Changeset 233739 in webkit
- Timestamp:
- Jul 11, 2018 12:36:16 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 15 deleted
- 14 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r233738 r233739 1 2018-07-11 Youenn Fablet <youenn@apple.com> 2 3 Fix remaining Cross-Origin-Resource-Policy failures, if any 4 https://bugs.webkit.org/show_bug.cgi?id=186761 5 <rdar://problem/41209829> 6 7 Reviewed by Alex Christensen. 8 9 Remove redundant tests with WPT. 10 11 * http/wpt/cross-origin-resource-policy/fetch-expected.txt: Removed. 12 * http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt: Removed. 13 * http/wpt/cross-origin-resource-policy/fetch-in-iframe.html: Removed. 14 * http/wpt/cross-origin-resource-policy/fetch.html: Removed. 15 * http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt: Removed. 16 * http/wpt/cross-origin-resource-policy/iframe-loads.html: Removed. 17 * http/wpt/cross-origin-resource-policy/image-loads-expected.txt: Removed. 18 * http/wpt/cross-origin-resource-policy/image-loads.html: Removed. 19 * http/wpt/cross-origin-resource-policy/resources/hello.py: Removed. 20 * http/wpt/cross-origin-resource-policy/resources/iframe.py: Removed. 21 * http/wpt/cross-origin-resource-policy/resources/iframeFetch.html: Removed. 22 * http/wpt/cross-origin-resource-policy/resources/redirect.py: Removed. 23 * http/wpt/cross-origin-resource-policy/resources/script.py: Removed. 24 * http/wpt/cross-origin-resource-policy/script-loads-expected.txt: Removed. 25 * http/wpt/cross-origin-resource-policy/script-loads.html: Removed. 26 1 27 2018-07-11 Jer Noble <jer.noble@apple.com> 2 28 -
trunk/LayoutTests/imported/w3c/ChangeLog
r233729 r233739 1 2018-07-11 Youenn Fablet <youenn@apple.com> 2 3 Fix remaining Cross-Origin-Resource-Policy failures, if any 4 https://bugs.webkit.org/show_bug.cgi?id=186761 5 <rdar://problem/41209829> 6 7 Reviewed by Alex Christensen. 8 9 Fixed some tests for correctness. 10 11 * web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-service-worker-expected.txt: 12 * web-platform-tests/fetch/cross-origin-resource-policy/fetch.any-expected.txt: 13 * web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.js: 14 (promise_test): 15 * web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.worker-expected.txt: 16 * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window-expected.txt: Added. 17 * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html: Added. 18 * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js: 19 * web-platform-tests/fetch/cross-origin-resource-policy/syntax.any-expected.txt: 20 * web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker-expected.txt: 21 1 22 2018-07-10 Antoine Quint <graouts@apple.com> 2 23 -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-service-worker-expected.txt
r233273 r233739 7 7 PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header. 8 8 PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. 9 PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header .9 PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header, HTTP context, HTTPS resource. 10 10 PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header. 11 11 PASS Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any-expected.txt
r233273 r233739 3 3 CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header. 4 4 CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks. 5 CONSOLE MESSAGE: Cancelled load to https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header. 6 CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks. 5 7 CONSOLE MESSAGE: Cancelled load to https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. 6 8 CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks. … … 18 20 PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header. 19 21 PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. 20 PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header .22 PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header, HTTP context, HTTPS resource. 21 23 PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header. 22 24 PASS Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.js
r233273 r233739 46 46 promise_test((test) => { 47 47 const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-site"; 48 return fetch(remoteURL, { mode: "no-cors" });49 }, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header .");48 return promise_rejects(test, new TypeError, fetch(remoteURL, { mode: "no-cors" })); 49 }, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header, HTTP context, HTTPS resource."); 50 50 51 51 promise_test((test) => { -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.worker-expected.txt
r233273 r233739 1 1 CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. 2 2 CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header. 3 CONSOLE MESSAGE: Cancelled load to https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header. 3 4 CONSOLE MESSAGE: Cancelled load to https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. 4 5 CONSOLE MESSAGE: Cancelled load to http://localhost:8801/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header. … … 12 13 PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header. 13 14 PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. 14 PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header .15 PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header, HTTP context, HTTPS resource. 15 16 PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header. 16 17 PASS Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header. -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js
r233238 r233739 3 3 promise_test(t => { 4 4 const img = new Image(); 5 img.src = get_host_info().HTTP_ REMOTE_ORIGIN + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site";5 img.src = get_host_info().HTTP_ORIGIN + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site"; 6 6 return new Promise((resolve, reject) => { 7 7 img.onload = resolve; -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any-expected.txt
r233238 r233739 1 CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header.2 CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN due to access control checks.3 CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header.4 CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin due to access control checks.5 1 6 2 PASS Parsing Cross-Origin-Resource-Policy: same 7 3 PASS Parsing Cross-Origin-Resource-Policy: same, same-origin 8 FAIL Parsing Cross-Origin-Resource-Policy: SAME-ORIGIN promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header." 9 FAIL Parsing Cross-Origin-Resource-Policy: Same-Origin promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header." 4 PASS Parsing Cross-Origin-Resource-Policy: SAME-ORIGIN 5 PASS Parsing Cross-Origin-Resource-Policy: Same-Origin 10 6 PASS Parsing Cross-Origin-Resource-Policy: same-origin, <> 11 7 PASS Parsing Cross-Origin-Resource-Policy: same-origin, same-origin -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker-expected.txt
r233238 r233739 1 CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header.2 CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header.3 1 4 2 PASS Parsing Cross-Origin-Resource-Policy: same 5 3 PASS Parsing Cross-Origin-Resource-Policy: same, same-origin 6 FAIL Parsing Cross-Origin-Resource-Policy: SAME-ORIGIN promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header." 7 FAIL Parsing Cross-Origin-Resource-Policy: Same-Origin promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header." 4 PASS Parsing Cross-Origin-Resource-Policy: SAME-ORIGIN 5 PASS Parsing Cross-Origin-Resource-Policy: Same-Origin 8 6 PASS Parsing Cross-Origin-Resource-Policy: same-origin, <> 9 7 PASS Parsing Cross-Origin-Resource-Policy: same-origin, same-origin -
trunk/Source/WebCore/ChangeLog
r233737 r233739 1 2018-07-11 Youenn Fablet <youenn@apple.com> 2 3 Fix remaining Cross-Origin-Resource-Policy failures, if any 4 https://bugs.webkit.org/show_bug.cgi?id=186761 5 <rdar://problem/41209829> 6 7 Reviewed by Alex Christensen. 8 9 Add case-sensitive check for CORP header value, as per fetch specification. 10 Add HTTP->HTTPS check for same-site case, as per fetch specification. 11 https://fetch.spec.whatwg.org/#cross-origin-resource-policy-check 12 13 Test: imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html 14 15 * loader/CrossOriginAccessControl.cpp: 16 (WebCore::shouldCrossOriginResourcePolicyCancelLoad): 17 * platform/network/HTTPParsers.cpp: 18 (WebCore::parseCrossOriginResourcePolicyHeader): 19 1 20 2018-07-11 Ross Kirsling <ross.kirsling@sony.com> 2 21 -
trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp
r233122 r233739 213 213 214 214 auto policy = parseCrossOriginResourcePolicyHeader(response.httpHeaderField(HTTPHeaderName::CrossOriginResourcePolicy)); 215 switch (policy) { 216 case CrossOriginResourcePolicy::None: 217 case CrossOriginResourcePolicy::Invalid: 218 return false; 219 case CrossOriginResourcePolicy::SameOrigin: 215 216 if (policy == CrossOriginResourcePolicy::SameOrigin) 220 217 return true; 221 case CrossOriginResourcePolicy::SameSite: { 218 219 if (policy == CrossOriginResourcePolicy::SameSite) { 220 if (origin.isUnique()) 221 return true; 222 222 #if ENABLE(PUBLIC_SUFFIX_LIST) 223 return origin.isUnique() || !registrableDomainsAreEqual(response.url(), ResourceRequest::partitionName(origin.host())); 224 #else 225 return true; 223 if (!registrableDomainsAreEqual(response.url(), ResourceRequest::partitionName(origin.host()))) 224 return true; 226 225 #endif 227 }} 228 229 RELEASE_ASSERT_NOT_REACHED(); 226 if (origin.protocol() == "http" && response.url().protocol() == "https") 227 return true; 228 } 229 230 return false; 230 231 } 231 232 -
trunk/Source/WebCore/platform/network/HTTPParsers.cpp
r233122 r233739 912 912 return CrossOriginResourcePolicy::None; 913 913 914 if ( equalLettersIgnoringASCIICase(strippedHeader, "same-origin"))914 if (strippedHeader == "same-origin") 915 915 return CrossOriginResourcePolicy::SameOrigin; 916 916 917 if ( equalLettersIgnoringASCIICase(strippedHeader, "same-site"))917 if (strippedHeader == "same-site") 918 918 return CrossOriginResourcePolicy::SameSite; 919 919 -
trunk/Tools/ChangeLog
r233734 r233739 1 2018-07-11 Youenn Fablet <youenn@apple.com> 2 3 Fix remaining Cross-Origin-Resource-Policy failures, if any 4 https://bugs.webkit.org/show_bug.cgi?id=186761 5 <rdar://problem/41209829> 6 7 Reviewed by Alex Christensen. 8 9 * TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp: 10 (TestWebKitAPI::TEST): 11 1 12 2018-07-11 Aakash Jain <aakash_jain@apple.com> 2 13 -
trunk/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp
r232309 r233739 39 39 40 40 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same-origin") == CrossOriginResourcePolicy::SameOrigin); 41 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Origin") == CrossOriginResourcePolicy:: SameOrigin);42 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-ORIGIN") == CrossOriginResourcePolicy:: SameOrigin);43 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same-orIGIN ") == CrossOriginResourcePolicy:: SameOrigin);41 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Origin") == CrossOriginResourcePolicy::Invalid); 42 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-ORIGIN") == CrossOriginResourcePolicy::Invalid); 43 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same-orIGIN ") == CrossOriginResourcePolicy::Invalid); 44 44 45 45 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same-site") == CrossOriginResourcePolicy::SameSite); 46 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Site") == CrossOriginResourcePolicy:: SameSite);47 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-SITE") == CrossOriginResourcePolicy:: SameSite);46 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Site") == CrossOriginResourcePolicy::Invalid); 47 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-SITE") == CrossOriginResourcePolicy::Invalid); 48 48 EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same-site ") == CrossOriginResourcePolicy::SameSite); 49 49
Note: See TracChangeset
for help on using the changeset viewer.