WebKit Bugzilla
Attachment 338851 Details for
Bug 185021
: CORS preflight checker should add a console message when preflight load is blocked
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185021-20180425195306.patch (text/plain), 13.56 KB, created by
youenn fablet
on 2018-04-25 19:53:07 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-04-25 19:53:07 PDT
Size:
13.56 KB
patch
obsolete
>Subversion Revision: 230995 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index ece9e09073555d1198d941c42894b1f30a185ddf..e2f87f783d2e73a8b8c4e68d333ccfd48f4a2165 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,18 @@ >+2018-04-25 Youenn Fablet <youenn@apple.com> >+ >+ preflight checker should add a console message when preflight load is blocked >+ https://bugs.webkit.org/show_bug.cgi?id=185021 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ No change of behavior, adding a JS console message when preflight load is blocked. >+ This mirrors what is being done in preflighting done from NetworkProcess. >+ Covered by existing tests. >+ >+ * loader/CrossOriginPreflightChecker.cpp: >+ (WebCore::CrossOriginPreflightChecker::notifyFinished): >+ (WebCore::CrossOriginPreflightChecker::doPreflight): >+ > 2018-04-25 Youenn Fablet <youenn@apple.com> > > Use NetworkLoadChecker for all subresource loads except fetch/XHR >diff --git a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp >index f2c5f5c159ab858b0861e207fe522d8a546ab2c5..9143c0028eeb381cde7bf79ce84da66cf6c53484 100644 >--- a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp >+++ b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp >@@ -92,6 +92,8 @@ void CrossOriginPreflightChecker::notifyFinished(CachedResource& resource) > if (preflightError.isNull() || preflightError.isCancellation() || preflightError.isGeneral()) > preflightError.setType(ResourceError::Type::AccessControl); > >+ if (!preflightError.isTimeout()) >+ m_loader.document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, ASCIILiteral("Preflight request was blocked")); > m_loader.preflightFailure(m_resource->identifier(), preflightError); > return; > } >@@ -140,6 +142,10 @@ void CrossOriginPreflightChecker::doPreflight(DocumentThreadableLoader& loader, > // FIXME:: According fetch, we should just pass the error to the layer above. But this may impact some clients like XHR or EventSource. > if (error.isCancellation() || error.isGeneral()) > error.setType(ResourceError::Type::AccessControl); >+ >+ if (!error.isTimeout()) >+ loader.document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, ASCIILiteral("Preflight request was blocked")); >+ > loader.preflightFailure(identifier, error); > return; > } >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 072ffe021e3fc0f4f37d08616962ac6577fcb660..4a4cc2330d109af456c13601fdf5b5b8f3c3eb10 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,16 @@ >+2018-04-25 Youenn Fablet <youenn@apple.com> >+ >+ preflight checker should add a console message when preflight load is blocked >+ https://bugs.webkit.org/show_bug.cgi?id=185021 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt: >+ * http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt: >+ * platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: >+ * platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: >+ * platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: >+ > 2018-04-25 Youenn Fablet <youenn@apple.com> > > Use NetworkLoadChecker for all subresource loads except fetch/XHR >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index 1fc37eb803282e7192033482e3cd87f3d65dcd73..40c086b2e4eac1bc119683c0c22a2b36662f06f4 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,13 @@ >+2018-04-25 Youenn Fablet <youenn@apple.com> >+ >+ preflight checker should add a console message when preflight load is blocked >+ https://bugs.webkit.org/show_bug.cgi?id=185021 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt: >+ * web-platform-tests/cors/late-upload-events-expected.txt: >+ > 2018-04-25 Youenn Fablet <youenn@apple.com> > > Use NetworkLoadChecker for all subresource loads except fetch/XHR >diff --git a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt >index 86bb8e15b81da2660120835553d7ba96e53f649f..32ad3d9de588ecf80899b1bab945a765a2ee2688 100644 >--- a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt >+++ b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt >@@ -1,5 +1,6 @@ > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks. >+CONSOLE MESSAGE: Preflight request was blocked > CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:7/ due to access control checks. > Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS: > >diff --git a/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt b/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt >index 71921442c3614f885245e152627073f0a0abf3cd..4b5fc358b20b80bd8d52fa7ef892f8212b7ae119 100644 >--- a/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt >+++ b/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt >@@ -1,5 +1,6 @@ > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks. >+CONSOLE MESSAGE: Preflight request was blocked > CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:7/ due to access control checks. > Test that a simple cross-origin request to a server that responds (but does not permit cross-origin requests) is indistinguishable from one that does not exist. Should say PASS: > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt >index 8c0bfa246fad440e965e34ac737187d8c6de18c1..b7ec7851e8cf5918f3ce7bd248661621ecde462c 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt >@@ -1,3 +1,4 @@ >+CONSOLE MESSAGE: Preflight request was blocked > CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth1/corsenabled.py due to access control checks. > > PASS XMLHttpRequest: send() - "Basic" authenticated CORS requests with user name and password passed to open() (asserts failure) >diff --git a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt >index bd71159a90bbc3aa111be2133b17fa145ed85061..e7145a97a62f83690cf39f7af36bfae1692880e5 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt >@@ -1,3 +1,4 @@ >+CONSOLE MESSAGE: Preflight request was blocked > CONSOLE MESSAGE: XMLHttpRequest cannot load http://nonexistent-origin.localhost:8800/ due to access control checks. > > PASS XMLHttpRequest: The send() method: Fire a progress event named error when Network error happens (synchronous flag is unset) >diff --git a/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt >index 8f9a1e0f52a1775b6fe98607d5c09f9caeb29625..3c04578cbdce5472adbe9e998460e588139cb5eb 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt >@@ -1,5 +1,6 @@ > Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?headers=custom-header > CONSOLE MESSAGE: line 30: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?headers=custom-header due to access control checks. >+CONSOLE MESSAGE: Preflight request was blocked > CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?headers=custom-header due to access control checks. > Adding upload event listeners after send() > >diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt >index d0a1e16a1f850857d5eb719d1be8e66e386ff418..6ab7f0082aa905a93bea25b2b8a62d8f68d81a5d 100644 >--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt >+++ b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt >@@ -1,4 +1,5 @@ > Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py >+CONSOLE MESSAGE: line 26: Preflight request was blocked > CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py due to access control checks. > > FAIL XMLHttpRequest: send() - "Basic" authenticated CORS request using setRequestHeader() (expects to succeed) A network error occurred. >diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt >index 4762bc838a6ece8ff425768bf7fe6b253d4578c7..c2bcc9161c769c95a14187ec50bf5e34c792a3a1 100644 >--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt >+++ b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt >@@ -1,6 +1,8 @@ > Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py >+CONSOLE MESSAGE: line 33: Preflight request was blocked > CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py due to access control checks. > Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py >+CONSOLE MESSAGE: line 33: Preflight request was blocked > CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py due to access control checks. > > FAIL CORS request with setRequestHeader auth to URL accepting Authorization header assert_true: responseText should contain the right user and password expected true got false >diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt >index 904940830319ffd6bd122c19f9353f74b1cb4110..7c98d20e429099e2f84e08edef25b98aca66a768 100644 >--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt >+++ b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt >@@ -1,10 +1,14 @@ > Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print >+CONSOLE MESSAGE: line 22: Preflight request was blocked > CONSOLE MESSAGE: line 22: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks. > Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print, >+CONSOLE MESSAGE: line 36: Preflight request was blocked > CONSOLE MESSAGE: line 36: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print, due to access control checks. > Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print >+CONSOLE MESSAGE: line 51: Preflight request was blocked > CONSOLE MESSAGE: line 51: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks. > Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT >+CONSOLE MESSAGE: line 59: Preflight request was blocked > CONSOLE MESSAGE: line 59: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT due to access control checks. > Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT > Request headers
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=338851">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185021
:
338841
|
338842
|
338844
|
338849
|
338851
|
338853
|
338857
|
338860
|
338873
|
338875
|
338882