WebKit Bugzilla
Attachment 338853 Details for
Bug 185021
: CORS preflight checker should add a console message when preflight load is blocked
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185021-20180425213804.patch (text/plain), 14.58 KB, created by
youenn fablet
on 2018-04-25 21:38:05 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-04-25 21:38:05 PDT
Size:
14.58 KB
patch
obsolete
>Subversion Revision: 230995 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index ece9e09073555d1198d941c42894b1f30a185ddf..e2f87f783d2e73a8b8c4e68d333ccfd48f4a2165 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,18 @@ >+2018-04-25 Youenn Fablet <youenn@apple.com> >+ >+ preflight checker should add a console message when preflight load is blocked >+ https://bugs.webkit.org/show_bug.cgi?id=185021 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ No change of behavior, adding a JS console message when preflight load is blocked. >+ This mirrors what is being done in preflighting done from NetworkProcess. >+ Covered by existing tests. >+ >+ * loader/CrossOriginPreflightChecker.cpp: >+ (WebCore::CrossOriginPreflightChecker::notifyFinished): >+ (WebCore::CrossOriginPreflightChecker::doPreflight): >+ > 2018-04-25 Youenn Fablet <youenn@apple.com> > > Use NetworkLoadChecker for all subresource loads except fetch/XHR >diff --git a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp >index f2c5f5c159ab858b0861e207fe522d8a546ab2c5..7e55616216a67aca3e6cbaf6b74d7f3b82dde8d2 100644 >--- a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp >+++ b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp >@@ -92,6 +92,8 @@ void CrossOriginPreflightChecker::notifyFinished(CachedResource& resource) > if (preflightError.isNull() || preflightError.isCancellation() || preflightError.isGeneral()) > preflightError.setType(ResourceError::Type::AccessControl); > >+ if (!preflightError.isTimeout()) >+ m_loader.document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, ASCIILiteral("CORS-preflight request was blocked")); > m_loader.preflightFailure(m_resource->identifier(), preflightError); > return; > } >@@ -140,6 +142,10 @@ void CrossOriginPreflightChecker::doPreflight(DocumentThreadableLoader& loader, > // FIXME:: According fetch, we should just pass the error to the layer above. But this may impact some clients like XHR or EventSource. > if (error.isCancellation() || error.isGeneral()) > error.setType(ResourceError::Type::AccessControl); >+ >+ if (!error.isTimeout()) >+ loader.document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, ASCIILiteral("CORS-preflight request was blocked")); >+ > loader.preflightFailure(identifier, error); > return; > } >diff --git a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp >index 973263d6e9483d2c40914ce3d38de948d3406f0a..de833d64ef142bfce25c5276af4ea42354d8dede 100644 >--- a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp >@@ -123,7 +123,7 @@ void NetworkCORSPreflightChecker::didSendData(uint64_t totalBytesSent, uint64_t > void NetworkCORSPreflightChecker::wasBlocked() > { > RELEASE_LOG_IF_ALLOWED("wasBlocked"); >- m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("Preflight request was blocked"), ResourceError::Type::AccessControl }); >+ m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("CORS-preflight request was blocked"), ResourceError::Type::AccessControl }); > } > > void NetworkCORSPreflightChecker::cannotShowURL() >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 072ffe021e3fc0f4f37d08616962ac6577fcb660..4a4cc2330d109af456c13601fdf5b5b8f3c3eb10 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,16 @@ >+2018-04-25 Youenn Fablet <youenn@apple.com> >+ >+ preflight checker should add a console message when preflight load is blocked >+ https://bugs.webkit.org/show_bug.cgi?id=185021 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt: >+ * http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt: >+ * platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: >+ * platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: >+ * platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: >+ > 2018-04-25 Youenn Fablet <youenn@apple.com> > > Use NetworkLoadChecker for all subresource loads except fetch/XHR >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index 1fc37eb803282e7192033482e3cd87f3d65dcd73..40c086b2e4eac1bc119683c0c22a2b36662f06f4 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,13 @@ >+2018-04-25 Youenn Fablet <youenn@apple.com> >+ >+ preflight checker should add a console message when preflight load is blocked >+ https://bugs.webkit.org/show_bug.cgi?id=185021 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt: >+ * web-platform-tests/cors/late-upload-events-expected.txt: >+ > 2018-04-25 Youenn Fablet <youenn@apple.com> > > Use NetworkLoadChecker for all subresource loads except fetch/XHR >diff --git a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt >index 86bb8e15b81da2660120835553d7ba96e53f649f..344587184b6c5fd60bd1e672c6245db572969e99 100644 >--- a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt >+++ b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt >@@ -1,5 +1,6 @@ > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks. >+CONSOLE MESSAGE: CORS-preflight request was blocked > CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:7/ due to access control checks. > Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS: > >diff --git a/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt b/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt >index 71921442c3614f885245e152627073f0a0abf3cd..0cad5067d01b536ffda2ffd3fcb0d41b0aea18e8 100644 >--- a/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt >+++ b/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt >@@ -1,5 +1,6 @@ > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks. >+CONSOLE MESSAGE: CORS-preflight request was blocked > CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:7/ due to access control checks. > Test that a simple cross-origin request to a server that responds (but does not permit cross-origin requests) is indistinguishable from one that does not exist. Should say PASS: > >diff --git a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt >index 8c0bfa246fad440e965e34ac737187d8c6de18c1..503780260b5e301f2eb9a8077969e9fc6219b46f 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt >@@ -1,3 +1,4 @@ >+CONSOLE MESSAGE: CORS-preflight request was blocked > CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth1/corsenabled.py due to access control checks. > > PASS XMLHttpRequest: send() - "Basic" authenticated CORS requests with user name and password passed to open() (asserts failure) >diff --git a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt >index bd71159a90bbc3aa111be2133b17fa145ed85061..b20bc2c0caf7796d748f6222702b0f8f2002edf2 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt >@@ -1,3 +1,4 @@ >+CONSOLE MESSAGE: CORS-preflight request was blocked > CONSOLE MESSAGE: XMLHttpRequest cannot load http://nonexistent-origin.localhost:8800/ due to access control checks. > > PASS XMLHttpRequest: The send() method: Fire a progress event named error when Network error happens (synchronous flag is unset) >diff --git a/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt >index 8f9a1e0f52a1775b6fe98607d5c09f9caeb29625..5d86ccf4c2b74c2dcf17fc7a78bdd00213a08375 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt >@@ -1,5 +1,6 @@ > Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?headers=custom-header > CONSOLE MESSAGE: line 30: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?headers=custom-header due to access control checks. >+CONSOLE MESSAGE: CORS-preflight request was blocked > CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?headers=custom-header due to access control checks. > Adding upload event listeners after send() > >diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt >index d0a1e16a1f850857d5eb719d1be8e66e386ff418..6ab7f0082aa905a93bea25b2b8a62d8f68d81a5d 100644 >--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt >+++ b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt >@@ -1,4 +1,5 @@ > Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py >+CONSOLE MESSAGE: line 26: Preflight request was blocked > CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py due to access control checks. > > FAIL XMLHttpRequest: send() - "Basic" authenticated CORS request using setRequestHeader() (expects to succeed) A network error occurred. >diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt >index 4762bc838a6ece8ff425768bf7fe6b253d4578c7..c2bcc9161c769c95a14187ec50bf5e34c792a3a1 100644 >--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt >+++ b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt >@@ -1,6 +1,8 @@ > Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py >+CONSOLE MESSAGE: line 33: Preflight request was blocked > CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py due to access control checks. > Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py >+CONSOLE MESSAGE: line 33: Preflight request was blocked > CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py due to access control checks. > > FAIL CORS request with setRequestHeader auth to URL accepting Authorization header assert_true: responseText should contain the right user and password expected true got false >diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt >index 904940830319ffd6bd122c19f9353f74b1cb4110..7c98d20e429099e2f84e08edef25b98aca66a768 100644 >--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt >+++ b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt >@@ -1,10 +1,14 @@ > Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print >+CONSOLE MESSAGE: line 22: Preflight request was blocked > CONSOLE MESSAGE: line 22: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks. > Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print, >+CONSOLE MESSAGE: line 36: Preflight request was blocked > CONSOLE MESSAGE: line 36: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print, due to access control checks. > Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print >+CONSOLE MESSAGE: line 51: Preflight request was blocked > CONSOLE MESSAGE: line 51: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks. > Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT >+CONSOLE MESSAGE: line 59: Preflight request was blocked > CONSOLE MESSAGE: line 59: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT due to access control checks. > Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT > Request headers
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=338853">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185021
:
338841
|
338842
|
338844
|
338849
|
338851
|
338853
|
338857
|
338860
|
338873
|
338875
|
338882