)
+static ResourceError constructJavaScriptMIMETypeError(const ResourceResponse& response)
 {
+    auto message = makeString("Refused to execute ", response.url().stringCenterEllipsizedToLength(), " as script because ", response.mimeType(), " is not a script MIME type.");
+    return { errorDomainWebKitInternal, 0, response.url(), WTFMove(message), ResourceError::Type::AccessControl };
+}
+
+ResourceError WorkerScriptLoader::validateWorkerResponse(const ResourceResponse& response, Source source, FetchOptions::Destination destination)
+{
     if (response.httpStatusCode() / 100 != 2 && response.httpStatusCode())
         return { errorDomainWebKitInternal, 0, response.url(), "Response is not 2xx"_s, ResourceError::Type::General };
 
@@ -173,9 +181,23 @@
         return { errorDomainWebKitInternal, 0, response.url(), WTFMove(message), ResourceError::Type::General };
     }
 
-    if (shouldBlockResponseDueToMIMEType(response, destination)) {
-        auto message = makeString("Refused to execute ", response.url().stringCenterEllipsizedToLength(), " as script because ", response.mimeType(), " is not a script MIME type.");
-        return { errorDomainWebKitInternal, 0, response.url(), WTFMove(message), ResourceError::Type::General };
+    switch (source) {
+    case Source::ClassicWorkerScript:
+        // https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-script (Step 5)
+        // This is the result a dedicated / shared / service worker script fetch.
+        if (response.url().protocolIsInHTTPFamily() && !MIMETypeRegistry::isSupportedJavaScriptMIMEType(response.mimeType()))
+            return constructJavaScriptMIMETypeError(response);
+        break;
+    case Source::ClassicWorkerImport:
+        // https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-imported-script (Step 5).
+        // This is the result of an importScripts() call.
+        if (!MIMETypeRegistry::isSupportedJavaScriptMIMEType(response.mimeType()))
+            return constructJavaScriptMIMETypeError(response);
+        break;
+    case Source::ModuleScript:
+        if (shouldBlockResponseDueToMIMEType(response, destination))
+            return constructJavaScriptMIMETypeError(response);
+        break;
     }
 
     return { };
@@ -188,7 +210,7 @@
 
 void WorkerScriptLoader::didReceiveResponse(ResourceLoaderIdentifier identifier, const ResourceResponse& response)
 {
-    m_error = validateWorkerResponse(response, m_destination);
+    m_error = validateWorkerResponse(response, m_source, m_destination);
     if (!m_error.isNull()) {
         m_failed = true;
         return;

Modified: trunk/Source/WebCore/workers/WorkerScriptLoader.h (289671 => 289672)


--- trunk/Source/WebCore/workers/WorkerScriptLoader.h	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebCore/workers/WorkerScriptLoader.h	2022-02-11 22:57:33 UTC (rev 289672)
@@ -60,9 +60,11 @@
         return adoptRef(*new WorkerScriptLoader);
     }
 
-    std::optional<Exception> loadSynchronously(ScriptExecutionContext*, const URL&, FetchOptions::Mode, FetchOptions::Cache, ContentSecurityPolicyEnforcement, const String& initiatorIdentifier);
-    void loadAsynchronously(ScriptExecutionContext&, ResourceRequest&&, FetchOptions&&, ContentSecurityPolicyEnforcement, ServiceWorkersMode, WorkerScriptLoaderClient&, String&& taskMode);
+    enum class Source : uint8_t { ClassicWorkerScript, ClassicWorkerImport, ModuleScript };
 
+    std::optional<Exception> loadSynchronously(ScriptExecutionContext*, const URL&, Source, FetchOptions::Mode, FetchOptions::Cache, ContentSecurityPolicyEnforcement, const String& initiatorIdentifier);
+    void loadAsynchronously(ScriptExecutionContext&, ResourceRequest&&, Source, FetchOptions&&, ContentSecurityPolicyEnforcement, ServiceWorkersMode, WorkerScriptLoaderClient&, String&& taskMode);
+
     void notifyError();
 
     const ScriptBuffer& script() const { return m_script; }
@@ -90,7 +92,7 @@
 
     void cancel();
 
-    WEBCORE_EXPORT static ResourceError validateWorkerResponse(const ResourceResponse&, FetchOptions::Destination);
+    WEBCORE_EXPORT static ResourceError validateWorkerResponse(const ResourceResponse&, Source, FetchOptions::Destination);
 
 private:
     friend class RefCounted<WorkerScriptLoader>;
@@ -111,6 +113,7 @@
     URL m_responseURL;
     CertificateInfo m_certificateInfo;
     String m_responseMIMEType;
+    Source m_source;
     FetchOptions::Destination m_destination;
     ContentSecurityPolicyResponseHeaders m_contentSecurityPolicy;
     String m_referrerPolicy;

Modified: trunk/Source/WebCore/workers/service/ServiceWorkerJob.cpp (289671 => 289672)


--- trunk/Source/WebCore/workers/service/ServiceWorkerJob.cpp	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerJob.cpp	2022-02-11 22:57:33 UTC (rev 289672)
@@ -113,7 +113,9 @@
     options.redirect = FetchOptions::Redirect::Error;
     options.destination = FetchOptions::Destination::Serviceworker;
     options.credentials = FetchOptions::Credentials::SameOrigin;
-    m_scriptLoader->loadAsynchronously(context, WTFMove(request), WTFMove(options), ContentSecurityPolicyEnforcement::DoNotEnforce, ServiceWorkersMode::None, *this, WorkerRunLoop::defaultMode());
+
+    auto source = m_jobData.workerType == WorkerType::Module ? WorkerScriptLoader::Source::ModuleScript : WorkerScriptLoader::Source::ClassicWorkerScript;
+    m_scriptLoader->loadAsynchronously(context, WTFMove(request), source, WTFMove(options), ContentSecurityPolicyEnforcement::DoNotEnforce, ServiceWorkersMode::None, *this, WorkerRunLoop::defaultMode());
 }
 
 ResourceError ServiceWorkerJob::validateServiceWorkerResponse(const ServiceWorkerJobData& jobData, const ResourceResponse& response)

Modified: trunk/Source/WebCore/workers/shared/SharedWorkerScriptLoader.cpp (289671 => 289672)


--- trunk/Source/WebCore/workers/shared/SharedWorkerScriptLoader.cpp	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebCore/workers/shared/SharedWorkerScriptLoader.cpp	2022-02-11 22:57:33 UTC (rev 289672)
@@ -48,7 +48,8 @@
     ASSERT(!m_completionHandler);
     m_completionHandler = WTFMove(completionHandler);
 
-    m_loader->loadAsynchronously(*m_worker->scriptExecutionContext(), ResourceRequest(m_url), m_worker->workerFetchOptions(m_options, FetchOptions::Destination::Sharedworker), ContentSecurityPolicyEnforcement::EnforceWorkerSrcDirective, ServiceWorkersMode::All, *this, WorkerRunLoop::defaultMode());
+    auto source = m_options.type == WorkerType::Module ? WorkerScriptLoader::Source::ModuleScript : WorkerScriptLoader::Source::ClassicWorkerScript;
+    m_loader->loadAsynchronously(*m_worker->scriptExecutionContext(), ResourceRequest(m_url), source, m_worker->workerFetchOptions(m_options, FetchOptions::Destination::Sharedworker), ContentSecurityPolicyEnforcement::EnforceWorkerSrcDirective, ServiceWorkersMode::All, *this, WorkerRunLoop::defaultMode());
 }
 
 void SharedWorkerScriptLoader::didReceiveResponse(ResourceLoaderIdentifier identifier, const ResourceResponse&)

Modified: trunk/Source/WebKit/ChangeLog (289671 => 289672)


--- trunk/Source/WebKit/ChangeLog	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebKit/ChangeLog	2022-02-11 22:57:33 UTC (rev 289672)
@@ -1,3 +1,13 @@
+2022-02-11  Chris Dumez  <[email protected]>
+
+        Fix MIME type check for classic worker script fetches
+        https://bugs.webkit.org/show_bug.cgi?id=236411
+
+        Reviewed by Alex Christensen.
+
+        * NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp:
+        (WebKit::ServiceWorkerSoftUpdateLoader::processResponse):
+
 2022-02-11  Wenson Hsieh  <[email protected]>
 
         Unreviewed, fix the Apple TV build

Modified: trunk/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp (289671 => 289672)


--- trunk/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp	2022-02-11 22:46:36 UTC (rev 289671)
+++ trunk/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp	2022-02-11 22:57:33 UTC (rev 289672)
@@ -160,7 +160,8 @@
 // https://w3c.github.io/ServiceWorker/#update-algorithm, steps 9.7 to 9.17
 ResourceError ServiceWorkerSoftUpdateLoader::processResponse(const ResourceResponse& response)
 {
-    auto error = WorkerScriptLoader::validateWorkerResponse(response, FetchOptions::Destination::Serviceworker);
+    auto source = m_jobData.workerType == WorkerType::Module ? WorkerScriptLoader::Source::ModuleScript : WorkerScriptLoader::Source::ClassicWorkerScript;
+    auto error = WorkerScriptLoader::validateWorkerResponse(response, source, FetchOptions::Destination::Serviceworker);
     if (!error.isNull())
         return error;
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to