Changeset 220497 in webkit


Ignore:
Timestamp:
Aug 9, 2017 4:23:58 PM (7 years ago)
Author:
Chris Dumez
Message:

[Beacon][NetworkSession] Support CORS-preflighting on redirects
https://bugs.webkit.org/show_bug.cgi?id=175386
<rdar://problem/33801370>

Reviewed by Youenn Fablet.

Source/WebCore:

Export a couple of WebCore symbols so I can use them in WebKit2.

Tests: http/wpt/beacon/cors/cors-preflight-redirect-failure.html

http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin.html
http/wpt/beacon/cors/cors-preflight-redirect-success.html

  • loader/CrossOriginAccessControl.h:
  • page/SecurityOrigin.h:

Source/WebKit:

Add support to Beacon for doing CORS-preflighting upon redirect to a different
domain.

  • NetworkProcess/NetworkCORSPreflightChecker.h:
  • NetworkProcess/PingLoad.cpp:

(WebKit::PingLoad::PingLoad):
(WebKit::PingLoad::~PingLoad):
(WebKit::PingLoad::loadRequest):
(WebKit::PingLoad::securityOrigin const):
(WebKit::PingLoad::willPerformHTTPRedirection):
(WebKit::PingLoad::didReceiveResponseNetworkSession):
(WebKit::PingLoad::needsCORSPreflight const):
(WebKit::PingLoad::doCORSPreflight):

  • NetworkProcess/PingLoad.h:

LayoutTests:

Add layout test coverage.

  • http/wpt/beacon/cors/cors-preflight-redirect-failure-expected.txt: Added.
  • http/wpt/beacon/cors/cors-preflight-redirect-failure.html: Added.
  • http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin-expected.txt: Added.
  • http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin.html: Added.
  • http/wpt/beacon/cors/cors-preflight-redirect-success-expected.txt: Added.
  • http/wpt/beacon/cors/cors-preflight-redirect-success.html: Added.
  • http/wpt/beacon/resources/beacon-preflight.py:

(main):

  • http/wpt/beacon/resources/redirect.py: Added.

(main):

Location:
trunk
Files:
4 added
14 edited
3 copied

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r220495 r220497  
     12017-08-09  Chris Dumez  <cdumez@apple.com>
     2
     3        [Beacon][NetworkSession] Support CORS-preflighting on redirects
     4        https://bugs.webkit.org/show_bug.cgi?id=175386
     5        <rdar://problem/33801370>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        Add layout test coverage.
     10
     11        * http/wpt/beacon/cors/cors-preflight-redirect-failure-expected.txt: Added.
     12        * http/wpt/beacon/cors/cors-preflight-redirect-failure.html: Added.
     13        * http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin-expected.txt: Added.
     14        * http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin.html: Added.
     15        * http/wpt/beacon/cors/cors-preflight-redirect-success-expected.txt: Added.
     16        * http/wpt/beacon/cors/cors-preflight-redirect-success.html: Added.
     17        * http/wpt/beacon/resources/beacon-preflight.py:
     18        (main):
     19        * http/wpt/beacon/resources/redirect.py: Added.
     20        (main):
     21
    1222017-08-09  Chris Dumez  <cdumez@apple.com>
    223
  • trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-arraybufferview-failure.html

    r220442 r220497  
    1919    step_timeout(test.step_func(() => {
    2020      fetch(checkUrl).then(response => {
    21         response.text().then(body => {
     21        response.json().then(body => {
    2222          resolve(body);
    2323        });
     
    3434  promise_test(function(test) {
    3535    assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
    36     return pollResult(test, id) .then(json => {
    37       result = JSON.parse(json);
     36    return pollResult(test, id) .then(result => {
    3837      assert_equals(result['preflight'], 1, "Received preflight")
    3938      assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
  • trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-arraybufferview-success.html

    r220442 r220497  
    1919    step_timeout(test.step_func(() => {
    2020      fetch(checkUrl).then(response => {
    21         response.text().then(body => {
     21        response.json().then(body => {
    2222          resolve(body);
    2323        });
     
    3434  promise_test(function(test) {
    3535    assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
    36     return pollResult(test, id) .then(json => {
    37       result = JSON.parse(json);
     36    return pollResult(test, id) .then(result => {
    3837      assert_equals(result['preflight'], 1, "Received preflight")
    3938      assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
  • trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-failure.html

    r220442 r220497  
    1919    step_timeout(test.step_func(() => {
    2020      fetch(checkUrl).then(response => {
    21         response.text().then(body => {
     21        response.json().then(body => {
    2222          resolve(body);
    2323        });
     
    3434  promise_test(function(test) {
    3535    assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
    36     return pollResult(test, id) .then(json => {
    37       result = JSON.parse(json);
     36    return pollResult(test, id) .then(result => {
    3837      assert_equals(result['preflight'], 1, "Received preflight")
    3938      assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
  • trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-success.html

    r220442 r220497  
    1919    step_timeout(test.step_func(() => {
    2020      fetch(checkUrl).then(response => {
    21         response.text().then(body => {
     21        response.json().then(body => {
    2222          resolve(body);
    2323        });
     
    3434  promise_test(function(test) {
    3535    assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
    36     return pollResult(test, id) .then(json => {
    37       result = JSON.parse(json);
     36    return pollResult(test, id) .then(result => {
    3837      assert_equals(result['preflight'], 1, "Received preflight")
    3938      assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
  • trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-cookie.html

    r220442 r220497  
    2222    step_timeout(test.step_func(() => {
    2323      fetch(checkUrl).then(response => {
    24         response.text().then(body => {
     24        response.json().then(body => {
    2525          resolve(body);
    2626        });
     
    4747    return fetchCORSCookie(testBase, "testCookie", "/").then(() => {
    4848      assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
    49       return pollResult(test, id).then(json => {
    50         result = JSON.parse(json);
     49      return pollResult(test, id).then(result => {
    5150        assert_equals(result['preflight'], 1, "Received preflight")
    5251        assert_equals(result['preflight_cookie_header'], "", "Preflight cookie header")
  • trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-failure.html

    r220496 r220497  
    33  <head>
    44    <meta charset="utf-8">
    5     <title>SendBeacon CORS preflight test</title>
     5    <title>SendBeacon CORS preflight on redirect test</title>
    66    <script src=/resources/testharness.js></script>
    77    <script src=/resources/testharnessreport.js></script>
     
    1919    step_timeout(test.step_func(() => {
    2020      fetch(checkUrl).then(response => {
    21         response.text().then(body => {
     21        response.json().then(body => {
    2222          resolve(body);
    2323        });
     
    2727}
    2828
    29 function testCORSPreflightFailure(what) {
     29function testCORSPreflightRedirectSuccess(what) {
    3030  var testBase = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR;
    3131  var id = self.token();
    32   var testUrl = testBase + "beacon-preflight.py?allowCors=0&cmd=put&id=" + id;
     32  var target = encodeURIComponent(testBase + "beacon-preflight.py?allowCors=0&cmd=put&id=" + id);
     33
     34  // 307 & 308 redirections are the only ones that maintain the POST method.
     35  var testUrl = RESOURCES_DIR + "redirect.py?redirect_status=307&location=" + target;
    3336
    3437  promise_test(function(test) {
    3538    assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
    36     return pollResult(test, id) .then(json => {
    37       result = JSON.parse(json);
     39    return pollResult(test, id) .then(result => {
    3840      assert_equals(result['preflight'], 1, "Received preflight")
    3941      assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
    4042      assert_equals(result['preflight_requested_method'], "POST", "Preflight requested method")
    41       let requested_headers = result['preflight_requested_headers'].toLowerCase()
    42       assert_true(requested_headers.includes("content-type"), "Content-Type header is requested")
    43       assert_true(requested_headers.includes("referer"), "Referer header is requested")
    44       assert_true(requested_headers.includes("origin"), "Origin header is requested")
    4543      assert_equals(result['beacon'], 0, "Did not receive beacon")
    4644    });
     
    4947
    5048let blob = new Blob(["123"], {type: "application/octet-stream"});
    51 testCORSPreflightFailure(blob);
     49testCORSPreflightRedirectSuccess(blob);
    5250    </script>
    5351  </body>
  • trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin.html

    r220496 r220497  
    33  <head>
    44    <meta charset="utf-8">
    5     <title>SendBeacon CORS preflight test</title>
     5    <title>SendBeacon CORS preflight on redirect test from cross origin to same origin</title>
    66    <script src=/resources/testharness.js></script>
    77    <script src=/resources/testharnessreport.js></script>
     
    1919    step_timeout(test.step_func(() => {
    2020      fetch(checkUrl).then(response => {
    21         response.text().then(body => {
     21        response.json().then(body => {
    2222          resolve(body);
    2323        });
     
    2727}
    2828
    29 function testCORSPreflightSuccess(what) {
     29function testCORSPreflightRedirectSuccess(what) {
    3030  var testBase = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR;
    3131  var id = self.token();
    32   var testUrl = testBase + "beacon-preflight.py?allowCors=1&cmd=put&id=" + id;
     32  var target = encodeURIComponent(get_host_info().HTTP_ORIGIN + RESOURCES_DIR + "beacon-preflight.py?allowCors=1&cmd=put&id=" + id);
     33
     34  // 307 & 308 redirections are the only ones that maintain the POST method.
     35  var testUrl = testBase + "redirect.py?redirect_status=307&location=" + target;
    3336
    3437  promise_test(function(test) {
    3538    assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
    36     return pollResult(test, id) .then(json => {
    37       result = JSON.parse(json);
     39    return pollResult(test, id) .then(result => {
    3840      assert_equals(result['preflight'], 1, "Received preflight")
    3941      assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
    4042      assert_equals(result['preflight_requested_method'], "POST", "Preflight requested method")
    41       let requested_headers = result['preflight_requested_headers'].toLowerCase()
    42       assert_true(requested_headers.includes("content-type"), "Content-Type header is requested")
    43       assert_true(requested_headers.includes("referer"), "Referer header is requested")
    44       assert_true(requested_headers.includes("origin"), "Origin header is requested")
     43      assert_equals(result['preflight_origin'], "null", "Received beacon")
    4544      assert_equals(result['beacon'], 1, "Received beacon")
     45      assert_equals(result['beacon_origin'], "null", "Received beacon")
    4646    });
    4747  }, "CORS preflight success test");
     
    4949
    5050let blob = new Blob(["123"], {type: "application/octet-stream"});
    51 testCORSPreflightSuccess(blob);
     51testCORSPreflightRedirectSuccess(blob);
    5252    </script>
    5353  </body>
  • trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-success.html

    r220496 r220497  
    33  <head>
    44    <meta charset="utf-8">
    5     <title>SendBeacon CORS preflight test</title>
     5    <title>SendBeacon CORS preflight on redirect test</title>
    66    <script src=/resources/testharness.js></script>
    77    <script src=/resources/testharnessreport.js></script>
     
    1919    step_timeout(test.step_func(() => {
    2020      fetch(checkUrl).then(response => {
    21         response.text().then(body => {
     21        response.json().then(body => {
    2222          resolve(body);
    2323        });
     
    2727}
    2828
    29 function testCORSPreflightSuccess(what) {
     29function testCORSPreflightRedirectSuccess(what) {
    3030  var testBase = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR;
    3131  var id = self.token();
    32   var testUrl = testBase + "beacon-preflight.py?allowCors=1&cmd=put&id=" + id;
     32  var target = encodeURIComponent(testBase + "beacon-preflight.py?allowCors=1&cmd=put&id=" + id);
     33
     34  // 307 & 308 redirections are the only ones that maintain the POST method.
     35  var testUrl = RESOURCES_DIR + "redirect.py?redirect_status=307&location=" + target;
    3336
    3437  promise_test(function(test) {
    3538    assert_true(navigator.sendBeacon(testUrl, what), "SendBeacon Succeeded");
    36     return pollResult(test, id) .then(json => {
    37       result = JSON.parse(json);
     39    return pollResult(test, id) .then(result => {
    3840      assert_equals(result['preflight'], 1, "Received preflight")
    3941      assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
    4042      assert_equals(result['preflight_requested_method'], "POST", "Preflight requested method")
    41       let requested_headers = result['preflight_requested_headers'].toLowerCase()
    42       assert_true(requested_headers.includes("content-type"), "Content-Type header is requested")
    43       assert_true(requested_headers.includes("referer"), "Referer header is requested")
    44       assert_true(requested_headers.includes("origin"), "Origin header is requested")
    4543      assert_equals(result['beacon'], 1, "Received beacon")
    4644    });
     
    4947
    5048let blob = new Blob(["123"], {type: "application/octet-stream"});
    51 testCORSPreflightSuccess(blob);
     49testCORSPreflightRedirectSuccess(blob);
    5250    </script>
    5351  </body>
  • trunk/LayoutTests/http/wpt/beacon/resources/beacon-preflight.py

    r220442 r220497  
    3636      stashed_data['preflight_cookie_header'] = request.headers.get("Cookie", "");
    3737      stashed_data['preflight_referer'] = request.headers.get("Referer", "")
     38      stashed_data['preflight_origin'] = request.headers.get("Origin", "")
    3839      request.server.stash.put(test_id, stashed_data)
    3940      return respondToCORSPreflight(request, response)
     
    4142      stashed_data['beacon'] = 1;
    4243      stashed_data['beacon_cookie_header'] = request.headers.get("Cookie", "")
     44      stashed_data['beacon_origin'] = request.headers.get("Origin", "")
    4345      request.server.stash.put(test_id, stashed_data)
    4446    return [("Content-Type", "text/plain")], ""
  • trunk/Source/WebCore/ChangeLog

    r220496 r220497  
     12017-08-09  Chris Dumez  <cdumez@apple.com>
     2
     3        [Beacon][NetworkSession] Support CORS-preflighting on redirects
     4        https://bugs.webkit.org/show_bug.cgi?id=175386
     5        <rdar://problem/33801370>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        Export a couple of WebCore symbols so I can use them in WebKit2.
     10
     11        Tests: http/wpt/beacon/cors/cors-preflight-redirect-failure.html
     12               http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin.html
     13               http/wpt/beacon/cors/cors-preflight-redirect-success.html
     14
     15        * loader/CrossOriginAccessControl.h:
     16        * page/SecurityOrigin.h:
     17
    1182017-08-09  Jeremy Jones  <jeremyj@apple.com>
    219
  • trunk/Source/WebCore/loader/CrossOriginAccessControl.h

    r220442 r220497  
    4141bool isOnAccessControlSimpleRequestMethodWhitelist(const String&);
    4242
    43 void updateRequestForAccessControl(ResourceRequest&, SecurityOrigin&, StoredCredentials);
     43WEBCORE_EXPORT void updateRequestForAccessControl(ResourceRequest&, SecurityOrigin&, StoredCredentials);
    4444WEBCORE_EXPORT ResourceRequest createAccessControlPreflightRequest(const ResourceRequest&, SecurityOrigin&, const String&);
    4545
  • trunk/Source/WebCore/page/SecurityOrigin.h

    r220442 r220497  
    5151
    5252    WEBCORE_EXPORT static Ref<SecurityOrigin> create(const URL&);
    53     static Ref<SecurityOrigin> createUnique();
     53    WEBCORE_EXPORT static Ref<SecurityOrigin> createUnique();
    5454
    5555    WEBCORE_EXPORT static Ref<SecurityOrigin> createFromString(const String&);
  • trunk/Source/WebKit/ChangeLog

    r220496 r220497  
     12017-08-09  Chris Dumez  <cdumez@apple.com>
     2
     3        [Beacon][NetworkSession] Support CORS-preflighting on redirects
     4        https://bugs.webkit.org/show_bug.cgi?id=175386
     5        <rdar://problem/33801370>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        Add support to Beacon for doing CORS-preflighting upon redirect to a different
     10        domain.
     11
     12        * NetworkProcess/NetworkCORSPreflightChecker.h:
     13        * NetworkProcess/PingLoad.cpp:
     14        (WebKit::PingLoad::PingLoad):
     15        (WebKit::PingLoad::~PingLoad):
     16        (WebKit::PingLoad::loadRequest):
     17        (WebKit::PingLoad::securityOrigin const):
     18        (WebKit::PingLoad::willPerformHTTPRedirection):
     19        (WebKit::PingLoad::didReceiveResponseNetworkSession):
     20        (WebKit::PingLoad::needsCORSPreflight const):
     21        (WebKit::PingLoad::doCORSPreflight):
     22        * NetworkProcess/PingLoad.h:
     23
    1242017-08-09  Jeremy Jones  <jeremyj@apple.com>
    225
  • trunk/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h

    r220442 r220497  
    5555    NetworkCORSPreflightChecker(Parameters&&, CompletionCallback&&);
    5656    ~NetworkCORSPreflightChecker();
     57    const WebCore::ResourceRequest& originalRequest() const { return m_parameters.originalRequest; }
    5758
    5859    void startPreflight();
  • trunk/Source/WebKit/NetworkProcess/PingLoad.cpp

    r220442 r220497  
    3333#include "NetworkCORSPreflightChecker.h"
    3434#include "SessionTracker.h"
     35#include <WebCore/CrossOriginAccessControl.h>
    3536
    3637#define RELEASE_LOG_IF_ALLOWED(fmt, ...) RELEASE_LOG_IF(m_parameters.sessionID.isAlwaysOnLoggingAllowed(), Network, "%p - PingLoad::" fmt, this, ##__VA_ARGS__)
     
    4344    : m_parameters(WTFMove(parameters))
    4445    , m_timeoutTimer(*this, &PingLoad::timeoutTimerFired)
     46    , m_isSameOriginRequest(securityOrigin().canRequest(m_parameters.request.url()))
    4547{
    4648    // If the server never responds, this object will hang around forever.
     
    5153        doCORSPreflight(m_parameters.request);
    5254    else
    53         startNetworkLoad();
     55        loadRequest(m_parameters.request);
    5456}
    5557
    5658PingLoad::~PingLoad()
    5759{
     60    if (m_redirectHandler)
     61        m_redirectHandler({ });
     62
    5863    if (m_task) {
    5964        ASSERT(m_task->client() == this);
     
    6368}
    6469
    65 void PingLoad::startNetworkLoad()
     70void PingLoad::loadRequest(const ResourceRequest& request)
    6671{
    6772    RELEASE_LOG_IF_ALLOWED("startNetworkLoad");
    6873    if (auto* networkSession = SessionTracker::networkSession(m_parameters.sessionID)) {
    69         m_task = NetworkDataTask::create(*networkSession, *this, m_parameters);
     74        auto loadParameters = m_parameters;
     75        loadParameters.request = request;
     76        m_task = NetworkDataTask::create(*networkSession, *this, WTFMove(loadParameters));
    7077        m_task->resume();
    7178    } else
     
    7380}
    7481
    75 void PingLoad::willPerformHTTPRedirection(ResourceResponse&&, ResourceRequest&& request, RedirectCompletionHandler&& completionHandler)
    76 {
    77     RELEASE_LOG_IF_ALLOWED("willPerformHTTPRedirection");
    78     // FIXME: Do a CORS preflight if necessary.
     82SecurityOrigin& PingLoad::securityOrigin() const
     83{
     84    return m_origin ? *m_origin : *m_parameters.sourceOrigin;
     85}
     86
     87void PingLoad::willPerformHTTPRedirection(ResourceResponse&& redirectResponse, ResourceRequest&& request, RedirectCompletionHandler&& completionHandler)
     88{
     89    RELEASE_LOG_IF_ALLOWED("willPerformHTTPRedirection - shouldFollowRedirects? %d", m_parameters.shouldFollowRedirects);
     90    if (!m_parameters.shouldFollowRedirects) {
     91        completionHandler({ });
     92        return;
     93    }
     94    // FIXME: Do CSP check.
    7995    // FIXME: We should ensure the number of redirects does not exceed 20.
    80     completionHandler(m_parameters.shouldFollowRedirects ? request : ResourceRequest());
     96    if (!needsCORSPreflight(request)) {
     97        completionHandler(request);
     98        return;
     99    }
     100    RELEASE_LOG_IF_ALLOWED("willPerformHTTPRedirection - Redirect requires a CORS preflight");
     101
     102    // Use a unique origin for subsequent loads if needed.
     103    // https://fetch.spec.whatwg.org/#concept-http-redirect-fetch (Step 10).
     104    ASSERT(m_parameters.mode == FetchOptions::Mode::Cors);
     105    if (!securityOrigin().canRequest(redirectResponse.url()) && !protocolHostAndPortAreEqual(redirectResponse.url(), request.url())) {
     106        if (!m_origin || !m_origin->isUnique())
     107            m_origin = SecurityOrigin::createUnique();
     108    }
     109
     110    m_isSameOriginRequest = false;
     111    m_redirectHandler = WTFMove(completionHandler);
     112
     113    // Let's fetch the request with the original headers (equivalent to request cloning specified by fetch algorithm).
     114    request.setHTTPHeaderFields(m_parameters.request.httpHeaderFields());
     115
     116    doCORSPreflight(request);
    81117}
    82118
     
    88124}
    89125
    90 void PingLoad::didReceiveResponseNetworkSession(ResourceResponse&&, ResponseCompletionHandler&& completionHandler)
    91 {
    92     RELEASE_LOG_IF_ALLOWED("didReceiveResponseNetworkSession");
     126void PingLoad::didReceiveResponseNetworkSession(ResourceResponse&& response, ResponseCompletionHandler&& completionHandler)
     127{
     128    RELEASE_LOG_IF_ALLOWED("didReceiveResponseNetworkSession - httpStatusCode: %d", response.httpStatusCode());
    93129    completionHandler(PolicyAction::PolicyIgnore);
    94130    delete this;
     
    134170bool PingLoad::needsCORSPreflight(const ResourceRequest& request) const
    135171{
    136     if (m_parameters.mode == FetchOptions::Mode::Cors) {
    137         ASSERT(m_parameters.sourceOrigin);
    138         return !m_parameters.sourceOrigin->canRequest(request.url());
    139     }
    140     return false;
     172    if (m_parameters.mode == FetchOptions::Mode::NoCors)
     173        return false;
     174
     175    return !m_isSameOriginRequest || !securityOrigin().canRequest(request.url());
    141176}
    142177
     
    145180    RELEASE_LOG_IF_ALLOWED("doCORSPreflight");
    146181    ASSERT(!m_corsPreflightChecker);
    147     ASSERT(m_parameters.sourceOrigin);
    148182
    149183    NetworkCORSPreflightChecker::Parameters parameters = {
    150184        request,
    151         *m_parameters.sourceOrigin,
     185        securityOrigin(),
    152186        m_parameters.sessionID,
    153187        m_parameters.allowStoredCredentials
    154188    };
    155189    m_corsPreflightChecker = std::make_unique<NetworkCORSPreflightChecker>(WTFMove(parameters), [this](NetworkCORSPreflightChecker::Result result) {
    156         RELEASE_LOG_IF_ALLOWED("doCORSPreflight complete, success: %d", result == NetworkCORSPreflightChecker::Result::Success);
     190        RELEASE_LOG_IF_ALLOWED("doCORSPreflight complete, success: %d forRedirect? %d", result == NetworkCORSPreflightChecker::Result::Success, !!m_redirectHandler);
     191        auto corsPreflightChecker = WTFMove(m_corsPreflightChecker);
    157192        if (result == NetworkCORSPreflightChecker::Result::Success) {
    158             m_corsPreflightChecker = nullptr;
    159             startNetworkLoad();
     193            ResourceRequest actualRequest = corsPreflightChecker->originalRequest();
     194            updateRequestForAccessControl(actualRequest, securityOrigin(), m_parameters.allowStoredCredentials);
     195            if (auto redirectHandler = std::exchange(m_redirectHandler, nullptr))
     196                redirectHandler(actualRequest);
     197            else
     198                loadRequest(actualRequest);
    160199        } else
    161200            delete this;
  • trunk/Source/WebKit/NetworkProcess/PingLoad.h

    r220442 r220497  
    5252    void timeoutTimerFired();
    5353
    54     void startNetworkLoad();
     54    void loadRequest(const WebCore::ResourceRequest&);
    5555    bool needsCORSPreflight(const WebCore::ResourceRequest&) const;
    5656    void doCORSPreflight(const WebCore::ResourceRequest&);
     57
     58    WebCore::SecurityOrigin& securityOrigin() const;
    5759   
    5860    NetworkResourceLoadParameters m_parameters;
     
    6062    WebCore::Timer m_timeoutTimer;
    6163    std::unique_ptr<NetworkCORSPreflightChecker> m_corsPreflightChecker;
     64    RefPtr<WebCore::SecurityOrigin> m_origin;
     65    bool m_isSameOriginRequest;
     66    RedirectCompletionHandler m_redirectHandler;
    6267};
    6368
Note: See TracChangeset for help on using the changeset viewer.