Changeset 57041 in webkit
- Timestamp:
- Apr 2, 2010, 9:20:26 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 9 added
- 3 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/http/tests/xmlhttprequest/access-control-preflight-async-header-denied-expected.txt (added)
-
LayoutTests/http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html (added)
-
LayoutTests/http/tests/xmlhttprequest/access-control-preflight-async-method-denied-expected.txt (added)
-
LayoutTests/http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html (added)
-
LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-header-denied-expected.txt (added)
-
LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html (added)
-
LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-method-denied-expected.txt (added)
-
LayoutTests/http/tests/xmlhttprequest/access-control-preflight-sync-method-denied.html (added)
-
LayoutTests/http/tests/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php (added)
-
WebCore/ChangeLog (modified) (1 diff)
-
WebCore/loader/DocumentThreadableLoader.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r57023 r57041 1 2010-04-02 Justin Schuh <jschuh@chromium.org> 2 3 Reviewed by Alexey Proskuryakov. 4 5 XHR allows arbitrary XSRF across domains 6 https://bugs.webkit.org/show_bug.cgi?id=36843 7 8 Added a one-line change to prevent bypassing the XDC check on 9 synchronous preflighted requests. Added layout tests to cover 10 variations of this problem. 11 12 * http/tests/xmlhttprequest/access-control-preflight-async-header-denied-expected.txt: Added. 13 * http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html: Added. 14 * http/tests/xmlhttprequest/access-control-preflight-async-method-denied-expected.txt: Added. 15 * http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html: Added. 16 * http/tests/xmlhttprequest/access-control-preflight-sync-header-denied-expected.txt: Added. 17 * http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html: Added. 18 * http/tests/xmlhttprequest/access-control-preflight-sync-method-denied-expected.txt: Added. 19 * http/tests/xmlhttprequest/access-control-preflight-sync-method-denied.html: Added. 20 * http/tests/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php: Added. 21 1 22 2010-04-02 Andrew Scherkus <scherkus@chromium.org> 2 23 -
trunk/WebCore/ChangeLog
r57039 r57041 1 2010-04-02 Justin Schuh <jschuh@chromium.org> 2 3 Reviewed by Alexey Proskuryakov. 4 5 XHR allows arbitrary XSRF across domains 6 https://bugs.webkit.org/show_bug.cgi?id=36843 7 8 Added a one-line change to prevent bypassing the XDC check on 9 synchronous preflighted requests. Added layout tests to cover 10 variations of this problem. 11 12 Tests: http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html 13 http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html 14 http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html 15 http/tests/xmlhttprequest/access-control-preflight-sync-method-denied.html 16 17 * loader/DocumentThreadableLoader.cpp: 18 (WebCore::DocumentThreadableLoader::preflightFailure): 19 1 20 2010-04-02 Nayan Kumar K <nayankk@gmail.com> 2 21 -
trunk/WebCore/loader/DocumentThreadableLoader.cpp
r56955 r57041 292 292 void DocumentThreadableLoader::preflightFailure() 293 293 { 294 m_actualRequest = 0; // Prevent didFinishLoading() from bypassing access check. 294 295 m_client->didFail(ResourceError()); 295 296 }
Note:
See TracChangeset
for help on using the changeset viewer.