Changeset 229907 in webkit

Timestamp:

Mar 23, 2018 11:06:34 AM (6 years ago)

Author:

youenn@apple.com

Message:

DocumentThreadableLoader should send credentials after redirections and preflight if fetch option credentials is include
​https://bugs.webkit.org/show_bug.cgi?id=183928

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

• web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html: Added.
• web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.js: Added.
• web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html: Added.
• web-platform-tests/fetch/api/resources/inspect-headers.py:
• web-platform-tests/fetch/api/resources/redirect.py:

Source/WebCore:

Tests: imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html

imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html

In case mode is include, keep sending credentials even after redirection with preflight.

• loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::redirectReceived):

Location:

trunk

Files:

• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any-expected.txt (added)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html (added)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.js (added)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker-expected.txt (added)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html (added)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/inspect-headers.py (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/redirect.py (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/DocumentThreadableLoader.cpp (modified) (1 diff)

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2018-03-23  Youenn Fablet  <youenn@apple.com>
+
+        DocumentThreadableLoader should send credentials after redirections and preflight if fetch option credentials is include
+        https://bugs.webkit.org/show_bug.cgi?id=183928
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html: Added.
+        * web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.js: Added.
+        * web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html: Added.
+        * web-platform-tests/fetch/api/resources/inspect-headers.py:
+        * web-platform-tests/fetch/api/resources/redirect.py:
+
 2018-03-23  Sergio Villar Senin  <svillar@igalia.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/inspect-headers.py

@@ -17 +17 @@
         exposed_headers = ["x-request-" + header for header in checked_headers]
         headers.append(("Access-Control-Expose-Headers", ", ".join(exposed_headers)))
-        headers.append(("Access-Control-Allow-Headers", ", ".join(request.headers)))
+        if "allow_headers" in request.GET:
+            headers.append(("Access-Control-Allow-Headers", request.GET['allow_headers']))
+        else:
+            headers.append(("Access-Control-Allow-Headers", ", ".join(request.headers)))
 
     headers.append(("content-type", "text/plain"))

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/redirect.py

@@ -7 +7 @@
     headers = [("Content-Type", "text/plain"),
                ("Cache-Control", "no-cache"),
-               ("Pragma", "no-cache"),
-               ("Access-Control-Allow-Origin", "*")]
+               ("Pragma", "no-cache")]
+    if "Origin" in request.headers:
+        headers.append(("Access-Control-Allow-Origin", request.headers.get("Origin", "")))
+        headers.append(("Access-Control-Allow-Credentials", "true"))
+    else:
+        headers.append(("Access-Control-Allow-Origin", "*"))
+
     token = None
-
     if "token" in request.GET:
         token = request.GET.first("token")

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-03-23  Youenn Fablet  <youenn@apple.com>
+
+        DocumentThreadableLoader should send credentials after redirections and preflight if fetch option credentials is include
+        https://bugs.webkit.org/show_bug.cgi?id=183928
+
+        Reviewed by Chris Dumez.
+
+        Tests: imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html
+               imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html
+
+        In case mode is include, keep sending credentials even after redirection with preflight.
+
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::redirectReceived):
+
 2018-03-23  Tim Horton  <timothy_horton@apple.com>
 

trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

@@ -284 +284 @@
         return completionHandler(WTFMove(request));
 
-    m_options.storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
+    if (m_options.credentials == FetchOptions::Credentials::SameOrigin)
+        m_options.storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
 
     clearResource();