Changeset 99298 in webkit
- Timestamp:
- Nov 4, 2011 11:09:36 AM (12 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r99297 r99298 1 2011-11-04 Adam Barth <abarth@webkit.org> 2 3 Anonymous CORS fetch for WebGL texture fails when there is no appropriate server response even for the same origin requests 4 https://bugs.webkit.org/show_bug.cgi?id=71053 5 6 Reviewed by Darin Adler. 7 8 Test that we succeed in loading a same-origin image without the help of 9 CORS even if the image has the crossorigin attribute. 10 11 * http/tests/security/img-crossorigin-loads-same-origin-expected.txt: Added. 12 * http/tests/security/img-crossorigin-loads-same-origin.html: Added. 13 1 14 2011-11-04 Gaurav Shah <gauravsh@chromium.org> 2 15 -
trunk/Source/WebCore/ChangeLog
r99297 r99298 1 2011-11-04 Adam Barth <abarth@webkit.org> 2 3 Anonymous CORS fetch for WebGL texture fails when there is no appropriate server response even for the same origin requests 4 https://bugs.webkit.org/show_bug.cgi?id=71053 5 6 Reviewed by Darin Adler. 7 8 The crossorigin attribute should behave like XMLHttpRequest: 9 same-origin images pass without and CORS headers, but CORS checks are 10 performed for cross-origin loads. This patch better aligns our 11 behavior with Firefox, as discussed in the bug. 12 13 Test: http/tests/security/img-crossorigin-loads-same-origin.html 14 15 * loader/ImageLoader.cpp: 16 (WebCore::ImageLoader::notifyFinished): 17 1 18 2011-11-04 Gaurav Shah <gauravsh@chromium.org> 2 19 -
trunk/Source/WebCore/loader/ImageLoader.cpp
r98215 r99298 34 34 #include "RenderImage.h" 35 35 #include "ScriptCallStack.h" 36 #include "SecurityOrigin.h" 36 37 37 38 #if ENABLE(SVG) … … 241 242 return; 242 243 243 if (m_element->fastHasAttribute(HTMLNames::crossoriginAttr) && !resource->passesAccessControlCheck(m_element->document()->securityOrigin())) { 244 if (m_element->fastHasAttribute(HTMLNames::crossoriginAttr) 245 && !m_element->document()->securityOrigin()->canRequest(image()->response().url()) 246 && !resource->passesAccessControlCheck(m_element->document()->securityOrigin())) { 247 244 248 setImage(0); 245 249
Note: See TracChangeset
for help on using the changeset viewer.