Changeset 202542 in webkit

Timestamp:

Jun 27, 2016 11:09:05 PM (8 years ago)

Author:

commit-queue@webkit.org

Message:

Remove didFailAccessControlCheck ThreadableLoaderClient callback
​https://bugs.webkit.org/show_bug.cgi?id=159149

Patch by Youenn Fablet <​youenn@apple.com> on 2016-06-27
Reviewed by Daniel Bates.

LayoutTests/imported/w3c:

• web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt:

Source/WebCore:

Adding an AccessControl ResourceError type.
Replacing didFailAccessControlCheck callback by a direct call to didFail with an error of type AccessControl.

Making CrossOriginPreflightChecker always return an AccessControl error. Previously some errors created below
were passed directly to threadable loader clients.

When doing preflight on unauthorized web sites, WTR/DRT will trigger a cancellation error which was translating into an abort event in XMLHttpRequest.
This patch is changing the error type to AccessControl, which translates into an error event in XMLHttpReauest.

This change of behavior is seen in imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred.htm.
No other observable change of behavior should be expected.

• inspector/InspectorNetworkAgent.cpp: Computing error message in didFail according the error type.
• loader/CrossOriginPreflightChecker.cpp:

(WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Setting preflightFailure error type to AccessControl.
(WebCore::CrossOriginPreflightChecker::notifyFinished): Ditto.
(WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.

• loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Replacing didFailAccessControlCheck
callback by a direct call to didFail with an error of type AccessControl.
(WebCore::reportContentSecurityPolicyError): Ditto.
(WebCore::reportCrossOriginResourceSharingError): Ditto.
(WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
(WebCore::DocumentThreadableLoader::preflightFailure): Calling didFail directly.

• loader/ThreadableLoaderClient.h: Removing didFailAccessControlCheck.
• loader/ThreadableLoaderClientWrapper.h: Ditto.
• loader/WorkerThreadableLoader.cpp: Ditto.
• loader/WorkerThreadableLoader.h: Ditto.
• page/EventSource.cpp:

(WebCore::EventSource::didFail): Removing didFailAccessControlCheck and putting handling code in didFail.

• page/EventSource.h:
• platform/network/ResourceErrorBase.cpp:

(WebCore::ResourceErrorBase::setType): Softening the assertion to cover the case of migration to AccessControl.

• platform/network/ResourceErrorBase.h: Adding AccessControl error type.

(WebCore::ResourceErrorBase::isAccessControl):

Location:

trunk

Files:

• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/inspector/InspectorNetworkAgent.cpp (modified) (1 diff)
• Source/WebCore/loader/CrossOriginPreflightChecker.cpp (modified) (5 diffs)
• Source/WebCore/loader/DocumentThreadableLoader.cpp (modified) (5 diffs)
• Source/WebCore/loader/ThreadableLoaderClient.h (modified) (1 diff)
• Source/WebCore/loader/ThreadableLoaderClientWrapper.h (modified) (1 diff)
• Source/WebCore/loader/WorkerThreadableLoader.cpp (modified) (1 diff)
• Source/WebCore/loader/WorkerThreadableLoader.h (modified) (1 diff)
• Source/WebCore/page/EventSource.cpp (modified) (2 diffs)
• Source/WebCore/page/EventSource.h (modified) (1 diff)
• Source/WebCore/platform/network/ResourceErrorBase.cpp (modified) (1 diff)
• Source/WebCore/platform/network/ResourceErrorBase.h (modified) (2 diffs)

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2016-06-27  Youenn Fablet  <youenn@apple.com>
+
+        Remove didFailAccessControlCheck ThreadableLoaderClient callback
+        https://bugs.webkit.org/show_bug.cgi?id=159149
+
+        Reviewed by Daniel Bates.
+
+        * web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt:
+
 2016-06-27  Chris Dumez  <cdumez@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt

@@ -3 +3 @@
 
 FAIL CORS request with setRequestHeader auth to URL accepting Authorization header assert_true: responseText should contain the right user and password expected true got false
-FAIL CORS request with setRequestHeader auth to URL NOT accepting Authorization header assert_true: The error event should fire expected true got false
+PASS CORS request with setRequestHeader auth to URL NOT accepting Authorization header 
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-06-27  Youenn Fablet  <youenn@apple.com>
+
+        Remove didFailAccessControlCheck ThreadableLoaderClient callback
+        https://bugs.webkit.org/show_bug.cgi?id=159149
+
+        Reviewed by Daniel Bates.
+
+        Adding an AccessControl ResourceError type.
+        Replacing didFailAccessControlCheck callback by a direct call to didFail with an error of type AccessControl.
+
+        Making CrossOriginPreflightChecker always return an AccessControl error. Previously some errors created below
+        were passed directly to threadable loader clients.
+
+        When doing preflight on unauthorized web sites, WTR/DRT will trigger a cancellation error which was translating into an abort event in XMLHttpRequest.
+        This patch is changing the error type to AccessControl, which translates into an error event in XMLHttpReauest.
+
+        This change of behavior is seen in imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred.htm.
+        No other observable change of behavior should be expected.
+
+        * inspector/InspectorNetworkAgent.cpp: Computing error message in didFail according the error type.
+        * loader/CrossOriginPreflightChecker.cpp:
+        (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Setting preflightFailure error type to AccessControl.
+        (WebCore::CrossOriginPreflightChecker::notifyFinished): Ditto.
+        (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Replacing didFailAccessControlCheck
+        callback by a direct call to didFail with an error of type AccessControl.
+        (WebCore::reportContentSecurityPolicyError): Ditto.
+        (WebCore::reportCrossOriginResourceSharingError): Ditto.
+        (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
+        (WebCore::DocumentThreadableLoader::preflightFailure): Calling didFail directly.
+        * loader/ThreadableLoaderClient.h: Removing didFailAccessControlCheck.
+        * loader/ThreadableLoaderClientWrapper.h: Ditto.
+        * loader/WorkerThreadableLoader.cpp: Ditto.
+        * loader/WorkerThreadableLoader.h: Ditto.
+        * page/EventSource.cpp:
+        (WebCore::EventSource::didFail): Removing didFailAccessControlCheck and putting handling code in didFail.
+        * page/EventSource.h:
+        * platform/network/ResourceErrorBase.cpp:
+        (WebCore::ResourceErrorBase::setType): Softening the assertion to cover the case of migration to AccessControl.
+        * platform/network/ResourceErrorBase.h: Adding AccessControl error type.
+        (WebCore::ResourceErrorBase::isAccessControl):
+
 2016-06-27  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebCore/inspector/InspectorNetworkAgent.cpp

@@ -123 +123 @@
     }
 
-    void didFail(const ResourceError&) override
+    void didFail(const ResourceError& error) override
     {
-        m_callback->sendFailure(ASCIILiteral("Loading resource for inspector failed"));
-        dispose();
-    }
-
-    void didFailAccessControlCheck(const ResourceError&) final
-    {
-        m_callback->sendFailure(ASCIILiteral("Loading resource for inspector failed access control check"));
+        m_callback->sendFailure(error.isAccessControl() ? ASCIILiteral("Loading resource for inspector failed access control check") : ASCIILiteral("Loading resource for inspector failed"));
         dispose();
     }

trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp

@@ -65 +65 @@
 
     if (!response.isSuccessful()) {
-        loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), ASCIILiteral("Preflight response is not successful")));
+        loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), ASCIILiteral("Preflight response is not successful"), ResourceError::Type::AccessControl));
         return;
     }
@@ -71 +71 @@
     String description;
     if (!passesAccessControlCheck(response, loader.options().allowCredentials(), loader.securityOrigin(), description)) {
-        loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description));
+        loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description, ResourceError::Type::AccessControl));
         return;
     }
@@ -79 +79 @@
         || !result->allowsCrossOriginMethod(request.httpMethod(), description)
         || !result->allowsCrossOriginHeaders(request.httpHeaderFields(), description)) {
-        loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description));
+        loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description, ResourceError::Type::AccessControl));
         return;
     }
@@ -91 +91 @@
     ASSERT_UNUSED(resource, resource == m_resource);
     if (m_resource->loadFailedOrCanceled()) {
-        m_loader.preflightFailure(m_resource->identifier(), m_resource->resourceError());
+        ResourceError preflightError = m_resource->resourceError();
+        preflightError.setType(ResourceError::Type::AccessControl);
+        m_loader.preflightFailure(m_resource->identifier(), preflightError);
         return;
     }
@@ -132 +134 @@
 
     if (!error.isNull() && response.httpStatusCode() <= 0) {
+        error.setType(ResourceError::Type::AccessControl);
         loader.preflightFailure(identifier, error);
         return;

trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

@@ -134 +134 @@
     // Cross-origin requests are only allowed for HTTP and registered schemes. We would catch this when checking response headers later, but there is no reason to send a request that's guaranteed to be denied.
     if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) {
-        m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, request.url(), "Cross origin requests are only supported for HTTP."));
+        m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, request.url(), "Cross origin requests are only supported for HTTP.", ResourceError::Type::AccessControl));
         return;
     }
@@ -195 +195 @@
 static inline void reportContentSecurityPolicyError(ThreadableLoaderClient& client, const URL& url)
 {
-    client.didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Content Security Policy."));
+    client.didFail(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Content Security Policy.", ResourceError::Type::AccessControl));
 }
 
 static inline void reportCrossOriginResourceSharingError(ThreadableLoaderClient& client, const URL& url)
 {
-    client.didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Cross-Origin Resource Sharing policy."));
+    client.didFail(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Cross-Origin Resource Sharing policy.", ResourceError::Type::AccessControl));
 }
 
@@ -280 +280 @@
     if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
         if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) {
-            m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription));
+            m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription, ResourceError::Type::AccessControl));
             return;
         }
@@ -337 +337 @@
 void DocumentThreadableLoader::preflightFailure(unsigned long identifier, const ResourceError& error)
 {
+    ASSERT(error.isAccessControl());
     m_preflightChecker = Nullopt;
 
@@ -342 +343 @@
 
     ASSERT(m_client);
-    m_client->didFailAccessControlCheck(error);
+    m_client->didFail(error);
 }
 

trunk/Source/WebCore/loader/ThreadableLoaderClient.h

@@ -47 +47 @@
         virtual void didFinishLoading(unsigned long /*identifier*/, double /*finishTime*/) { }
         virtual void didFail(const ResourceError&) { }
-        virtual void didFailAccessControlCheck(const ResourceError& error) { didFail(error); }
 
     protected:

trunk/Source/WebCore/loader/ThreadableLoaderClientWrapper.h

@@ -89 +89 @@
     }
 
-    void didFailAccessControlCheck(const ResourceError& error)
-    {
-        m_done = true;
-        if (m_client)
-            m_client->didFailAccessControlCheck(error);
-    }
-
     void didReceiveAuthenticationCancellation(unsigned long identifier, const ResourceResponse& response)
     {

trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp

@@ -198 +198 @@
 }
 
-void WorkerThreadableLoader::MainThreadBridge::didFailAccessControlCheck(const ResourceError& error)
-{
-    m_loadingFinished = true;
-    m_loaderProxy.postTaskForModeToWorkerGlobalScope([workerClientWrapper = Ref<ThreadableLoaderClientWrapper>(*m_workerClientWrapper), error = error.isolatedCopy()] (ScriptExecutionContext& context) mutable {
-        ASSERT_UNUSED(context, context.isWorkerGlobalScope());
-        workerClientWrapper->didFailAccessControlCheck(error);
-    }, m_taskMode);
-}
-
 } // namespace WebCore

trunk/Source/WebCore/loader/WorkerThreadableLoader.h

@@ -105 +105 @@
             void didFinishLoading(unsigned long identifier, double finishTime) override;
             void didFail(const ResourceError&) override;
-            void didFailAccessControlCheck(const ResourceError&) override;
 
             // Only to be used on the main thread.

trunk/Source/WebCore/page/EventSource.cpp

@@ -244 +244 @@
 {
     ASSERT(m_state != CLOSED);
+
+    if (error.isAccessControl()) {
+        String message = makeString("EventSource cannot load ", error.failingURL().string(), ". ", error.localizedDescription());
+        scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, message);
+
+        abortConnectionAttempt();
+        return;
+    }
+
     ASSERT(m_requestInFlight);
 
@@ -252 +261 @@
 
     networkRequestEnded();
-}
-
-void EventSource::didFailAccessControlCheck(const ResourceError& error)
-{
-    String message = makeString("EventSource cannot load ", error.failingURL().string(), ". ", error.localizedDescription());
-    scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, message);
-
-    abortConnectionAttempt();
 }
 

trunk/Source/WebCore/page/EventSource.h

@@ -82 +82 @@
     void didFinishLoading(unsigned long, double) final;
     void didFail(const ResourceError&) final;
-    void didFailAccessControlCheck(const ResourceError&) final;
 
     void stop() final;

trunk/Source/WebCore/platform/network/ResourceErrorBase.cpp

@@ -60 +60 @@
 void ResourceErrorBase::setType(Type type)
 {
-    ASSERT(m_type == Type::General || m_type == Type::Null);
+    // setType should only be used to specialize the error type.
+    ASSERT(m_type == Type::General || m_type == Type::Null || (m_type == Type::Cancellation && type == Type::AccessControl));
     m_type = type;
 }

trunk/Source/WebCore/platform/network/ResourceErrorBase.h

@@ -48 +48 @@
         Null,
         General,
+        AccessControl,
         Cancellation,
         Timeout
@@ -53 +54 @@
 
     bool isNull() const { return m_type == Type::Null; }
+    bool isAccessControl() const { return m_type == Type::AccessControl; }
     bool isCancellation() const { return m_type == Type::Cancellation; }
     bool isTimeout() const { return m_type == Type::Timeout; }