Changeset 195100 in webkit
- Timestamp:
- Jan 15, 2016 1:11:52 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 8 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r195092 r195100 1 2016-01-15 Youenn Fablet <youenn.fablet@crf.canon.fr> 2 3 CORS: Fix the handling of redirected request containing Origin null. 4 https://bugs.webkit.org/show_bug.cgi?id=128816 5 6 Reviewed by Brent Fulgham. 7 8 Merging Blink patch from George Ancil (https://chromiumcodereview.appspot.com/20735002) 9 10 Added two tests to check CORS with Origin null in HTTP redirect and iframe cases. 11 Updated two test sandboxed iframes test expectations (requests are still denied but error messages are different). 12 13 * http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow-origin-null-expected.txt: Added. 14 * http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow-origin-null.html: Added. 15 * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-expected.txt: 16 * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard-expected.txt: 17 * http/tests/xmlhttprequest/redirect-cors-origin-null-expected.txt: Added. 18 * http/tests/xmlhttprequest/redirect-cors-origin-null.html: Added. 19 * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-origin-null-iframe.html: Added. 20 * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-origin-null.cgi: Added. 21 * http/tests/xmlhttprequest/resources/redirect-cors-origin-null-pass.php: Added. 22 * http/tests/xmlhttprequest/resources/redirect-cors-origin-null.php: Added. 23 1 24 2016-01-14 Commit Queue <commit-queue@webkit.org> 2 25 -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-expected.txt
r178527 r195100 1 CONSOLE MESSAGE: line 17: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi. Cannot make any requests from null.1 CONSOLE MESSAGE: line 17: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi. Origin null is not allowed by Access-Control-Allow-Origin. 2 2 This test verifies that sandboxed iframe does not have XmlHttpRequest access to its server. It will print "PASS" on success. 3 3 -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard-expected.txt
r178527 r195100 1 CONSOLE MESSAGE: line 16: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi. Cannot make any requests from null.1 CONSOLE MESSAGE: line 16: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi. Origin null is not allowed by Access-Control-Allow-Origin. 2 2 This test verifies that sandboxed iframe does not have XmlHttpRequest access to its server with "Access-Control-Allow-Origin" set to its own origin (127.0.0.1). 3 3 -
trunk/Source/WebCore/ChangeLog
r195092 r195100 1 2016-01-15 Youenn Fablet <youenn.fablet@crf.canon.fr> 2 3 CORS: Fix the handling of redirected request containing Origin null. 4 https://bugs.webkit.org/show_bug.cgi?id=128816 5 6 Reviewed by Brent Fulgham. 7 8 Merging Blink patch from George Ancil (https://chromiumcodereview.appspot.com/20735002). 9 10 This patch removes the check for securityOrigin->isUnique() in passesAccessControlCheck(). 11 This check prevented a redirected request with "Origin: null" from being 12 successful even when the response contains "Access-Control-Allow-Origin: null" 13 14 Tests: http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow-origin-null.html 15 http/tests/xmlhttprequest/redirect-cors-origin-null.html 16 17 * loader/CrossOriginAccessControl.cpp: 18 (WebCore::passesAccessControlCheck): 19 1 20 2016-01-14 Commit Queue <commit-queue@webkit.org> 2 21 -
trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp
r190338 r195100 142 142 return true; 143 143 144 if (securityOrigin->isUnique()) {145 errorDescription = "Cannot make any requests from " + securityOrigin->toString() + ".";146 return false;147 }148 149 144 // FIXME: Access-Control-Allow-Origin can contain a list of origins. 150 145 if (accessControlOriginString != securityOrigin->toString()) {
Note: See TracChangeset
for help on using the changeset viewer.