Changeset 112485 in webkit
- Timestamp:
- Mar 28, 2012 6:14:05 PM (12 years ago)
- Location:
- trunk/Source/WebKit/chromium
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/chromium/ChangeLog
r112481 r112485 1 2012-03-28 Bill Budge <bbudge@chromium.org> 2 3 AssociatedURLLoader does not support Cross Origin Redirects when using 4 Access Control. 5 https://bugs.webkit.org/show_bug.cgi?id=82354 6 7 AssociatedURLLoader's internal adapter now overrides didFailRedirectCheck, 8 which cancels the load, causing didFail to notify the client that the 9 load failed. AssociatedURLLoaderTest adds test cases for CORS requests 10 that receive redirects and pass or fail the redirect access check. 11 12 Reviewed by Adam Barth. 13 14 * src/AssociatedURLLoader.cpp: 15 (AssociatedURLLoader::ClientAdapter): 16 (WebKit::AssociatedURLLoader::ClientAdapter::didFailRedirectCheck): 17 (WebKit): 18 * tests/AssociatedURLLoaderTest.cpp: 19 (WebKit): 20 (WebKit::TEST_F): 21 1 22 2012-03-28 Adrienne Walker <enne@google.com> 2 23 -
trunk/Source/WebKit/chromium/src/AssociatedURLLoader.cpp
r112346 r112485 141 141 virtual void didFinishLoading(unsigned long /*identifier*/, double /*finishTime*/); 142 142 virtual void didFail(const ResourceError&); 143 virtual void didFailRedirectCheck(); 143 144 144 145 virtual bool isDocumentThreadableLoaderClient() { return true; } … … 264 265 } 265 266 267 void AssociatedURLLoader::ClientAdapter::didFailRedirectCheck() 268 { 269 m_loader->cancel(); 270 } 271 266 272 void AssociatedURLLoader::ClientAdapter::setDelayedError(const ResourceError& error) 267 273 { -
trunk/Source/WebKit/chromium/tests/AssociatedURLLoaderTest.cpp
r112346 r112485 433 433 } 434 434 435 // Test a successful redirect and cross-origin load using CORS. 436 // FIXME: Enable this when DocumentThreadableLoader supports cross-origin redirects. 437 TEST_F(AssociatedURLLoaderTest, DISABLED_RedirectCrossOriginWithAccessControlSuccess) 438 { 439 GURL url = GURL("http://www.test.com/RedirectCrossOriginWithAccessControlSuccess.html"); 440 char redirect[] = "http://www.other.com/RedirectCrossOriginWithAccessControlSuccess.html"; // Cross-origin 435 // Test that a cross origin redirect response without CORS headers fails. 436 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlFailure) 437 { 438 GURL url = GURL("http://www.test.com/RedirectCrossOriginWithAccessControlFailure.html"); 439 char redirect[] = "http://www.other.com/RedirectCrossOriginWithAccessControlFailure.html"; // Cross-origin 441 440 GURL redirectURL = GURL(redirect); 442 441 … … 445 444 request.setURL(url); 446 445 446 // Create a redirect response without CORS headers. 447 447 m_expectedRedirectResponse = WebURLResponse(); 448 448 m_expectedRedirectResponse.initialize(); … … 452 452 webkit_support::RegisterMockedURL(url, m_expectedRedirectResponse, m_frameFilePath); 453 453 454 WebURLLoaderOptions options; 455 options.crossOriginRequestPolicy = WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; 456 m_expectedLoader = createAssociatedURLLoader(options); 457 EXPECT_TRUE(m_expectedLoader); 458 m_expectedLoader->loadAsynchronously(request, this); 459 serveRequests(); 460 // We should not receive a notification for the redirect or any response. 461 EXPECT_FALSE(m_willSendRequest); 462 EXPECT_FALSE(m_didReceiveResponse); 463 EXPECT_FALSE(m_didReceiveData); 464 EXPECT_FALSE(m_didFail); 465 } 466 467 // Test that a cross origin redirect response with CORS headers that allow the requesting origin succeeds. 468 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlSuccess) 469 { 470 GURL url = GURL("http://www.test.com/RedirectCrossOriginWithAccessControlSuccess.html"); 471 char redirect[] = "http://www.other.com/RedirectCrossOriginWithAccessControlSuccess.html"; // Cross-origin 472 GURL redirectURL = GURL(redirect); 473 474 WebURLRequest request; 475 request.initialize(); 476 request.setURL(url); 477 478 // Create a redirect response that allows the redirect to pass the access control checks. 479 m_expectedRedirectResponse = WebURLResponse(); 480 m_expectedRedirectResponse.initialize(); 481 m_expectedRedirectResponse.setMIMEType("text/html"); 482 m_expectedRedirectResponse.setHTTPStatusCode(301); 483 m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect); 484 m_expectedRedirectResponse.addHTTPHeaderField("access-control-allow-origin", "*"); 485 webkit_support::RegisterMockedURL(url, m_expectedRedirectResponse, m_frameFilePath); 486 454 487 m_expectedNewRequest = WebURLRequest(); 455 488 m_expectedNewRequest.initialize(); … … 468 501 m_expectedLoader->loadAsynchronously(request, this); 469 502 serveRequests(); 470 EXPECT_TRUE(m_willSendRequest); 503 // We should not receive a notification for the redirect. 504 EXPECT_FALSE(m_willSendRequest); 471 505 EXPECT_TRUE(m_didReceiveResponse); 472 506 EXPECT_TRUE(m_didReceiveData);
Note: See TracChangeset
for help on using the changeset viewer.