WebKit Bugzilla
Attachment 348795 Details for
Bug 189251
: Add helper function to create a potential CORS request
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-189251-20180903165639.patch (text/plain), 17.69 KB, created by
Daniel Bates
on 2018-09-03 16:56:40 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Daniel Bates
Created:
2018-09-03 16:56:40 PDT
Size:
17.69 KB
patch
obsolete
>Subversion Revision: 235148 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 76aee841341a9aafe1ed89dc7220036e397ec4ef..a284d81de18f808659ca26602b128118571f25dd 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,44 @@ >+2018-09-03 Daniel Bates <dabates@apple.com> >+ >+ Add helper function to create a potential CORS request >+ https://bugs.webkit.org/show_bug.cgi?id=189251 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add a new function, createPotentialAccessControlRequest, that we will use to implement the algorithm Create a potential- >+ CORS request from the HTML standard: <https://html.spec.whatwg.org/multipage/urls-and-fetching.html#create-a-potential-cors-request> (31 August 2018). >+ This function replaces CachedResourceRequest::setAsPotentiallyCrossOrigin() and is the first step towards separating >+ the concepts of CORS settings states and module script credentials mode as well as implementing the aforementioned >+ algorithm. Rename CachedResourceRequest::setAsPotentiallyCrossOrigin() to deprecatedSetAsPotentiallyCrossOrigin() >+ and switch existing callers to use createPotentialAccessControlRequest(). For now, createPotentialAccessControlRequest() >+ is implemented in terms of deprecatedSetAsPotentiallyCrossOrigin(). >+ >+ No functionality changed. So, no new tests. >+ >+ * bindings/js/CachedScriptFetcher.cpp: >+ (WebCore::CachedScriptFetcher::requestScriptWithCache const): Write in terms of WebCore::createPotentialAccessControlRequest(). >+ * html/HTMLLinkElement.cpp: >+ (WebCore::HTMLLinkElement::process): Ditto. >+ * html/parser/HTMLResourcePreloader.cpp: >+ (WebCore::PreloadRequest::resourceRequest): Ditto. >+ * loader/CrossOriginAccessControl.cpp: >+ (WebCore::createPotentialAccessControlRequest): For now, implemented in terms of CachedResourceRequest::deprecatedSetAsPotentiallyCrossOrigin(). >+ * loader/CrossOriginAccessControl.h: >+ * loader/ImageLoader.cpp: >+ (WebCore::ImageLoader::updateFromElement): Write in terms of WebCore::createPotentialAccessControlRequest(). >+ * loader/LinkLoader.cpp: >+ (WebCore::LinkLoader::preloadIfNeeded): Ditto. >+ * loader/MediaResourceLoader.cpp: >+ (WebCore::MediaResourceLoader::requestResource): Ditto. Also renamed local variable cacheRequest to cachedRequest. >+ * loader/TextTrackLoader.cpp: >+ (WebCore::TextTrackLoader::load): Write in terms of WebCore::createPotentialAccessControlRequest(). Also change local variable >+ document from a pointer to a reference since this function asserts that the script execution context is a non-null Document. >+ * loader/cache/CachedResourceRequest.cpp: >+ (WebCore::CachedResourceRequest::deprecatedSetAsPotentiallyCrossOrigin): Renamed; formerly named setAsPotentiallyCrossOrigin. >+ (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin): Deleted. >+ * loader/cache/CachedResourceRequest.h: >+ (WebCore::CachedResourceRequest::setPriority): Added. >+ > 2018-08-22 Daniel Bates <dabates@apple.com> > > HTML{Image, Link, Script}Element::crossOrigin() should return an AtomicString >diff --git a/Source/WebCore/bindings/js/CachedScriptFetcher.cpp b/Source/WebCore/bindings/js/CachedScriptFetcher.cpp >index fe2eeac47f299891020b9d7694bedb44bd62b20a..7c87b23938e433e508c0fb80be9c9e6fde382103 100644 >--- a/Source/WebCore/bindings/js/CachedScriptFetcher.cpp >+++ b/Source/WebCore/bindings/js/CachedScriptFetcher.cpp >@@ -29,6 +29,7 @@ > #include "CachedResourceLoader.h" > #include "CachedScript.h" > #include "ContentSecurityPolicy.h" >+#include "CrossOriginAccessControl.h" > #include "Document.h" > #include "Settings.h" > >@@ -56,14 +57,11 @@ CachedResourceHandle<CachedScript> CachedScriptFetcher::requestScriptWithCache(D > options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set; > options.integrity = WTFMove(integrity); > >- CachedResourceRequest request(ResourceRequest(sourceURL), options); >- request.setAsPotentiallyCrossOrigin(crossOriginMode, document); >+ auto request = createPotentialAccessControlRequest(sourceURL, document, crossOriginMode, WTFMove(options)); > request.upgradeInsecureRequestIfNeeded(document); >- > request.setCharset(m_charset); > if (!m_initiatorName.isNull()) > request.setInitiator(m_initiatorName); >- > return document.cachedResourceLoader().requestScript(WTFMove(request)).value_or(nullptr); > } > >diff --git a/Source/WebCore/html/HTMLLinkElement.cpp b/Source/WebCore/html/HTMLLinkElement.cpp >index 156e5b2b1043531261095f3e69aa5dfddec78ec4..8677308bcdb228599670b07285fe501cae5d93e6 100644 >--- a/Source/WebCore/html/HTMLLinkElement.cpp >+++ b/Source/WebCore/html/HTMLLinkElement.cpp >@@ -31,6 +31,7 @@ > #include "CachedResourceLoader.h" > #include "CachedResourceRequest.h" > #include "ContentSecurityPolicy.h" >+#include "CrossOriginAccessControl.h" > #include "DOMTokenList.h" > #include "Document.h" > #include "Event.h" >@@ -314,9 +315,11 @@ void HTMLLinkElement::process() > if (document().contentSecurityPolicy()->allowStyleWithNonce(attributeWithoutSynchronization(HTMLNames::nonceAttr))) > options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck; > options.integrity = m_integrityMetadataForPendingSheetRequest; >- CachedResourceRequest request(url, options, priority, WTFMove(charset)); >+ >+ auto request = createPotentialAccessControlRequest(WTFMove(url), document(), crossOrigin(), WTFMove(options)); >+ request.setPriority(WTFMove(priority)); >+ request.setCharset(WTFMove(charset)); > request.setInitiator(*this); >- request.setAsPotentiallyCrossOrigin(crossOrigin(), document()); > > ASSERT_WITH_SECURITY_IMPLICATION(!m_cachedSheet); > m_cachedSheet = document().cachedResourceLoader().requestCSSStyleSheet(WTFMove(request)).value_or(nullptr); >diff --git a/Source/WebCore/html/parser/HTMLResourcePreloader.cpp b/Source/WebCore/html/parser/HTMLResourcePreloader.cpp >index 7221a8b37479f9eb75474e7afc4161e629b50ff8..3d006ab04bf528764f9f0c844abf46e0d63631ff 100644 >--- a/Source/WebCore/html/parser/HTMLResourcePreloader.cpp >+++ b/Source/WebCore/html/parser/HTMLResourcePreloader.cpp >@@ -27,6 +27,7 @@ > #include "HTMLResourcePreloader.h" > > #include "CachedResourceLoader.h" >+#include "CrossOriginAccessControl.h" > #include "Document.h" > > #include "MediaQueryEvaluator.h" >@@ -53,14 +54,13 @@ CachedResourceRequest PreloadRequest::resourceRequest(Document& document) > if (skipContentSecurityPolicyCheck) > options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck; > >- CachedResourceRequest request { completeURL(document), options }; >- request.setInitiator(m_initiator); > String crossOriginMode = m_crossOriginMode; > if (m_moduleScript == ModuleScript::Yes) { > if (crossOriginMode.isNull()) > crossOriginMode = "omit"_s; > } >- request.setAsPotentiallyCrossOrigin(crossOriginMode, document); >+ auto request = createPotentialAccessControlRequest(completeURL(document), document, crossOriginMode, WTFMove(options)); >+ request.setInitiator(m_initiator); > return request; > } > >diff --git a/Source/WebCore/loader/CrossOriginAccessControl.cpp b/Source/WebCore/loader/CrossOriginAccessControl.cpp >index 69082762bb787029069b7a4da28ee1123e0a1a5b..0d26a1faac183574043faa7b4a9ec6d11180b817 100644 >--- a/Source/WebCore/loader/CrossOriginAccessControl.cpp >+++ b/Source/WebCore/loader/CrossOriginAccessControl.cpp >@@ -27,6 +27,7 @@ > #include "config.h" > #include "CrossOriginAccessControl.h" > >+#include "CachedResourceRequest.h" > #include "CrossOriginPreflightResultCache.h" > #include "HTTPHeaderNames.h" > #include "HTTPParsers.h" >@@ -117,6 +118,15 @@ ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque > return preflightRequest; > } > >+CachedResourceRequest createPotentialAccessControlRequest(ResourceRequest&& request, Document& document, const String& crossOriginAttribute, ResourceLoaderOptions&& options) >+{ >+ // FIXME: This does not match the algorithm "create a potential-CORS request": >+ // <https://html.spec.whatwg.org/multipage/urls-and-fetching.html#create-a-potential-cors-request> (31 August 2018). >+ auto cachedRequest = CachedResourceRequest { WTFMove(request), WTFMove(options) }; >+ cachedRequest.deprecatedSetAsPotentiallyCrossOrigin(crossOriginAttribute, document); >+ return cachedRequest; >+} >+ > bool isValidCrossOriginRedirectionURL(const URL& redirectURL) > { > return SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(redirectURL.protocol().toStringWithoutCopying()) >diff --git a/Source/WebCore/loader/CrossOriginAccessControl.h b/Source/WebCore/loader/CrossOriginAccessControl.h >index 2c6754b10f62e817cce769aa53e8d5b60b13101f..d2b09bd5db5676c01abf823d3f0722a770ea540b 100644 >--- a/Source/WebCore/loader/CrossOriginAccessControl.h >+++ b/Source/WebCore/loader/CrossOriginAccessControl.h >@@ -33,6 +33,8 @@ > > namespace WebCore { > >+class CachedResourceRequest; >+class Document; > class HTTPHeaderMap; > class ResourceError; > class ResourceRequest; >@@ -40,13 +42,17 @@ class ResourceResponse; > class SecurityOrigin; > class URL; > >+struct ResourceLoaderOptions; >+ > WEBCORE_EXPORT bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap&); > bool isOnAccessControlSimpleRequestMethodWhitelist(const String&); > > void updateRequestReferrer(ResourceRequest&, ReferrerPolicy, const String&); > > WEBCORE_EXPORT void updateRequestForAccessControl(ResourceRequest&, SecurityOrigin&, StoredCredentialsPolicy); >+ > WEBCORE_EXPORT ResourceRequest createAccessControlPreflightRequest(const ResourceRequest&, SecurityOrigin&, const String&); >+CachedResourceRequest createPotentialAccessControlRequest(ResourceRequest&&, Document&, const String& crossOriginAttribute, ResourceLoaderOptions&&); > > bool isValidCrossOriginRedirectionURL(const URL&); > >diff --git a/Source/WebCore/loader/ImageLoader.cpp b/Source/WebCore/loader/ImageLoader.cpp >index 3c499aa718cb684c76659e223f304d75fb86532d..5c28f8261335858f28a7fe29bbe2d6eb260314c2 100644 >--- a/Source/WebCore/loader/ImageLoader.cpp >+++ b/Source/WebCore/loader/ImageLoader.cpp >@@ -178,11 +178,10 @@ void ImageLoader::updateFromElement() > options.contentSecurityPolicyImposition = element().isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck; > options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set; > >- CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))), options); >+ auto crossOriginAttribute = element().attributeWithoutSynchronization(HTMLNames::crossoriginAttr); >+ auto request = createPotentialAccessControlRequest(document.completeURL(sourceURI(attr)), document, crossOriginAttribute, WTFMove(options)); > request.setInitiator(element()); > >- request.setAsPotentiallyCrossOrigin(element().attributeWithoutSynchronization(HTMLNames::crossoriginAttr), document); >- > if (m_loadManually) { > bool autoLoadOtherImages = document.cachedResourceLoader().autoLoadImages(); > document.cachedResourceLoader().setAutoLoadImages(false); >diff --git a/Source/WebCore/loader/LinkLoader.cpp b/Source/WebCore/loader/LinkLoader.cpp >index b935d2241199719f49b49fc7a3f6b35324003257..be5db4d7e6b1f7e80042bbd21ba27395cc1b925c 100644 >--- a/Source/WebCore/loader/LinkLoader.cpp >+++ b/Source/WebCore/loader/LinkLoader.cpp >@@ -246,12 +246,13 @@ std::unique_ptr<LinkPreloadResourceClient> LinkLoader::preloadIfNeeded(const Lin > if (!isSupportedType(type.value(), mimeType)) > return nullptr; > >- CachedResourceRequest linkRequest(document.completeURL(href), CachedResourceLoader::defaultCachedResourceOptions(), CachedResource::defaultPriorityForResourceType(type.value())); >+ auto options = CachedResourceLoader::defaultCachedResourceOptions(); >+ auto linkRequest = createPotentialAccessControlRequest(document.completeURL(href), document, crossOriginMode, WTFMove(options)); >+ linkRequest.setPriority(CachedResource::defaultPriorityForResourceType(type.value())); > linkRequest.setInitiator("link"); > linkRequest.setIgnoreForRequestCount(true); > linkRequest.setIsLinkPreload(); > >- linkRequest.setAsPotentiallyCrossOrigin(crossOriginMode, document); > auto cachedLinkResource = document.cachedResourceLoader().preload(type.value(), WTFMove(linkRequest)).value_or(nullptr); > > if (cachedLinkResource && cachedLinkResource->type() != *type) >diff --git a/Source/WebCore/loader/MediaResourceLoader.cpp b/Source/WebCore/loader/MediaResourceLoader.cpp >index 6439676fed2445a96cca8e58a1aeac078f6a9acb..b119133c8c83b6b144a33495fddfb939fff34d72 100644 >--- a/Source/WebCore/loader/MediaResourceLoader.cpp >+++ b/Source/WebCore/loader/MediaResourceLoader.cpp >@@ -90,12 +90,11 @@ RefPtr<PlatformMediaResource> MediaResourceLoader::requestResource(ResourceReque > DefersLoadingPolicy::AllowDefersLoading, > cachingPolicy }; > loaderOptions.destination = m_mediaElement && !m_mediaElement->isVideo() ? FetchOptions::Destination::Audio : FetchOptions::Destination::Video; >- CachedResourceRequest cacheRequest { WTFMove(request), WTFMove(loaderOptions) }; >- cacheRequest.setAsPotentiallyCrossOrigin(m_crossOriginMode, *m_document); >+ auto cachedRequest = createPotentialAccessControlRequest(WTFMove(request), *m_document, m_crossOriginMode, WTFMove(loaderOptions)); > if (m_mediaElement) >- cacheRequest.setInitiator(*m_mediaElement.get()); >+ cachedRequest.setInitiator(*m_mediaElement.get()); > >- auto resource = m_document->cachedResourceLoader().requestMedia(WTFMove(cacheRequest)).value_or(nullptr); >+ auto resource = m_document->cachedResourceLoader().requestMedia(WTFMove(cachedRequest)).value_or(nullptr); > if (!resource) > return nullptr; > >diff --git a/Source/WebCore/loader/TextTrackLoader.cpp b/Source/WebCore/loader/TextTrackLoader.cpp >index ff1436d8c28fe75bd74a3374d6b5d56922788383..a72d0b4336b8aa82796fd2c47c907c6a45068772 100644 >--- a/Source/WebCore/loader/TextTrackLoader.cpp >+++ b/Source/WebCore/loader/TextTrackLoader.cpp >@@ -147,20 +147,16 @@ bool TextTrackLoader::load(const URL& url, const String& crossOriginMode, bool i > cancelLoad(); > > ASSERT(is<Document>(m_scriptExecutionContext)); >- Document* document = downcast<Document>(m_scriptExecutionContext); >+ Document& document = downcast<Document>(*m_scriptExecutionContext); > > ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions(); > options.contentSecurityPolicyImposition = isInitiatingElementInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck; > >- CachedResourceRequest cueRequest(ResourceRequest(document->completeURL(url)), options); >- cueRequest.setAsPotentiallyCrossOrigin(crossOriginMode, *document); >- >- m_resource = document->cachedResourceLoader().requestTextTrack(WTFMove(cueRequest)).value_or(nullptr); >+ auto cueRequest = createPotentialAccessControlRequest(document.completeURL(url), document, crossOriginMode, WTFMove(options)); >+ m_resource = document.cachedResourceLoader().requestTextTrack(WTFMove(cueRequest)).value_or(nullptr); > if (!m_resource) > return false; >- > m_resource->addClient(*this); >- > return true; > } > >diff --git a/Source/WebCore/loader/cache/CachedResourceRequest.cpp b/Source/WebCore/loader/cache/CachedResourceRequest.cpp >index d8ddc31cc09356e466d8c6607d3668445c4dc3f7..720ead197ec99f353382751f1fb5cfde59c8ffe7 100644 >--- a/Source/WebCore/loader/cache/CachedResourceRequest.cpp >+++ b/Source/WebCore/loader/cache/CachedResourceRequest.cpp >@@ -85,7 +85,7 @@ const AtomicString& CachedResourceRequest::initiatorName() const > return defaultName; > } > >-void CachedResourceRequest::setAsPotentiallyCrossOrigin(const String& mode, Document& document) >+void CachedResourceRequest::deprecatedSetAsPotentiallyCrossOrigin(const String& mode, Document& document) > { > ASSERT(m_options.mode == FetchOptions::Mode::NoCors); > >diff --git a/Source/WebCore/loader/cache/CachedResourceRequest.h b/Source/WebCore/loader/cache/CachedResourceRequest.h >index cb37d0c5f278476126a1b3b4466fded6d86c37c7..89cca69bc71ef42e8fb6d542d06e0437844e5006 100644 >--- a/Source/WebCore/loader/cache/CachedResourceRequest.h >+++ b/Source/WebCore/loader/cache/CachedResourceRequest.h >@@ -55,14 +55,20 @@ public: > ResourceRequest&& releaseResourceRequest() { return WTFMove(m_resourceRequest); } > const ResourceRequest& resourceRequest() const { return m_resourceRequest; } > ResourceRequest& resourceRequest() { return m_resourceRequest; } >+ > const String& charset() const { return m_charset; } > void setCharset(const String& charset) { m_charset = charset; } >+ > const ResourceLoaderOptions& options() const { return m_options; } > void setOptions(const ResourceLoaderOptions& options) { m_options = options; } >+ > const std::optional<ResourceLoadPriority>& priority() const { return m_priority; } >+ void setPriority(std::optional<ResourceLoadPriority>&& priority) { m_priority = WTFMove(priority); } >+ > void setInitiator(Element&); > void setInitiator(const AtomicString& name); > const AtomicString& initiatorName() const; >+ > bool allowsCaching() const { return m_options.cachingPolicy == CachingPolicy::AllowCaching; } > void setCachingPolicy(CachingPolicy policy) { m_options.cachingPolicy = policy; } > >@@ -72,7 +78,8 @@ public: > > void setDestinationIfNotSet(FetchOptions::Destination); > >- void setAsPotentiallyCrossOrigin(const String&, Document&); >+ void deprecatedSetAsPotentiallyCrossOrigin(const String&, Document&); // Use WebCore::createPotentialAccessControlRequest() instead. >+ > void updateForAccessControl(Document&); > > void updateReferrerPolicy(ReferrerPolicy);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=348795">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 189251
: 348795