Changeset 201930 in webkit
- Timestamp:
- Jun 10, 2016 11:17:11 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r201927 r201930 1 2016-06-10 Youenn Fablet <youenn.fablet@crf.canon.fr> 2 3 Origin header is not included in CORS requests for preloaded cross-origin resources 4 https://bugs.webkit.org/show_bug.cgi?id=155761 5 <rdar://problem/25351850> 6 7 Reviewed by Alex Christensen. 8 9 * http/tests/security/cross-origin-css-9-expected.txt: Added. 10 * http/tests/security/cross-origin-css-9.html: Added. 11 * http/tests/security/resources/get-css-if-origin-header.php: Added. 12 1 13 2016-06-10 Ryan Haddad <ryanhaddad@apple.com> 2 14 -
trunk/Source/WebCore/ChangeLog
r201926 r201930 1 2016-06-10 Youenn Fablet <youenn.fablet@crf.canon.fr> 2 3 Origin header is not included in CORS requests for preloaded cross-origin resources 4 https://bugs.webkit.org/show_bug.cgi?id=155761 5 <rdar://problem/25351850> 6 7 Reviewed by Alex Christensen. 8 9 Making HTML preloader fully aware of crossorigin attribute value. 10 Introducing CachedResourceRequest::setAsPotentiallyCrossOrigin as a helper routine to activate CORS mode. 11 Making HTMLLinkElement and HTMLResourcePreloader use that routine. 12 Making TokenPreloadScanner store the crossorigin attribute value in preload requests. 13 Making TokenPreloadScanner store the crossorigin attribute value for link elements. 14 15 Test: http/tests/security/cross-origin-css-9.html 16 17 * html/HTMLLinkElement.cpp: 18 (WebCore::HTMLLinkElement::process): 19 * html/parser/HTMLPreloadScanner.cpp: 20 (WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest): 21 (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): 22 * html/parser/HTMLResourcePreloader.cpp: 23 (WebCore::crossOriginModeAllowsCookies): 24 (WebCore::PreloadRequest::resourceRequest): 25 * html/parser/HTMLResourcePreloader.h: 26 (WebCore::PreloadRequest::setCrossOriginMode): 27 (WebCore::PreloadRequest::PreloadRequest): Deleted. 28 (WebCore::PreloadRequest::resourceType): Deleted. 29 * loader/cache/CachedResourceRequest.cpp: 30 (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin): 31 * loader/cache/CachedResourceRequest.h: 32 1 33 2016-06-10 Chris Dumez <cdumez@apple.com> 2 34 -
trunk/Source/WebCore/html/HTMLLinkElement.cpp
r201441 r201930 262 262 request.setOptions(options); 263 263 } 264 request.setAsPotentiallyCrossOrigin(crossOrigin(), document()); 264 265 265 266 m_cachedSheet = document().cachedResourceLoader().requestCSSStyleSheet(request); 266 267 267 268 if (m_cachedSheet) 268 269 m_cachedSheet->addClient(this); -
trunk/Source/WebCore/html/parser/HTMLPreloadScanner.cpp
r201441 r201930 23 23 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 26 */ 27 27 … … 144 144 145 145 auto request = std::make_unique<PreloadRequest>(initiatorFor(m_tagId), m_urlToLoad, predictedBaseURL, resourceType(), m_mediaAttribute); 146 147 request->setCrossOriginModeAllowsCookies(crossOriginModeAllowsCookies()); 146 request->setCrossOriginMode(m_crossOriginMode); 148 147 request->setCharset(charset()); 149 148 return request; … … 161 160 if (match(attributeName, srcAttr)) 162 161 setUrlToLoad(attributeValue); 163 else if (match(attributeName, crossoriginAttr) && !attributeValue.isNull())162 else if (match(attributeName, crossoriginAttr)) 164 163 m_crossOriginMode = stripLeadingAndTrailingHTMLSpaces(attributeValue); 165 164 else if (match(attributeName, charsetAttr)) … … 216 215 else if (match(attributeName, charsetAttr)) 217 216 m_charset = attributeValue; 217 else if (match(attributeName, crossoriginAttr)) 218 m_crossOriginMode = stripLeadingAndTrailingHTMLSpaces(attributeValue); 218 219 break; 219 220 case TagId::Input: … … 303 304 } 304 305 305 bool crossOriginModeAllowsCookies()306 {307 return m_crossOriginMode.isNull() || equalLettersIgnoringASCIICase(m_crossOriginMode, "use-credentials");308 }309 310 306 TagId m_tagId; 311 307 String m_urlToLoad; -
trunk/Source/WebCore/html/parser/HTMLResourcePreloader.cpp
r201441 r201930 21 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 24 */ 25 25 … … 46 46 CachedResourceRequest request(ResourceRequest(completeURL(document))); 47 47 request.setInitiator(m_initiator); 48 49 // FIXME: It's possible CORS should work for other request types? 50 if (m_resourceType == CachedResource::Script) 51 request.mutableResourceRequest().setAllowCookies(m_crossOriginModeAllowsCookies); 48 request.setAsPotentiallyCrossOrigin(m_crossOriginMode, document); 52 49 return request; 53 50 } -
trunk/Source/WebCore/html/parser/HTMLResourcePreloader.h
r187587 r201930 21 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 24 */ 25 25 … … 41 41 , m_resourceType(resourceType) 42 42 , m_mediaAttribute(mediaAttribute) 43 , m_crossOriginModeAllowsCookies(false)44 43 { 45 44 } … … 50 49 const String& media() const { return m_mediaAttribute; } 51 50 void setCharset(const String& charset) { m_charset = charset.isolatedCopy(); } 52 void setCrossOriginMode AllowsCookies(bool allowsCookies) { m_crossOriginModeAllowsCookies = allowsCookies; }51 void setCrossOriginMode(const String& mode) { m_crossOriginMode = mode; } 53 52 CachedResource::Type resourceType() const { return m_resourceType; } 54 53 … … 62 61 CachedResource::Type m_resourceType; 63 62 String m_mediaAttribute; 64 bool m_crossOriginModeAllowsCookies;63 String m_crossOriginMode; 65 64 }; 66 65 -
trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp
r194819 r201930 28 28 29 29 #include "CachedResourceLoader.h" 30 #include "CrossOriginAccessControl.h" 30 31 #include "Document.h" 31 32 #include "Element.h" … … 93 94 } 94 95 96 void CachedResourceRequest::setAsPotentiallyCrossOrigin(const String& mode, Document& document) 97 { 98 if (mode.isNull()) 99 return; 100 m_options.setRequestOriginPolicy(PotentiallyCrossOriginEnabled); 101 m_options.setAllowCredentials(equalLettersIgnoringASCIICase(mode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials); 102 103 updateRequestForAccessControl(m_resourceRequest, document.securityOrigin(), m_options.allowCredentials()); 104 } 105 95 106 } // namespace WebCore -
trunk/Source/WebCore/loader/cache/CachedResourceRequest.h
r195770 r201930 66 66 DocumentLoader* initiatingDocumentLoader() const { return m_initiatingDocumentLoader.get(); } 67 67 68 void setAsPotentiallyCrossOrigin(const String&, Document&); 69 68 70 private: 69 71 ResourceRequest m_resourceRequest;
Note: See TracChangeset
for help on using the changeset viewer.