Changeset 227270 in webkit
- Timestamp:
- Jan 20, 2018 2:45:25 AM (6 years ago)
- Location:
- trunk
- Files:
-
- 14 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r227264 r227270 1 2018-01-20 Youenn Fablet <youenn@apple.com> 2 3 fetch redirect is incompatible with "no-cors" mode 4 https://bugs.webkit.org/show_bug.cgi?id=181866 5 <rdar://problem/35827140> 6 7 Reviewed by Chris Dumez. 8 9 * http/tests/fetch/redirectmode-and-preload-expected.txt: 10 * http/tests/fetch/redirectmode-and-preload.html: 11 1 12 2018-01-19 Ryan Haddad <ryanhaddad@apple.com> 2 13 -
trunk/LayoutTests/http/tests/fetch/redirectmode-and-preload-expected.txt
r226087 r227270 1 CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii. Redirections are not allowed 1 CONSOLE MESSAGE: line 19: No-Cors mode requires follow redirect mode 2 CONSOLE MESSAGE: line 19: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii. Not allowed to request resource 3 CONSOLE MESSAGE: line 32: No-Cors mode requires follow redirect mode 4 CONSOLE MESSAGE: line 32: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii. Not allowed to request resource 2 5 CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii. Redirections are not allowed 3 6 -
trunk/LayoutTests/http/tests/fetch/redirectmode-and-preload.html
r217962 r227270 17 17 var preloadUrl = "./resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii"; 18 18 promise_test(function(test) { 19 return fetch(preloadUrl, {redirect: "manual", mode: "no-cors", credentials: "include"}).then((response) => { 20 assert_equals(response.type, "opaqueredirect", "Response's type should be opaqueRedirect"); 21 return response.text(); 22 }).then((text) => { 23 assert_equals(text, ""); 24 }); 19 return promise_rejects(test,new TypeError(), fetch(preloadUrl, {redirect: "manual", mode: "no-cors", credentials: "include"})); 25 20 }, "Fetch should check for redirections even if resource is preloaded (same fetch options except for redirect mode)"); 26 21 -
trunk/LayoutTests/imported/w3c/ChangeLog
r227225 r227270 1 2018-01-20 Youenn Fablet <youenn@apple.com> 2 3 fetch redirect is incompatible with "no-cors" mode 4 https://bugs.webkit.org/show_bug.cgi?id=181866 5 <rdar://problem/35827140> 6 7 Reviewed by Chris Dumez. 8 9 * web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt: 10 * web-platform-tests/fetch/api/redirect/redirect-mode-worker-expected.txt: 11 * web-platform-tests/fetch/api/redirect/redirect-mode.js: 12 (redirectMode): 13 * web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt: 14 * web-platform-tests/service-workers/service-worker/fetch-event-redirect.https.html: 15 * web-platform-tests/service-workers/service-worker/fetch-request-redirect.https-expected.txt: 16 1 17 2018-01-19 Joseph Pecoraro <pecoraro@apple.com> 2 18 -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt
r201324 r227270 1 1 2 PASS Redirect 301 in "error" mode 3 PASS Redirect 301 in "follow" mode 4 PASS Redirect 301 in "manual" mode 5 PASS Redirect 302 in "error" mode 6 PASS Redirect 302 in "follow" mode 7 PASS Redirect 302 in "manual" mode 8 PASS Redirect 303 in "error" mode 9 PASS Redirect 303 in "follow" mode 10 PASS Redirect 303 in "manual" mode 11 PASS Redirect 307 in "error" mode 12 PASS Redirect 307 in "follow" mode 13 PASS Redirect 307 in "manual" mode 14 PASS Redirect 308 in "error" mode 15 PASS Redirect 308 in "follow" mode 16 PASS Redirect 308 in "manual" mode 2 PASS Redirect 301 in "error" redirect, cors mode 3 PASS Redirect 301 in "follow" redirect, cors mode 4 PASS Redirect 301 in "manual" redirect, cors mode 5 PASS Redirect 302 in "error" redirect, cors mode 6 PASS Redirect 302 in "follow" redirect, cors mode 7 PASS Redirect 302 in "manual" redirect, cors mode 8 PASS Redirect 303 in "error" redirect, cors mode 9 PASS Redirect 303 in "follow" redirect, cors mode 10 PASS Redirect 303 in "manual" redirect, cors mode 11 PASS Redirect 307 in "error" redirect, cors mode 12 PASS Redirect 307 in "follow" redirect, cors mode 13 PASS Redirect 307 in "manual" redirect, cors mode 14 PASS Redirect 308 in "error" redirect, cors mode 15 PASS Redirect 308 in "follow" redirect, cors mode 16 PASS Redirect 308 in "manual" redirect, cors mode 17 PASS Redirect in "error" redirect, no cors mode 18 PASS Redirect in "manual" redirect, no cors mode 17 19 -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-worker-expected.txt
r203164 r227270 1 CONSOLE MESSAGE: No-Cors mode requires follow redirect mode 2 CONSOLE MESSAGE: No-Cors mode requires follow redirect mode 1 3 2 PASS Redirect 301 in "error" mode 3 PASS Redirect 301 in "follow" mode 4 PASS Redirect 301 in "manual" mode 5 PASS Redirect 302 in "error" mode 6 PASS Redirect 302 in "follow" mode 7 PASS Redirect 302 in "manual" mode 8 PASS Redirect 303 in "error" mode 9 PASS Redirect 303 in "follow" mode 10 PASS Redirect 303 in "manual" mode 11 PASS Redirect 307 in "error" mode 12 PASS Redirect 307 in "follow" mode 13 PASS Redirect 307 in "manual" mode 14 PASS Redirect 308 in "error" mode 15 PASS Redirect 308 in "follow" mode 16 PASS Redirect 308 in "manual" mode 4 PASS Redirect 301 in "error" redirect, cors mode 5 PASS Redirect 301 in "follow" redirect, cors mode 6 PASS Redirect 301 in "manual" redirect, cors mode 7 PASS Redirect 302 in "error" redirect, cors mode 8 PASS Redirect 302 in "follow" redirect, cors mode 9 PASS Redirect 302 in "manual" redirect, cors mode 10 PASS Redirect 303 in "error" redirect, cors mode 11 PASS Redirect 303 in "follow" redirect, cors mode 12 PASS Redirect 303 in "manual" redirect, cors mode 13 PASS Redirect 307 in "error" redirect, cors mode 14 PASS Redirect 307 in "follow" redirect, cors mode 15 PASS Redirect 307 in "manual" redirect, cors mode 16 PASS Redirect 308 in "error" redirect, cors mode 17 PASS Redirect 308 in "follow" redirect, cors mode 18 PASS Redirect 308 in "manual" redirect, cors mode 19 PASS Redirect in "error" redirect, no cors mode 20 PASS Redirect in "manual" redirect, no cors mode 17 21 -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.js
r205743 r227270 4 4 } 5 5 6 function redirectMode(desc, redirectUrl, redirectLocation, redirectStatus, redirectMode ) {6 function redirectMode(desc, redirectUrl, redirectLocation, redirectStatus, redirectMode, corsMode) { 7 7 var url = redirectUrl; 8 8 var urlParameters = "?redirect_status=" + redirectStatus; 9 9 urlParameters += "&location=" + encodeURIComponent(redirectLocation); 10 10 11 var requestInit = {"redirect": redirectMode };11 var requestInit = {"redirect": redirectMode, mode: corsMode}; 12 12 13 13 promise_test(function(test) { 14 if (redirectMode === "error" )14 if (redirectMode === "error" || (corsMode === "no-cors" && redirectMode !== "follow")) 15 15 return promise_rejects(test, new TypeError(), fetch(url + urlParameters, requestInit)); 16 16 if (redirectMode === "manual") … … 34 34 35 35 for (var statusCode of [301, 302, 303, 307, 308]) { 36 redirectMode("Redirect " + statusCode + " in \"error\" mode ", redirUrl, locationUrl, statusCode, "error");37 redirectMode("Redirect " + statusCode + " in \"follow\" mode ", redirUrl, locationUrl, statusCode, "follow");38 redirectMode("Redirect " + statusCode + " in \"manual\" mode ", redirUrl, locationUrl, statusCode, "manual");36 redirectMode("Redirect " + statusCode + " in \"error\" redirect, cors mode", redirUrl, locationUrl, statusCode, "error", "cors"); 37 redirectMode("Redirect " + statusCode + " in \"follow\" redirect, cors mode", redirUrl, locationUrl, statusCode, "follow", "cors"); 38 redirectMode("Redirect " + statusCode + " in \"manual\" redirect, cors mode", redirUrl, locationUrl, statusCode, "manual", "cors"); 39 39 } 40 redirectMode("Redirect in \"error\" redirect, no cors mode", redirUrl, locationUrl, 301, "error", "no-cors"); 41 redirectMode("Redirect in \"manual\" redirect, no cors mode", redirUrl, locationUrl, 301, "manual", "no-cors"); 40 42 41 43 done(); -
trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt
r226090 r227270 1 CONSOLE MESSAGE: line 51: No-Cors mode requires follow redirect mode 2 CONSOLE MESSAGE: line 51: Fetch API cannot load https://localhost:9443/nonav-manual-nocors-redirects-to-sameorigin-nocreds?url=redirect.py%3FRedirect%3Dhttps%253A%252F%252Flocalhost%253A9443%252Fservice-workers%252Fservice-worker%252Fresources%252Fsuccess.py&expected_type=opaqueredirect. Not allowed to request resource 3 CONSOLE MESSAGE: line 51: No-Cors mode requires follow redirect mode 4 CONSOLE MESSAGE: line 51: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-sameorigin-nocreds?url=redirect.py%3FRedirect%3Dhttps%253A%252F%252Flocalhost%253A9443%252Fservice-workers%252Fservice-worker%252Fresources%252Fsuccess.py. Not allowed to request resource 1 5 2 6 PASS initialize global state … … 7 11 PASS Non-navigation, manual redirect, same-origin mode Request redirected to no-cors without credentials should succeed opaqueredirect interception and response should not be redirected 8 12 PASS Non-navigation, manual redirect, same-origin mode Request redirected to cors without credentials should succeed opaqueredirect interception and response should not be redirected 9 PASS Non-navigation, manual redirect, no-cors mode Request redirected to same-origin without credentials should succeed opaqueredirect interception and response should not be redirected 10 PASS Non-navigation, manual redirect, no-cors mode Request redirected to no-cors without credentials should succeed interception and response should not be redirected 11 PASS Non-navigation, manual redirect, no-cors mode Request redirected to cors without credentials should succeed interception and response should not be redirected 13 PASS Non-navigation, manual redirect, no-cors mode Request should fail 12 14 PASS Non-navigation, manual redirect, cors mode Request redirected to same-origin with credentials should succeed opaqueredirect interception and response should not be redirected 13 15 PASS Non-navigation, manual redirect, cors mode Request redirected to no-cors with credentials should succeed opaqueredirect interception and response should not be redirected … … 16 18 PASS Non-navigation, manual redirect, same-origin mode Request redirected to no-cors with credentials should succeed opaqueredirect interception and response should not be redirected 17 19 PASS Non-navigation, manual redirect, same-origin mode Request redirected to cors with credentials should succeed opaqueredirect interception and response should not be redirected 18 PASS Non-navigation, manual redirect, no-cors mode Request redirected to same-origin with credentials should succeed opaqueredirect interception and response should not be redirected19 PASS Non-navigation, manual redirect, no-cors mode Request redirected to no-cors with credentials should succeed interception and response should not be redirected20 PASS Non-navigation, manual redirect, no-cors mode Request redirected to cors with credentials should succeed interception and response should not be redirected21 20 PASS Non-navigation, follow redirect, cors mode Request redirected to same-origin without credentials should succeed interception and response should be redirected 22 21 PASS Non-navigation, follow redirect, cors mode Request redirected to no-cors without credentials should fail interception and response should not be redirected … … 43 42 PASS Non-navigation, error redirect, same-origin mode Request redirected to no-cors without credentials should fail interception and response should not be redirected 44 43 PASS Non-navigation, error redirect, same-origin mode Request redirected to cors without credentials should fail interception and response should not be redirected 45 PASS Non-navigation, error redirect, no-cors mode Request redirected to same-origin without credentials should fail interception and response should not be redirected 46 PASS Non-navigation, error redirect, no-cors mode Request redirected to no-cors without credentials should fail interception and response should not be redirected 47 PASS Non-navigation, error redirect, no-cors mode Request redirected to cors without credentials should fail interception and response should not be redirected 44 PASS Non-navigation, error redirect, no-cors mode Request should fail 48 45 PASS Non-navigation, error redirect, cors mode Request redirected to same-origin with credentials should fail interception and response should not be redirected 49 46 PASS Non-navigation, error redirect, cors mode Request redirected to no-cors with credentials should fail interception and response should not be redirected … … 52 49 PASS Non-navigation, error redirect, same-origin mode Request redirected to no-cors with credentials should fail interception and response should not be redirected 53 50 PASS Non-navigation, error redirect, same-origin mode Request redirected to cors with credentials should fail interception and response should not be redirected 54 PASS Non-navigation, error redirect, no-cors mode Request redirected to same-origin with credentials should fail interception and response should not be redirected55 PASS Non-navigation, error redirect, no-cors mode Request redirected to no-cors with credentials should fail interception and response should not be redirected56 PASS Non-navigation, error redirect, no-cors mode Request redirected to cors with credentials should fail interception and response should not be redirected57 51 PASS restore global state 58 52 -
trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https.html
r223327 r227270 213 213 mode: 'no-cors' 214 214 }, 215 should_reject: false 216 }); 217 }, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' + 218 'same-origin without credentials should succeed opaqueredirect interception ' + 219 'and response should not be redirected'); 220 221 promise_test(function(t) { 222 return redirect_fetch_test(t, { 223 name: 'nonav-manual-nocors-redirects-to-nocors-nocreds', 224 redirect_dest: 'no-cors', 225 url_credentials: false, 226 expected_type: 'opaqueredirect', 227 expected_redirected: false, 228 request_init: { 229 redirect: 'manual', 230 mode: 'no-cors' 231 }, 232 should_reject: false 233 }); 234 }, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' + 235 'no-cors without credentials should succeed interception ' + 236 'and response should not be redirected'); 237 238 promise_test(function(t) { 239 return redirect_fetch_test(t, { 240 name: 'nonav-manual-nocors-redirects-to-cors-nocreds', 241 redirect_dest: 'cors', 242 url_credentials: false, 243 expected_type: 'opaqueredirect', 244 expected_redirected: false, 245 request_init: { 246 redirect: 'manual', 247 mode: 'no-cors' 248 }, 249 should_reject: false 250 }); 251 }, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' + 252 'cors without credentials should succeed interception ' + 253 'and response should not be redirected'); 215 should_reject: true 216 }); 217 }, 'Non-navigation, manual redirect, no-cors mode Request should fail'); 254 218 255 219 promise_test(function(t) { … … 353 317 }, 'Non-navigation, manual redirect, same-origin mode Request redirected to ' + 354 318 'cors with credentials should succeed opaqueredirect interception ' + 355 'and response should not be redirected');356 357 promise_test(function(t) {358 return redirect_fetch_test(t, {359 name: 'nonav-manual-nocors-redirects-to-sameorigin-creds',360 redirect_dest: 'same-origin',361 url_credentials: true,362 expected_type: 'opaqueredirect',363 expected_redirected: false,364 request_init: {365 redirect: 'manual',366 mode: 'no-cors'367 },368 should_reject: false369 });370 }, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' +371 'same-origin with credentials should succeed opaqueredirect interception ' +372 'and response should not be redirected');373 374 promise_test(function(t) {375 return redirect_fetch_test(t, {376 name: 'nonav-manual-nocors-redirects-to-nocors-creds',377 redirect_dest: 'no-cors',378 url_credentials: true,379 expected_type: 'opaqueredirect',380 expected_redirected: false,381 request_init: {382 redirect: 'manual',383 mode: 'no-cors'384 },385 should_reject: false386 });387 }, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' +388 'no-cors with credentials should succeed interception ' +389 'and response should not be redirected');390 391 promise_test(function(t) {392 return redirect_fetch_test(t, {393 name: 'nonav-manual-nocors-redirects-to-cors-creds',394 redirect_dest: 'cors',395 url_credentials: true,396 expected_type: 'opaqueredirect',397 expected_redirected: false,398 request_init: {399 redirect: 'manual',400 mode: 'no-cors'401 },402 should_reject: false403 });404 }, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' +405 'cors with credentials should succeed interception ' +406 319 'and response should not be redirected'); 407 320 … … 824 737 mode: 'no-cors' 825 738 }, 826 // should reject because requests with 'error' RequestRedirect cannot be 827 // redirected. 828 should_reject: true 829 }); 830 }, 'Non-navigation, error redirect, no-cors mode Request redirected to ' + 831 'same-origin without credentials should fail interception ' + 832 'and response should not be redirected'); 833 834 promise_test(function(t) { 835 return redirect_fetch_test(t, { 836 name: 'nonav-error-nocors-redirects-to-nocors-nocreds', 837 redirect_dest: 'no-cors', 838 url_credentials: false, 839 request_init: { 840 redirect: 'error', 841 mode: 'no-cors' 842 }, 843 // should reject because requests with 'error' RequestRedirect cannot be 844 // redirected. 845 should_reject: true 846 }); 847 }, 'Non-navigation, error redirect, no-cors mode Request redirected to ' + 848 'no-cors without credentials should fail interception ' + 849 'and response should not be redirected'); 850 851 promise_test(function(t) { 852 return redirect_fetch_test(t, { 853 name: 'nonav-error-nocors-redirects-to-cors-nocreds', 854 redirect_dest: 'cors', 855 url_credentials: false, 856 request_init: { 857 redirect: 'error', 858 mode: 'no-cors' 859 }, 860 // should reject because requests with 'error' RequestRedirect cannot be 861 // redirected. 862 should_reject: true 863 }); 864 }, 'Non-navigation, error redirect, no-cors mode Request redirected to ' + 865 'cors without credentials should fail interception ' + 866 'and response should not be redirected'); 739 // should reject because error + no-cors is not allowed. 740 should_reject: true 741 }); 742 }, 'Non-navigation, error redirect, no-cors mode Request should fail'); 867 743 868 744 promise_test(function(t) { … … 967 843 'cors with credentials should fail interception ' + 968 844 'and response should not be redirected'); 969 970 promise_test(function(t) {971 return redirect_fetch_test(t, {972 name: 'nonav-error-nocors-redirects-to-sameorigin-creds',973 redirect_dest: 'same-origin',974 url_credentials: true,975 request_init: {976 redirect: 'error',977 mode: 'no-cors'978 },979 // should reject because requests with 'error' RequestRedirect cannot be980 // redirected.981 should_reject: true982 });983 }, 'Non-navigation, error redirect, no-cors mode Request redirected to ' +984 'same-origin with credentials should fail interception ' +985 'and response should not be redirected');986 987 promise_test(function(t) {988 return redirect_fetch_test(t, {989 name: 'nonav-error-nocors-redirects-to-nocors-creds',990 redirect_dest: 'no-cors',991 url_credentials: true,992 request_init: {993 redirect: 'error',994 mode: 'no-cors'995 },996 // should reject because requests with 'error' RequestRedirect cannot be997 // redirected.998 should_reject: true999 });1000 }, 'Non-navigation, error redirect, no-cors mode Request redirected to ' +1001 'no-cors with credentials should fail interception ' +1002 'and response should not be redirected');1003 1004 promise_test(function(t) {1005 return redirect_fetch_test(t, {1006 name: 'nonav-error-nocors-redirects-to-cors-creds',1007 redirect_dest: 'cors',1008 url_credentials: true,1009 request_init: {1010 redirect: 'error',1011 mode: 'no-cors'1012 },1013 // should reject because requests with 'error' RequestRedirect cannot be1014 // redirected.1015 should_reject: true1016 });1017 }, 'Non-navigation, error redirect, no-cors mode Request redirected to ' +1018 'cors with credentials should fail interception and response should not ' +1019 'be redirected');1020 845 </script> 1021 846 </body> -
trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-redirect.https-expected.txt
r226792 r227270 1 CONSOLE MESSAGE: XMLHttpRequest cannot load https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt. Response served by service worker is opaque redirect2 CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.3 CONSOLE MESSAGE: XMLHttpRequest cannot load https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt. Response served by service worker is opaque redirect4 1 CONSOLE MESSAGE: XMLHttpRequest cannot load https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt. Response served by service worker is opaque redirect 5 2 -
trunk/Source/WebCore/ChangeLog
r227266 r227270 1 2018-01-20 Youenn Fablet <youenn@apple.com> 2 3 fetch redirect is incompatible with "no-cors" mode 4 https://bugs.webkit.org/show_bug.cgi?id=181866 5 <rdar://problem/35827140> 6 7 Reviewed by Chris Dumez. 8 9 Covered by updated tests. 10 11 Return a network error when no-cors mode and redirect mode is manual or error. 12 Update preflight implementation to no longer use manual redirect mode to simulate https://fetch.spec.whatwg.org/#http-network-or-cache-fetch. 13 Instead implement redirectReceived callback to treat any redirect response as the preflight response. 14 15 * loader/cache/CachedResourceLoader.cpp: 16 (WebCore::CachedResourceLoader::canRequest): 17 * loader/CrossOriginPreflightChecker.cpp: 18 (WebCore::CrossOriginPreflightChecker::redirectReceived): 19 (WebCore::CrossOriginPreflightChecker::startPreflight): 20 * loader/CrossOriginPreflightChecker.h: 21 1 22 2018-01-19 Wenson Hsieh <wenson_hsieh@apple.com> 2 23 -
trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
r225591 r227270 96 96 } 97 97 98 void CrossOriginPreflightChecker::redirectReceived(CachedResource& resource, ResourceRequest&&, const ResourceResponse& response, CompletionHandler<void(ResourceRequest&&)>&& completionHandler) 99 { 100 ASSERT_UNUSED(resource, &resource == m_resource); 101 validatePreflightResponse(m_loader, WTFMove(m_request), m_resource->identifier(), response); 102 completionHandler(ResourceRequest { }); 103 } 104 98 105 void CrossOriginPreflightChecker::startPreflight() 99 106 { 100 107 ResourceLoaderOptions options; 101 108 options.referrerPolicy = m_loader.options().referrerPolicy; 102 options.redirect = FetchOptions::Redirect::Manual;103 109 options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck; 104 110 options.serviceWorkersMode = ServiceWorkersMode::None; -
trunk/Source/WebCore/loader/CrossOriginPreflightChecker.h
r206903 r227270 55 55 private: 56 56 void notifyFinished(CachedResource&) final; 57 void redirectReceived(CachedResource&, ResourceRequest&&, const ResourceResponse&, CompletionHandler<void(ResourceRequest&&)>&&) final; 57 58 58 59 static void handleLoadingFailure(DocumentThreadableLoader&, unsigned long, const ResourceError&); -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r226904 r227270 508 508 } 509 509 510 // Security checks defined in https://fetch.spec.whatwg.org/#main-fetch step 2 and 5. 510 511 bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url, const CachedResourceRequest& request, ForPreload forPreload) 511 512 { … … 521 522 if (options.mode == FetchOptions::Mode::SameOrigin && !m_document->securityOrigin().canRequest(url) && !isSameOriginDataURL(url, options)) { 522 523 printAccessDeniedMessage(url); 524 return false; 525 } 526 527 if (options.mode == FetchOptions::Mode::NoCors && options.redirect != FetchOptions::Redirect::Follow) { 528 ASSERT(type != CachedResource::Type::MainResource); 529 frame()->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, ASCIILiteral("No-Cors mode requires follow redirect mode")); 523 530 return false; 524 531 }
Note: See TracChangeset
for help on using the changeset viewer.