Attachment 346105 Details for Bug 188139 – Patch and layout test

[patch] Patch and layout test

bug-188139-20180730145419.patch (text/plain), 22.61 KB, created by Daniel Bates on 2018-07-30 14:54:20 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Daniel Bates

Created: 2018-07-30 14:54:20 PDT

Size: 22.61 KB

patch

obsolete

>Subversion Revision: 234316
>diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog
>index 1e46bce0ebd79826603eb9e5b48802375679fcde..13f7d46e83ac86c2481f33faf6bc7e94d15e0038 100644
>--- a/Source/WTF/ChangeLog
>+++ b/Source/WTF/ChangeLog
>@@ -1,3 +1,15 @@
>+2018-07-30  Daniel Bates  <dabates@apple.com>
>+
>+        REGRESSION (r231107): MoviStar+ launches to a blank black screen
>+        https://bugs.webkit.org/show_bug.cgi?id=188139
>+        <rdar://problem/41907319>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Add a macro define for macOS Mojave.
>+
>+        * wtf/spi/darwin/dyldSPI.h:
>+
> 2018-07-26  Andy VanWagoner  <andy@vanwagoner.family>
> 
>         [INTL] Remove INTL sub-feature compile flags
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index 91f89ac41f7422cbe4d96e3368968bf8244eed42..478705fa5c676ecc5a678bc048d03de7a0492790 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,22 @@
>+2018-07-30  Daniel Bates  <dabates@apple.com>
>+
>+        REGRESSION (r231107): MoviStar+ launches to a blank black screen
>+        https://bugs.webkit.org/show_bug.cgi?id=188139
>+        <rdar://problem/41907319>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Expose a setting, allowCORSPreflightRequestsToAnyScheme, to toggle the CORS behavior before r231107
>+        of allowing preflight requests to URLs with arbitrary schemes. Following r231107 we now conform
>+        to the definition of the CORS protocol as described in the Fetch spec, <https://fetch.spec.whatwg.org>
>+        and only perform CORS simple and preflight requests to URLS with HTTP(S) schemes.
>+
>+        Test: http/tests/xmlhttprequest/about-put-allowCORSPreflightRequestsToAnyScheme.html
>+
>+        * loader/DocumentThreadableLoader.cpp:
>+        (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
>+        * page/Settings.yaml:
>+
> 2018-07-03  David Fenton  <david_fenton@apple.com>
> 
>         Unreviewed, rolling out r233461.
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index 5f70f15f8c7a0159dc6b0280cab9c630c7332522..fbfbf0451535294726a943b964cb5557f7da308b 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,29 @@
>+2018-07-30  Daniel Bates  <dabates@apple.com>
>+
>+        REGRESSION (r231107): MoviStar+ launches to a blank black screen
>+        https://bugs.webkit.org/show_bug.cgi?id=188139
>+        <rdar://problem/41907319>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Opt into the CORS preflight behavior before r231107 for existing Modern WebKit apps. That is,
>+        allow such apps to make CORS preflight requests to any URL.
>+
>+        * NetworkProcess/NetworkLoadChecker.cpp:
>+        (WebKit::NetworkLoadChecker::NetworkLoadChecker):
>+        (WebKit::NetworkLoadChecker::doesNotNeedCORSCheck const):
>+        * NetworkProcess/NetworkLoadChecker.h:
>+        * NetworkProcess/NetworkResourceLoadParameters.cpp:
>+        (WebKit::NetworkResourceLoadParameters::encode const):
>+        (WebKit::NetworkResourceLoadParameters::decode):
>+        * NetworkProcess/NetworkResourceLoadParameters.h:
>+        * Shared/WebPreferences.yaml:
>+        * UIProcess/API/Cocoa/WKWebView.mm:
>+        (-[WKWebView _initializeWithConfiguration:]):
>+        * UIProcess/Cocoa/VersionChecks.h:
>+        * WebProcess/Network/WebLoaderStrategy.cpp:
>+        (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
>+
> 2018-07-03  David Fenton  <david_fenton@apple.com>
> 
>         Unreviewed, rolling out r233461.
>diff --git a/Source/WebKitLegacy/mac/ChangeLog b/Source/WebKitLegacy/mac/ChangeLog
>index 0e3375663b93d5b86e3cb5018566cab48fae5d06..2c056270fc123a5fbae26a6e130a5d1630431094 100644
>--- a/Source/WebKitLegacy/mac/ChangeLog
>+++ b/Source/WebKitLegacy/mac/ChangeLog
>@@ -1,3 +1,19 @@
>+2018-07-30  Daniel Bates  <dabates@apple.com>
>+
>+        REGRESSION (r231107): MoviStar+ launches to a blank black screen
>+        https://bugs.webkit.org/show_bug.cgi?id=188139
>+        <rdar://problem/41907319>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Opt into the CORS preflight behavior before r231107 for existing WebKit Legacy/UIWebView apps.
>+        That is, allow such apps to make CORS preflight requests to any URL. This change fixes the
>+        Spain App Store published MoviStar+ app on iOS 12.
>+
>+        * Misc/WebKitVersionChecks.h:
>+        * WebView/WebView.mm:
>+        (-[WebView _commonInitializationWithFrameName:groupName:]):
>+
> 2018-07-26  Andy VanWagoner  <andy@vanwagoner.family>
> 
>         [INTL] Remove INTL sub-feature compile flags
>diff --git a/Source/WTF/wtf/spi/darwin/dyldSPI.h b/Source/WTF/wtf/spi/darwin/dyldSPI.h
>index 4506098a2bdcca257a0e171a068f1d80322b6b34..805d65a95cd97c29b92b8a89cb4c8c2dbed317ab 100644
>--- a/Source/WTF/wtf/spi/darwin/dyldSPI.h
>+++ b/Source/WTF/wtf/spi/darwin/dyldSPI.h
>@@ -45,6 +45,10 @@
> #define DYLD_MACOSX_VERSION_10_13 0x000A0D00
> #endif
> 
>+#ifndef DYLD_MACOSX_VERSION_10_14
>+#define DYLD_MACOSX_VERSION_10_14 0x000A0E00
>+#endif
>+
> #else
> 
> #define DYLD_IOS_VERSION_3_0 0x00030000
>@@ -61,6 +65,7 @@
> #define DYLD_MACOSX_VERSION_10_11 0x000A0B00
> #define DYLD_MACOSX_VERSION_10_12 0x000A0C00
> #define DYLD_MACOSX_VERSION_10_13 0x000A0D00
>+#define DYLD_MACOSX_VERSION_10_14 0x000A0E00
> 
> #endif
> 
>diff --git a/Source/WebCore/loader/DocumentThreadableLoader.cpp b/Source/WebCore/loader/DocumentThreadableLoader.cpp
>index 1c2d1dc08b5c42d2a6c8eb32e04cc2ab7698f282..e0b73005324ca7ff39d6f7a4da61846680dfdbcf 100644
>--- a/Source/WebCore/loader/DocumentThreadableLoader.cpp
>+++ b/Source/WebCore/loader/DocumentThreadableLoader.cpp
>@@ -179,7 +179,8 @@ void DocumentThreadableLoader::makeCrossOriginAccessRequest(ResourceRequest&& re
> {
>     ASSERT(m_options.mode == FetchOptions::Mode::Cors);
> 
>-    if ((m_options.preflightPolicy == PreflightPolicy::Consider && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.preflightPolicy == PreflightPolicy::Prevent || shouldPerformSecurityChecks()) {
>+    bool needsPreflightQuirk = m_document.settings().allowCORSPreflightRequestsToAnyScheme() && (m_options.preflightPolicy == PreflightPolicy::Consider || m_options.preflightPolicy == PreflightPolicy::Force);
>+    if ((m_options.preflightPolicy == PreflightPolicy::Consider && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.preflightPolicy == PreflightPolicy::Prevent || (shouldPerformSecurityChecks() && !needsPreflightQuirk)) {
>         if (checkURLSchemeAsCORSEnabled(request.url()))
>             makeSimpleCrossOriginAccessRequest(WTFMove(request));
>     } else {
>@@ -194,7 +195,7 @@ void DocumentThreadableLoader::makeCrossOriginAccessRequest(ResourceRequest&& re
>             }
>         }
> #endif
>-        if (!checkURLSchemeAsCORSEnabled(request.url()))
>+        if (!needsPreflightQuirk && !checkURLSchemeAsCORSEnabled(request.url()))
>             return;
> 
>         m_simpleRequest = false;
>diff --git a/Source/WebCore/page/Settings.yaml b/Source/WebCore/page/Settings.yaml
>index bdf8004c6c5f35c39e26da41aafbb5939832e0c9..4347f6a3c2c3520b9148e5d4a760c7b995345c6a 100644
>--- a/Source/WebCore/page/Settings.yaml
>+++ b/Source/WebCore/page/Settings.yaml
>@@ -758,3 +758,6 @@ incompleteImageBorderEnabled:
> 
> shouldDeferAsynchronousScriptsUntilAfterDocumentLoad:
>   initial: false
>+
>+allowCORSPreflightRequestsToAnyScheme:
>+  initial: false
>diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
>index a87bdeb2dca7dd59b6d95cfeeb984e91228abb91..09dd1ccc866528faf15e1aaa888f909083e226dc 100644
>--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
>+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
>@@ -53,7 +53,7 @@ static inline bool isSameOrigin(const URL& url, const SecurityOrigin* origin)
>     return url.protocolIsData() || url.protocolIsBlob() || !origin || origin->canRequest(url);
> }
> 
>-NetworkLoadChecker::NetworkLoadChecker(FetchOptions&& options, PAL::SessionID sessionID, HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin, PreflightPolicy preflightPolicy, String&& referrer, bool shouldCaptureExtraNetworkLoadMetrics)
>+NetworkLoadChecker::NetworkLoadChecker(FetchOptions&& options, PAL::SessionID sessionID, HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin, PreflightPolicy preflightPolicy, String&& referrer, bool shouldCaptureExtraNetworkLoadMetrics, bool allowCORSPreflightRequestsToAnyScheme)
>     : m_options(WTFMove(options))
>     , m_sessionID(sessionID)
>     , m_originalRequestHeaders(WTFMove(originalRequestHeaders))
>@@ -62,6 +62,7 @@ NetworkLoadChecker::NetworkLoadChecker(FetchOptions&& options, PAL::SessionID se
>     , m_preflightPolicy(preflightPolicy)
>     , m_referrer(WTFMove(referrer))
>     , m_shouldCaptureExtraNetworkLoadMetrics(shouldCaptureExtraNetworkLoadMetrics)
>+    , m_allowCORSPreflightRequestsToAnyScheme(allowCORSPreflightRequestsToAnyScheme)
> {
>     m_isSameOriginRequest = isSameOrigin(m_url, m_origin.get());
>     switch (options.credentials) {
>@@ -380,7 +381,8 @@ bool NetworkLoadChecker::doesNotNeedCORSCheck(const URL& url) const
>     if (m_options.mode == FetchOptions::Mode::NoCors || m_options.mode == FetchOptions::Mode::Navigate)
>         return true;
> 
>-    if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol().toStringWithoutCopying()))
>+    bool needsPreflightQuirk = m_allowCORSPreflightRequestsToAnyScheme && (m_preflightPolicy == PreflightPolicy::Consider || m_preflightPolicy == PreflightPolicy::Force);
>+    if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol().toStringWithoutCopying()) && !needsPreflightQuirk)
>         return true;
> 
>     return m_isSameOriginRequest;
>diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.h b/Source/WebKit/NetworkProcess/NetworkLoadChecker.h
>index 68017686a8b7f1ea6f224bb739e1535187244f13..30bfd65673f48a10f690b1358da0f59c3b7e783b 100644
>--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.h
>+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.h
>@@ -47,7 +47,7 @@ class NetworkCORSPreflightChecker;
> 
> class NetworkLoadChecker : public CanMakeWeakPtr<NetworkLoadChecker> {
> public:
>-    NetworkLoadChecker(WebCore::FetchOptions&&, PAL::SessionID, WebCore::HTTPHeaderMap&&, WebCore::URL&&, RefPtr<WebCore::SecurityOrigin>&&, WebCore::PreflightPolicy, String&& referrer, bool shouldCaptureExtraNetworkLoadMetrics = false);
>+    NetworkLoadChecker(WebCore::FetchOptions&&, PAL::SessionID, WebCore::HTTPHeaderMap&&, WebCore::URL&&, RefPtr<WebCore::SecurityOrigin>&&, WebCore::PreflightPolicy, String&& referrer, bool shouldCaptureExtraNetworkLoadMetrics = false, bool allowCORSPreflightRequestsToAnyScheme = false);
>     ~NetworkLoadChecker();
> 
>     using RequestOrError = Expected<WebCore::ResourceRequest, WebCore::ResourceError>;
>@@ -134,7 +134,8 @@ private:
>     String m_dntHeaderValue;
>     String m_referrer;
>     bool m_checkContentExtensions { false };
>-    bool m_shouldCaptureExtraNetworkLoadMetrics { false };
>+    bool m_shouldCaptureExtraNetworkLoadMetrics;
>+    bool m_allowCORSPreflightRequestsToAnyScheme;
>     WebCore::NetworkLoadInformation m_loadInformation;
> };
> 
>diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp b/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp
>index 198a46f69300d83678d13a6ac2efd17966706c2a..db935a62bb95a4c8a3064776a369fd7f21024cd6 100644
>--- a/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp
>+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp
>@@ -99,6 +99,8 @@ void NetworkResourceLoadParameters::encode(IPC::Encoder& encoder) const
> 
>     encoder << shouldEnableCrossOriginResourcePolicy;
> 
>+    encoder << allowCORSPreflightRequestsToAnyScheme;
>+
>     encoder << frameAncestorOrigins;
> 
> #if ENABLE(CONTENT_EXTENSIONS)
>@@ -211,6 +213,12 @@ bool NetworkResourceLoadParameters::decode(IPC::Decoder& decoder, NetworkResourc
>         return false;
>     result.shouldEnableCrossOriginResourcePolicy = *shouldEnableCrossOriginResourcePolicy;
> 
>+    std::optional<bool> allowCORSPreflightRequestsToAnyScheme;
>+    decoder >> allowCORSPreflightRequestsToAnyScheme;
>+    if (!allowCORSPreflightRequestsToAnyScheme)
>+        return false;
>+    result.allowCORSPreflightRequestsToAnyScheme = *allowCORSPreflightRequestsToAnyScheme;
>+
>     if (!decoder.decode(result.frameAncestorOrigins))
>         return false;
>     
>diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h b/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
>index d63738aeec8a3535d09610369e786491b1e9d2f9..9a5afa2475b6003b471677157260565e41657ca2 100644
>--- a/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
>+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
>@@ -62,6 +62,7 @@ public:
>     bool shouldRestrictHTTPResponseAccess { false };
>     WebCore::PreflightPolicy preflightPolicy { WebCore::PreflightPolicy::Consider };
>     bool shouldEnableCrossOriginResourcePolicy { false };
>+    bool allowCORSPreflightRequestsToAnyScheme { false };
>     Vector<RefPtr<WebCore::SecurityOrigin>> frameAncestorOrigins;
> 
> #if ENABLE(CONTENT_EXTENSIONS)
>diff --git a/Source/WebKit/Shared/WebPreferences.yaml b/Source/WebKit/Shared/WebPreferences.yaml
>index 370266006ef407835280dd6cd3a645bb193f3da7..186babaca54de66ba432f3a2ac7c478ac1493f90 100644
>--- a/Source/WebKit/Shared/WebPreferences.yaml
>+++ b/Source/WebKit/Shared/WebPreferences.yaml
>@@ -178,6 +178,10 @@ AllowSettingAnyXHRHeaderFromFileURLs:
>   type: bool
>   defaultValue: false
> 
>+AllowCORSPreflightRequestsToAnyScheme:
>+    type: bool
>+    defaultValue: false
>+
> AllowCrossOriginSubresourcesToAskForCredentials:
>   type: bool
>   defaultValue: false
>diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm b/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
>index 53df915717dca340fc7ca36616a735f7419ffeec..417680d1b1db24c4993cf59d972d04406882133d 100644
>--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
>+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
>@@ -581,6 +581,8 @@ - (void)_initializeWithConfiguration:(WKWebViewConfiguration *)configuration
> #endif
> #endif
> 
>+    pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::allowCORSPreflightRequestsToAnySchemeKey(), WebKit::WebPreferencesStore::Value(!linkedOnOrAfter(WebKit::SDKVersion::FirstThatOnlyAllowsCORSPreflightRequestsToCORSEnabledSchemes)));
>+
>     WKAudiovisualMediaTypes mediaTypesRequiringUserGesture = [_configuration mediaTypesRequiringUserActionForPlayback];
>     pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::requiresUserGestureForVideoPlaybackKey(), WebKit::WebPreferencesStore::Value((mediaTypesRequiringUserGesture & WKAudiovisualMediaTypeVideo) == WKAudiovisualMediaTypeVideo));
>     pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::requiresUserGestureForAudioPlaybackKey(), WebKit::WebPreferencesStore::Value(((mediaTypesRequiringUserGesture & WKAudiovisualMediaTypeAudio) == WKAudiovisualMediaTypeAudio)));
>diff --git a/Source/WebKit/UIProcess/Cocoa/VersionChecks.h b/Source/WebKit/UIProcess/Cocoa/VersionChecks.h
>index 15035b3c010f278d78f756ee33eed7beaa4913a5..93cafcf7003856eed29a5470d360777277cdce1c 100644
>--- a/Source/WebKit/UIProcess/Cocoa/VersionChecks.h
>+++ b/Source/WebKit/UIProcess/Cocoa/VersionChecks.h
>@@ -40,11 +40,13 @@ enum class SDKVersion : uint32_t {
>     FirstThatDefaultsToPassiveTouchListenersOnDocument = DYLD_IOS_VERSION_11_3,
>     FirstWhereScrollViewContentInsetsAreNotObscuringInsets = DYLD_IOS_VERSION_12_0,
>     FirstWhereUIScrollViewDoesNotApplyKeyboardInsetsUnconditionally = DYLD_IOS_VERSION_12_0,
>+    FirstThatOnlyAllowsCORSPreflightRequestsToCORSEnabledSchemes = DYLD_IOS_VERSION_12_0,
> #elif PLATFORM(MAC)
>     FirstWithNetworkCache = DYLD_MACOSX_VERSION_10_11,
>     FirstWithExceptionsForDuplicateCompletionHandlerCalls = DYLD_MACOSX_VERSION_10_13,
>     FirstWithDropToNavigateDisallowedByDefault = DYLD_MACOSX_VERSION_10_13,
>     FirstWithExpiredOnlyReloadBehavior = DYLD_MACOSX_VERSION_10_13,
>+    FirstThatOnlyAllowsCORSPreflightRequestsToCORSEnabledSchemes = DYLD_MACOSX_VERSION_10_14,
> #endif
> };
> 
>diff --git a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
>index 1ffcc52cd6ee3acf70b0b25bc41e83ea4b45f3ac..832a9294c16b2bf20a92884e7ab0de004747783e 100644
>--- a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
>+++ b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
>@@ -329,6 +329,9 @@ void WebLoaderStrategy::scheduleLoadFromNetworkProcess(ResourceLoader& resourceL
> 
>     loadParameters.shouldEnableCrossOriginResourcePolicy = RuntimeEnabledFeatures::sharedFeatures().crossOriginResourcePolicyEnabled() && !loadParameters.isMainFrameNavigation;
> 
>+    if (document)
>+        loadParameters.allowCORSPreflightRequestsToAnyScheme = document->settings().allowCORSPreflightRequestsToAnyScheme();
>+
>     if (resourceLoader.options().mode == FetchOptions::Mode::Navigate) {
>         Vector<RefPtr<SecurityOrigin>> frameAncestorOrigins;
>         for (auto* frame = resourceLoader.frame()->tree().parent(); frame; frame = frame->tree().parent())
>diff --git a/Source/WebKitLegacy/mac/Misc/WebKitVersionChecks.h b/Source/WebKitLegacy/mac/Misc/WebKitVersionChecks.h
>index 40270e9d3b581c18fe9873a87d8b12e9a4ab9bb1..606ef57c6a7a7c3c16269f1ec4c99fba8b6391b1 100644
>--- a/Source/WebKitLegacy/mac/Misc/WebKitVersionChecks.h
>+++ b/Source/WebKitLegacy/mac/Misc/WebKitVersionChecks.h
>@@ -76,9 +76,11 @@ enum class SDKVersion : uint32_t {
> #if PLATFORM(IOS)
>     FirstToExcludeLocalStorageFromBackup = DYLD_IOS_VERSION_11_0,
>     FirstThatDefaultsToPassiveTouchListenersOnDocument = DYLD_IOS_VERSION_11_3,
>+    FirstThatOnlyAllowsCORSPreflightRequestsToCORSEnabledSchemes = DYLD_IOS_VERSION_12_0,
> #else
>     FirstWithDropToNavigateDisallowedByDefault = DYLD_MACOSX_VERSION_10_13,
>     FirstWithWebIconDatabaseWarning = DYLD_MACOSX_VERSION_10_13,
>+    FirstThatOnlyAllowsCORSPreflightRequestsToCORSEnabledSchemes = DYLD_MACOSX_VERSION_10_14,
> #endif
> };
> 
>diff --git a/Source/WebKitLegacy/mac/WebView/WebView.mm b/Source/WebKitLegacy/mac/WebView/WebView.mm
>index 808c3c09dfadff3c1292c15b299b59a062aa0578..5da38fe17cd4d7ef54cf7b231e6d83b5ec5dac62 100644
>--- a/Source/WebKitLegacy/mac/WebView/WebView.mm
>+++ b/Source/WebKitLegacy/mac/WebView/WebView.mm
>@@ -1491,6 +1491,8 @@ - (void)_commonInitializationWithFrameName:(NSString *)frameName groupName:(NSSt
>     _private->page->settings().setPassiveTouchListenersAsDefaultOnDocument(linkedOnOrAfter(SDKVersion::FirstThatDefaultsToPassiveTouchListenersOnDocument));
> #endif
> 
>+    _private->page->settings().setAllowCORSPreflightRequestsToAnyScheme(!linkedOnOrAfter(SDKVersion::FirstThatOnlyAllowsCORSPreflightRequestsToCORSEnabledSchemes));
>+
> #if PLATFORM(IOS)
>     // Preserve the behavior we had before <rdar://problem/7580867>
>     // by enforcing a 5MB limit for session storage.
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
>index ddde5cc424e0f59d3e90fccf21e70116f558b751..8c5e08c25e8663f2ae0da39bdc0d6e94fe87c430 100644
>--- a/LayoutTests/ChangeLog
>+++ b/LayoutTests/ChangeLog
>@@ -1,3 +1,19 @@
>+2018-07-30  Daniel Bates  <dabates@apple.com>
>+
>+        REGRESSION (r231107): MoviStar+ launches to a blank black screen
>+        https://bugs.webkit.org/show_bug.cgi?id=188139
>+        <rdar://problem/41907319>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Add a test to ensure that we do not block a CORS preflight to about: when setting allowCORSPreflightRequestsToAnyScheme
>+        is enabled. Ideally, we would write a TestWebKitAPI test that registers and handles a custom scheme and loads a page
>+        that makes an CORS preflight request to the custom scheme. For now, this test indirectly tests the setting by the
>+        omission of the console message "Cross origin requests are only supported for HTTP." in the result.
>+
>+        * http/tests/xmlhttprequest/about-put-allowCORSPreflightRequestsToAnyScheme-expected.txt: Added.
>+        * http/tests/xmlhttprequest/about-put-allowCORSPreflightRequestsToAnyScheme.html: Added.
>+
> 2018-07-27  David Fenton  <david_fenton@apple.com>
> 
>         Layout Test tiled-drawing/scrolling/fixed/four-bars-zoomed.html is flaky text failure.
>diff --git a/LayoutTests/http/tests/xmlhttprequest/about-put-allowCORSPreflightRequestsToAnyScheme-expected.txt b/LayoutTests/http/tests/xmlhttprequest/about-put-allowCORSPreflightRequestsToAnyScheme-expected.txt
>new file mode 100644
>index 0000000000000000000000000000000000000000..51758256f44dd2035dda1edd7c87f385f7dd1739
>--- /dev/null
>+++ b/LayoutTests/http/tests/xmlhttprequest/about-put-allowCORSPreflightRequestsToAnyScheme-expected.txt
>@@ -0,0 +1,6 @@
>+CONSOLE MESSAGE: Preflight response is not successful
>+CONSOLE MESSAGE: XMLHttpRequest cannot load about:blank due to access control checks.
>+This tests that CORS preflight requests to non HTTP(S) schemes are not blocked when setting allowCORSPreflightRequestsToAnyScheme is enabled. This test PASSED if the preflight request fails and you do not see a console message that indicates that the failure was due to the use of a non-HTTP(S) scheme.
>+
>+Test PASSED if there are no console messages indicating that the preflight was blocked due to use of a non-HTTP(S) scheme.
>+
>diff --git a/LayoutTests/http/tests/xmlhttprequest/about-put-allowCORSPreflightRequestsToAnyScheme.html b/LayoutTests/http/tests/xmlhttprequest/about-put-allowCORSPreflightRequestsToAnyScheme.html
>new file mode 100644
>index 0000000000000000000000000000000000000000..e02b3474991d2a17b12d7e74a1a91f9964ed3947
>--- /dev/null
>+++ b/LayoutTests/http/tests/xmlhttprequest/about-put-allowCORSPreflightRequestsToAnyScheme.html
>@@ -0,0 +1,45 @@
>+<!DOCTYPE html>
>+<html>
>+<head>
>+<script>
>+if (window.testRunner) {
>+    testRunner.dumpAsText();
>+    testRunner.waitUntilDone();
>+    if (window.internals)
>+        internals.settings.setAllowCORSPreflightRequestsToAnyScheme(true);
>+}
>+
>+function done()
>+{
>+    if (window.testRunner)
>+        testRunner.notifyDone();
>+}
>+
>+function logMessage(message)
>+{
>+    document.getElementById("console").appendChild(document.createTextNode(message + "\n"));
>+}
>+
>+function runTest()
>+{
>+    let xhr = new XMLHttpRequest;
>+    xhr.open("PUT", "about:blank");
>+    xhr.onerror = (progressEvent) => {
>+        logMessage("Test PASSED if there are no console messages indicating that the preflight was blocked due to use of a non-HTTP(S) scheme.");
>+        done();
>+    };
>+    xhr.onload = () => {
>+        logMessage("FAIL preflight request to about:blank was successful.");
>+        done();
>+    };
>+    xhr.send();
>+}
>+
>+window.onload = runTest;
>+</script>
>+</head>
>+<body>
>+<p>This tests that CORS preflight requests to non HTTP(S) schemes are not blocked when setting <code>allowCORSPreflightRequestsToAnyScheme</code> is enabled. This test PASSED if the preflight request fails and you do not see a console message that indicates that the failure was due to the use of a non-HTTP(S) scheme.</p>
>+<pre id="console"></pre>
>+</body>
>+</html>
>\ No newline at end of file

Actions: View | Formatted Diff | Diff

Attachments on bug 188139: 346095 | 346104 | 346105 | 346116 | 346119 | 346131 | 346132 | 346141 | 346247 | 346255