WebKit Bugzilla
Attachment 356980 Details for
Bug 192288
: Merge parseAccessControlExposeHeadersAllowList into parseAccessControlAllowList
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-192288-20181210212414.patch (text/plain), 5.03 KB, created by
Rob Buis
on 2018-12-10 12:24:14 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Rob Buis
Created:
2018-12-10 12:24:14 PST
Size:
5.03 KB
patch
obsolete
>Subversion Revision: 239035 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index ee7eb659e636afbc2477fc21d5efa63a24d6a1dd..f89ca5a27f8b0997e87c933d5c017edd4f41be47 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,20 @@ >+2018-12-10 Rob Buis <rbuis@igalia.com> >+ >+ Merge parseAccessControlExposeHeadersAllowList into parseAccessControlAllowList >+ https://bugs.webkit.org/show_bug.cgi?id=192288 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Prefer return value to out parameter for parseAccessControlAllowList. >+ >+ * loader/CrossOriginPreflightResultCache.cpp: >+ (WebCore::CrossOriginPreflightResultCacheItem::parse): >+ * platform/network/HTTPParsers.h: >+ (WebCore::parseAccessControlAllowList): >+ * platform/network/ResourceResponseBase.cpp: >+ (WebCore::ResourceResponseBase::filter): >+ (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting): >+ > 2018-12-10 Truitt Savell <tsavell@apple.com> > > Unreviewed, rolling out r238965. >diff --git a/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp b/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp >index 9d45b3745732811cb01163214276089e055443d6..5d6e201b275427860c34a54244b158f39e9d6197 100644 >--- a/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp >+++ b/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp >@@ -54,11 +54,8 @@ static bool parseAccessControlMaxAge(const String& string, Seconds& expiryDelta) > > bool CrossOriginPreflightResultCacheItem::parse(const ResourceResponse& response) > { >- m_methods.clear(); >- parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowMethods), m_methods); >- >- m_headers.clear(); >- parseAccessControlAllowList<ASCIICaseInsensitiveHash>(response.httpHeaderField(HTTPHeaderName::AccessControlAllowHeaders), m_headers); >+ m_methods = parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowMethods)); >+ m_headers = parseAccessControlAllowList<ASCIICaseInsensitiveHash>(response.httpHeaderField(HTTPHeaderName::AccessControlAllowHeaders)); > > Seconds expiryDelta = 0_s; > if (parseAccessControlMaxAge(response.httpHeaderField(HTTPHeaderName::AccessControlMaxAge), expiryDelta)) { >diff --git a/Source/WebCore/platform/network/HTTPParsers.h b/Source/WebCore/platform/network/HTTPParsers.h >index 0c9fd97cf17d7ec076544be3d33506fa9ff78a4f..28fdfda08421d9d914fe4aaf5544ed5b1b52284f 100644 >--- a/Source/WebCore/platform/network/HTTPParsers.h >+++ b/Source/WebCore/platform/network/HTTPParsers.h >@@ -149,8 +149,9 @@ void addToAccessControlAllowList(const String& string, unsigned start, unsigned > } > > template<class HashType = DefaultHash<String>::Hash> >-void parseAccessControlAllowList(const String& string, HashSet<String, HashType>& set) >+HashSet<String, HashType> parseAccessControlAllowList(const String& string) > { >+ HashSet<String, HashType> set; > unsigned start = 0; > size_t end; > while ((end = string.find(',', start)) != notFound) { >@@ -160,6 +161,7 @@ void parseAccessControlAllowList(const String& string, HashSet<String, HashType> > } > if (start != string.length()) > addToAccessControlAllowList(string, start, string.length() - 1, set); >+ return set; > } > > } >diff --git a/Source/WebCore/platform/network/ResourceResponseBase.cpp b/Source/WebCore/platform/network/ResourceResponseBase.cpp >index 3538abfd9be8db26ff95fa72cc85c4bb5e36eb43..d70c63f283d6ae939f043f4b52770e9e1c1f7e1d 100644 >--- a/Source/WebCore/platform/network/ResourceResponseBase.cpp >+++ b/Source/WebCore/platform/network/ResourceResponseBase.cpp >@@ -151,8 +151,7 @@ ResourceResponse ResourceResponseBase::filter(const ResourceResponse& response) > ASSERT(response.tainting() == Tainting::Cors); > filteredResponse.setType(Type::Cors); > >- HTTPHeaderSet accessControlExposeHeaderSet; >- parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders), accessControlExposeHeaderSet); >+ auto accessControlExposeHeaderSet = parseAccessControlAllowList<ASCIICaseInsensitiveHash>(response.httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders)); > filteredResponse.m_httpHeaderFields.uncommonHeaders().removeAllMatching([&](auto& entry) { > return !isCrossOriginSafeHeader(entry.key, accessControlExposeHeaderSet); > }); >@@ -419,8 +418,7 @@ void ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting() > if (isSafeCrossOriginResponseHeader(header.key)) > filteredHeaders.add(header.key, WTFMove(header.value)); > } >- HTTPHeaderSet corsSafeHeaderSet; >- parseAccessControlAllowList(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders), corsSafeHeaderSet); >+ auto corsSafeHeaderSet = parseAccessControlAllowList<ASCIICaseInsensitiveHash>(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders)); > for (auto& headerName : corsSafeHeaderSet) { > if (!filteredHeaders.contains(headerName)) { > auto value = m_httpHeaderFields.get(headerName);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=356980">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 192288
:
356339
| 356980