Changeset 240158 in webkit

Timestamp:

Jan 18, 2019 10:44:54 AM (5 years ago)

Author:

ajuma@chromium.org

Message:

FetchResponse::url should return the empty string for tainted responses
​https://bugs.webkit.org/show_bug.cgi?id=193553

Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

• web-platform-tests/fetch/api/basic/mode-no-cors.sub.any.js:

(fetchNoCors):

Source/WebCore:

Check whether the response is tainted in FetchResponse::url, to match
the behavior described in ​https://fetch.spec.whatwg.org/#concept-filtered-response-opaque.

• Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::url const):

LayoutTests:

• http/wpt/fetch/response-opaque-clone.html:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/wpt/fetch/response-opaque-clone.html (modified) (1 diff)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-no-cors.sub.any.js (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/fetch/FetchResponse.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-01-18  Ali Juma  <ajuma@chromium.org>
+
+        FetchResponse::url should return the empty string for tainted responses
+        https://bugs.webkit.org/show_bug.cgi?id=193553
+
+        Reviewed by Youenn Fablet.
+
+        * http/wpt/fetch/response-opaque-clone.html:
+
 2019-01-18  Jonathan Bedard  <jbedard@apple.com>
 

trunk/LayoutTests/http/wpt/fetch/response-opaque-clone.html

@@ -17 +17 @@
     assert_equals(response.status, 0, testName + " status");
     assert_equals(response.statusText, "", testName + " statusText");
+    assert_equals(response.url, "", testName + " url");
     assert_false(response.redirected, testName + " redirected");
     assert_true(response.headers.values().next().done, testName + " headers");

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2019-01-18  Ali Juma  <ajuma@chromium.org>
+
+        FetchResponse::url should return the empty string for tainted responses
+        https://bugs.webkit.org/show_bug.cgi?id=193553
+
+        Reviewed by Youenn Fablet.
+
+        * web-platform-tests/fetch/api/basic/mode-no-cors.sub.any.js:
+        (fetchNoCors):
+
 2019-01-14  Charles Vazac  <cvazac@akamai.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-no-cors.sub.any.js

@@ -8 +8 @@
         assert_equals(resp.status, 0, "Opaque filter: status is 0");
         assert_equals(resp.statusText, "", "Opaque filter: statusText is \"\"");
+        assert_equals(resp.url, "", "Opaque filter: url is \"\"");
         assert_equals(resp.type , "opaque", "Opaque filter: response's type is opaque");
         assert_equals(resp.headers.get("x-is-filtered"), null, "Header x-is-filtered is filtered");

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-01-18  Ali Juma  <ajuma@chromium.org>
+
+        FetchResponse::url should return the empty string for tainted responses
+        https://bugs.webkit.org/show_bug.cgi?id=193553
+
+        Reviewed by Youenn Fablet.
+
+        Check whether the response is tainted in FetchResponse::url, to match
+        the behavior described in https://fetch.spec.whatwg.org/#concept-filtered-response-opaque.
+
+        * Modules/fetch/FetchResponse.cpp:
+        (WebCore::FetchResponse::url const):
+
 2019-01-18  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/Modules/fetch/FetchResponse.cpp

@@ -248 +248 @@
 {
     if (m_responseURL.isNull()) {
-        URL url = m_internalResponse.url();
+        URL url = filteredResponse().url();
         url.removeFragmentIdentifier();
         m_responseURL = url.string();