Changeset 205113 in webkit


Ignore:
Timestamp:
Aug 29, 2016 1:06:28 AM (8 years ago)
Author:
commit-queue@webkit.org
Message:

data:// URL behavior of XHR does not match spec
https://bugs.webkit.org/show_bug.cgi?id=109199

Patch by Youenn Fablet <youenn@apple.com> on 2016-08-29
Reviewed by Darin Adler.

LayoutTests/imported/w3c:

  • web-platform-tests/XMLHttpRequest/data-uri-expected.txt:
  • web-platform-tests/XMLHttpRequest/send-network-error-sync-events.sub-expected.txt:
  • web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-block-defer-scripts-expected.txt:
  • web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-block-scripts-expected.txt:
  • web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-not-hang-scriptloader-expected.txt:
  • web-platform-tests/fetch/api/basic/scheme-data.js: Adding setStatusText check.
  • web-platform-tests/fetch/api/basic/scheme-data-expected.txt:
  • web-platform-tests/fetch/api/basic/scheme-data-worker-expected.txt:

Source/WebCore:

Covered by rebased tests.

Making data URLs same origin for XHR and fetch API.
This is the behavior when https://fetch.spec.whatwg.org/#same-origin-data-url-flag is set.
As per the specs, this flag is set for fetch API and XMLHttpRequest.
Introducing this flag in ThreadableLoader options, default value being false.
Setting flag for XHR and fetch API.

Fixing accuracy of data URL loading by setting status code and content-type HTTP header as per fetch specification.

As can be seen from the rebased tests, no constraint is put on the method used as the fetch specification is about to allow all methods for data URLs.

  • Modules/fetch/FetchLoader.cpp:

(WebCore::FetchLoader::start): Setting same-origin-data-url-flag to true.

  • loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Making data URLs same origin if flag is set.

  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::loadDataURL): Setting status code and content-type header according specification.

  • loader/ThreadableLoader.cpp:

(WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Adding same-origin-data-url-flag option.

  • loader/ThreadableLoader.h:
  • loader/WorkerThreadableLoader.cpp:

(WebCore::LoaderTaskOptions::LoaderTaskOptions): Ensuring flag is preserved when going to the main thread.

  • platform/network/DataURLDecoder.cpp:

(WebCore::DataURLDecoder::parseMediaType): Setting mediaType value, used by ResourceLoader to set the content-type header.

  • platform/network/DataURLDecoder.h:
  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::createRequest): Setting same-origin-data-url-flag to true.

Location:
trunk
Files:
19 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/imported/w3c/ChangeLog

    r205110 r205113  
     12016-08-29  Youenn Fablet  <youenn@apple.com>
     2
     3        data:// URL behavior of XHR does not match spec
     4        https://bugs.webkit.org/show_bug.cgi?id=109199
     5
     6        Reviewed by Darin Adler.
     7
     8        * web-platform-tests/XMLHttpRequest/data-uri-expected.txt:
     9        * web-platform-tests/XMLHttpRequest/send-network-error-sync-events.sub-expected.txt:
     10        * web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-block-defer-scripts-expected.txt:
     11        * web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-block-scripts-expected.txt:
     12        * web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-not-hang-scriptloader-expected.txt:
     13        * web-platform-tests/fetch/api/basic/scheme-data.js: Adding setStatusText check.
     14        * web-platform-tests/fetch/api/basic/scheme-data-expected.txt:
     15        * web-platform-tests/fetch/api/basic/scheme-data-worker-expected.txt:
     16
    1172016-08-28  Youenn Fablet  <youenn@apple.com>
    218
  • trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/data-uri-expected.txt

    r202162 r205113  
    1 CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load data:text/plain,Hello, World!. Cross origin requests are only supported for HTTP.
    2 CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==. Cross origin requests are only supported for HTTP.
    3 CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load data:text/html,Hello, World!. Cross origin requests are only supported for HTTP.
    4 CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load data:text/html;charset=UTF-8,Hello, World!. Cross origin requests are only supported for HTTP.
    5 CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load data:image/png,Hello, World!. Cross origin requests are only supported for HTTP.
    6 CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load data:text/plain,Hello, World!. Cross origin requests are only supported for HTTP.
    7 CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load data:text/plain,Hello, World!. Cross origin requests are only supported for HTTP.
    8 CONSOLE MESSAGE: XMLHttpRequest cannot load data:text/plain,Hello, World!. Preflight response is not successful
    9 CONSOLE MESSAGE: XMLHttpRequest cannot load data:text/plain,Hello, World!. Preflight response is not successful
    10 CONSOLE MESSAGE: XMLHttpRequest cannot load data:text/plain,Hello, World!. Preflight response is not successful
    111
    12 FAIL XHR method GET with charset text/plain assert_equals: expected "Hello, World!" but got ""
    13 FAIL XHR method GET with charset text/plain (base64) assert_equals: expected "Hello, World!" but got ""
    14 FAIL XHR method GET with charset text/html assert_equals: expected "Hello, World!" but got ""
    15 FAIL XHR method GET with charset text/html;charset=UTF-8 assert_equals: expected "Hello, World!" but got ""
    16 FAIL XHR method GET with charset image/png assert_equals: expected "Hello, World!" but got ""
    17 PASS XHR method POST with charset text/plain
    18 PASS XHR method PUT with charset text/plain
    19 PASS XHR method DELETE with charset text/plain
    20 PASS XHR method HEAD with charset text/plain
    21 PASS XHR method UNICORN with charset text/plain
     2PASS XHR method GET with charset text/plain
     3PASS XHR method GET with charset text/plain (base64)
     4PASS XHR method GET with charset text/html
     5PASS XHR method GET with charset text/html;charset=UTF-8
     6PASS XHR method GET with charset image/png
     7FAIL XHR method POST with charset text/plain assert_equals: expected 0 but got 200
     8FAIL XHR method PUT with charset text/plain assert_equals: expected 0 but got 200
     9FAIL XHR method DELETE with charset text/plain assert_equals: expected 0 but got 200
     10FAIL XHR method HEAD with charset text/plain assert_equals: expected 0 but got 200
     11FAIL XHR method UNICORN with charset text/plain assert_equals: expected 0 but got 200
    2212
  • trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-sync-events.sub-expected.txt

    r195588 r205113  
    11CONSOLE MESSAGE: line 24: XMLHttpRequest cannot load http://nonexistent-origin.localhost}:8800. Cross origin requests are only supported for HTTP.
    2 CONSOLE MESSAGE: line 32: XMLHttpRequest cannot load data:text/html;charset=utf-8;base64,PT0NUWVBFIGh0bWw%2BDQo8. Cross origin requests are only supported for HTTP.
    32
    43PASS XmlHttpRequest: The send() method: Throw a "throw an "NetworkError" exception when Network error happens (synchronous flag is set)
  • trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-block-defer-scripts-expected.txt

    r203333 r205113  
    1 CONSOLE MESSAGE: line 1: XMLHttpRequest cannot load data:text/plain,aaa. Cross origin requests are only supported for HTTP.
    2 CONSOLE MESSAGE: line 1: NetworkError (DOM Exception 19):  A network error occurred.
    31
    42
    5 FAIL Check that a sync XHR in a defer script blocks later defer scripts from running assert_equals: expected 1 but got 0
     3PASS Check that a sync XHR in a defer script blocks later defer scripts from running
    64
  • trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-block-scripts-expected.txt

    r203333 r205113  
    1 CONSOLE MESSAGE: line 17: XMLHttpRequest cannot load data:,. Cross origin requests are only supported for HTTP.
    21
    3 FAIL Check that while a sync XHR is in flight async script loads don't complete and run script  A network error occurred.
     2PASS Check that while a sync XHR is in flight async script loads don't complete and run script
    43
  • trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/xmlhttprequest-sync-not-hang-scriptloader-expected.txt

    r203333 r205113  
    1 CONSOLE MESSAGE: line 14: XMLHttpRequest cannot load data:,. Cross origin requests are only supported for HTTP.
    2 CONSOLE MESSAGE: line 14: NetworkError (DOM Exception 19):  A network error occurred.
    31
    42
  • trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/scheme-data-expected.txt

    r198665 r205113  
    11
    2 FAIL Fetching data:,response%27s%20body is OK promise_test: Unhandled rejection with value: object "TypeError: Type error"
    3 FAIL Fetching data:text/plain;base64,cmVzcG9uc2UncyBib[...] is OK promise_test: Unhandled rejection with value: object "TypeError: Type error"
    4 FAIL Fetching data:image/png;base64,cmVzcG9uc2UncyBib2[...] is OK promise_test: Unhandled rejection with value: object "TypeError: Type error"
    5 PASS Fetching [GET] data:notAdataUrl.com is KO
    6 PASS Fetching [POST] data:,response%27s%20body is KO
    7 PASS Fetching [HEAD] data:,response%27s%20body is KO
     2PASS Fetching data:,response%27s%20body is OK
     3PASS Fetching data:text/plain;base64,cmVzcG9uc2UncyBib[...] is OK
     4PASS Fetching data:image/png;base64,cmVzcG9uc2UncyBib2[...] is OK
     5FAIL Fetching [GET] data:notAdataUrl.com is KO assert_unreached: Should have rejected. Reached unreachable code
     6FAIL Fetching [POST] data:,response%27s%20body is KO assert_unreached: Should have rejected. Reached unreachable code
     7FAIL Fetching [HEAD] data:,response%27s%20body is KO assert_unreached: Should have rejected. Reached unreachable code
    88
  • trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/scheme-data-worker-expected.txt

    r198891 r205113  
    11
    2 FAIL Fetching data:,response%27s%20body is OK promise_test: Unhandled rejection with value: object "TypeError: Type error"
    3 FAIL Fetching data:text/plain;base64,cmVzcG9uc2UncyBib[...] is OK promise_test: Unhandled rejection with value: object "TypeError: Type error"
    4 FAIL Fetching data:image/png;base64,cmVzcG9uc2UncyBib2[...] is OK promise_test: Unhandled rejection with value: object "TypeError: Type error"
    5 PASS Fetching [GET] data:notAdataUrl.com is KO
    6 PASS Fetching [POST] data:,response%27s%20body is KO
    7 PASS Fetching [HEAD] data:,response%27s%20body is KO
     2PASS Fetching data:,response%27s%20body is OK
     3PASS Fetching data:text/plain;base64,cmVzcG9uc2UncyBib[...] is OK
     4PASS Fetching data:image/png;base64,cmVzcG9uc2UncyBib2[...] is OK
     5FAIL Fetching [GET] data:notAdataUrl.com is KO assert_unreached: Should have rejected. Reached unreachable code
     6FAIL Fetching [POST] data:,response%27s%20body is KO assert_unreached: Should have rejected. Reached unreachable code
     7FAIL Fetching [HEAD] data:,response%27s%20body is KO assert_unreached: Should have rejected. Reached unreachable code
    88
  • trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/scheme-data.js

    r197748 r205113  
    1010    return fetch(url).then(function(resp) {
    1111      assert_equals(resp.status, 200, "HTTP status is 200");
     12      assert_equals(resp.statusText, "OK", "HTTP statusText is OK");
    1213      assert_equals(resp.type, "basic", "response type is basic");
    1314      assert_equals(resp.headers.get("Content-Type"), mime, "Content-Type is " + resp.headers.get("Content-Type"));
  • trunk/Source/WebCore/ChangeLog

    r205111 r205113  
     12016-08-29  Youenn Fablet  <youenn@apple.com>
     2
     3        data:// URL behavior of XHR does not match spec
     4        https://bugs.webkit.org/show_bug.cgi?id=109199
     5
     6        Reviewed by Darin Adler.
     7
     8        Covered by rebased tests.
     9
     10        Making data URLs same origin for XHR and fetch API.
     11        This is the behavior when https://fetch.spec.whatwg.org/#same-origin-data-url-flag is set.
     12        As per the specs, this flag is set for fetch API and XMLHttpRequest.
     13        Introducing this flag in ThreadableLoader options, default value being false.
     14        Setting flag for XHR and fetch API.
     15
     16        Fixing accuracy of data URL loading by setting status code and content-type HTTP header as per fetch specification.
     17
     18        As can be seen from the rebased tests, no constraint is put on the method used as the fetch specification is about to allow all methods for data URLs.
     19
     20        * Modules/fetch/FetchLoader.cpp:
     21        (WebCore::FetchLoader::start): Setting same-origin-data-url-flag to true.
     22        * loader/DocumentThreadableLoader.cpp:
     23        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Making data URLs same origin if flag is set.
     24        * loader/ResourceLoader.cpp:
     25        (WebCore::ResourceLoader::loadDataURL): Setting status code and content-type header according specification.
     26        * loader/ThreadableLoader.cpp:
     27        (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Adding same-origin-data-url-flag option.
     28        * loader/ThreadableLoader.h:
     29        * loader/WorkerThreadableLoader.cpp:
     30        (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ensuring flag is preserved when going to the main thread.
     31        * platform/network/DataURLDecoder.cpp:
     32        (WebCore::DataURLDecoder::parseMediaType): Setting mediaType value, used by ResourceLoader to set the content-type header.
     33        * platform/network/DataURLDecoder.h:
     34        * xml/XMLHttpRequest.cpp:
     35        (WebCore::XMLHttpRequest::createRequest): Setting same-origin-data-url-flag to true.
     36
    1372016-08-25  Frederic Wang  <fwang@igalia.com>
    238
  • trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp

    r205082 r205113  
    7878        context.shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective,
    7979        String(cachedResourceRequestInitiators().fetch),
    80         OpaqueResponseBodyPolicy::DoNotReceive);
     80        OpaqueResponseBodyPolicy::DoNotReceive,
     81        SameOriginDataURLFlag::Set);
    8182    options.sendLoadCallbacks = SendCallbacks;
    8283    options.dataBufferingPolicy = DoNotBufferData;
  • trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

    r205082 r205113  
    106106        m_originalHeaders = request.httpHeaderFields();
    107107
     108    // As per step 11 of https://fetch.spec.whatwg.org/#main-fetch, data scheme (if same-origin data-URL flag is set) and about scheme are considered same-origin.
     109    if (request.url().protocolIsData())
     110        m_sameOriginRequest = options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set;
     111
    108112    if (m_sameOriginRequest || m_options.mode == FetchOptions::Mode::NoCors) {
    109113        loadRequest(WTFMove(request), DoSecurityCheck);
  • trunk/Source/WebCore/loader/ResourceLoader.cpp

    r204976 r205113  
    260260
    261261        ResourceResponse dataResponse { url, result.mimeType, dataSize, result.charset };
     262        dataResponse.setHTTPStatusCode(200);
     263        dataResponse.setHTTPStatusText(ASCIILiteral("OK"));
     264        dataResponse.setHTTPHeaderField(HTTPHeaderName::ContentType, result.contentType);
    262265        protectedThis->didReceiveResponse(dataResponse);
    263266
  • trunk/Source/WebCore/loader/ThreadableLoader.cpp

    r205082 r205113  
    5151}
    5252
    53 ThreadableLoaderOptions::ThreadableLoaderOptions(const ResourceLoaderOptions& baseOptions, PreflightPolicy preflightPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, String&& initiator, OpaqueResponseBodyPolicy opaqueResponse)
     53ThreadableLoaderOptions::ThreadableLoaderOptions(const ResourceLoaderOptions& baseOptions, PreflightPolicy preflightPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, String&& initiator, OpaqueResponseBodyPolicy opaqueResponse, SameOriginDataURLFlag sameOriginDataURLFlag)
    5454    : ResourceLoaderOptions(baseOptions)
    5555    , preflightPolicy(preflightPolicy)
     
    5757    , initiator(WTFMove(initiator))
    5858    , opaqueResponse(opaqueResponse)
     59    , sameOriginDataURLFlag(sameOriginDataURLFlag)
    5960{
    6061}
  • trunk/Source/WebCore/loader/ThreadableLoader.h

    r205082 r205113  
    6464    };
    6565
     66    enum class SameOriginDataURLFlag {
     67        Set,
     68        Unset
     69    };
     70
    6671    struct ThreadableLoaderOptions : ResourceLoaderOptions {
    6772        ThreadableLoaderOptions();
    68         ThreadableLoaderOptions(const ResourceLoaderOptions&, PreflightPolicy, ContentSecurityPolicyEnforcement, String&& initiator, OpaqueResponseBodyPolicy);
     73        ThreadableLoaderOptions(const ResourceLoaderOptions&, PreflightPolicy, ContentSecurityPolicyEnforcement, String&& initiator, OpaqueResponseBodyPolicy, SameOriginDataURLFlag);
    6974        ~ThreadableLoaderOptions();
    7075
     
    7378        String initiator; // This cannot be an AtomicString, as isolatedCopy() wouldn't create an object that's safe for passing to another thread.
    7479        OpaqueResponseBodyPolicy opaqueResponse { OpaqueResponseBodyPolicy::Receive };
     80        SameOriginDataURLFlag sameOriginDataURLFlag { SameOriginDataURLFlag::Unset };
    7581    };
    7682
  • trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp

    r205082 r205113  
    9393
    9494LoaderTaskOptions::LoaderTaskOptions(const ThreadableLoaderOptions& options, const String& referrer, const SecurityOrigin& origin)
    95     : options(options, options.preflightPolicy, options.contentSecurityPolicyEnforcement, options.initiator.isolatedCopy(), options.opaqueResponse)
     95    : options(options, options.preflightPolicy, options.contentSecurityPolicyEnforcement, options.initiator.isolatedCopy(), options.opaqueResponse, options.sameOriginDataURLFlag)
    9696    , referrer(referrer.isolatedCopy())
    9797    , origin(origin.isolatedCopy())
  • trunk/Source/WebCore/platform/network/DataURLDecoder.cpp

    r201575 r205113  
    116116            charset = ASCIILiteral("US-ASCII");
    117117    }
    118     return { mimeType, charset, nullptr };
     118    return { mimeType, charset, !mediaType.isEmpty() ? mediaType : "text/plain;charset=US-ASCII", nullptr };
    119119}
    120120
    121 static std::unique_ptr<DecodeTask> createDecodeTask(const URL& url, const ScheduleContext& scheduleContext, DecodeCompletionHandler completionHandler)
     121static std::unique_ptr<DecodeTask> createDecodeTask(const URL& url, const ScheduleContext& scheduleContext, DecodeCompletionHandler&& completionHandler)
    122122{
    123123    const char dataString[] = "data:";
  • trunk/Source/WebCore/platform/network/DataURLDecoder.h

    r201482 r205113  
    4646    String mimeType;
    4747    String charset;
     48    String contentType;
    4849    RefPtr<SharedBuffer> data;
    4950};
  • trunk/Source/WebCore/xml/XMLHttpRequest.cpp

    r204717 r205113  
    694694    options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
    695695    options.initiator = cachedResourceRequestInitiators().xmlhttprequest;
     696    options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
    696697
    697698    if (m_timeoutMilliseconds) {
Note: See TracChangeset for help on using the changeset viewer.