Changeset 224369 in webkit


Ignore:
Timestamp:
Nov 2, 2017 6:36:37 PM (6 years ago)
Author:
commit-queue@webkit.org
Message:

Do not check for CORS in case response is coming from a service worker
https://bugs.webkit.org/show_bug.cgi?id=179177

Patch by Youenn Fablet <youenn@apple.com> on 2017-11-02
Reviewed by Chris Dumez.

Source/WebCore:

Test: http/tests/workers/service/cors-image-fetch.html

As per fetch spec, CORS check (https://fetch.spec.whatwg.org/#cors-check) is done
within HTTP fetch (https://fetch.spec.whatwg.org/#http-fetch).
It does not apply to fetches handled by service workers.

  • loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::checkResponseCrossOriginAccessControl):

LayoutTests:

  • http/tests/workers/service/cors-image-fetch-expected.txt: Added.
  • http/tests/workers/service/cors-image-fetch.html: Added.
  • http/tests/workers/service/resources/cors-image-fetch-worker.js: Added.
  • http/tests/workers/service/resources/cors-image-fetch.js: Added.
  • http/tests/workers/service/resources/tainted-image-fetch.js: Added.
  • http/tests/workers/service/tainted-image-fetch-expected.txt: Added.
  • http/tests/workers/service/tainted-image-fetch.html: Added.
Location:
trunk
Files:
7 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r224365 r224369  
     12017-11-02  Youenn Fablet  <youenn@apple.com>
     2
     3        Do not check for CORS in case response is coming from a service worker
     4        https://bugs.webkit.org/show_bug.cgi?id=179177
     5
     6        Reviewed by Chris Dumez.
     7
     8        * http/tests/workers/service/cors-image-fetch-expected.txt: Added.
     9        * http/tests/workers/service/cors-image-fetch.html: Added.
     10        * http/tests/workers/service/resources/cors-image-fetch-worker.js: Added.
     11        * http/tests/workers/service/resources/cors-image-fetch.js: Added.
     12        * http/tests/workers/service/resources/tainted-image-fetch.js: Added.
     13        * http/tests/workers/service/tainted-image-fetch-expected.txt: Added.
     14        * http/tests/workers/service/tainted-image-fetch.html: Added.
     15
    1162017-11-02  Ryan Haddad  <ryanhaddad@apple.com>
    217

  • trunk/Source/WebCore/ChangeLog

    r224368 r224369  
     12017-11-02  Youenn Fablet  <youenn@apple.com>
     2
     3        Do not check for CORS in case response is coming from a service worker
     4        https://bugs.webkit.org/show_bug.cgi?id=179177
     5
     6        Reviewed by Chris Dumez.
     7
     8        Test: http/tests/workers/service/cors-image-fetch.html
     9
     10        As per fetch spec, CORS check (https://fetch.spec.whatwg.org/#cors-check) is done
     11        within HTTP fetch (https://fetch.spec.whatwg.org/#http-fetch).
     12        It does not apply to fetches handled by service workers.
     13
     14        * loader/SubresourceLoader.cpp:
     15        (WebCore::SubresourceLoader::checkResponseCrossOriginAccessControl):
     16
    1172017-11-02  Joseph Pecoraro  <pecoraro@apple.com>
    218

  • trunk/Source/WebCore/loader/SubresourceLoader.cpp

    r223091 r224369  
    479479        return true;
    480480
     481#if ENABLE(SERVICE_WORKER)
     482    if (response.source() == ResourceResponse::Source::ServiceWorker)
     483        return true;
     484#endif
     485
    481486    ASSERT(m_origin);
    482487    return passesAccessControlCheck(response, options().storedCredentialsPolicy, *m_origin, errorDescription);
Note: See TracChangeset for help on using the changeset viewer.