Changeset 223909 in webkit


Ignore:
Timestamp:
Oct 24, 2017 12:33:20 PM (7 years ago)
Author:
achristensen@apple.com
Message:

Apply custom header fields from WebsitePolicies to same-domain requests
https://bugs.webkit.org/show_bug.cgi?id=178356
Source/WebCore:

<rdar://problem/31073436>

Reviewed by Brady Eidson.

Covered by new API tests.

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):

  • platform/network/ResourceRequestBase.cpp:

(WebCore::ResourceRequestBase::setCachePolicy):
(WebCore::ResourceRequestBase::setTimeoutInterval):
(WebCore::ResourceRequestBase::setHTTPMethod):
(WebCore::ResourceRequestBase::setHTTPHeaderField):
(WebCore::ResourceRequestBase::clearHTTPAuthorization):
(WebCore::ResourceRequestBase::clearHTTPContentType):
(WebCore::ResourceRequestBase::clearHTTPReferrer):
(WebCore::ResourceRequestBase::clearHTTPOrigin):
(WebCore::ResourceRequestBase::clearHTTPUserAgent):
(WebCore::ResourceRequestBase::clearHTTPAccept):
(WebCore::ResourceRequestBase::clearHTTPAcceptEncoding):
(WebCore::ResourceRequestBase::setResponseContentDispositionEncodingFallbackArray):
(WebCore::ResourceRequestBase::setHTTPBody):
(WebCore::ResourceRequestBase::setAllowCookies):
(WebCore::ResourceRequestBase::setPriority):
(WebCore::ResourceRequestBase::addHTTPHeaderFieldIfNotPresent):
(WebCore::ResourceRequestBase::addHTTPHeaderField):
(WebCore::ResourceRequestBase::setHTTPHeaderFields):
If we only update the platform request when headers are added (or other changes) for HTTP requests,
then the changes will not affect the NSURLRequest that is sent over IPC or visible to the API.
This is necessary for these new tests to work, but it's also of growing importance since our
introduction of WKURLSchemeHandler.

Tools:

Reviewed by Brady Eidson.

  • TestWebKitAPI/Tests/WebKitCocoa/WebsitePolicies.mm:

(expectHeaders):

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r223908 r223909  
     12017-10-24  Alex Christensen  <achristensen@webkit.org>
     2
     3        Apply custom header fields from WebsitePolicies to same-domain requests
     4        https://bugs.webkit.org/show_bug.cgi?id=178356
     5        <rdar://problem/31073436>
     6
     7        Reviewed by Brady Eidson.
     8
     9        Covered by new API tests.
     10
     11        * loader/cache/CachedResourceLoader.cpp:
     12        (WebCore::CachedResourceLoader::requestResource):
     13        * platform/network/ResourceRequestBase.cpp:
     14        (WebCore::ResourceRequestBase::setCachePolicy):
     15        (WebCore::ResourceRequestBase::setTimeoutInterval):
     16        (WebCore::ResourceRequestBase::setHTTPMethod):
     17        (WebCore::ResourceRequestBase::setHTTPHeaderField):
     18        (WebCore::ResourceRequestBase::clearHTTPAuthorization):
     19        (WebCore::ResourceRequestBase::clearHTTPContentType):
     20        (WebCore::ResourceRequestBase::clearHTTPReferrer):
     21        (WebCore::ResourceRequestBase::clearHTTPOrigin):
     22        (WebCore::ResourceRequestBase::clearHTTPUserAgent):
     23        (WebCore::ResourceRequestBase::clearHTTPAccept):
     24        (WebCore::ResourceRequestBase::clearHTTPAcceptEncoding):
     25        (WebCore::ResourceRequestBase::setResponseContentDispositionEncodingFallbackArray):
     26        (WebCore::ResourceRequestBase::setHTTPBody):
     27        (WebCore::ResourceRequestBase::setAllowCookies):
     28        (WebCore::ResourceRequestBase::setPriority):
     29        (WebCore::ResourceRequestBase::addHTTPHeaderFieldIfNotPresent):
     30        (WebCore::ResourceRequestBase::addHTTPHeaderField):
     31        (WebCore::ResourceRequestBase::setHTTPHeaderFields):
     32        If we only update the platform request when headers are added (or other changes) for HTTP requests,
     33        then the changes will not affect the NSURLRequest that is sent over IPC or visible to the API.
     34        This is necessary for these new tests to work, but it's also of growing importance since our
     35        introduction of WKURLSchemeHandler.
     36
    1372017-10-24  Brent Fulgham  <bfulgham@apple.com>
    238

  • trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

    r223476 r223909  
    766766#endif
    767767
    768     // FIXME: Add custom headers to first-party requests.
    769     // https://bugs.webkit.org/show_bug.cgi?id=177629
     768    if (frame() && m_documentLoader && !m_documentLoader->customHeaderFields().isEmpty()) {
     769        bool sameOriginRequest = false;
     770        auto requestedOrigin = SecurityOrigin::create(url);
     771        if (type == CachedResource::Type::MainResource) {
     772            if (frame()->isMainFrame())
     773                sameOriginRequest = true;
     774            else if (auto* topDocument = frame()->mainFrame().document())
     775                sameOriginRequest = topDocument->securityOrigin().isSameSchemeHostPort(requestedOrigin.get());
     776        } else if (document()) {
     777            sameOriginRequest = document()->topDocument().securityOrigin().isSameSchemeHostPort(requestedOrigin.get())
     778                && document()->securityOrigin().isSameSchemeHostPort(requestedOrigin.get());
     779        }
     780        if (sameOriginRequest) {
     781            for (auto& field : m_documentLoader->customHeaderFields())
     782                request.resourceRequest().addHTTPHeaderField(field.name(), field.value());
     783        }
     784    }
    770785
    771786    LoadTiming loadTiming;

  • trunk/Source/WebCore/platform/network/ResourceRequestBase.cpp

    r216937 r223909  
    150150    m_cachePolicy = cachePolicy;
    151151   
    152     if (url().protocolIsInHTTPFamily())
    153         m_platformRequestUpdated = false;
     152    m_platformRequestUpdated = false;
    154153}
    155154
     
    170169    m_timeoutInterval = timeoutInterval;
    171170   
    172     if (url().protocolIsInHTTPFamily())
    173         m_platformRequestUpdated = false;
     171    m_platformRequestUpdated = false;
    174172}
    175173
     
    209207    m_httpMethod = httpMethod;
    210208   
    211     if (url().protocolIsInHTTPFamily())
    212         m_platformRequestUpdated = false;
     209    m_platformRequestUpdated = false;
    213210}
    214211
     
    240237    m_httpHeaderFields.set(name, value);
    241238   
    242     if (url().protocolIsInHTTPFamily())
    243         m_platformRequestUpdated = false;
     239    m_platformRequestUpdated = false;
    244240}
    245241
     
    250246    m_httpHeaderFields.set(name, value);
    251247
    252     if (url().protocolIsInHTTPFamily())
    253         m_platformRequestUpdated = false;
     248    m_platformRequestUpdated = false;
    254249}
    255250
     
    261256        return;
    262257
    263     if (url().protocolIsInHTTPFamily())
    264         m_platformRequestUpdated = false;
     258    m_platformRequestUpdated = false;
    265259}
    266260
     
    281275    m_httpHeaderFields.remove(HTTPHeaderName::ContentType);
    282276
    283     if (url().protocolIsInHTTPFamily())
    284         m_platformRequestUpdated = false;
     277    m_platformRequestUpdated = false;
    285278}
    286279
     
    306299    m_httpHeaderFields.remove(HTTPHeaderName::Referer);
    307300
    308     if (url().protocolIsInHTTPFamily())
    309         m_platformRequestUpdated = false;
     301    m_platformRequestUpdated = false;
    310302}
    311303
     
    331323    m_httpHeaderFields.remove(HTTPHeaderName::Origin);
    332324
    333     if (url().protocolIsInHTTPFamily())
    334         m_platformRequestUpdated = false;
     325    m_platformRequestUpdated = false;
    335326}
    336327
     
    356347    m_httpHeaderFields.remove(HTTPHeaderName::UserAgent);
    357348
    358     if (url().protocolIsInHTTPFamily())
    359         m_platformRequestUpdated = false;
     349    m_platformRequestUpdated = false;
    360350}
    361351
     
    376366    m_httpHeaderFields.remove(HTTPHeaderName::Accept);
    377367
    378     if (url().protocolIsInHTTPFamily())
    379         m_platformRequestUpdated = false;
     368    m_platformRequestUpdated = false;
    380369}
    381370
     
    386375    m_httpHeaderFields.remove(HTTPHeaderName::AcceptEncoding);
    387376
    388     if (url().protocolIsInHTTPFamily())
    389         m_platformRequestUpdated = false;
     377    m_platformRequestUpdated = false;
    390378}
    391379
     
    403391        m_responseContentDispositionEncodingFallbackArray.uncheckedAppend(encoding3);
    404392   
    405     if (url().protocolIsInHTTPFamily())
    406         m_platformRequestUpdated = false;
     393    m_platformRequestUpdated = false;
    407394}
    408395
     
    422409    m_resourceRequestBodyUpdated = true;
    423410
    424     if (url().protocolIsInHTTPFamily())
    425         m_platformRequestBodyUpdated = false;
     411    m_platformRequestBodyUpdated = false;
    426412}
    427413
     
    442428    m_allowCookies = allowCookies;
    443429   
    444     if (url().protocolIsInHTTPFamily())
    445         m_platformRequestUpdated = false;
     430    m_platformRequestUpdated = false;
    446431}
    447432
     
    462447    m_priority = priority;
    463448
    464     if (url().protocolIsInHTTPFamily())
    465         m_platformRequestUpdated = false;
     449    m_platformRequestUpdated = false;
    466450}
    467451
     
    473457        return;
    474458
    475     if (url().protocolIsInHTTPFamily())
    476         m_platformRequestUpdated = false;
     459    m_platformRequestUpdated = false;
    477460}
    478461
     
    483466    m_httpHeaderFields.add(name, value);
    484467
    485     if (url().protocolIsInHTTPFamily())
    486         m_platformRequestUpdated = false;
     468    m_platformRequestUpdated = false;
    487469}
    488470
     
    493475    m_httpHeaderFields.add(name, value);
    494476
    495     if (url().protocolIsInHTTPFamily())
    496         m_platformRequestUpdated = false;
     477    m_platformRequestUpdated = false;
    497478}
    498479
     
    508489    m_httpHeaderFields = WTFMove(headerFields);
    509490
    510     if (url().protocolIsInHTTPFamily())
    511         m_platformRequestUpdated = false;
     491    m_platformRequestUpdated = false;
    512492}
    513493

  • trunk/Tools/ChangeLog

    r223904 r223909  
     12017-10-24  Alex Christensen  <achristensen@webkit.org>
     2
     3        Apply custom header fields from WebsitePolicies to same-domain requests
     4        https://bugs.webkit.org/show_bug.cgi?id=178356
     5
     6        Reviewed by Brady Eidson.
     7
     8        * TestWebKitAPI/Tests/WebKitCocoa/WebsitePolicies.mm:
     9        (expectHeaders):
     10
    1112017-10-24  Stephan Szabo  <stephan.szabo@sony.com>
    212

  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsitePolicies.mm

    r223451 r223909  
    672672static bool secondTestDone;
    673673static bool thirdTestDone;
     674static bool fourthTestDone;
    674675
    675676static void expectHeaders(id <WKURLSchemeTask> task, bool expected)
     
    677678    NSURLRequest *request = task.request;
    678679    if (expected) {
    679         // FIXME: Check that headers are on the request.
    680         // https://bugs.webkit.org/show_bug.cgi?id=177629
     680        EXPECT_STREQ([[request valueForHTTPHeaderField:@"X-key1"] UTF8String], "value1");
     681        EXPECT_STREQ([[request valueForHTTPHeaderField:@"X-key2"] UTF8String], "value2");
    681682    } else {
    682683        EXPECT_TRUE([request valueForHTTPHeaderField:@"X-key1"] == nil);
     
    740741        respond(urlSchemeTask);
    741742        thirdTestDone = true;
     743    } else if ([path isEqualToString:@"/createaboutblankiframe"]) {
     744        expectHeaders(urlSchemeTask, true);
     745        respond(urlSchemeTask, @"<script>start=()=>{var s = document.createElement('script');s.text=\"fetch('test:///requestfromaboutblank')\";document.getElementById('iframeid').contentWindow.document.body.appendChild(s);}</script><body><iframe src='about:blank' id=iframeid onload='start()'></iframe></body>");
     746    } else if ([path isEqualToString:@"/requestfromaboutblank"]) {
     747        expectHeaders(urlSchemeTask, true);
     748        respond(urlSchemeTask);
     749        fourthTestDone = true;
    742750    } else
    743751        EXPECT_TRUE(false);
     
    765773    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"test://toporigin/nestedtop"]]];
    766774    TestWebKitAPI::Util::run(&thirdTestDone);
     775
     776    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"test:///createaboutblankiframe"]]];
     777    TestWebKitAPI::Util::run(&fourthTestDone);
    767778}
    768779
Note: See TracChangeset for help on using the changeset viewer.