Changeset 204172 in webkit

Timestamp:

Aug 5, 2016 9:26:04 AM (8 years ago)

Author:

commit-queue@webkit.org

Message:

[Fetch API] SubresourceLoader::checkRedirectionCrossOriginAccessControl should not always assert in SameOrigin mode
​https://bugs.webkit.org/show_bug.cgi?id=160594

Patch by Youenn Fablet <​youenn@apple.com> on 2016-08-05
Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

• web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt:
• web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt:
• web-platform-tests/fetch/api/basic/mode-same-origin.js: Adding redirection tests for same origin mode.

Source/WebCore:

Covered by rebased tests.

• loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):
It should not throw is mode is SameOrigin and resource is same origin.

Location:

trunk

Files:

• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin.js (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/SubresourceLoader.cpp (modified) (2 diffs)

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2016-08-05  Youenn Fablet  <youenn@apple.com>
+
+        [Fetch API] SubresourceLoader::checkRedirectionCrossOriginAccessControl should not always assert in SameOrigin mode
+        https://bugs.webkit.org/show_bug.cgi?id=160594
+
+        Reviewed by Alex Christensen.
+
+        * web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt:
+        * web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt:
+        * web-platform-tests/fetch/api/basic/mode-same-origin.js: Adding redirection tests for same origin mode.
+
 2016-08-05  Youenn Fablet  <youenn@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Unsafe attempt to load URL https://localhost:9443/fetch/api/resources/top.txt?location=%5B%27https%3A%2F%2Flocalhost%3A9443%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe attempt to load URL http://127.0.0.1:8800/fetch/api/resources/top.txt?location=%5B%27http%3A%2F%2F127.0.0.1%3A8800%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin.html. Domains, protocols and ports must match.
+
 
 PASS Fetch ../resources/top.txt with same-origin mode 
@@ -4 +8 @@
 PASS Fetch https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
 PASS Fetch http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=../resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://localhost:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
 

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Unsafe attempt to load URL https://localhost:9443/fetch/api/resources/top.txt?location=%5B%27https%3A%2F%2Flocalhost%3A9443%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin-worker.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe attempt to load URL http://127.0.0.1:8800/fetch/api/resources/top.txt?location=%5B%27http%3A%2F%2F127.0.0.1%3A8800%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin-worker.html. Domains, protocols and ports must match.
+
 
 PASS Fetch ../resources/top.txt with same-origin mode 
@@ -4 +8 @@
 PASS Fetch https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
 PASS Fetch http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=../resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://localhost:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
 

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin.js

@@ -24 +24 @@
 fetchSameOrigin(host_info.HTTP_REMOTE_ORIGIN + "/fetch/api/resources/top.txt", false);
 
+var redirPath = dirname(location.pathname) + RESOURCES_DIR + "redirect.py?location=";
+
+fetchSameOrigin(redirPath + RESOURCES_DIR + "top.txt", true);
+fetchSameOrigin(redirPath + host_info.HTTP_ORIGIN + "/fetch/api/resources/top.txt", true);
+fetchSameOrigin(redirPath + host_info.HTTPS_ORIGIN + "/fetch/api/resources/top.txt", false);
+fetchSameOrigin(redirPath + host_info.HTTP_REMOTE_ORIGIN + "/fetch/api/resources/top.txt", false);
+
 done();
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-08-05  Youenn Fablet  <youenn@apple.com>
+
+        [Fetch API] SubresourceLoader::checkRedirectionCrossOriginAccessControl should not always assert in SameOrigin mode
+        https://bugs.webkit.org/show_bug.cgi?id=160594
+
+        Reviewed by Alex Christensen.
+
+        Covered by rebased tests.
+
+        * loader/SubresourceLoader.cpp:
+        (WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):
+        It should not throw is mode is SameOrigin and resource is same origin.
+
 2016-08-05  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/loader/SubresourceLoader.cpp

@@ -404 +404 @@
 bool SubresourceLoader::checkRedirectionCrossOriginAccessControl(const ResourceRequest& previousRequest, const ResourceResponse& redirectResponse, ResourceRequest& newRequest, String& errorMessage)
 {
-    ASSERT(options().mode != FetchOptions::Mode::SameOrigin);
-
     bool crossOriginFlag = m_resource->isCrossOrigin();
     bool isNextRequestCrossOrigin = m_origin && !m_origin->canRequest(newRequest.url());
@@ -411 +409 @@
     if (isNextRequestCrossOrigin)
         m_resource->setCrossOrigin();
+
+    ASSERT(options().mode != FetchOptions::Mode::SameOrigin || !m_resource->isCrossOrigin());
 
     if (options().mode != FetchOptions::Mode::Cors)