Changeset 214254 in webkit

Timestamp:

Mar 22, 2017 10:18:27 AM (7 years ago)

Author:

commit-queue@webkit.org

Message:

Safari sends empty "Access-Control-Request-Headers" in preflight request
​https://bugs.webkit.org/show_bug.cgi?id=169851

Patch by Youenn Fablet <​youenn@apple.com> on 2017-03-22
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

• web-platform-tests/fetch/api/cors/cors-preflight-expected.txt:
• web-platform-tests/fetch/api/cors/cors-preflight.js:

Source/WebCore:

Covered by updated test.

• loader/CrossOriginAccessControl.cpp:

(WebCore::createAccessControlPreflightRequest): Not adding "Access-Control-Request-Headers" to
request header if value is empty.

Location:

trunk

Files:

• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/CrossOriginAccessControl.cpp (modified) (1 diff)

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2017-03-22  Youenn Fablet  <youenn@apple.com>
+
+        Safari sends empty "Access-Control-Request-Headers" in preflight request
+        https://bugs.webkit.org/show_bug.cgi?id=169851
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/fetch/api/cors/cors-preflight-expected.txt:
+        * web-platform-tests/fetch/api/cors/cors-preflight.js:
+
 2017-03-22  Youenn Fablet  <youenn@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt

@@ -14 +14 @@
 PASS CORS [PUT] [several headers], server allows 
 PASS CORS [PUT] [several headers], server refuses 
+PASS CORS [PUT] [only safe headers], server allows 
 

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt

@@ -14 +14 @@
 PASS CORS [PUT] [several headers], server allows 
 PASS CORS [PUT] [several headers], server refuses 
+PASS CORS [PUT] [only safe headers], server allows 
 

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js

@@ -100 +100 @@
 corsPreflight("CORS [PUT] [several headers], server refuses", corsUrl, "PUT", false, headers, safeHeaders);
 
+corsPreflight("CORS [PUT] [only safe headers], server allows", corsUrl, "PUT", true, null, safeHeaders);
+
 done();

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-03-22  Youenn Fablet  <youenn@apple.com>
+
+        Safari sends empty "Access-Control-Request-Headers" in preflight request
+        https://bugs.webkit.org/show_bug.cgi?id=169851
+
+        Reviewed by Chris Dumez.
+
+        Covered by updated test.
+
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::createAccessControlPreflightRequest): Not adding "Access-Control-Request-Headers" to
+        request header if value is empty.
+
 2017-03-22  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp

@@ -121 +121 @@
             headerBuffer.append(headerField);
         }
-        preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestHeaders, headerBuffer.toString());
+        if (!headerBuffer.isEmpty())
+            preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestHeaders, headerBuffer.toString());
     }