Changeset 98215 in webkit
- Timestamp:
- Oct 23, 2011 9:36:38 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r98214 r98215 1 2011-10-23 Adam Barth <abarth@webkit.org> 2 3 <img crossorigin> should fail to load when CORS check fails 4 https://bugs.webkit.org/show_bug.cgi?id=69732 5 6 Reviewed by Darin Adler. 7 8 Test that images loaded with the crossorigin attribute fail to load if 9 the CORS access check doesn't pass. 10 11 * http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt: Added. 12 * http/tests/security/img-with-failed-cors-check-fails-to-load.html: Added. 13 1 14 2011-10-23 Filip Pizlo <fpizlo@apple.com> 2 15 -
trunk/Source/WebCore/ChangeLog
r98209 r98215 1 2011-10-23 Adam Barth <abarth@webkit.org> 2 3 <img crossorigin> should fail to load when CORS check fails 4 https://bugs.webkit.org/show_bug.cgi?id=69732 5 6 Reviewed by Darin Adler. 7 8 When loading an image with the crossorigin attribute, the spec says 9 that we're not supposed to load the image if the CORS check fails. 10 This "fails fast" behavior is intended to help developers understand 11 whether they've configured CORS correctly (instead of only catching the 12 error later when trying to read back the canvas). 13 14 Our new behavior matches the spec and Firefox. 15 16 Test: http/tests/security/img-with-failed-cors-check-fails-to-load.html 17 18 * loader/ImageLoader.cpp: 19 (WebCore::ImageLoader::notifyFinished): 20 1 21 2011-10-23 Noel Gordon <noel.gordon@gmail.com> 2 22 -
trunk/Source/WebCore/loader/ImageLoader.cpp
r95228 r98215 33 33 #include "HTMLParserIdioms.h" 34 34 #include "RenderImage.h" 35 #include "ScriptCallStack.h" 35 36 36 37 #if ENABLE(SVG) … … 240 241 return; 241 242 243 if (m_element->fastHasAttribute(HTMLNames::crossoriginAttr) && !resource->passesAccessControlCheck(m_element->document()->securityOrigin())) { 244 setImage(0); 245 246 DEFINE_STATIC_LOCAL(String, consoleMessage, ("Cross-origin image load denied by Cross-Origin Resource Sharing policy.")); 247 m_element->document()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String(), 0); 248 249 ASSERT(m_firedLoad); 250 return; 251 } 252 242 253 if (resource->wasCanceled()) { 243 254 m_firedLoad = true;
Note: See TracChangeset
for help on using the changeset viewer.