Changeset 225574 in webkit
- Timestamp:
- Dec 6, 2017 9:13:35 AM (6 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
-
LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
-
LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt (modified) (1 diff)
-
Source/WebCore/ChangeLog (modified) (1 diff)
-
Source/WebCore/loader/CrossOriginAccessControl.cpp (modified) (1 diff)
-
Source/WebCore/workers/service/context/ServiceWorkerFetch.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/imported/w3c/ChangeLog
r225566 r225574 1 2017-12-06 Youenn Fablet <youenn@apple.com> 2 3 Service Worker fetch should filter HTTP headers that are added by CachedResourceLoader/CachedResource 4 https://bugs.webkit.org/show_bug.cgi?id=180462 5 6 Reviewed by Geoffrey Garen. 7 8 * web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt: 9 1 10 2017-12-05 Chris Dumez <cdumez@apple.com> 2 11 -
trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt
r224852 r225574 40 40 PASS url:"https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?" mode:"cors" credentials:"same-origin" should fail. 41 41 PASS url:"https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?" mode:"cors" credentials:"include" should fail. 42 FAIL fetching url:"https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?ACAOrigin=*" mode:"cors" credentials:"omit" should succeed. promise_test: Unhandled rejection with value: object "TypeError: Type error" 43 FAIL fetching url:"https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?ACAOrigin=*" mode:"cors" credentials:"same-origin" should succeed. promise_test: Unhandled rejection with value: object "TypeError: Type error" 42 PASS fetching url:"https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?ACAOrigin=*" mode:"cors" credentials:"omit" should succeed. 43 PASS fetching url:"https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?ACAOrigin=*" mode:"cors" credentials:"same-origin" should succeed. 44 44 PASS url:"https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?ACAOrigin=*" mode:"cors" credentials:"include" should fail. 45 FAIL fetching url:"https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?ACAOrigin=https://localhost:9443&ACACredentials=true" mode:"cors" credentials:"include" should succeed. promise_test: Unhandled rejection with value: object "TypeError: Type error"45 FAIL fetching url:"https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?ACAOrigin=https://localhost:9443&ACACredentials=true" mode:"cors" credentials:"include" should succeed. assert_equals: expected "username1s" but got "undefined" 46 46 PASS fetching url:"https://localhost:9443/?url=https%3A%2F%2Flocalhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3F&mode=same-origin&credentials=omit&" mode:"same-origin" credentials:"omit" should succeed. 47 47 PASS fetching url:"https://localhost:9443/?url=https%3A%2F%2Flocalhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3F&mode=same-origin&credentials=omit&" mode:"same-origin" credentials:"same-origin" should succeed. -
trunk/Source/WebCore/ChangeLog
r225573 r225574 1 2017-12-06 Youenn Fablet <youenn@apple.com> 2 3 Service Worker fetch should filter HTTP headers that are added by CachedResourceLoader/CachedResource 4 https://bugs.webkit.org/show_bug.cgi?id=180462 5 6 Reviewed by Geoffrey Garen. 7 8 Coved by rebased test. 9 10 * loader/CrossOriginAccessControl.cpp: 11 (WebCore::cleanRedirectedRequestForAccessControl): Accept header is a safe header so it is fine to keep it. 12 * workers/service/context/ServiceWorkerFetch.cpp: 13 (WebCore::ServiceWorkerFetch::dispatchFetchEvent): Cleaning headers added by CachedResourceLoader/CachedResource. 14 1 15 2017-12-06 Zan Dobersek <zdobersek@igalia.com> 2 16 -
trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp
r222467 r225574 124 124 request.clearHTTPOrigin(); 125 125 request.clearHTTPUserAgent(); 126 request.clearHTTPAccept();127 126 request.clearHTTPAcceptEncoding(); 128 127 } -
trunk/Source/WebCore/workers/service/context/ServiceWorkerFetch.cpp
r225294 r225574 29 29 #if ENABLE(SERVICE_WORKER) 30 30 31 #include "CrossOriginAccessControl.h" 31 32 #include "EventNames.h" 32 33 #include "FetchEvent.h" … … 95 96 ASSERT(globalScope.isServiceWorkerGlobalScope()); 96 97 98 auto httpReferrer = request.httpReferrer(); 99 // We are intercepting fetch calls after going through the HTTP layer, which adds some specific headers. 100 // Let's clean them so that cross origin checks do not fail. 101 cleanRedirectedRequestForAccessControl(request); 102 97 103 auto requestHeaders = FetchHeaders::create(FetchHeaders::Guard::Immutable, HTTPHeaderMap { request.httpHeaderFields() }); 98 auto fetchRequest = FetchRequest::create(globalScope, FetchBody::fromFormData(request.httpBody()), WTFMove(requestHeaders), WTFMove(request), WTFMove(options), request.httpReferrer());104 auto fetchRequest = FetchRequest::create(globalScope, FetchBody::fromFormData(request.httpBody()), WTFMove(requestHeaders), WTFMove(request), WTFMove(options), WTFMove(httpReferrer)); 99 105 100 106 FetchEvent::Init init;
Note: See TracChangeset
for help on using the changeset viewer.
