Changeset 205473 in webkit
- Timestamp:
- Sep 6, 2016 4:06:52 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 17 added
- 55 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r205471 r205473 1 2016-09-06 Youenn Fablet <youenn@apple.com> 2 3 CachedResourceLoader is not taking into account fetch options to use or not cached resources 4 https://bugs.webkit.org/show_bug.cgi?id=161389 5 6 Reviewed by Darin Adler. 7 8 Added specific expectations for fetch cors-origin* tests for mac-wk2 and ios-simulator-wk2 as these tests use 9 HTTPS, and the connection is refused. 10 11 * TestExpectations: Marking http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html as flaky. 12 * http/tests/eventsource/eventsource-cors-basic-expected.txt: 13 * http/tests/eventsource/eventsource-cors-with-credentials-expected.txt: 14 * http/tests/fetch/fetching-same-resource-with-diffferent-options-expected.txt: Added. 15 * http/tests/fetch/fetching-same-resource-with-diffferent-options.html: Added. 16 * http/tests/loading/cross-origin-XHR-willLoadRequest-expected.txt: 17 * http/tests/resources/download-json-with-delay.php: 18 * http/tests/resources/redirect.php: 19 * http/tests/security/cross-origin-cached-resource-expected.txt: Added. 20 * http/tests/security/cross-origin-cached-resource-parallel-expected.txt: Added. 21 * http/tests/security/cross-origin-cached-resource-parallel.html: Added. 22 * http/tests/security/cross-origin-cached-resource.html: Added. 23 * http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt: 24 * http/tests/security/load-image-after-redirection-2-expected.txt: Added. 25 * http/tests/security/load-image-after-redirection-2.html: Added. 26 * http/tests/security/resources/abe-allow-star.php: 27 * http/tests/security/resources/allow-if-origin.php: Added. 28 * http/tests/security/resources/cross-origin-cached-resource-iframe.html: Added. 29 * http/tests/security/resources/rgbalpha.png: Added. 30 * http/tests/security/shape-outside-and-cached-resources-expected.html: Added. 31 * http/tests/security/shape-outside-and-cached-resources.html: Added. 32 * http/tests/security/video-poster-cross-origin-crash-expected.txt: 33 * http/tests/security/video-poster-cross-origin-crash2-expected.txt: 34 * http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt: 35 * http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt: 36 * http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt: 37 * http/tests/xmlhttprequest/cross-origin-no-credential-prompt-expected.txt: 38 * http/tests/xmlhttprequest/cross-site-denied-response-expected.txt: 39 * http/tests/xmlhttprequest/onerror-event-expected.txt: 40 * http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt: 41 * http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt: 42 * http/tests/xmlhttprequest/post-blob-content-type-async-expected.txt: 43 * http/tests/xmlhttprequest/redirect-cross-origin-2-expected.txt: 44 * http/tests/xmlhttprequest/redirect-cross-origin-expected.txt: 45 * http/tests/xmlhttprequest/simple-cross-origin-denied-events-expected.txt: 46 * http/tests/xmlhttprequest/simple-cross-origin-progress-events-expected.txt: 47 * http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt: 48 * platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt: 49 * platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt: 50 * platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt: Added. 51 * platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt: Added. 52 * platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt: 53 * platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt: 54 * platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt: Added. 55 * platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt: Added. 56 1 57 2016-09-06 Philippe Normand <pnormand@igalia.com> 2 58 -
trunk/LayoutTests/TestExpectations
r205468 r205473 796 796 webkit.org/b/158480 http/tests/websocket/tests/hybi/upgrade-simple-ws.html [ Skip ] 797 797 798 webkit.org/b/161389 http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html [ Pass Failure ] 799 798 800 # These state object tests purposefully stress a resource limit, and take multiple seconds to run. 799 801 loader/stateobjects/pushstate-size-iframe.html [ Slow ] -
trunk/LayoutTests/http/tests/eventsource/eventsource-cors-basic-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 2 CONSOLE MESSAGE: EventSource cannot load http://localhost:8000/eventsource/resources/es-cors-basic.php?count=1. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 4 CONSOLE MESSAGE: EventSource cannot load http://localhost:8000/eventsource/resources/es-cors-basic.php?count=2. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 3 5 Test that basic EventSource cross-origin requests fail until they are allowed by the Access-Control-Allow-Origin header. Should print a series of PASS messages followed by DONE. -
trunk/LayoutTests/http/tests/eventsource/eventsource-cors-with-credentials-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 1 2 CONSOLE MESSAGE: EventSource cannot load http://localhost:8000/eventsource/resources/es-cors-credentials.php?count=1. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 3 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 2 4 CONSOLE MESSAGE: EventSource cannot load http://localhost:8000/eventsource/resources/es-cors-credentials.php?count=2. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 5 CONSOLE MESSAGE: Credentials flag is true, but Access-Control-Allow-Credentials is not "true". 3 6 CONSOLE MESSAGE: EventSource cannot load http://localhost:8000/eventsource/resources/es-cors-credentials.php?count=3. Credentials flag is true, but Access-Control-Allow-Credentials is not "true". 4 7 Test that EventSource cross-origin requests with credentials fail until the correct CORS headers are sent. Should print a series of PASS messages followed by DONE. -
trunk/LayoutTests/http/tests/loading/cross-origin-XHR-willLoadRequest-expected.txt
r205464 r205473 4 4 main frame - didHandleOnloadEventsForFrame 5 5 main frame - didFinishLoadForFrame 6 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/loading/resources/foo.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 6 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 7 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/loading/resources/foo.txt due to access control checks. 7 8 The console message above should report failure to load foo.txt due to cross-origin access, not a network error. -
trunk/LayoutTests/http/tests/resources/download-json-with-delay.php
r205464 r205473 1 1 <?php 2 2 header("Expires: Thu, 01 Dec 2003 16:00:00 GMT"); 3 header("Cache-Control: no-cache, no-store, must-revalidate"); 4 header("Pragma: no-cache"); 5 header("Content-Type: application/x-no-buffering-please"); 3 4 if ($_GET['allowCache']) { 5 header("Content-Type: application/json"); 6 } else { 7 header("Content-Type: application/x-no-buffering-please"); 8 header("Cache-Control: no-cache, no-store, must-revalidate"); 9 header("Pragma: no-cache"); 10 } 11 12 if ($_GET['cors']) { 13 header("Access-Control-Allow-Origin: *"); 14 } 6 15 7 16 $iteration = $_GET['iteration']; -
trunk/LayoutTests/http/tests/resources/redirect.php
r205464 r205473 1 1 <?php 2 function addCacheControl() { 3 # Workaround for https://bugs.webkit.org/show_bug.cgi?id=77538 4 # Caching redirects results in flakiness in tests that dump loader delegates. 5 header("Cache-Control: no-store"); 2 function addCacheControl($allowCache) { 3 if ($allowCache) 4 header("Cache-Control: public, max-age=86400"); 5 else { 6 # Workaround for https://bugs.webkit.org/show_bug.cgi?id=77538 7 # Caching redirects results in flakiness in tests that dump loader delegates. 8 header("Cache-Control: no-store"); 9 } 6 10 } 7 11 8 12 $url = $_GET['url']; 9 13 14 $allowCache = isset($_GET['allowCache']); 15 10 16 if (isset($_GET['refresh'])) { 11 17 header("HTTP/1.1 200"); 12 18 header("Refresh: " . $_GET['refresh'] . "; url=$url"); 13 addCacheControl( );19 addCacheControl($allowCache); 14 20 return; 15 21 } … … 23 29 header("HTTP/1.1 " . $_GET['code']); 24 30 header("Location: $url"); 25 addCacheControl( );31 addCacheControl($allowCache); 26 32 ?> -
trunk/LayoutTests/http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 2 CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy. 2 3 ALERT: PASS: The error event was called. -
trunk/LayoutTests/http/tests/security/resources/abe-allow-star.php
r205464 r205473 1 1 <?php 2 2 header("Access-Control-Allow-Origin: *"); 3 4 $allowCache = $_GET['allowCache']; 5 if (isset($allowCache)) 6 header("Cache-Control: max-age=100"); 3 7 4 8 $name = 'abe.png'; -
trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 2 CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy. 2 3 >>> -
trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 2 CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy. 2 3 Test passes if it doesn't crash. -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-no-credentials.cgi. Credentials flag is true, but Access-Control-Allow-Credentials is not "true". 1 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi due to access control checks. 3 CONSOLE MESSAGE: Credentials flag is true, but Access-Control-Allow-Credentials is not "true". 4 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-no-credentials.cgi due to access control checks. 3 5 Tests that asynchronous XMLHttpRequests handle redirects according to the CORS standard. 4 6 -
trunk/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 4 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 5 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 6 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks. 3 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 4 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks. 5 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 6 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks. 7 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 8 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks. 9 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 10 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks. 11 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 12 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks. 7 13 PASS -
trunk/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt
r205464 r205473 1 1 CONSOLE MESSAGE: line 56: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-origin-no-authorization.php. Credentials flag is true, but Access-Control-Allow-Credentials is not "true". 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-origin-no-authorization.php. Credentials flag is true, but Access-Control-Allow-Credentials is not "true". 2 CONSOLE MESSAGE: Credentials flag is true, but Access-Control-Allow-Credentials is not "true". 3 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-origin-no-authorization.php due to access control checks. 3 4 Start 4 5 Trying different ways to access a password protected resource from another origin. The UA already has login and password for this protection space. -
trunk/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-credential-prompt-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/basic-auth/basic-auth.php?uid=41531. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/basic-auth/basic-auth.php?uid=41531 due to access control checks. 2 3 There should be no authentication prompt displayed, since this is a cross-origin request. In automatic mode, the test relies on logging of authentication sheets. -
trunk/LayoutTests/http/tests/xmlhttprequest/cross-site-denied-response-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks. 2 3 PASS 3 4 -
trunk/LayoutTests/http/tests/xmlhttprequest/onerror-event-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks. 2 3 This test that the error event is fired for XMLHttpRequests 3 4 -
trunk/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt
r205464 r205473 1 1 CONSOLE MESSAGE: line 20: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/get.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/get.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/get.txt due to access control checks. 3 4 Tests that origin whitelisting for https does not match http URLs. 4 5 -
trunk/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt
r205464 r205473 1 1 CONSOLE MESSAGE: line 16: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/get.txt. Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/get.txt. Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/get.txt due to access control checks. 3 4 Specifying that an IP address should match subdomains doesn't make sense. This test verifies that it doesn't do anything. 4 5 -
trunk/LayoutTests/http/tests/xmlhttprequest/post-blob-content-type-async-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-allow-lists.php. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-allow-lists.php due to access control checks. 2 3 Test verifies that content MIME type is set correctly when Blob is sent using XMLHttpRequest asynchronously. 3 4 -
trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-2-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks. 2 3 Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS: 3 4 -
trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks. 2 3 Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS: 3 4 -
trunk/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks. 2 3 Test that a simple cross-origin request to a server that responds (but does not permit cross-origin requests) is indistinguishable from one that does not exist. Should say PASS: 3 4 -
trunk/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-progress-events-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-site-progress-events.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-site-progress-events.cgi due to access control checks. 2 3 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-site-progress-events.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 3 4 Test that upload progress events are not dispatched for simple cross-origin requests (i.e. if the listener is set after calling send(), and there are no other reasons to make a preflight request). -
trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks. 2 3 This tests that unsafe redirects won't be allowed when making an XMLHttpRequest. 3 4 Sync XHR started. -
trunk/LayoutTests/imported/w3c/ChangeLog
r205464 r205473 1 2016-09-06 Youenn Fablet <youenn@apple.com> 2 3 CachedResourceLoader is not taking into account fetch options to use or not cached resources 4 https://bugs.webkit.org/show_bug.cgi?id=161389 5 6 Reviewed by Darin Adler. 7 8 Updated as new console log messages appear now that cors checks are done at SubresourceLoader level. 9 10 * web-platform-tests/XMLHttpRequest/security-consideration.sub-expected.txt: 11 * web-platform-tests/fetch/api/cors/cors-basic-expected.txt: 12 * web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt: 13 * web-platform-tests/fetch/api/cors/cors-basic.js: Fixing a typo in the test making the test always passing, since the fetch promise was not taken into account. 14 * web-platform-tests/fetch/api/cors/cors-multiple-origins-expected.txt: 15 * web-platform-tests/fetch/api/cors/cors-multiple-origins-worker-expected.txt: 16 * web-platform-tests/fetch/api/cors/cors-origin-expected.txt: 17 * web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt: 18 * web-platform-tests/fetch/api/cors/cors-origin.js: 19 (corsOrigin): Fixing a typo in the test making the tests always passing, since the fetch promise was not taken into account. 20 * web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt: 21 * web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt: 22 1 23 2016-09-05 Commit Queue <commit-queue@webkit.org> 2 24 -
trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/security-consideration.sub-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8801/XMLHttpRequest/resources/img.jpg. Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8801/XMLHttpRequest/resources/img.jpg due to access control checks. 2 3 3 4 FAIL ProgressEvent: security consideration assert_unreached: MUST NOT dispatch progress event. Reached unreachable code -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 4 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 5 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 6 2 7 PASS Same domain different port [no-cors mode] -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 4 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 5 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 6 2 7 PASS Same domain different port [no-cors mode] -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic.js
r205082 r205473 21 21 22 22 promise_test(function(test) { 23 var testedPromise = fetch(url + RESOURCES_DIR + "top.txt", {"mode": "cors"} ).then(function(resp) { 24 return promise_rejects(test, new TypeError(), testedPromise); 25 }); 23 return promise_rejects(test, new TypeError(), fetch(url + RESOURCES_DIR + "top.txt", {"mode": "cors"})); 26 24 }, desc + " [server forbid CORS]"); 27 25 -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 2 2 3 PASS 3 origins allowed, match the 3rd (http://localhost:8800) -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-worker-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 2 2 3 PASS 3 origins allowed, match the 3rd (http://localhost:8800) -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 4 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 5 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 6 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 7 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 8 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 9 2 10 PASS Cross domain different subdomain [origin OK] -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 4 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 5 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 6 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 7 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 8 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 9 2 10 PASS Cross domain different subdomain [origin OK] -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin.js
r205464 r205473 17 17 18 18 promise_test(function(test) { 19 fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token).then(function(resp) {19 return fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token).then(function(resp) { 20 20 assert_equals(resp.status, 200, "Clean stash response's status is 200"); 21 21 if (shouldPass) { -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 2 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 3 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 1 4 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 2 5 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. … … 8 11 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 9 12 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 13 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 14 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 15 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 10 16 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 11 17 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. … … 17 23 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 18 24 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 25 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 26 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 27 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 19 28 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 20 29 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. … … 26 35 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 27 36 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 37 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 38 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 39 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 28 40 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 29 41 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. … … 35 47 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 36 48 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 49 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 50 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 51 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 37 52 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=308&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 38 53 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=308&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 2 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 3 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 1 4 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 2 5 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. … … 8 11 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 9 12 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 13 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 14 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 15 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 10 16 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 11 17 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. … … 17 23 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 18 24 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 25 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 26 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 27 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 19 28 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 20 29 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. … … 26 35 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 27 36 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 37 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 38 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 39 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 28 40 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 29 41 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. … … 35 47 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 36 48 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 49 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 50 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 51 CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 37 52 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=308&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. 38 53 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=308&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. -
trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 4 2 5 PASS Same domain different port [no-cors mode] -
trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 4 2 5 PASS Same domain different port [no-cors mode] -
trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 4 2 5 PASS Same domain different port [no-cors mode] -
trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt
r205464 r205473 1 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 2 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 3 CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin. 1 4 2 5 PASS Same domain different port [no-cors mode] -
trunk/Source/WebCore/ChangeLog
r205468 r205473 1 2016-09-06 Youenn Fablet <youenn@apple.com> 2 3 CachedResourceLoader is not taking into account fetch options to use or not cached resources 4 https://bugs.webkit.org/show_bug.cgi?id=161389 5 6 Reviewed by Darin Adler. 7 8 Tests: http/tests/fetch/fetching-same-resource-with-diffferent-options.html 9 http/tests/security/cross-origin-cached-resource-parallel.html 10 http/tests/security/cross-origin-cached-resource.html 11 http/tests/security/load-image-after-redirection-2.html 12 http/tests/security/shape-outside-and-cached-resources.html 13 14 Adding CORS checks for the response in case of CORS fetch mode, in SubresourceLoader. 15 Removing the CORS checks in Image and DocumentThreadableLoader. 16 17 The direction of this patch is to make CachedResource origin-specific/fetch mode specific. 18 19 This will remove the need for CachedResource clients to do CORS checks when receiving the notifyFinished call. 20 This will also make the computation of whether a resource is clean or not much easier since the CachedResource knowd its origin and its response tainting. 21 22 Removing the CORS checks at ImageLoader creates the risk of using some cached resources loaded from previously no-cors mode without doing the actual CORS check. 23 Note that the risk was already there in case of a resource loaded through redirections. 24 Reusing a cached resource for a load with different options also leads to bad computation of the resource tainting. 25 26 As a first step, improvements are done but only for CachedImage resources. 27 28 This patch limits the direct reuse of cached resources as follow: 29 - If the request and existing resources have different origins. 30 - If the fetch mode is different between request and existing resource. 31 32 In those cases, a new CachedResource is created with the correct options and origin. 33 The data and response of the CachedResource found in the cache are copied efficiently in the new CachedResource, if the matching CachedResource finished loading (CachedImage specific). 34 35 If the matching CachedResource is still loading, we trigger a reload (with caching=false to not disturb the being loaded resource). 36 This should be made more efficient at some point, especially if the matching CachedResource already has its response set. 37 38 This triggers a change of behavior: previously, the CORS checks were done by the ImageLoader when the resource was finished loading. 39 The CORS checks were controlled by the crossOrigin attribute, which may be set or unset between the load start and the load end. 40 41 Now the crossOrigin attribute is checked at load start. If it is set, the CORS checks will happen even if the attribute is unset before the end of the load. 42 This is more consistent as the actual request was built with CORS enabled. 43 44 * loader/CrossOriginPreflightChecker.cpp: 45 (WebCore::CrossOriginPreflightChecker::startPreflight): Setting correctly the preflight options as per fetch spec. 46 * loader/DocumentThreadableLoader.cpp: 47 (WebCore::DocumentThreadableLoader::didReceiveResponse): Removing CORS check. 48 (WebCore::DocumentThreadableLoader::loadRequest): Adding CORS check in sync mode. 49 * loader/ImageLoader.cpp: 50 (WebCore::ImageLoader::updateFromElement): 51 (WebCore::ImageLoader::notifyFinished): 52 * loader/SubresourceLoader.cpp: 53 (WebCore::SubresourceLoader::didReceiveResponse): Adding CORS checks to the response 54 (WebCore::SubresourceLoader::checkResponseCrossOriginAccessControl): Helper routine to do CORS checks 55 * loader/SubresourceLoader.h: 56 * loader/cache/CachedImage.cpp: 57 (WebCore::CachedImage::cloneData): Responsible to set image content from another CachedImage. 58 * loader/cache/CachedImage.h: 59 * loader/cache/CachedResource.cpp: 60 (WebCore::CachedResource::computeOrigin): Helper routine to set the origin and whether the resource is cross-origin or not. 61 (WebCore::CachedResource::load): Using computeOrigin. 62 (WebCore::CachedResource::loadFrom): Loading from a CachedResource from the same type and which finished loading. 63 * loader/cache/CachedResource.h: 64 (WebCore::CachedResource::cloneData): 65 * loader/cache/CachedResourceLoader.cpp: 66 (WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Helper routine responsible to adapt the CachedResource 67 that can be reused to the origin and options of a new request. 68 (WebCore::CachedResourceLoader::requestResource): Calling updateCachedResourceWithCurrentRequest before actually returning the resource. 69 (WebCore::CachedResourceLoader::determineRevalidationPolicy): Space clean-up. 70 * loader/cache/CachedResourceLoader.h: 71 * loader/cache/CachedResourceRequest.h: 72 (WebCore::CachedResourceRequest::setCachingPolicy): 73 * style/StylePendingResources.cpp: 74 (WebCore::Style::loadPendingImage): Allowing data URLs for ShapeOutside data. 75 1 76 2016-09-05 Darin Adler <darin@apple.com> 2 77 -
trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
r205464 r205473 101 101 void CrossOriginPreflightChecker::startPreflight() 102 102 { 103 ResourceLoaderOptions options = static_cast<FetchOptions>(m_loader.options());104 options. credentials = FetchOptions::Credentials::Omit;103 ResourceLoaderOptions options; 104 options.referrerPolicy = m_loader.options().referrerPolicy; 105 105 options.redirect = FetchOptions::Redirect::Manual; 106 106 -
trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp
r205464 r205473 277 277 ASSERT(m_client); 278 278 279 String accessControlErrorDescription;280 if (!m_sameOriginRequest && m_options.mode == FetchOptions::Mode::Cors) {281 if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {282 m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription, ResourceError::Type::AccessControl));283 return;284 }285 }286 287 279 ASSERT(response.type() != ResourceResponse::Type::Error); 288 280 if (response.type() == ResourceResponse::Type::Default) { … … 431 423 432 424 ResourceResponse::Tainting tainting = ResourceResponse::Tainting::Basic; 433 if (!m_sameOriginRequest) 434 tainting = m_options.mode == FetchOptions::Mode::Cors ? ResourceResponse::Tainting::Cors : ResourceResponse::Tainting::Opaque; 425 if (!m_sameOriginRequest) { 426 if (m_options.mode == FetchOptions::Mode::NoCors) 427 tainting = ResourceResponse::Tainting::Opaque; 428 else { 429 ASSERT(m_options.mode == FetchOptions::Mode::Cors); 430 tainting = ResourceResponse::Tainting::Cors; 431 String accessControlErrorDescription; 432 if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) { 433 m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription, ResourceError::Type::AccessControl)); 434 return; 435 } 436 } 437 } 435 438 didReceiveResponse(identifier, response, tainting); 436 439 -
trunk/Source/WebCore/loader/ImageLoader.cpp
r205464 r205473 211 211 errorEventSender().dispatchEventSoon(*this); 212 212 } 213 213 214 214 CachedImage* oldImage = m_image.get(); 215 215 if (newImage != oldImage) { … … 283 283 return; 284 284 285 if ( element().hasAttributeWithoutSynchronization(HTMLNames::crossoriginAttr) && !resource->passesSameOriginPolicyCheck(*element().document().securityOrigin())) {285 if (resource->resourceError().isAccessControl()) { 286 286 clearImageWithoutConsideringPendingLoadEvent(); 287 287 -
trunk/Source/WebCore/loader/SubresourceLoader.cpp
r205464 r205473 278 278 } 279 279 280 String errorDescription; 281 if (!checkResponseCrossOriginAccessControl(response, errorDescription)) { 282 if (m_frame && m_frame->document()) 283 m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, errorDescription); 284 cancel(ResourceError(String(), 0, request().url(), errorDescription, ResourceError::Type::AccessControl)); 285 return; 286 } 287 280 288 m_resource->responseReceived(response); 281 289 if (reachedTerminalState()) … … 402 410 } 403 411 frame->page()->diagnosticLoggingClient().logDiagnosticMessageWithValue(DiagnosticLoggingKeys::resourceKey(), DiagnosticLoggingKeys::loadedKey(), resourceType, ShouldSample::Yes); 412 } 413 414 bool SubresourceLoader::checkResponseCrossOriginAccessControl(const ResourceResponse& response, String& errorDescription) 415 { 416 if (!m_resource->isCrossOrigin() || options().mode != FetchOptions::Mode::Cors) 417 return true; 418 419 ASSERT(m_origin); 420 return passesAccessControlCheck(response, options().allowCredentials, *m_origin, errorDescription); 404 421 } 405 422 -
trunk/Source/WebCore/loader/SubresourceLoader.h
r205464 r205473 93 93 94 94 bool checkForHTTPStatusCodeError(); 95 bool checkResponseCrossOriginAccessControl(const ResourceResponse&, String&); 95 96 bool checkRedirectionCrossOriginAccessControl(const ResourceRequest& previousRequest, const ResourceResponse&, ResourceRequest& newRequest, String&); 96 97 -
trunk/Source/WebCore/loader/cache/CachedImage.cpp
r205464 r205473 115 115 } 116 116 117 void CachedImage::setBodyDataFrom(const CachedResource& resource) 118 { 119 ASSERT(resource.type() == type()); 120 const CachedImage& image = static_cast<const CachedImage&>(resource); 121 122 setLoading(false); 123 m_image = image.m_image; 124 125 if (m_image && is<SVGImage>(*m_image)) 126 m_svgImageCache = std::make_unique<SVGImageCache>(&downcast<SVGImage>(*m_image)); 127 } 128 117 129 void CachedImage::didAddClient(CachedResourceClient* client) 118 130 { … … 121 133 m_image->setData(m_data.copyRef(), true); 122 134 } 123 135 124 136 ASSERT(client->resourceClientType() == CachedImageClient::expectedType()); 125 137 if (m_image && !m_image->isNull()) -
trunk/Source/WebCore/loader/cache/CachedImage.h
r205464 r205473 92 92 void clear(); 93 93 94 CachedImage(CachedImage&, const ResourceRequest&, SessionID); 95 96 void setBodyDataFrom(const CachedResource&) final; 97 94 98 void createImage(); 95 99 void clearImage(); -
trunk/Source/WebCore/loader/cache/CachedResource.cpp
r205464 r205473 237 237 } 238 238 239 void CachedResource::addAdditionalRequestHeaders(CachedResourceLoader& cachedResourceLoader) 240 { 241 addAdditionalRequestHeadersToRequest(m_resourceRequest, cachedResourceLoader, *this); 239 void CachedResource::addAdditionalRequestHeaders(CachedResourceLoader& loader) 240 { 241 addAdditionalRequestHeadersToRequest(m_resourceRequest, loader, *this); 242 } 243 244 void CachedResource::computeOrigin(CachedResourceLoader& loader) 245 { 246 if (type() == MainResource) 247 return; 248 249 ASSERT(loader.document()); 250 if (m_resourceRequest.hasHTTPOrigin()) 251 m_origin = SecurityOrigin::createFromString(m_resourceRequest.httpOrigin()); 252 else 253 m_origin = loader.document()->securityOrigin(); 254 ASSERT(m_origin); 255 256 if (!(m_resourceRequest.url().protocolIsData() && m_options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set) && !m_origin->canRequest(m_resourceRequest.url())) 257 setCrossOrigin(); 258 259 addAdditionalRequestHeaders(loader); 242 260 } 243 261 … … 301 319 m_resourceRequest.setPriority(loadPriority()); 302 320 303 if (type() != MainResource) { 304 if (m_resourceRequest.hasHTTPOrigin()) 305 m_origin = SecurityOrigin::createFromString(m_resourceRequest.httpOrigin()); 306 else 307 m_origin = cachedResourceLoader.document()->securityOrigin(); 308 ASSERT(m_origin); 309 310 if (!(m_resourceRequest.url().protocolIsData() && options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set) && m_origin && !m_origin->canRequest(m_resourceRequest.url())) 311 setCrossOrigin(); 312 313 addAdditionalRequestHeaders(cachedResourceLoader); 314 } 321 computeOrigin(cachedResourceLoader); 315 322 316 323 // FIXME: It's unfortunate that the cache layer and below get to know anything about fragment identifiers. … … 331 338 332 339 m_status = Pending; 340 } 341 342 void CachedResource::loadFrom(const CachedResource& resource, const ResourceLoaderOptions& options, CachedResourceLoader& cachedResourceLoader) 343 { 344 ASSERT(url() == resource.url()); 345 ASSERT(type() == resource.type()); 346 ASSERT(resource.status() == Status::Cached); 347 348 m_options = options; 349 computeOrigin(cachedResourceLoader); 350 351 if (isCrossOrigin() && options.mode == FetchOptions::Mode::Cors) { 352 ASSERT(m_origin); 353 String errorMessage; 354 if (!WebCore::passesAccessControlCheck(resource.response(), m_options.allowCredentials, *m_origin, errorMessage)) { 355 setResourceError(ResourceError(String(), 0, url(), errorMessage, ResourceError::Type::AccessControl)); 356 return; 357 } 358 } 359 360 setBodyDataFrom(resource); 333 361 } 334 362 -
trunk/Source/WebCore/loader/cache/CachedResource.h
r205464 r205473 210 210 ResourceResponse::Tainting responseTainting() const { return m_responseTainting; } 211 211 212 void loadFrom(const CachedResource&, const ResourceLoaderOptions&, CachedResourceLoader&); 213 212 214 SecurityOrigin* origin() const { return m_origin.get(); } 213 215 … … 306 308 virtual void checkNotify(); 307 309 virtual bool mayTryReplaceEncodedData() const { return false; } 310 virtual void setBodyDataFrom(const CachedResource&) { } 308 311 309 312 std::chrono::microseconds freshnessLifetime(const ResourceResponse&) const; 310 313 311 314 void addAdditionalRequestHeaders(CachedResourceLoader&); 315 void computeOrigin(CachedResourceLoader&); 312 316 void failBeforeStarting(); 313 317 -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r205464 r205473 540 540 } 541 541 542 bool CachedResourceLoader::updateCachedResourceWithCurrentRequest(CachedResourceRequest& request, CachedResourceHandle<CachedResource>& resourceHandle) 543 { 544 ASSERT(resourceHandle); 545 546 CachedResource& resource = *resourceHandle; 547 548 // FIXME: We should progressively extend this to other reusable resources 549 if (resource.type() != CachedResource::Type::ImageResource) 550 return false; 551 552 bool shouldUpdate = resource.options().mode != request.options().mode || request.resourceRequest().httpOrigin() != resource.resourceRequest().httpOrigin(); 553 554 if (!shouldUpdate) 555 return false; 556 557 // FIXME: For being loaded requests, we currently do not use the same resource, as this may induce errors in the resource response tainting. 558 // We should find a way to improve this. 559 if (resource.status() != CachedResource::Cached) { 560 request.setCachingPolicy(CachingPolicy::DisallowCaching); 561 resourceHandle = loadResource(resource.type(), request); 562 return true; 563 } 564 565 resourceHandle = createResource(resource.type(), request.mutableResourceRequest(), request.charset(), sessionID()); 566 resourceHandle->loadFrom(resource, request.options(), *this); 567 return true; 568 } 569 542 570 static inline void logMemoryCacheResourceRequest(Frame* frame, const String& description, const String& value = String()) 543 571 { … … 636 664 break; 637 665 case Use: 638 if (!shouldContinueAfterNotifyingLoadedFromMemoryCache(request, resource.get())) 639 return nullptr; 640 logMemoryCacheResourceRequest(frame(), DiagnosticLoggingKeys::inMemoryCacheKey(), DiagnosticLoggingKeys::usedKey()); 641 memoryCache.resourceAccessed(*resource); 666 if (!updateCachedResourceWithCurrentRequest(request, resource)) { 667 if (!shouldContinueAfterNotifyingLoadedFromMemoryCache(request, resource.get())) 668 return nullptr; 669 logMemoryCacheResourceRequest(frame(), DiagnosticLoggingKeys::inMemoryCacheKey(), DiagnosticLoggingKeys::usedKey()); 670 memoryCache.resourceAccessed(*resource); 642 671 #if ENABLE(WEB_TIMING) 643 if (document() && RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled()) { 644 // FIXME (161170): The networkLoadTiming shouldn't be stored on the ResourceResponse. 645 resource->response().networkLoadTiming().reset(); 646 loadTiming.setResponseEnd(monotonicallyIncreasingTime()); 647 m_resourceTimingInfo.storeResourceTimingInitiatorInformation(resource, request, frame()); 648 m_resourceTimingInfo.addResourceTiming(resource.get(), *document(), loadTiming); 649 } 650 #endif 672 if (document() && RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled()) { 673 // FIXME (161170): The networkLoadTiming shouldn't be stored on the ResourceResponse. 674 resource->response().networkLoadTiming().reset(); 675 loadTiming.setResponseEnd(monotonicallyIncreasingTime()); 676 m_resourceTimingInfo.storeResourceTimingInitiatorInformation(resource, request, frame()); 677 m_resourceTimingInfo.addResourceTiming(resource.get(), *document(), loadTiming); 678 } 679 #endif 680 } 651 681 break; 652 682 } … … 801 831 if (cachedResourceRequest.defer() == CachedResourceRequest::DeferredByClient) 802 832 return Reload; 803 833 804 834 // Don't reload resources while pasting. 805 835 if (m_allowStaleResources) 806 836 return Use; 807 837 808 838 // Always use preloads. 809 839 if (existingResource->isPreloaded()) -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.h
r205464 r205473 156 156 enum RevalidationPolicy { Use, Revalidate, Reload, Load }; 157 157 RevalidationPolicy determineRevalidationPolicy(CachedResource::Type, CachedResourceRequest&, CachedResource* existingResource) const; 158 158 159 bool updateCachedResourceWithCurrentRequest(CachedResourceRequest&, CachedResourceHandle<CachedResource>&); 159 160 bool shouldContinueAfterNotifyingLoadedFromMemoryCache(const CachedResourceRequest&, CachedResource*); 160 161 bool checkInsecureContent(CachedResource::Type, const URL&) const; -
trunk/Source/WebCore/loader/cache/CachedResourceRequest.h
r205464 r205473 62 62 const AtomicString& initiatorName() const; 63 63 bool allowsCaching() const { return m_options.cachingPolicy == CachingPolicy::AllowCaching; } 64 void setCachingPolicy(CachingPolicy policy) { m_options.cachingPolicy = policy; } 64 65 65 66 void setAsPotentiallyCrossOrigin(const String&, Document&); -
trunk/Source/WebCore/style/StylePendingResources.cpp
r205464 r205473 55 55 options.mode = FetchOptions::Mode::Cors; 56 56 options.allowCredentials = DoNotAllowStoredCredentials; 57 options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set; 57 58 } 58 59
Note: See TracChangeset
for help on using the changeset viewer.