Changeset 246087 in webkit

Timestamp:

Jun 4, 2019 4:31:34 PM (5 years ago)

Author:

Chris Dumez

Message:

Crash when calling XMLHttpRequest.setRequestHeader() in a worker
​https://bugs.webkit.org/show_bug.cgi?id=198534
<rdar://problem/51393912>

Reviewed by Alex Christensen.

Source/WebCore:

Make sure the script execution context is a Document because calling document()
to get the settings.

Test: fast/workers/worker-xhr-setRequestHeader.html

• xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::setRequestHeader):

LayoutTests:

Add layout test coverage.

• fast/workers/resources/worker-xhr-setRequestHeader.js: Added.
• fast/workers/worker-xhr-setRequestHeader-expected.txt: Added.
• fast/workers/worker-xhr-setRequestHeader.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/workers/resources/worker-xhr-setRequestHeader.js (added)
• LayoutTests/fast/workers/worker-xhr-setRequestHeader-expected.txt (added)
• LayoutTests/fast/workers/worker-xhr-setRequestHeader.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/xml/XMLHttpRequest.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-06-04  Chris Dumez  <cdumez@apple.com>
+
+        Crash when calling XMLHttpRequest.setRequestHeader() in a worker
+        https://bugs.webkit.org/show_bug.cgi?id=198534
+        <rdar://problem/51393912>
+
+        Reviewed by Alex Christensen.
+
+        Add layout test coverage.
+
+        * fast/workers/resources/worker-xhr-setRequestHeader.js: Added.
+        * fast/workers/worker-xhr-setRequestHeader-expected.txt: Added.
+        * fast/workers/worker-xhr-setRequestHeader.html: Added.
+
 2019-06-04  Antti Koivisto  <antti@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-06-04  Chris Dumez  <cdumez@apple.com>
+
+        Crash when calling XMLHttpRequest.setRequestHeader() in a worker
+        https://bugs.webkit.org/show_bug.cgi?id=198534
+        <rdar://problem/51393912>
+
+        Reviewed by Alex Christensen.
+
+        Make sure the script execution context is a Document because calling document()
+        to get the settings.
+
+        Test: fast/workers/worker-xhr-setRequestHeader.html
+
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::setRequestHeader):
+
 2019-06-04  Antti Koivisto  <antti@apple.com>
 

trunk/Source/WebCore/xml/XMLHttpRequest.cpp

@@ -818 +818 @@
     allowUnsafeHeaderField = usesDashboardBackwardCompatibilityMode();
 #endif
-    if (securityOrigin()->canLoadLocalResources() && document()->settings().allowSettingAnyXHRHeaderFromFileURLs())
+
+    // FIXME: The allowSettingAnyXHRHeaderFromFileURLs setting currently only applies to Documents, not workers.
+    if (securityOrigin()->canLoadLocalResources() && scriptExecutionContext()->isDocument() && document()->settings().allowSettingAnyXHRHeaderFromFileURLs())
         allowUnsafeHeaderField = true;
     if (!allowUnsafeHeaderField && isForbiddenHeaderName(name)) {