Changeset 254821 in webkit

Timestamp:

Jan 20, 2020 6:43:44 AM (4 years ago)

Author:

commit-queue@webkit.org

Message:

Implement "create a potential-CORS request"
​https://bugs.webkit.org/show_bug.cgi?id=205326

Patch by Rob Buis <​rbuis@igalia.com> on 2020-01-20
Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Update improved test result.

• web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network-expected.txt:

Source/WebCore:

The storedCredentialsPolicy should be calculated using a same origin
check when credentials are computed as same-origin.

Test: imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network.html

• loader/CrossOriginAccessControl.cpp:

(WebCore::createPotentialAccessControlRequest):

Location:

trunk

Files:

• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/CrossOriginAccessControl.cpp (modified) (1 diff)

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2020-01-20  Rob Buis  <rbuis@igalia.com>
+
+        Implement "create a potential-CORS request"
+        https://bugs.webkit.org/show_bug.cgi?id=205326
+
+        Reviewed by Youenn Fablet.
+
+        Update improved test result.
+
+        * web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network-expected.txt:
+
 2020-01-20  Rossana Monteriso  <rmonteriso@igalia.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network-expected.txt

@@ -1 +1 @@
 
 PASS HTMLScriptElement: crossorigin attribute network test1 
-FAIL HTMLScriptElement: crossorigin attribute network test2 assert_true: invalid values should default to include credentials due to response tainting expected true got false
+PASS HTMLScriptElement: crossorigin attribute network test2 
 PASS HTMLScriptElement: crossorigin attribute network test3 
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-01-20  Rob Buis  <rbuis@igalia.com>
+
+        Implement "create a potential-CORS request"
+        https://bugs.webkit.org/show_bug.cgi?id=205326
+
+        Reviewed by Youenn Fablet.
+
+        The storedCredentialsPolicy should be calculated using a same origin
+        check when credentials are computed as same-origin.
+
+        Test: imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network.html
+
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::createPotentialAccessControlRequest):
+
 2020-01-20  Rob Buis  <rbuis@igalia.com>
 

trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp

@@ -138 +138 @@
         ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
     options.credentials = credentials;
-    options.storedCredentialsPolicy = credentials == FetchOptions::Credentials::Include ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
+    switch (credentials) {
+    case FetchOptions::Credentials::Include:
+        options.storedCredentialsPolicy = StoredCredentialsPolicy::Use;
+        break;
+    case FetchOptions::Credentials::SameOrigin:
+        options.storedCredentialsPolicy = document.securityOrigin().canRequest(request.url()) ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
+        break;
+    case FetchOptions::Credentials::Omit:
+        options.storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
+    }
 
     CachedResourceRequest cachedRequest { WTFMove(request), WTFMove(options) };