[webkit-changes] [204172] trunk

[commit-queue]

Title: [204172] trunk

Revision

204172

Author

commit-qu...@webkit.org

Date

2016-08-05 09:26:04 -0700 (Fri, 05 Aug 2016)

Log Message

[Fetch API] SubresourceLoader::checkRedirectionCrossOriginAccessControl should not always assert in SameOrigin mode
https://bugs.webkit.org/show_bug.cgi?id=160594

Patch by Youenn Fablet <you...@apple.com> on 2016-08-05
Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

* web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt:
* web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt:
* web-platform-tests/fetch/api/basic/mode-same-origin.js: Adding redirection tests for same origin mode.

Source/WebCore:

Covered by rebased tests.

* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):
It should not throw is mode is SameOrigin and resource is same origin.

Modified Paths

• trunk/LayoutTests/imported/w3c/ChangeLog
• trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt
• trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt
• trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin.js
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/SubresourceLoader.cpp

Diff

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (204171 => 204172)

--- trunk/LayoutTests/imported/w3c/ChangeLog	2016-08-05 16:22:09 UTC (rev 204171)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2016-08-05 16:26:04 UTC (rev 204172)
@@ -1,5 +1,16 @@
 2016-08-05  Youenn Fablet  <you...@apple.com>
 
+        [Fetch API] SubresourceLoader::checkRedirectionCrossOriginAccessControl should not always assert in SameOrigin mode
+        https://bugs.webkit.org/show_bug.cgi?id=160594
+
+        Reviewed by Alex Christensen.
+
+        * web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt:
+        * web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt:
+        * web-platform-tests/fetch/api/basic/mode-same-origin.js: Adding redirection tests for same origin mode.
+
+2016-08-05  Youenn Fablet  <you...@apple.com>
+
         [Fetch API] Response.blob should not assert in case the created blob is empty
         https://bugs.webkit.org/show_bug.cgi?id=160592
 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt (204171 => 204172)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt	2016-08-05 16:22:09 UTC (rev 204171)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt	2016-08-05 16:26:04 UTC (rev 204172)
@@ -1,6 +1,14 @@
+CONSOLE MESSAGE: Unsafe attempt to load URL https://localhost:9443/fetch/api/resources/top.txt?location=%5B%27https%3A%2F%2Flocalhost%3A9443%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin.html. Domains, protocols and ports must match.
 
+CONSOLE MESSAGE: Unsafe attempt to load URL http://127.0.0.1:8800/fetch/api/resources/top.txt?location=%5B%27http%3A%2F%2F127.0.0.1%3A8800%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin.html. Domains, protocols and ports must match.
+
+
 PASS Fetch ../resources/top.txt with same-origin mode 
 PASS Fetch http://localhost:8800/fetch/api/resources/top.txt with same-origin mode 
 PASS Fetch https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
 PASS Fetch http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=../resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://localhost:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt (204171 => 204172)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt	2016-08-05 16:22:09 UTC (rev 204171)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt	2016-08-05 16:26:04 UTC (rev 204172)
@@ -1,6 +1,14 @@
+CONSOLE MESSAGE: Unsafe attempt to load URL https://localhost:9443/fetch/api/resources/top.txt?location=%5B%27https%3A%2F%2Flocalhost%3A9443%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin-worker.html. Domains, protocols and ports must match.
 
+CONSOLE MESSAGE: Unsafe attempt to load URL http://127.0.0.1:8800/fetch/api/resources/top.txt?location=%5B%27http%3A%2F%2F127.0.0.1%3A8800%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin-worker.html. Domains, protocols and ports must match.
+
+
 PASS Fetch ../resources/top.txt with same-origin mode 
 PASS Fetch http://localhost:8800/fetch/api/resources/top.txt with same-origin mode 
 PASS Fetch https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
 PASS Fetch http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=../resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://localhost:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin.js (204171 => 204172)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin.js	2016-08-05 16:22:09 UTC (rev 204171)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin.js	2016-08-05 16:26:04 UTC (rev 204172)
@@ -23,5 +23,12 @@
 fetchSameOrigin(host_info.HTTPS_ORIGIN + "/fetch/api/resources/top.txt", false);
 fetchSameOrigin(host_info.HTTP_REMOTE_ORIGIN + "/fetch/api/resources/top.txt", false);
 
+var redirPath = dirname(location.pathname) + RESOURCES_DIR + "redirect.py?location=";
+
+fetchSameOrigin(redirPath + RESOURCES_DIR + "top.txt", true);
+fetchSameOrigin(redirPath + host_info.HTTP_ORIGIN + "/fetch/api/resources/top.txt", true);
+fetchSameOrigin(redirPath + host_info.HTTPS_ORIGIN + "/fetch/api/resources/top.txt", false);
+fetchSameOrigin(redirPath + host_info.HTTP_REMOTE_ORIGIN + "/fetch/api/resources/top.txt", false);
+
 done();
 

Modified: trunk/Source/WebCore/ChangeLog (204171 => 204172)

--- trunk/Source/WebCore/ChangeLog	2016-08-05 16:22:09 UTC (rev 204171)
+++ trunk/Source/WebCore/ChangeLog	2016-08-05 16:26:04 UTC (rev 204172)
@@ -1,5 +1,18 @@
 2016-08-05  Youenn Fablet  <you...@apple.com>
 
+        [Fetch API] SubresourceLoader::checkRedirectionCrossOriginAccessControl should not always assert in SameOrigin mode
+        https://bugs.webkit.org/show_bug.cgi?id=160594
+
+        Reviewed by Alex Christensen.
+
+        Covered by rebased tests.
+
+        * loader/SubresourceLoader.cpp:
+        (WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):
+        It should not throw is mode is SameOrigin and resource is same origin.
+
+2016-08-05  Youenn Fablet  <you...@apple.com>
+
         [Fetch API] Response.blob should not assert in case the created blob is empty
         https://bugs.webkit.org/show_bug.cgi?id=160592
 

Modified: trunk/Source/WebCore/loader/SubresourceLoader.cpp (204171 => 204172)

--- trunk/Source/WebCore/loader/SubresourceLoader.cpp	2016-08-05 16:22:09 UTC (rev 204171)
+++ trunk/Source/WebCore/loader/SubresourceLoader.cpp	2016-08-05 16:26:04 UTC (rev 204172)
@@ -403,8 +403,6 @@
 
 bool SubresourceLoader::checkRedirectionCrossOriginAccessControl(const ResourceRequest& previousRequest, const ResourceResponse& redirectResponse, ResourceRequest& newRequest, String& errorMessage)
 {
-    ASSERT(options().mode != FetchOptions::Mode::SameOrigin);
-
     bool crossOriginFlag = m_resource->isCrossOrigin();
     bool isNextRequestCrossOrigin = m_origin && !m_origin->canRequest(newRequest.url());
 
@@ -411,6 +409,8 @@
     if (isNextRequestCrossOrigin)
         m_resource->setCrossOrigin();
 
+    ASSERT(options().mode != FetchOptions::Mode::SameOrigin || !m_resource->isCrossOrigin());
+
     if (options().mode != FetchOptions::Mode::Cors)
         return true;
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes