Title: [112485] trunk/Source/WebKit/chromium
- Revision
- 112485
- Author
- [email protected]
- Date
- 2012-03-28 18:14:05 -0700 (Wed, 28 Mar 2012)
Log Message
AssociatedURLLoader does not support Cross Origin Redirects when using
Access Control.
https://bugs.webkit.org/show_bug.cgi?id=82354
AssociatedURLLoader's internal adapter now overrides didFailRedirectCheck,
which cancels the load, causing didFail to notify the client that the
load failed. AssociatedURLLoaderTest adds test cases for CORS requests
that receive redirects and pass or fail the redirect access check.
Reviewed by Adam Barth.
* src/AssociatedURLLoader.cpp:
(AssociatedURLLoader::ClientAdapter):
(WebKit::AssociatedURLLoader::ClientAdapter::didFailRedirectCheck):
(WebKit):
* tests/AssociatedURLLoaderTest.cpp:
(WebKit):
(WebKit::TEST_F):
Modified Paths
Diff
Modified: trunk/Source/WebKit/chromium/ChangeLog (112484 => 112485)
--- trunk/Source/WebKit/chromium/ChangeLog 2012-03-29 01:07:20 UTC (rev 112484)
+++ trunk/Source/WebKit/chromium/ChangeLog 2012-03-29 01:14:05 UTC (rev 112485)
@@ -1,3 +1,24 @@
+2012-03-28 Bill Budge <[email protected]>
+
+ AssociatedURLLoader does not support Cross Origin Redirects when using
+ Access Control.
+ https://bugs.webkit.org/show_bug.cgi?id=82354
+
+ AssociatedURLLoader's internal adapter now overrides didFailRedirectCheck,
+ which cancels the load, causing didFail to notify the client that the
+ load failed. AssociatedURLLoaderTest adds test cases for CORS requests
+ that receive redirects and pass or fail the redirect access check.
+
+ Reviewed by Adam Barth.
+
+ * src/AssociatedURLLoader.cpp:
+ (AssociatedURLLoader::ClientAdapter):
+ (WebKit::AssociatedURLLoader::ClientAdapter::didFailRedirectCheck):
+ (WebKit):
+ * tests/AssociatedURLLoaderTest.cpp:
+ (WebKit):
+ (WebKit::TEST_F):
+
2012-03-28 Adrienne Walker <[email protected]>
[chromium] Fix tiled layer assert for huge layers
Modified: trunk/Source/WebKit/chromium/src/AssociatedURLLoader.cpp (112484 => 112485)
--- trunk/Source/WebKit/chromium/src/AssociatedURLLoader.cpp 2012-03-29 01:07:20 UTC (rev 112484)
+++ trunk/Source/WebKit/chromium/src/AssociatedURLLoader.cpp 2012-03-29 01:14:05 UTC (rev 112485)
@@ -140,6 +140,7 @@
virtual void didReceiveCachedMetadata(const char*, int /*dataLength*/);
virtual void didFinishLoading(unsigned long /*identifier*/, double /*finishTime*/);
virtual void didFail(const ResourceError&);
+ virtual void didFailRedirectCheck();
virtual bool isDocumentThreadableLoaderClient() { return true; }
@@ -263,6 +264,11 @@
notifyError(&m_errorTimer);
}
+void AssociatedURLLoader::ClientAdapter::didFailRedirectCheck()
+{
+ m_loader->cancel();
+}
+
void AssociatedURLLoader::ClientAdapter::setDelayedError(const ResourceError& error)
{
didFail(error);
Modified: trunk/Source/WebKit/chromium/tests/AssociatedURLLoaderTest.cpp (112484 => 112485)
--- trunk/Source/WebKit/chromium/tests/AssociatedURLLoaderTest.cpp 2012-03-29 01:07:20 UTC (rev 112484)
+++ trunk/Source/WebKit/chromium/tests/AssociatedURLLoaderTest.cpp 2012-03-29 01:14:05 UTC (rev 112485)
@@ -432,10 +432,41 @@
EXPECT_TRUE(m_didFinishLoading);
}
-// Test a successful redirect and cross-origin load using CORS.
-// FIXME: Enable this when DocumentThreadableLoader supports cross-origin redirects.
-TEST_F(AssociatedURLLoaderTest, DISABLED_RedirectCrossOriginWithAccessControlSuccess)
+// Test that a cross origin redirect response without CORS headers fails.
+TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlFailure)
{
+ GURL url = ""
+ char redirect[] = "http://www.other.com/RedirectCrossOriginWithAccessControlFailure.html"; // Cross-origin
+ GURL redirectURL = GURL(redirect);
+
+ WebURLRequest request;
+ request.initialize();
+ request.setURL(url);
+
+ // Create a redirect response without CORS headers.
+ m_expectedRedirectResponse = WebURLResponse();
+ m_expectedRedirectResponse.initialize();
+ m_expectedRedirectResponse.setMIMEType("text/html");
+ m_expectedRedirectResponse.setHTTPStatusCode(301);
+ m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect);
+ webkit_support::RegisterMockedURL(url, m_expectedRedirectResponse, m_frameFilePath);
+
+ WebURLLoaderOptions options;
+ options.crossOriginRequestPolicy = WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
+ m_expectedLoader = createAssociatedURLLoader(options);
+ EXPECT_TRUE(m_expectedLoader);
+ m_expectedLoader->loadAsynchronously(request, this);
+ serveRequests();
+ // We should not receive a notification for the redirect or any response.
+ EXPECT_FALSE(m_willSendRequest);
+ EXPECT_FALSE(m_didReceiveResponse);
+ EXPECT_FALSE(m_didReceiveData);
+ EXPECT_FALSE(m_didFail);
+}
+
+// Test that a cross origin redirect response with CORS headers that allow the requesting origin succeeds.
+TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlSuccess)
+{
GURL url = ""
char redirect[] = "http://www.other.com/RedirectCrossOriginWithAccessControlSuccess.html"; // Cross-origin
GURL redirectURL = GURL(redirect);
@@ -444,11 +475,13 @@
request.initialize();
request.setURL(url);
+ // Create a redirect response that allows the redirect to pass the access control checks.
m_expectedRedirectResponse = WebURLResponse();
m_expectedRedirectResponse.initialize();
m_expectedRedirectResponse.setMIMEType("text/html");
m_expectedRedirectResponse.setHTTPStatusCode(301);
m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect);
+ m_expectedRedirectResponse.addHTTPHeaderField("access-control-allow-origin", "*");
webkit_support::RegisterMockedURL(url, m_expectedRedirectResponse, m_frameFilePath);
m_expectedNewRequest = WebURLRequest();
@@ -467,7 +500,8 @@
EXPECT_TRUE(m_expectedLoader);
m_expectedLoader->loadAsynchronously(request, this);
serveRequests();
- EXPECT_TRUE(m_willSendRequest);
+ // We should not receive a notification for the redirect.
+ EXPECT_FALSE(m_willSendRequest);
EXPECT_TRUE(m_didReceiveResponse);
EXPECT_TRUE(m_didReceiveData);
EXPECT_TRUE(m_didFinishLoading);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
