Context Navigation

← Previous Changeset
Next Changeset →

Changeset 273905 in webkit

Timestamp:

Mar 4, 2021 11:30:12 AM (17 months ago)

Author:

youenn@apple.com

Message:

In case of POST navigation redirected by a 302, the 'Origin' header is kept in the redirected request
https://bugs.webkit.org/show_bug.cgi?id=222653
<rdar://problem/74983521>

Reviewed by Alex Christensen.

Source/WebCore:

Remove Origin header if the navigation request goes from POST to GET.
This aligns with other browsers and removes some known interop issues.
This is consistent with WebKit not sending Origin headers for GET navigations.

Test: http/wpt/fetch/navigation-post-to-get-origin.html

loader/DocumentLoader.cpp:

(WebCore::isRedirectToGetAfterPost):
(WebCore::DocumentLoader::willSendRequest):

LayoutTests:

http/wpt/fetch/echo-origin.py: Added.
http/wpt/fetch/navigation-post-to-get-origin-expected.txt: Added.
http/wpt/fetch/navigation-post-to-get-origin.html: Added.

Location:

trunk

Files:

: 3 added
: 3 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/http/wpt/fetch/navigation-post-to-get-origin-expected.txt (added)
LayoutTests/http/wpt/fetch/navigation-post-to-get-origin.html (added)
LayoutTests/http/wpt/fetch/resources/echo-origin.py (added)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/loader/DocumentLoader.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r273902
+                      r273905
+-03-04  Youenn Fablet  <youenn@apple.com>
+        In case of POST navigation redirected by a 302, the 'Origin' header is kept in the redirected request
+        https://bugs.webkit.org/show_bug.cgi?id=222653
+        <rdar://problem/74983521>
+        Reviewed by Alex Christensen.
+        * http/wpt/fetch/echo-origin.py: Added.
+        * http/wpt/fetch/navigation-post-to-get-origin-expected.txt: Added.
+        * http/wpt/fetch/navigation-post-to-get-origin.html: Added.
 -03-04  Said Abou-Hallawa  <said@apple.com>

trunk/Source/WebCore/ChangeLog

-                      r273903
+                      r273905
+-03-04  Youenn Fablet  <youenn@apple.com>
+        In case of POST navigation redirected by a 302, the 'Origin' header is kept in the redirected request
+        https://bugs.webkit.org/show_bug.cgi?id=222653
+        <rdar://problem/74983521>
+        Reviewed by Alex Christensen.
+        Remove Origin header if the navigation request goes from POST to GET.
+        This aligns with other browsers and removes some known interop issues.
+        This is consistent with WebKit not sending Origin headers for GET navigations.
+        Test: http/wpt/fetch/navigation-post-to-get-origin.html
+        * loader/DocumentLoader.cpp:
+        (WebCore::isRedirectToGetAfterPost):
+        (WebCore::DocumentLoader::willSendRequest):
 -03-04  Chris Dumez  <cdumez@apple.com>

trunk/Source/WebCore/loader/DocumentLoader.cpp

-                      r273183
+                      r273905
+}
+static bool isRedirectToGetAfterPost(const ResourceRequest& oldRequest, const ResourceRequest& newRequest)
+{
+    return oldRequest.httpMethod() == "POST" && newRequest.httpMethod() == "GET";
+}
 bool DocumentLoader::isPostOrRedirectAfterPost(const ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
+{
 …
     if (newRequest.cachePolicy() == ResourceRequestCachePolicy::UseProtocolCachePolicy && isPostOrRedirectAfterPost(newRequest, redirectResponse))
         newRequest.setCachePolicy(ResourceRequestCachePolicy::ReloadIgnoringCacheData);
+    if (isRedirectToGetAfterPost(m_request, newRequest))
+        newRequest.clearHTTPOrigin();
     if (&topFrame != m_frame) {

Note: See TracChangeset for help on using the changeset viewer.