50773 2010-12-09 11:43:34 -0800 CORS origin header not set on GET when content type request header is set 2011-02-04 15:00:56 -0800 1 1 1 Unclassified WebKit XML 525.x (Safari 3.2) PC Windows 7 RESOLVED FIXED P2 Normal --- 1 sky.sanders webkit-unassigned abarth ap commit-queue levin martin mike oldest_to_newest 319628 0 sky.sanders 2010-12-09 11:43:34 -0800 This seems to only be an issue when source is localhost reproduced on latest Chrome and Safari Here is a POST (origin is set) POST /RESTWebServices/session HTTP/1.1 Host: ec2-174-129-8-69.compute-1.amazonaws.com Referer: http://localhost:10042/documentation/samples/ciapijs-newsdetail-steps.sample.aspx Accept: */* Accept-Language: en-US Origin: http://localhost:10042 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 X-Requested-With: XMLHttpRequest Content-Type: application/json; charset=UTF-8 Accept-Encoding: gzip, deflate Content-Length: 45 Connection: keep-alive Connection: keep-alive {"UserName":"CC735158","Password":"password"} HTTP/1.1 200 OK Cache-Control: private Content-Length: 50 Content-Type: application/json; charset=utf-8 Server: Microsoft-IIS/7.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: X-Requested-With, Content-Type Access-Control-Max-Age: 1728000 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Sun, 05 Dec 2010 12:48:47 GMT {"Session":"D2FF3E4D-01EA-4741-86F0-437C919B5559"} Here is a GET (Origin is missing) GET /a valid url Host: ec2-174-129-8-69.compute-1.amazonaws.com Connection: keep-alive Referer: http://localhost:10042/documentation/samples/ciapijs-newsdetail-steps.sample.aspx X-Requested-With: XMLHttpRequest Content-Type: application/json Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 HTTP/1.1 200 OK Cache-Control: private Content-Length: 1152 Content-Type: application/json; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Sun, 05 Dec 2010 12:44:25 GMT { valid json respose } 319705 1 abarth 2010-12-09 14:02:18 -0800 We don't usually send Origin with GET requests. We do send it for XMLHttpRequest if we're using CORS. Maybe we're not using CORS for some reason? 319711 2 sky.sanders 2010-12-09 14:13:58 -0800 (In reply to comment #1) > We don't usually send Origin with GET requests. We do send it for XMLHttpRequest if we're using CORS. Maybe we're not using CORS for some reason? The request logs shown represent XHR requests that should indeed be CORS. The POST behaves as expected while the GET does not. Again, this appears to only happen when the source is http://localhost. This also introduces a catch 22 situation with a CORS scenario in which the source and target are both on localhost with different port numbers. WebKit XHR demands CORS response headers due to the different port but it does not send an Origin request header which is the trigger for a server to send the response headers. 319714 3 abarth 2010-12-09 14:18:17 -0800 Indeed. We're supposed to send Origin with CORS requests. If we're not doing that, its our bug. 321449 4 sky.sanders 2010-12-13 14:52:28 -0800 UPDATE: it is not the source (localhost) that is causing the dilemma rather setting Content-Type on a CORS GET induces the failure. 321455 5 sky.sanders 2010-12-13 15:00:06 -0800 OOPS - Sorry, it is when GET content-type is set to application/json that the CORS GET fails. Setting content-type to text/plain produces a successful CORS GET. The problem with this, aside from the fact that the spec allows for content-type on a GET, is that the request content type is relevant to many json service implementations and omitting it requires, in most cases, modification to javascript frameworks and server side code, both of which I have had to implement to work around this issue. please correct me if I have erred in my observations/conclusions. 321465 6 ap 2010-12-13 15:06:11 -0800 Can you provide a test URL for reproducing the problem? Or at least a test HTML page with a script that's sending the request? 321489 7 sky.sanders 2010-12-13 15:26:53 -0800 This demonstrates the bug. var xhr = new XMLHttpRequest(); xhr.open("GET", "http://manu.sporny.org/rdfa/cors", true); xhr.setRequestHeader("Content-Type", "application/json"); xhr.onreadystatechange = function () { if (xhr.readyState == 4) { alert("Expected status: 200 responseText: SUCCESS ... \n got status" + xhr.status + "\nresponseText : " + xhr.responseText); } } xhr.send(); 344611 8 martin 2011-02-03 03:05:25 -0800 I can confirm this is still an issue on WebKit (and Chrome). Let me add some additional comments. * The issue is not with a specific Content-Type (although it can be triggered by using a content-type not listed in CORS spec. [2.1]) * The problem is that in non-simple GET requests (those that require a preflight OPTIONS request), the Origin header is correctly sent with the OPTIONS but not the subsequent GET. Therefore, a server does not include the Access-Control-Allow-Origin in its response. This has been previously reported in Chromium, see http://code.google.com/p/chromium/issues/detail?id=57836 and includes a matrix of requests. What can we do to get this fixed? 344769 9 abarth 2011-02-03 09:27:12 -0800 > What can we do to get this fixed? The easiest way to get this bug fixes is to post a patch for review that fixes the issue and contains a test. 345476 10 81216 martin 2011-02-04 07:18:03 -0800 Created attachment 81216 Proposed fix and regression test 345477 11 81216 martin 2011-02-04 07:20:26 -0800 Comment on attachment 81216 Proposed fix and regression test I would suggest the problem is this: Interest starts when a request reaches DocumentThreadableLoader (see Source/WebCore/loaders/DocumentThreadableLoader.cpp). After creating a new instance of ResourceRequest (for CORS) [line 87], it's checked if the request is "simple" or not (e.g. requires preflight). If the request is simple (or preflight is forced), the following sequence takes place: * DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest is called * The request origin is set [line 115] * Request is submitted via DocumentThreadableLoader::loadRequest [line 311] However, if the request is *not* simple, the following happens: * DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight is called * A new OPTIONS request is created (and request origin set [line 125]) * Request is submitted via DocumentThreadableLoader::loadRequest [line 149] * If the preflight succeeds, DocumentThreadableLoader::preflightSuccess() is called and the original request submitted [line 302] ... (see Source/WebCore/loaders/FrameLoader.cpp) * FrameLoader::addHTTPOriginIfNeeded [line 2680] is called for the CORS request and returns without setting the origin because it is not included by default on GET requests (for privacy concerns, see line 2690) * Request later fails WebCore::passesAccessControlCheck at line 111 (see Source/WebCore/loaders/CrossOriginAccessControl.cpp) So the problem, therefore, is that whilst the origin header is explictly set for a simple cross-origin GET request in (makeSimpleCrossOriginAccessRequest), it is not explicitly after a preflight (and fails the implicit check in FrameLoader). I attach a simple patch that fixes this by explictly setting the origin when the cross-origin preflight is completed successfully. Also included is a regression test for the issue. 345614 12 levin 2011-02-04 10:54:14 -0800 Nicely done. Now that I look at DocumentThreadableLoader with this header in mind, it looks like every time that loadRequest is called the origin should be set "if (!m_sameOriginRequest)", but that introduces other wierdness. At the very least, it should assert that the header is set "if (!m_sameOriginRequest)" However that requires a fix at line 76: 75 if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossOriginRequests) { 76 loadRequest(request, DoSecurityCheck); And a test which would involve worker import script which is a bit much to ask. I filed bug 53790 about this. 345619 13 81216 levin 2011-02-04 11:00:20 -0800 Comment on attachment 81216 Proposed fix and regression test View in context: https://bugs.webkit.org/attachment.cgi?id=81216&action=review This looks good to me. I just have a few minor suggestions to clean up and then we can get this committed. > Source/WebCore/ChangeLog:5 > + Bug 50773: CORS origin header not set on GET when a preflight request Ideally this is formatted more like other ChangeLog entries: Bug title Bug link (on separate lines). > Source/WebCore/loader/DocumentThreadableLoader.cpp:301 > + // Explicitly set the origin of this request Add "." to end of sentence. > LayoutTests/http/tests/xmlhttprequest/cross-origin-preflight-get.html:3 > +<p>Test case for issue #50773 - the "Origin" header should be properly sent with a non-simple cross-origin resource sharing request that uses the GET method.</p> No need to mention the bug, so you can omit "Test case for issue #50773 -" > LayoutTests/http/tests/xmlhttprequest/cross-origin-preflight-get.html:20 > + xhr.setRequestHeader("X-Proprietary-Header", "foo"); // make this a non-simple CORS request Please make the comment a proper sentence. "Make this a non-simple CORS request." > LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-preflight-get.php:2 > +// Test case for the preflight cross-origin request using GET (issue #50773) You don't need to reference the bug number. If someone needs to find it, they can look at when the test was added and see the commit message, ChangeLog, etc. which will all reference the bug. 345644 14 ap 2011-02-04 11:34:25 -0800 > Add "." to end of sentence. Actually, I don't think that this comment adds any value as is. It should be removed, or it should explain what's so special about this code path that we need to set Origin manually. What is the normal way to set Origin? Why don't we get it automatically added by FrameLoader::addHTTPOriginIfNeeded(), for example? 345645 15 ap 2011-02-04 11:35:46 -0800 > You don't need to reference the bug number. Personally, I like adding a link to the bug (not just mentioning the number). Not sure if that's useful in practice - I don't think I ever clicked on these links myself. 345654 16 abarth 2011-02-04 11:48:56 -0800 > Why don't we get it automatically added by FrameLoader::addHTTPOriginIfNeeded(), for example? That method does not understand CORS. 345664 17 ap 2011-02-04 11:56:58 -0800 OK. We call setHTTPOrigin() without comments elsewhere in DocumentThreadableLoader, so this instance probably also doesn't need a comment. 345676 18 martin 2011-02-04 12:09:22 -0800 Thanks for the comments. An amended patch will follow shortly. > Now that I look at DocumentThreadableLoader with this header in mind, it looks like every time that loadRequest is called the origin should be set "if (!m_sameOriginRequest)", but that introduces other wierdness. Yes, I found the same "weirdness". This patch seems to be the least disruptive option in the short term. > Why don't we get it automatically added by FrameLoader::addHTTPOriginIfNeeded(), for example? > That method does not understand CORS. Correct - FrameLoader::addHTTPOriginIfNeeded does not set "Origin" for a GET request (irrespective of whether it is CORS). Therefore we need to bring a preflighted request inline with a one which is simple [line 115]. 345713 19 81272 martin 2011-02-04 12:50:17 -0800 Created attachment 81272 Proposed fix after feedback This should [hopefully] address the previous comments. 345807 20 81272 commit-queue 2011-02-04 14:42:12 -0800 Comment on attachment 81272 Proposed fix after feedback Clearing flags on attachment: 81272 Committed r77680: <http://trac.webkit.org/changeset/77680> 345808 21 commit-queue 2011-02-04 14:42:16 -0800 All reviewed patches have been landed. Closing bug. 345830 22 commit-queue 2011-02-04 15:00:56 -0800 The commit-queue encountered the following flaky tests while processing attachment 81272: http/tests/websocket/tests/handshake-fail-by-maxlength.html bug 53816 The commit-queue is continuing to process your patch. 81216 2011-02-04 07:18:03 -0800 2011-02-04 11:00:19 -0800 Proposed fix and regression test 50773.diff text/plain 4709 martin SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDc3NjI2KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTYgQEAKKzIwMTEtMDItMDQgIE1hcnRpbiBH YWxwaW4gIDxtYXJ0aW5ANjZsYXBzLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkg KE9PUFMhKS4KKworICAgICAgICBCdWcgNTA3NzM6IENPUlMgb3JpZ2luIGhlYWRlciBub3Qgc2V0 IG9uIEdFVCB3aGVuIGEgcHJlZmxpZ2h0IHJlcXVlc3QKKyAgICAgICAgaXMgcmVxdWlyZWQuCisg ICAgICAgIAorICAgICAgICBUZXN0OiBodHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2Nyb3NzLW9y aWdpbi1wcmVmbGlnaHQtZ2V0Lmh0bWwKKworICAgICAgICAqIGxvYWRlci9Eb2N1bWVudFRocmVh ZGFibGVMb2FkZXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6RG9jdW1lbnRUaHJlYWRhYmxlTG9h ZGVyOjpwcmVmbGlnaHRTdWNjZXNzKTogCisgICAgICAgIEV4cGxpY2l0bHkgc2V0IHRoZSByZXF1 ZXN0IG9yaWdpbiBhZnRlciBhIHByZWZsaWdodCByZXF1ZXN0IHN1Y2NlZWRzLgorCiAyMDExLTAy LTA0ICBQZXRlciBWYXJnYSAgPHB2YXJnYUB3ZWJraXQub3JnPgogCiAgICAgICAgIFJ1YmJlci1z dGFtcGVkIGJ5IENzYWJhIE9zenRyb2dvbsOhYy4KSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2xvYWRl ci9Eb2N1bWVudFRocmVhZGFibGVMb2FkZXIuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJD b3JlL2xvYWRlci9Eb2N1bWVudFRocmVhZGFibGVMb2FkZXIuY3BwCShyZXZpc2lvbiA3NzYxOSkK KysrIFNvdXJjZS9XZWJDb3JlL2xvYWRlci9Eb2N1bWVudFRocmVhZGFibGVMb2FkZXIuY3BwCSh3 b3JraW5nIGNvcHkpCkBAIC0yOTcsNiArMjk3LDkgQEAgdm9pZCBEb2N1bWVudFRocmVhZGFibGVM b2FkZXI6OnByZWZsaWdodAogewogICAgIE93blB0cjxSZXNvdXJjZVJlcXVlc3Q+IGFjdHVhbFJl cXVlc3Q7CiAgICAgYWN0dWFsUmVxdWVzdC5zd2FwKG1fYWN0dWFsUmVxdWVzdCk7CisgICAgCisg ICAgLy8gRXhwbGljaXRseSBzZXQgdGhlIG9yaWdpbiBvZiB0aGlzIHJlcXVlc3QKKyAgICBhY3R1 YWxSZXF1ZXN0LT5zZXRIVFRQT3JpZ2luKG1fZG9jdW1lbnQtPnNlY3VyaXR5T3JpZ2luKCktPnRv U3RyaW5nKCkpOwogCiAgICAgLy8gSXQgc2hvdWxkIGJlIG9rIHRvIHNraXAgdGhlIHNlY3VyaXR5 IGNoZWNrIHNpbmNlIHdlIGFscmVhZHkgYXNrZWQgYWJvdXQgdGhlIHByZWZsaWdodCByZXF1ZXN0 LgogICAgIGxvYWRSZXF1ZXN0KCphY3R1YWxSZXF1ZXN0LCBTa2lwU2VjdXJpdHlDaGVjayk7Cklu ZGV4OiBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvQ2hh bmdlTG9nCShyZXZpc2lvbiA3NzYyNikKKysrIExheW91dFRlc3RzL0NoYW5nZUxvZwkod29ya2lu ZyBjb3B5KQpAQCAtMSwzICsxLDE0IEBACisyMDExLTAyLTA0ICBNYXJ0aW4gR2FscGluICA8bWFy dGluQDY2bGFwcy5jb20+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK KyAgICAgICAgQnVnIDUwNzczOiBDT1JTIG9yaWdpbiBoZWFkZXIgbm90IHNldCBvbiBHRVQgd2hl biBhIHByZWZsaWdodCByZXF1ZXN0IGlzCisgICAgICAgIHJlcXVpcmVkLiBodHRwczovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NTA3NzMKKworICAgICAgICAqIGh0dHAvdGVzdHMv eG1saHR0cHJlcXVlc3QvY3Jvc3Mtb3JpZ2luLXByZWZsaWdodC1nZXQtZXhwZWN0ZWQudHh0OiBB ZGRlZC4KKyAgICAgICAgKiBodHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2Nyb3NzLW9yaWdpbi1w cmVmbGlnaHQtZ2V0Lmh0bWw6IEFkZGVkLgorICAgICAgICAqIGh0dHAvdGVzdHMveG1saHR0cHJl cXVlc3QvcmVzb3VyY2VzL2Nyb3NzLW9yaWdpbi1wcmVmbGlnaHQtZ2V0LnBocDogQWRkZWQuCisK IDIwMTEtMDItMDQgIElseWEgVGlraG9ub3Zza3kgIDxsb2lzbG9AY2hyb21pdW0ub3JnPgogCiAg ICAgICAgIFVucmV2aWV3ZWQuCkluZGV4OiBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3htbGh0dHBy ZXF1ZXN0L2Nyb3NzLW9yaWdpbi1wcmVmbGlnaHQtZ2V0LWV4cGVjdGVkLnR4dAo9PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 Ci0tLSBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2Nyb3NzLW9yaWdpbi1w cmVmbGlnaHQtZ2V0LWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMCkKKysrIExheW91dFRlc3RzL2h0 dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvY3Jvc3Mtb3JpZ2luLXByZWZsaWdodC1nZXQtZXhwZWN0 ZWQudHh0CShyZXZpc2lvbiAwKQpAQCAtMCwwICsxLDQgQEAKK1Rlc3QgY2FzZSBmb3IgaXNzdWUg IzUwNzczIC0gdGhlICJPcmlnaW4iIGhlYWRlciBzaG91bGQgYmUgcHJvcGVybHkgc2VudCB3aXRo IGEgbm9uLXNpbXBsZSBjcm9zcy1vcmlnaW4gcmVzb3VyY2Ugc2hhcmluZyByZXF1ZXN0IHRoYXQg dXNlcyB0aGUgR0VUIG1ldGhvZC4KKworUEFTUzogT3JpZ2luIGhlYWRlciBjb3JyZWN0bHkgc2Vu dAorCkluZGV4OiBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2Nyb3NzLW9y aWdpbi1wcmVmbGlnaHQtZ2V0Lmh0bWwKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvaHR0cC90 ZXN0cy94bWxodHRwcmVxdWVzdC9jcm9zcy1vcmlnaW4tcHJlZmxpZ2h0LWdldC5odG1sCShyZXZp c2lvbiAwKQorKysgTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9jcm9zcy1v cmlnaW4tcHJlZmxpZ2h0LWdldC5odG1sCShyZXZpc2lvbiAwKQpAQCAtMCwwICsxLDMxIEBACis8 aHRtbD4KKzxib2R5PgorPHA+VGVzdCBjYXNlIGZvciBpc3N1ZSAjNTA3NzMgLSB0aGUgIk9yaWdp biIgaGVhZGVyIHNob3VsZCBiZSBwcm9wZXJseSBzZW50IHdpdGggYSBub24tc2ltcGxlIGNyb3Nz LW9yaWdpbiByZXNvdXJjZSBzaGFyaW5nIHJlcXVlc3QgdGhhdCB1c2VzIHRoZSBHRVQgbWV0aG9k LjwvcD4KKzxwcmUgaWQ9ImNvbnNvbGUiPjwvcHJlPgorPHNjcmlwdD4KK2lmICh3aW5kb3cubGF5 b3V0VGVzdENvbnRyb2xsZXIpIHsKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0 KCk7Cit9CisKK2Z1bmN0aW9uIGxvZyhtZXNzYWdlKQoreworICAgIGRvY3VtZW50LmdldEVsZW1l bnRCeUlkKCdjb25zb2xlJykuYXBwZW5kQ2hpbGQoZG9jdW1lbnQuY3JlYXRlVGV4dE5vZGUobWVz c2FnZSArICdcbicpKTsKK30KKworCitmdW5jdGlvbiB0ZXN0KCkKK3sKKyAgICB2YXIgeGhyID0g bmV3IFhNTEh0dHBSZXF1ZXN0KCk7CisgICAgeGhyLm9wZW4oIkdFVCIsICJodHRwOi8vbG9jYWxo b3N0OjgwMDAveG1saHR0cHJlcXVlc3QvcmVzb3VyY2VzL2Nyb3NzLW9yaWdpbi1wcmVmbGlnaHQt Z2V0LnBocCIsIHRydWUpOworICAgIHhoci5zZXRSZXF1ZXN0SGVhZGVyKCJYLVByb3ByaWV0YXJ5 LUhlYWRlciIsICJmb28iKTsgLy8gbWFrZSB0aGlzIGEgbm9uLXNpbXBsZSBDT1JTIHJlcXVlc3QK KyAgICB4aHIub25lcnJvciA9IGZ1bmN0aW9uKCkgeyBsb2coIm9uZXJyb3IiKSB9CisgICAgeGhy Lm9ubG9hZCA9IGZ1bmN0aW9uKCkgeworICAgICAgICBsb2coeGhyLnJlc3BvbnNlVGV4dCk7Cisg ICAgfQorICAgIHhoci5zZW5kKG51bGwpOworfQorCit0ZXN0KCk7Cis8L3NjcmlwdD4KKzwvYm9k eT4KKzwvaHRtbD4KSW5kZXg6IExheW91dFRlc3RzL2h0dHAvdGVzdHMveG1saHR0cHJlcXVlc3Qv cmVzb3VyY2VzL2Nyb3NzLW9yaWdpbi1wcmVmbGlnaHQtZ2V0LnBocAo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBM YXlvdXRUZXN0cy9odHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L3Jlc291cmNlcy9jcm9zcy1vcmln aW4tcHJlZmxpZ2h0LWdldC5waHAJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9odHRwL3Rl c3RzL3htbGh0dHByZXF1ZXN0L3Jlc291cmNlcy9jcm9zcy1vcmlnaW4tcHJlZmxpZ2h0LWdldC5w aHAJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMTAgQEAKKzw/cGhwCisvLyBUZXN0IGNhc2UgZm9y IHRoZSBwcmVmbGlnaHQgY3Jvc3Mtb3JpZ2luIHJlcXVlc3QgdXNpbmcgR0VUIChpc3N1ZSAjNTA3 NzMpCitpZighaXNzZXQoJF9TRVJWRVJbJ0hUVFBfT1JJR0lOJ10pKSB7CisgICAgZWNobyAiRkFJ TDogTm8gb3JpZ2luIGhlYWRlciBzZW50IjsKK30gZWxzZSB7CisgICAgaGVhZGVyKCJBY2Nlc3Mt Q29udHJvbC1BbGxvdy1PcmlnaW46ICoiKTsKKyAgICBoZWFkZXIoIkFjY2Vzcy1Db250cm9sLUFs bG93LUhlYWRlcnM6IFgtUHJvcHJpZXRhcnktSGVhZGVyIik7CisgICAgZWNobyAiUEFTUzogT3Jp Z2luIGhlYWRlciBjb3JyZWN0bHkgc2VudCI7Cit9Cis/Pgo= 81272 2011-02-04 12:50:17 -0800 2011-02-04 14:42:12 -0800 Proposed fix after feedback 50773.diff text/plain 4566 martin SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDc3NjI2KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTYgQEAKKzIwMTEtMDItMDQgIE1hcnRpbiBH YWxwaW4gIDxtYXJ0aW5ANjZsYXBzLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkg KE9PUFMhKS4KKworICAgICAgICBDT1JTIG9yaWdpbiBoZWFkZXIgbm90IHNldCBvbiBHRVQgd2hl biBhIHByZWZsaWdodCByZXF1ZXN0IGlzIHJlcXVpcmVkLgorICAgICAgICBodHRwczovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NTA3NzMKKyAgICAgICAgCisgICAgICAgIFRlc3Q6 IGh0dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvY3Jvc3Mtb3JpZ2luLXByZWZsaWdodC1nZXQuaHRt bAorCisgICAgICAgICogbG9hZGVyL0RvY3VtZW50VGhyZWFkYWJsZUxvYWRlci5jcHA6CisgICAg ICAgIChXZWJDb3JlOjpEb2N1bWVudFRocmVhZGFibGVMb2FkZXI6OnByZWZsaWdodFN1Y2Nlc3Mp OiAKKyAgICAgICAgRXhwbGljaXRseSBzZXQgdGhlIHJlcXVlc3Qgb3JpZ2luIGFmdGVyIGEgcHJl ZmxpZ2h0IHJlcXVlc3Qgc3VjY2VlZHMuCisKIDIwMTEtMDItMDQgIFBldGVyIFZhcmdhICA8cHZh cmdhQHdlYmtpdC5vcmc+CiAKICAgICAgICAgUnViYmVyLXN0YW1wZWQgYnkgQ3NhYmEgT3N6dHJv Z29uw6FjLgpJbmRleDogU291cmNlL1dlYkNvcmUvbG9hZGVyL0RvY3VtZW50VGhyZWFkYWJsZUxv YWRlci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvbG9hZGVyL0RvY3VtZW50VGhy ZWFkYWJsZUxvYWRlci5jcHAJKHJldmlzaW9uIDc3NjE5KQorKysgU291cmNlL1dlYkNvcmUvbG9h ZGVyL0RvY3VtZW50VGhyZWFkYWJsZUxvYWRlci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTI5OCw2 ICsyOTgsOCBAQCB2b2lkIERvY3VtZW50VGhyZWFkYWJsZUxvYWRlcjo6cHJlZmxpZ2h0CiAgICAg T3duUHRyPFJlc291cmNlUmVxdWVzdD4gYWN0dWFsUmVxdWVzdDsKICAgICBhY3R1YWxSZXF1ZXN0 LnN3YXAobV9hY3R1YWxSZXF1ZXN0KTsKIAorICAgIGFjdHVhbFJlcXVlc3QtPnNldEhUVFBPcmln aW4obV9kb2N1bWVudC0+c2VjdXJpdHlPcmlnaW4oKS0+dG9TdHJpbmcoKSk7CisKICAgICAvLyBJ dCBzaG91bGQgYmUgb2sgdG8gc2tpcCB0aGUgc2VjdXJpdHkgY2hlY2sgc2luY2Ugd2UgYWxyZWFk eSBhc2tlZCBhYm91dCB0aGUgcHJlZmxpZ2h0IHJlcXVlc3QuCiAgICAgbG9hZFJlcXVlc3QoKmFj dHVhbFJlcXVlc3QsIFNraXBTZWN1cml0eUNoZWNrKTsKIH0KSW5kZXg6IExheW91dFRlc3RzL0No YW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHJldmlzaW9uIDc3 NjI2KQorKysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEs MTQgQEAKKzIwMTEtMDItMDQgIE1hcnRpbiBHYWxwaW4gIDxtYXJ0aW5ANjZsYXBzLmNvbT4KKwor ICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBDT1JTIG9yaWdp biBoZWFkZXIgbm90IHNldCBvbiBHRVQgd2hlbiBhIHByZWZsaWdodCByZXF1ZXN0IGlzIHJlcXVp cmVkLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NTA3 NzMKKworICAgICAgICAqIGh0dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvY3Jvc3Mtb3JpZ2luLXBy ZWZsaWdodC1nZXQtZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBodHRwL3Rlc3RzL3ht bGh0dHByZXF1ZXN0L2Nyb3NzLW9yaWdpbi1wcmVmbGlnaHQtZ2V0Lmh0bWw6IEFkZGVkLgorICAg ICAgICAqIGh0dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvcmVzb3VyY2VzL2Nyb3NzLW9yaWdpbi1w cmVmbGlnaHQtZ2V0LnBocDogQWRkZWQuCisKIDIwMTEtMDItMDQgIElseWEgVGlraG9ub3Zza3kg IDxsb2lzbG9AY2hyb21pdW0ub3JnPgogCiAgICAgICAgIFVucmV2aWV3ZWQuCkluZGV4OiBMYXlv dXRUZXN0cy9odHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2Nyb3NzLW9yaWdpbi1wcmVmbGlnaHQt Z2V0LWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3ht bGh0dHByZXF1ZXN0L2Nyb3NzLW9yaWdpbi1wcmVmbGlnaHQtZ2V0LWV4cGVjdGVkLnR4dAkocmV2 aXNpb24gMCkKKysrIExheW91dFRlc3RzL2h0dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvY3Jvc3Mt b3JpZ2luLXByZWZsaWdodC1nZXQtZXhwZWN0ZWQudHh0CShyZXZpc2lvbiAwKQpAQCAtMCwwICsx LDQgQEAKK1RoZSAiT3JpZ2luIiBoZWFkZXIgbXVzdCBiZSBzZW50IHdpdGggYSAibm9uLXNpbXBs ZSIgY3Jvc3Mtb3JpZ2luIHJlc291cmNlIHNoYXJpbmcgcmVxdWVzdCB0aGF0IHVzZXMgdGhlIEdF VCBtZXRob2QuCisKK1BBU1M6IE9yaWdpbiBoZWFkZXIgY29ycmVjdGx5IHNlbnQKKwpJbmRleDog TGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9jcm9zcy1vcmlnaW4tcHJlZmxp Z2h0LWdldC5odG1sCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2h0dHAvdGVzdHMveG1saHR0 cHJlcXVlc3QvY3Jvc3Mtb3JpZ2luLXByZWZsaWdodC1nZXQuaHRtbAkocmV2aXNpb24gMCkKKysr IExheW91dFRlc3RzL2h0dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvY3Jvc3Mtb3JpZ2luLXByZWZs aWdodC1nZXQuaHRtbAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwzMiBAQAorPGh0bWw+Cis8Ym9k eT4KKzxwPlRoZSAiT3JpZ2luIiBoZWFkZXIgbXVzdCBiZSBzZW50IHdpdGggYSAibm9uLXNpbXBs ZSIgY3Jvc3Mtb3JpZ2luIHJlc291cmNlIHNoYXJpbmcgcmVxdWVzdCB0aGF0IHVzZXMgdGhlIEdF VCBtZXRob2QuPC9wPgorPHByZSBpZD0iY29uc29sZSI+PC9wcmU+Cis8c2NyaXB0PgoraWYgKHdp bmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikgeworICAgIGxheW91dFRlc3RDb250cm9sbGVyLmR1 bXBBc1RleHQoKTsKK30KKworZnVuY3Rpb24gbG9nKG1lc3NhZ2UpCit7CisgICAgZG9jdW1lbnQu Z2V0RWxlbWVudEJ5SWQoJ2NvbnNvbGUnKS5hcHBlbmRDaGlsZChkb2N1bWVudC5jcmVhdGVUZXh0 Tm9kZShtZXNzYWdlICsgJ1xuJykpOworfQorCisKK2Z1bmN0aW9uIHRlc3QoKQoreworICAgIHZh ciB4aHIgPSBuZXcgWE1MSHR0cFJlcXVlc3QoKTsKKyAgICB4aHIub3BlbigiR0VUIiwgImh0dHA6 Ly9sb2NhbGhvc3Q6ODAwMC94bWxodHRwcmVxdWVzdC9yZXNvdXJjZXMvY3Jvc3Mtb3JpZ2luLXBy ZWZsaWdodC1nZXQucGhwIiwgdHJ1ZSk7CisgICAgLy8gTWFrZSB0aGlzIGEgIm5vbi1zaW1wbGUi IGNyb3NzLW9yaWdpbiByZXF1ZXN0IGJ5IGFkZGluZyBhIGN1c3RvbSBoZWFkZXIuCisgICAgeGhy LnNldFJlcXVlc3RIZWFkZXIoIlgtUHJvcHJpZXRhcnktSGVhZGVyIiwgImZvbyIpOworICAgIHho ci5vbmVycm9yID0gZnVuY3Rpb24oKSB7IGxvZygib25lcnJvciIpIH0KKyAgICB4aHIub25sb2Fk ID0gZnVuY3Rpb24oKSB7CisgICAgICAgIGxvZyh4aHIucmVzcG9uc2VUZXh0KTsKKyAgICB9Cisg ICAgeGhyLnNlbmQobnVsbCk7Cit9CisKK3Rlc3QoKTsKKzwvc2NyaXB0PgorPC9ib2R5PgorPC9o dG1sPgpJbmRleDogTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9yZXNvdXJj ZXMvY3Jvc3Mtb3JpZ2luLXByZWZsaWdodC1nZXQucGhwCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRl c3RzL2h0dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvcmVzb3VyY2VzL2Nyb3NzLW9yaWdpbi1wcmVm bGlnaHQtZ2V0LnBocAkocmV2aXNpb24gMCkKKysrIExheW91dFRlc3RzL2h0dHAvdGVzdHMveG1s aHR0cHJlcXVlc3QvcmVzb3VyY2VzL2Nyb3NzLW9yaWdpbi1wcmVmbGlnaHQtZ2V0LnBocAkocmV2 aXNpb24gMCkKQEAgLTAsMCArMSw5IEBACis8P3BocAoraWYoIWlzc2V0KCRfU0VSVkVSWydIVFRQ X09SSUdJTiddKSkgeworICAgIGVjaG8gIkZBSUw6IE5vIG9yaWdpbiBoZWFkZXIgc2VudCI7Cit9 IGVsc2UgeworICAgIGhlYWRlcigiQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqIik7Cisg ICAgaGVhZGVyKCJBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiBYLVByb3ByaWV0YXJ5LUhl YWRlciIpOworICAgIGVjaG8gIlBBU1M6IE9yaWdpbiBoZWFkZXIgY29ycmVjdGx5IHNlbnQiOwor fQorPz4K