Changeset 204795 in webkit

Timestamp:

Aug 23, 2016 3:18:38 AM (8 years ago)

Author:

commit-queue@webkit.org

Message:

Implement redirect support post CORS-preflight
​https://bugs.webkit.org/show_bug.cgi?id=159056

Patch by Youenn Fablet <​youenn@apple.com> on 2016-08-23
Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

• web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt: Added.
• web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt: Added.
• web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html: Added.
• web-platform-tests/fetch/api/cors/cors-redirect-preflight.html: Added.
• web-platform-tests/fetch/api/cors/cors-redirect-preflight.js: Added.

(corsRedirect):

Source/WebCore:

Tests: imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html

imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html

Covered also by rebased tests.

Enabling to follow cross-origin redirections for not-simple requests, through preflight checks.
Making sure that same-origin redirections to cross-origin resources use preflight if they are not simple.

• loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::redirectReceived):

LayoutTests:

• TestExpectations: Skipping new fetch worker test in Debug mode as it may crash and disrupt other tests.
• http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt:
• http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt:
• http/tests/xmlhttprequest/redirections-and-user-headers.html:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/TestExpectations (modified) (1 diff)
• LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt (modified) (2 diffs)
• LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers.html (modified) (2 diffs)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt (added)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt (added)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html (added)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html (added)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.js (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/DocumentThreadableLoader.cpp (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2016-08-23  Youenn Fablet  <youenn@apple.com>
+
+        Implement redirect support post CORS-preflight
+        https://bugs.webkit.org/show_bug.cgi?id=159056
+
+        Reviewed by Alex Christensen.
+
+        * TestExpectations: Skipping new fetch worker test in Debug mode as it may crash and disrupt other tests.
+        * http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt:
+        * http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt:
+        * http/tests/xmlhttprequest/redirections-and-user-headers.html:
+
 2016-08-22  Chris Dumez  <cdumez@apple.com>
 

trunk/LayoutTests/TestExpectations

@@ -355 +355 @@
 [ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker.html [ Skip ]
 [ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-worker.html [ Skip ]
+[ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html [ Skip ]
 [ Debug ] imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic-worker.html [ Skip ]
 [ Debug ] imported/w3c/web-platform-tests/fetch/api/credentials/cookies-worker.html [ Skip ]

trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt

@@ -4 +4 @@
 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=foo://bar.cgi&%20%20access-control-allow-origin=http://127.0.0.1:8000 due to access control checks.
 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*. Preflight response is not successful
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=false&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*&%20%20access-control-allow-headers=x-webkit. Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi. Request header field x-webkit is not allowed by Access-Control-Allow-Headers.
 Tests that asynchronous XMLHttpRequests handle redirects according to the CORS standard.
 

trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php. Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php. Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
 
 PASS Check headers after same-origin redirection to same-origin resource (simple request) 
@@ -7 +5 @@
 PASS Check headers after same origin redirection to cross-origin resource (not simple request) 
 PASS Check headers after cross-origin redirection to same-origin resource (simple request) 
-FAIL Check headers after cross-origin redirection to same-origin resource (not simple request) promise_test: Unhandled rejection with value: "Loading failure"
+PASS Check headers after cross-origin redirection to same-origin resource (not simple request) 
 PASS Check headers after cross-origin redirection to cross-origin resource (simple request) 
-FAIL Check headers after cross-origin redirection to cross-origin resource (not simple request) promise_test: Unhandled rejection with value: "Loading failure"
+PASS Check headers after cross-origin redirection to cross-origin resource (not simple request) 
 

trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers.html

@@ -72 +72 @@
         simpleRequest);
 
-// FIXME: Thistest will not pass as long as not-simple cross origin requests are not allowed to redirect. See https://bugs.webkit.org/show_bug.cgi?id=159056.
 doTest("Check headers after cross-origin redirection to same-origin resource (not simple request)",
         "http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
@@ -81 +80 @@
         simpleRequest);
 
-// FIXME: Thistest will not pass as long as not-simple cross origin requests are not allowed to redirect. See https://bugs.webkit.org/show_bug.cgi?id=159056.
 doTest("Check headers after cross-origin redirection to cross-origin resource (not simple request)",
         "http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2016-08-23  Youenn Fablet  <youenn@apple.com>
+
+        Implement redirect support post CORS-preflight
+        https://bugs.webkit.org/show_bug.cgi?id=159056
+
+        Reviewed by Alex Christensen.
+
+        * web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt: Added.
+        * web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt: Added.
+        * web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html: Added.
+        * web-platform-tests/fetch/api/cors/cors-redirect-preflight.html: Added.
+        * web-platform-tests/fetch/api/cors/cors-redirect-preflight.js: Added.
+        (corsRedirect):
+
 2016-08-22  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-08-23  Youenn Fablet  <youenn@apple.com>
+
+        Implement redirect support post CORS-preflight
+        https://bugs.webkit.org/show_bug.cgi?id=159056
+
+        Reviewed by Alex Christensen.
+
+        Tests: imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html
+               imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html
+        Covered also by rebased tests.
+
+        Enabling to follow cross-origin redirections for not-simple requests, through preflight checks.
+        Making sure that same-origin redirections to cross-origin resources use preflight if they are not simple.
+
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::redirectReceived):
+
 2016-08-23  Frederic Wang  <fred.wang@free.fr>
 

trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

@@ -233 +233 @@
     ASSERT(m_resource->loader());
     ASSERT(m_options.mode == FetchOptions::Mode::Cors);
-
-    // FIXME: We could remove that restriction, since we can use preflighting.
-    if (!m_simpleRequest) {
-        reportCrossOriginResourceSharingError(*m_client, redirectResponse.url());
-        request = ResourceRequest();
-        return;
-    }
+    ASSERT(m_originalHeaders);
 
     // Loader might have modified the origin to a unique one, let's reuse it for subsequent loads.
@@ -246 +240 @@
     // Except in case where preflight is needed, loading should be able to continue on its own.
     // But we also handle credentials here if it is restricted to SameOrigin.
-    if (m_options.credentials != FetchOptions::Credentials::SameOrigin)
+    if (m_options.credentials != FetchOptions::Credentials::SameOrigin && m_simpleRequest && isSimpleCrossOriginAccessRequest(request.httpMethod(), *m_originalHeaders))
         return;
 
@@ -253 +247 @@
     clearResource();
 
-    ASSERT(m_originalHeaders);
     // Let's fetch the request with the original headers (equivalent to request cloning specified by fetch algorithm).
     // Do not copy the Authorization header if removed by the network layer.