Changeset 207754 in webkit
- Timestamp:
- Oct 24, 2016 1:04:20 AM (7 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r207752 r207754 1 2016-10-24 Youenn Fablet <youenn@apple.com> 2 3 ASSERTION FAILED: canvas()->securityOrigin()->toString() == cachedImage.origin()->toString() 4 https://bugs.webkit.org/show_bug.cgi?id=163242 5 6 Reviewed by Darin Adler. 7 8 * http/tests/security/cross-origin-cached-images-canvas-expected.txt: Added. 9 * http/tests/security/cross-origin-cached-images-canvas.html: Added. 10 * http/tests/security/resources/cross-origin-cached-image-canvas-iframe.html: Added. 11 1 12 2016-10-24 Youenn Fablet <youenn@apple.com> 2 13 -
trunk/Source/WebCore/ChangeLog
r207753 r207754 1 2016-10-24 Youenn Fablet <youenn@apple.com> 2 3 ASSERTION FAILED: canvas()->securityOrigin()->toString() == cachedImage.origin()->toString() 4 https://bugs.webkit.org/show_bug.cgi?id=163242 5 6 Reviewed by Darin Adler. 7 8 Test: http/tests/security/cross-origin-cached-images-canvas.html 9 10 We were previously on Origin HTTP header to check whether requests were made from different origins. 11 This is fine for CORS enabled requests but not for GET no CORS requests since they will not have any Origin header. 12 13 Now that CachedResource and CachedResourceRequest own their origin, it is best to use these directly. 14 15 * loader/cache/CachedResourceLoader.cpp: 16 (WebCore::isRequestMatchingResourceOrigin): 17 (WebCore::CachedResourceLoader::shouldUpdateCachedResourceWithCurrentRequest): 18 1 19 2016-10-24 Youenn Fablet <youenn@apple.com> 2 20 -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r207752 r207754 551 551 } 552 552 553 static inline bool originsMatch(const CachedResourceRequest& request, const CachedResource& resource) 554 { 555 if (request.origin() == resource.origin()) 556 return true; 557 if (!request.origin() || !resource.origin()) 558 return false; 559 // We use string comparison as this is how they are serialized as HTTP Origin header value. 560 // This is in particular useful for unique origins that are serialized as "null" 561 return request.origin()->toString() == resource.origin()->toString(); 562 } 563 553 564 bool CachedResourceLoader::shouldUpdateCachedResourceWithCurrentRequest(const CachedResource& resource, const CachedResourceRequest& request) 554 565 { … … 584 595 } 585 596 586 if (resource.options().mode != request.options().mode || request.resourceRequest().httpOrigin() != resource.resourceRequest().httpOrigin())597 if (resource.options().mode != request.options().mode || !originsMatch(request, resource)) 587 598 return true; 588 599
Note: See TracChangeset
for help on using the changeset viewer.