WebKit Bugzilla
Attachment 359515 Details for
Bug 186030
: Set Origin header value to null rather than omitting it
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186030-20190118202933.patch (text/plain), 5.17 KB, created by
Rob Buis
on 2019-01-18 11:29:33 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Rob Buis
Created:
2019-01-18 11:29:33 PST
Size:
5.17 KB
patch
obsolete
>Subversion Revision: 240151 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index d87b9c076a3b9c17a9e4f7577c742169192e321c..5be7e2255775964cbaad0ea87af5a4bcca36c9b4 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,21 @@ >+2019-01-18 Rob Buis <rbuis@igalia.com> >+ >+ Set Origin header value to null rather than omitting it >+ https://bugs.webkit.org/show_bug.cgi?id=186030 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ In HTTP-network-or-cache fetch [1] a few more steps should be >+ performed which we currently skip for non cors mode. In particular, to >+ fix the bug, step 10 has to be performed. >+ >+ Test: web-platform-tests/fetch/origin/no-cors.any.js >+ >+ [1] https://fetch.spec.whatwg.org/#concept-http-network-or-cache-fetch >+ >+ * loader/SubresourceLoader.cpp: >+ (WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl): >+ > 2019-01-18 Charlie Turner <cturner@igalia.com> > > [GStreamer][EME][ClearKey] Request keys from CDMInstance rather than passing via bus messages >diff --git a/Source/WebCore/loader/SubresourceLoader.cpp b/Source/WebCore/loader/SubresourceLoader.cpp >index 483ecd3c13d61e69a358eb81cca6e364cc452009..b4fd837ea42006f3ffa5ead3c70afa5e15f2166d 100644 >--- a/Source/WebCore/loader/SubresourceLoader.cpp >+++ b/Source/WebCore/loader/SubresourceLoader.cpp >@@ -567,8 +567,8 @@ bool SubresourceLoader::checkRedirectionCrossOriginAccessControl(const ResourceR > > ASSERT(options().mode != FetchOptions::Mode::SameOrigin || !m_resource->isCrossOrigin()); > >- // Implementing https://fetch.spec.whatwg.org/#concept-http-redirect-fetch step 7 & 8. > if (options().mode == FetchOptions::Mode::Cors) { >+ // Implementing https://fetch.spec.whatwg.org/#concept-http-redirect-fetch step 7 & 8. > if (m_resource->isCrossOrigin() && !isValidCrossOriginRedirectionURL(newRequest.url())) { > errorMessage = "URL is either a non-HTTP URL or contains credentials."_s; > return false; >@@ -594,11 +594,14 @@ bool SubresourceLoader::checkRedirectionCrossOriginAccessControl(const ResourceR > // Implementing https://fetch.spec.whatwg.org/#concept-http-redirect-fetch step 14. > updateReferrerPolicy(redirectResponse.httpHeaderField(HTTPHeaderName::ReferrerPolicy)); > >- if (options().mode == FetchOptions::Mode::Cors && redirectingToNewOrigin) { >- cleanHTTPRequestHeadersForAccessControl(newRequest, options().httpHeadersToKeep); >- updateRequestForAccessControl(newRequest, *m_origin, options().storedCredentialsPolicy); >+ if (redirectingToNewOrigin) { >+ if (options().mode == FetchOptions::Mode::Cors) { >+ cleanHTTPRequestHeadersForAccessControl(newRequest, options().httpHeadersToKeep); >+ updateRequestForAccessControl(newRequest, *m_origin, options().storedCredentialsPolicy); >+ } else if (newRequest.httpMethod() != "GET" && newRequest.httpMethod() != "HEAD") >+ newRequest.setHTTPOrigin(m_origin->toString()); > } >- >+ > updateRequestReferrer(newRequest, referrerPolicy(), previousRequest.httpReferrer()); > > return true; >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index 02d3c2e4b3d975456db164f4f3fa52b039a17b3e..12a625a964887e2b10e45344e5cc005148a2e15a 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,15 @@ >+2019-01-18 Rob Buis <rbuis@igalia.com> >+ >+ Set Origin header value to null rather than omitting it >+ https://bugs.webkit.org/show_bug.cgi?id=186030 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Update improved test result. >+ >+ * web-platform-tests/fetch/origin/no-cors.any-expected.txt: >+ * web-platform-tests/fetch/origin/no-cors.any.worker-expected.txt: >+ > 2019-01-14 Charles Vazac <cvazac@akamai.com> > > Import current Resource-Timing WPTs >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any-expected.txt >index e3205bfc8be9b56fbb6f770d6f675cc5afca8423..7ab29f621390cbedccf8d23d84e3de493eed7d0d 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any-expected.txt >@@ -1,3 +1,3 @@ > >-FAIL Origin header and 308 redirect assert_equals: second origin should be opaque and therefore null expected "null" but got "no Origin header" >+PASS Origin header and 308 redirect > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.worker-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.worker-expected.txt >index e3205bfc8be9b56fbb6f770d6f675cc5afca8423..7ab29f621390cbedccf8d23d84e3de493eed7d0d 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.worker-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/origin/no-cors.any.worker-expected.txt >@@ -1,3 +1,3 @@ > >-FAIL Origin header and 308 redirect assert_equals: second origin should be opaque and therefore null expected "null" but got "no Origin header" >+PASS Origin header and 308 redirect >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=359515">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186030
:
359515
|
359611
|
359613
|
359614
|
359615
|
359616
|
359617
|
359618
|
359619
|
359620
|
359621
|
359622
|
359624
|
359638
|
359640
|
359642
|
359654
|
377817
|
377819
|
377821
|
379342
|
379345
|
385964
|
386542
|
386552
|
386557
|
393465
|
393469
|
393492
|
393505
|
393580