WebKit Bugzilla
Attachment 338872 Details for
Bug 185023
: Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185023-20180426084019.patch (text/plain), 17.76 KB, created by
youenn fablet
on 2018-04-26 08:40:20 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-04-26 08:40:20 PDT
Size:
17.76 KB
patch
obsolete
>Subversion Revision: 230995 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 4a8f87fde57e11b3cc312b0f49f85fe9bc3a40b6..da9593981708ac2c594833ac8af2f915fd51b198 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,16 @@ >+2018-04-25 Youenn Fablet <youenn@apple.com> >+ >+ Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker >+ https://bugs.webkit.org/show_bug.cgi?id=185023 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Align NetworkLoadChecker with what SubresourceLoader is doing so that we can keep WK1 and WK2 error messages as consistent as possible. >+ >+ * NetworkProcess/NetworkLoadChecker.cpp: >+ (WebKit::NetworkLoadChecker::checkRedirection): >+ (WebKit::NetworkLoadChecker::validateResponse): >+ > 2018-04-25 Youenn Fablet <youenn@apple.com> > > Use NetworkLoadChecker for all subresource loads except fetch/XHR >diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >index acd9f6eb18183aebb2ad1e2d0e4acb23a33f96d9..46f9aab83f8291f6fcfa7ac7a61f39d8e6a952c3 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >@@ -91,6 +91,13 @@ void NetworkLoadChecker::checkRedirection(WebCore::ResourceResponse& redirectRes > { > ASSERT(!isChecking()); > >+ auto error = validateResponse(redirectResponse); >+ if (!error.isNull()) { >+ auto errorMessage = makeString("Cross-origin redirection to ", request.url().string(), " denied by Cross-Origin Resource Sharing policy: ", error.localizedDescription()); >+ handler(makeUnexpected(ResourceError { String { }, 0, request.url(), WTFMove(errorMessage), ResourceError::Type::AccessControl })); >+ return; >+ } >+ > if (m_options.redirect != FetchOptions::Redirect::Follow) { > handler(returnError(ASCIILiteral("Redirections are not allowed"))); > return; >@@ -107,12 +114,6 @@ void NetworkLoadChecker::checkRedirection(WebCore::ResourceResponse& redirectRes > m_previousURL = WTFMove(m_url); > m_url = request.url(); > >- auto error = validateResponse(redirectResponse); >- if (!error.isNull()) { >- handler(makeUnexpected(WTFMove(error))); >- return; >- } >- > checkRequest(WTFMove(request), WTFMove(handler)); > } > >@@ -134,11 +135,8 @@ ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response) > ASSERT(m_options.mode == FetchOptions::Mode::Cors); > > String errorMessage; >- if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage)) { >- if (m_redirectCount) >- errorMessage = makeString("Cross-origin redirection to ", m_url.string(), " denied by Cross-Origin Resource Sharing policy: ", errorMessage); >- return ResourceError { errorDomainWebKitInternal, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl }; >- } >+ if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage)) >+ return ResourceError { String { }, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl }; > > response.setTainting(ResourceResponse::Tainting::Cors); > return { }; >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 4a4cc2330d109af456c13601fdf5b5b8f3c3eb10..55e9b4f963cb142b3224e3e8d19fe7c4fd4c9641 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,20 @@ >+2018-04-25 Youenn Fablet <youenn@apple.com> >+ >+ Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker >+ https://bugs.webkit.org/show_bug.cgi?id=185023 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: >+ * http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: >+ * http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: >+ * platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed. >+ * platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed. >+ * platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed. >+ * platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed. >+ * platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed. >+ * platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed. >+ > 2018-04-25 Youenn Fablet <youenn@apple.com> > > preflight checker should add a console message when preflight load is blocked >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index 40c086b2e4eac1bc119683c0c22a2b36662f06f4..0e96cbaf7374cc7d130c67f03d9b193b52d4de96 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,14 @@ >+2018-04-25 Youenn Fablet <youenn@apple.com> >+ >+ Mak cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker >+ https://bugs.webkit.org/show_bug.cgi?id=185023 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Fix message cross origin check failed in case of redirection >+ >+ * web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt: >+ > 2018-04-25 Youenn Fablet <youenn@apple.com> > > preflight checker should add a console message when preflight load is blocked >diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt >index ccf51f712b525d645456778c0e47b5a039570250..b45a5b23e7034152bb732b4e9ea210207c9012ad 100644 >--- a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt >+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt >@@ -1,3 +1,3 @@ >-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8000/security/contentSecurityPolicy/resources/alert-pass.js denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy. > This tests whether a deferred script load caused by a redirect is properly allowed by a nonce. >diff --git a/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt b/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt >index 350dfdda8c3250a7599eb41f9d078151034853c0..9b16047a7d79f97561afa8f8c83cbada4d123ade 100644 >--- a/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt >+++ b/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt >@@ -1,4 +1,4 @@ >-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=false denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > Verify the error message in console in case of CORS failing checks. > > >diff --git a/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt b/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt >index 350dfdda8c3250a7599eb41f9d078151034853c0..9b16047a7d79f97561afa8f8c83cbada4d123ade 100644 >--- a/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt >+++ b/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt >@@ -1,4 +1,4 @@ >-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=false denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > Verify the error message in console in case of CORS failing checks. > > >diff --git a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt >index 3d669c6a0b8bb321f60d002957125762a91d5339..9fab1a51341a908544065229742ab6e1f177890b 100644 >--- a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt >+++ b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt >@@ -1,4 +1,4 @@ >-CONSOLE MESSAGE: line 31: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/reply.xml denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >+CONSOLE MESSAGE: line 31: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: line 31: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks. > Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS: > >diff --git a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt >index dd25e72102515e7410c511470f3260e16b393b7c..840531bb367451b36940392df3fc9a50e37a3e41 100644 >--- a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt >+++ b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt >@@ -1,4 +1,4 @@ >-CONSOLE MESSAGE: line 26: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/reply.xml denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >+CONSOLE MESSAGE: line 26: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks. > Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS: > >diff --git a/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt b/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt >index f89a4abc53a076a53b66273fa2bf07b9556eb8c9..409191a1696e61875c0cb712023bd309df08c531 100644 >--- a/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt >+++ b/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt >@@ -1,4 +1,4 @@ >-CONSOLE MESSAGE: line 54: Cross-origin redirection to http://localhost:8080/xmlhttprequest/resources/forbidden.txt denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >+CONSOLE MESSAGE: line 54: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: line 54: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks. > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks. >diff --git a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt >index f911ac087d622c80495427a589e8cef0f117fe0b..2d647629c2e40f4245026a0cc252b6879439f55f 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt >@@ -4,7 +4,7 @@ CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control- > CONSOLE MESSAGE: XMLHttpRequest cannot load https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py? due to access control checks. > CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: Cannot load image https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE& due to access control checks. >-CONSOLE MESSAGE: Cross-origin redirection to https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE& denied by Cross-Origin Resource Sharing policy: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin. >+CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: Cannot load image https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2F127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FPNGIMAGE%26 due to access control checks. > > PASS initialize global state >diff --git a/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt b/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt >deleted file mode 100644 >index b45a5b23e7034152bb732b4e9ea210207c9012ad..0000000000000000000000000000000000000000 >--- a/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt >+++ /dev/null >@@ -1,3 +0,0 @@ >-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >-This tests whether a deferred script load caused by a redirect is properly allowed by a nonce. >diff --git a/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt b/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt >deleted file mode 100644 >index 9b16047a7d79f97561afa8f8c83cbada4d123ade..0000000000000000000000000000000000000000 >--- a/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt >+++ /dev/null >@@ -1,4 +0,0 @@ >-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-Verify the error message in console in case of CORS failing checks. >- >- >diff --git a/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt b/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt >deleted file mode 100644 >index 9b16047a7d79f97561afa8f8c83cbada4d123ade..0000000000000000000000000000000000000000 >--- a/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt >+++ /dev/null >@@ -1,4 +0,0 @@ >-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-Verify the error message in console in case of CORS failing checks. >- >- >diff --git a/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt b/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt >deleted file mode 100644 >index b45a5b23e7034152bb732b4e9ea210207c9012ad..0000000000000000000000000000000000000000 >--- a/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt >+++ /dev/null >@@ -1,3 +0,0 @@ >-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >-This tests whether a deferred script load caused by a redirect is properly allowed by a nonce. >diff --git a/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt b/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt >deleted file mode 100644 >index 9b16047a7d79f97561afa8f8c83cbada4d123ade..0000000000000000000000000000000000000000 >--- a/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt >+++ /dev/null >@@ -1,4 +0,0 @@ >-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-Verify the error message in console in case of CORS failing checks. >- >- >diff --git a/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt b/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt >deleted file mode 100644 >index 9b16047a7d79f97561afa8f8c83cbada4d123ade..0000000000000000000000000000000000000000 >--- a/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt >+++ /dev/null >@@ -1,4 +0,0 @@ >-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-Verify the error message in console in case of CORS failing checks. >- >-
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=338872">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185023
:
338854
|
338859
| 338872