[webkit-changes] [292804] trunk

[youenn]

Title: [292804] trunk

Revision

292804

Author

you...@apple.com

Date

2022-04-13 03:39:31 -0700 (Wed, 13 Apr 2022)

Log Message

Complement implementation of step 5.5 of https://fetch.spec.whatwg.org/#http-fetch
https://bugs.webkit.org/show_bug.cgi?id=239123

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

* web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt:

Source/WebCore:

Covered by rebased test.

* workers/service/context/ServiceWorkerFetch.cpp:
(WebCore::ServiceWorkerFetch::validateResponse):

Modified Paths

• trunk/LayoutTests/imported/w3c/ChangeLog
• trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/workers/service/context/ServiceWorkerFetch.cpp

Diff

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (292803 => 292804)

--- trunk/LayoutTests/imported/w3c/ChangeLog	2022-04-13 07:29:16 UTC (rev 292803)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2022-04-13 10:39:31 UTC (rev 292804)
@@ -1,3 +1,12 @@
+2022-04-13  Youenn Fablet  <you...@apple.com>
+
+        Complement implementation of step 5.5 of https://fetch.spec.whatwg.org/#http-fetch
+        https://bugs.webkit.org/show_bug.cgi?id=239123
+
+        Reviewed by Darin Adler.
+
+        * web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt:
+
 2022-04-12  Asumu Takikawa  <as...@igalia.com>
 
         Allow Wasm import from a JS Worker module

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt (292803 => 292804)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt	2022-04-13 07:29:16 UTC (rev 292803)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt	2022-04-13 10:39:31 UTC (rev 292804)
@@ -94,9 +94,9 @@
 PASS url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"omit" should fail.
 PASS url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"same-origin" should fail.
 PASS url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"include" should fail.
-FAIL url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"omit" should fail. assert_unreached: Should have rejected: undefined Reached unreachable code
-FAIL url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"same-origin" should fail. assert_unreached: Should have rejected: undefined Reached unreachable code
-FAIL url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"include" should fail. assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"omit" should fail.
+PASS url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"same-origin" should fail.
+PASS url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"include" should fail.
 PASS fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"omit" should succeed.
 PASS fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed.
 PASS fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"include" should succeed.
@@ -112,9 +112,9 @@
 PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"omit" should succeed.
 PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"same-origin" should succeed.
 PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"include" should succeed.
-FAIL url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"omit" should fail. assert_unreached: Should have rejected: undefined Reached unreachable code
-FAIL url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"same-origin" should fail. assert_unreached: Should have rejected: undefined Reached unreachable code
-FAIL url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"include" should fail. assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"omit" should fail.
+PASS url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"same-origin" should fail.
+PASS url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"include" should fail.
 PASS fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"omit" should succeed.
 PASS fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed.
 PASS fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"include" should succeed.

Modified: trunk/Source/WebCore/ChangeLog (292803 => 292804)

--- trunk/Source/WebCore/ChangeLog	2022-04-13 07:29:16 UTC (rev 292803)
+++ trunk/Source/WebCore/ChangeLog	2022-04-13 10:39:31 UTC (rev 292804)
@@ -1,3 +1,15 @@
+2022-04-13  Youenn Fablet  <you...@apple.com>
+
+        Complement implementation of step 5.5 of https://fetch.spec.whatwg.org/#http-fetch
+        https://bugs.webkit.org/show_bug.cgi?id=239123
+
+        Reviewed by Darin Adler.
+
+        Covered by rebased test.
+
+        * workers/service/context/ServiceWorkerFetch.cpp:
+        (WebCore::ServiceWorkerFetch::validateResponse):
+
 2022-04-12  Chris Dumez  <cdu...@apple.com>
 
         Crash under CachedResourceClientWalker<WebCore::CachedImageClient>::next()

Modified: trunk/Source/WebCore/workers/service/context/ServiceWorkerFetch.cpp (292803 => 292804)

--- trunk/Source/WebCore/workers/service/context/ServiceWorkerFetch.cpp	2022-04-13 07:29:16 UTC (rev 292803)
+++ trunk/Source/WebCore/workers/service/context/ServiceWorkerFetch.cpp	2022-04-13 10:39:31 UTC (rev 292804)
@@ -46,12 +46,15 @@
 
 namespace ServiceWorkerFetch {
 
-// https://fetch.spec.whatwg.org/#http-fetch step 3.3
+// https://fetch.spec.whatwg.org/#http-fetch step 5.5
 static inline ResourceError validateResponse(const ResourceResponse& response, FetchOptions::Mode mode, FetchOptions::Redirect redirect)
 {
     if (response.type() == ResourceResponse::Type::Error)
         return ResourceError { errorDomainWebKitInternal, 0, response.url(), "Response served by service worker is an error"_s, ResourceError::Type::General, ResourceError::IsSanitized::Yes };
 
+    if (mode == FetchOptions::Mode::SameOrigin && response.type() == ResourceResponse::Type::Cors)
+        return ResourceError { errorDomainWebKitInternal, 0, response.url(), "Response served by service worker is CORS while mode is same origin"_s, ResourceError::Type::AccessControl, ResourceError::IsSanitized::Yes };
+
     if (mode != FetchOptions::Mode::NoCors && response.tainting() == ResourceResponse::Tainting::Opaque)
         return ResourceError { errorDomainWebKitInternal, 0, response.url(), "Response served by service worker is opaque"_s, ResourceError::Type::AccessControl, ResourceError::IsSanitized::Yes };
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes