Attachment 371304 Details for Bug 198534 – Patch

[patch] Patch

bug-198534-20190604110825.patch (text/plain), 8.13 KB, created by Chris Dumez on 2019-06-04 11:08:27 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Chris Dumez

Created: 2019-06-04 11:08:27 PDT

Size: 8.13 KB

patch

obsolete

>Subversion Revision: 246053
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index a01f2a73b2dbc1904ed79cc664b522cbe66b52ef..ff0ca4a512e7bbb969772e8d34f4866bacbff142 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,25 @@
>+2019-06-04  Chris Dumez  <cdumez@apple.com>
>+
>+        Crash when calling XMLHttpRequest.setRequestHeader() in a worker
>+        https://bugs.webkit.org/show_bug.cgi?id=198534
>+        <rdar://problem/51393912>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Move allowSettingAnyXHRHeaderFromFileURLs flag from Settings to RuntimeEnabledFeatures so that
>+        it can be queried from workers. The previous code was trying to query the flag by casting the
>+        script execution context to a Document in order to get the settings. This would crash when
>+        the script execution context is a WorkerGlobalScope.
>+
>+        Test: fast/workers/worker-xhr-setRequestHeader.html
>+
>+        * page/RuntimeEnabledFeatures.h:
>+        (WebCore::RuntimeEnabledFeatures::allowSettingAnyXHRHeaderFromFileURLs const):
>+        (WebCore::RuntimeEnabledFeatures::setAllowSettingAnyXHRHeaderFromFileURLs):
>+        * page/Settings.yaml:
>+        * xml/XMLHttpRequest.cpp:
>+        (WebCore::XMLHttpRequest::setRequestHeader):
>+
> 2019-06-03  Robin Morisset  <rmorisset@apple.com>
> 
>         [WHLSL] Parsing and lexing the standard library is slow
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index 76d15cc4291b5ca49c3316c4fe0b9fced21d174f..250c20355dadd16fa14d52f491263d34e134a79f 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,13 @@
>+2019-06-04  Chris Dumez  <cdumez@apple.com>
>+
>+        Crash when calling XMLHttpRequest.setRequestHeader() in a worker
>+        https://bugs.webkit.org/show_bug.cgi?id=198534
>+        <rdar://problem/51393912>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        * Shared/WebPreferences.yaml:
>+
> 2019-06-04  Chris Dumez  <cdumez@apple.com>
> 
>         [iOS] UIProcess' background task expiration handler may get called after the app is foreground again
>diff --git a/Source/WebCore/page/RuntimeEnabledFeatures.h b/Source/WebCore/page/RuntimeEnabledFeatures.h
>index 1b9ddaccb8cf3bcdafd70904688cfee466944599..c5071dc2927d44927eb8bdf670b97e810c443e44 100644
>--- a/Source/WebCore/page/RuntimeEnabledFeatures.h
>+++ b/Source/WebCore/page/RuntimeEnabledFeatures.h
>@@ -95,6 +95,9 @@ public:
>     void setCustomPasteboardDataEnabled(bool isEnabled) { m_isCustomPasteboardDataEnabled = isEnabled; }
>     bool customPasteboardDataEnabled() const { return m_isCustomPasteboardDataEnabled; }
>     
>+    bool allowSettingAnyXHRHeaderFromFileURLs() const { return m_allowSettingAnyXHRHeaderFromFileURLs; }
>+    void setAllowSettingAnyXHRHeaderFromFileURLs(bool value) { m_allowSettingAnyXHRHeaderFromFileURLs = value; }
>+    
>     void setWebShareEnabled(bool isEnabled) { m_isWebShareEnabled = isEnabled; }
>     bool webShareEnabled() const { return m_isWebShareEnabled; }
> 
>@@ -413,6 +416,7 @@ private:
>     bool m_pointerEventsEnabled { true };
>     bool m_webSQLEnabled { true };
>     bool m_pageAtRuleSupportEnabled { false };
>+    bool m_allowSettingAnyXHRHeaderFromFileURLs { false };
> 
> #if ENABLE(LAYOUT_FORMATTING_CONTEXT)
>     bool m_layoutFormattingContextEnabled { false };
>diff --git a/Source/WebCore/page/Settings.yaml b/Source/WebCore/page/Settings.yaml
>index d4068ed8c405ad52f2f56020a92965b7da6640dc..7483435632f9b1e8f570d37cda30ecae2def5d12 100644
>--- a/Source/WebCore/page/Settings.yaml
>+++ b/Source/WebCore/page/Settings.yaml
>@@ -99,8 +99,6 @@ allowUniversalAccessFromFileURLs:
>   initial: true
> allowFileAccessFromFileURLs:
>   initial: true
>-allowSettingAnyXHRHeaderFromFileURLs:
>-  initial: false
> allowCrossOriginSubresourcesToAskForCredentials:
>   initial: false
> needsStorageAccessFromFileURLsQuirk:
>diff --git a/Source/WebCore/xml/XMLHttpRequest.cpp b/Source/WebCore/xml/XMLHttpRequest.cpp
>index 2f717c3a1fb31272d08b51d1eee80d8335aa317a..9bb4876b2b09c787aca52583abb8dc9d474a9854 100644
>--- a/Source/WebCore/xml/XMLHttpRequest.cpp
>+++ b/Source/WebCore/xml/XMLHttpRequest.cpp
>@@ -45,6 +45,7 @@
> #include "ResourceError.h"
> #include "ResourceRequest.h"
> #include "RuntimeApplicationChecks.h"
>+#include "RuntimeEnabledFeatures.h"
> #include "SecurityOriginPolicy.h"
> #include "Settings.h"
> #include "SharedBuffer.h"
>@@ -817,7 +818,7 @@ ExceptionOr<void> XMLHttpRequest::setRequestHeader(const String& name, const Str
> #if ENABLE(DASHBOARD_SUPPORT)
>     allowUnsafeHeaderField = usesDashboardBackwardCompatibilityMode();
> #endif
>-    if (securityOrigin()->canLoadLocalResources() && document()->settings().allowSettingAnyXHRHeaderFromFileURLs())
>+    if (securityOrigin()->canLoadLocalResources() && RuntimeEnabledFeatures::sharedFeatures().allowSettingAnyXHRHeaderFromFileURLs())
>         allowUnsafeHeaderField = true;
>     if (!allowUnsafeHeaderField && isForbiddenHeaderName(name)) {
>         logConsoleError(scriptExecutionContext(), "Refused to set unsafe header \"" + name + "\"");
>diff --git a/Source/WebKit/Shared/WebPreferences.yaml b/Source/WebKit/Shared/WebPreferences.yaml
>index e2e9fe605e33bb5ff4b260aa831425722e3a053a..f867dcb0412a672d8a4c5691f78c0cf2923779aa 100644
>--- a/Source/WebKit/Shared/WebPreferences.yaml
>+++ b/Source/WebKit/Shared/WebPreferences.yaml
>@@ -209,6 +209,7 @@ AllowFileAccessFromFileURLs:
> AllowSettingAnyXHRHeaderFromFileURLs:
>   type: bool
>   defaultValue: false
>+  webcoreBinding: RuntimeEnabledFeatures
> 
> AllowCrossOriginSubresourcesToAskForCredentials:
>   type: bool
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
>index b3b473946565159a045a969e4bb4cca7a1022ec7..43d1f0c5947789819a09388a152fed9b7ca9af11 100644
>--- a/LayoutTests/ChangeLog
>+++ b/LayoutTests/ChangeLog
>@@ -1,3 +1,17 @@
>+2019-06-04  Chris Dumez  <cdumez@apple.com>
>+
>+        Crash when calling XMLHttpRequest.setRequestHeader() in a worker
>+        https://bugs.webkit.org/show_bug.cgi?id=198534
>+        <rdar://problem/51393912>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Add layout test coverage.
>+
>+        * fast/workers/resources/worker-xhr-setRequestHeader.js: Added.
>+        * fast/workers/worker-xhr-setRequestHeader-expected.txt: Added.
>+        * fast/workers/worker-xhr-setRequestHeader.html: Added.
>+
> 2019-06-03  Youenn Fablet  <youenn@apple.com>
> 
>         Allow resizing of camera video feeds to very small resolutions
>diff --git a/LayoutTests/fast/workers/resources/worker-xhr-setRequestHeader.js b/LayoutTests/fast/workers/resources/worker-xhr-setRequestHeader.js
>new file mode 100644
>index 0000000000000000000000000000000000000000..64cd8bb504504245619e0e0237d57280ea77171e
>--- /dev/null
>+++ b/LayoutTests/fast/workers/resources/worker-xhr-setRequestHeader.js
>@@ -0,0 +1,14 @@
>+importScripts('../../../resources/js-test-pre.js');
>+
>+var global = this;
>+global.jsTestIsAsync = true;
>+
>+description("Tests XMLHttpRequest.setRequestHeader() in workers");
>+
>+var xhr = new XMLHttpRequest;
>+xhr.open("GET", "empty-worker.js", false);
>+xhr.setRequestHeader("Accept", "*/*");
>+xhr.send(null);
>+
>+finishJSTest();
>+
>diff --git a/LayoutTests/fast/workers/worker-xhr-setRequestHeader-expected.txt b/LayoutTests/fast/workers/worker-xhr-setRequestHeader-expected.txt
>new file mode 100644
>index 0000000000000000000000000000000000000000..25f9ec5260dd1eff6a8910879d0e67fc022c2b9a
>--- /dev/null
>+++ b/LayoutTests/fast/workers/worker-xhr-setRequestHeader-expected.txt
>@@ -0,0 +1,10 @@
>+[Worker] Tests XMLHttpRequest.setRequestHeader() in workers
>+
>+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
>+
>+
>+Starting worker: resources/worker-xhr-setRequestHeader.js
>+PASS successfullyParsed is true
>+
>+TEST COMPLETE
>+
>diff --git a/LayoutTests/fast/workers/worker-xhr-setRequestHeader.html b/LayoutTests/fast/workers/worker-xhr-setRequestHeader.html
>new file mode 100644
>index 0000000000000000000000000000000000000000..f6fa138959001a36dc78ecb86fef5dbed282181b
>--- /dev/null
>+++ b/LayoutTests/fast/workers/worker-xhr-setRequestHeader.html
>@@ -0,0 +1,12 @@
>+<!DOCTYPE html>
>+<html>
>+<head>
>+<script src="../../resources/js-test-pre.js"></script>
>+</head>
>+<body>
>+<script>
>+worker = startWorker('resources/worker-xhr-setRequestHeader.js');
>+</script>
>+<script src="../../resources/js-test-post.js"></script>
>+</body>
>+</html>

Flags:

ews-watchlist: commit-queue-

Actions: View | Formatted Diff | Diff

Attachments on bug 198534: 371297 | 371304 | 371316 | 371317 | 371321 | 371324 | 371327 | 371343 | 371344 | 371346