WebKit Bugzilla
Attachment 340994 Details for
Bug 185849
: NetworkLoadChecker should check cached redirections
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185849-20180522111003.patch (text/plain), 34.71 KB, created by
youenn fablet
on 2018-05-22 11:10:03 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-05-22 11:10:03 PDT
Size:
34.71 KB
patch
obsolete
>Subversion Revision: 232031 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index f514aaa94823cc055a4dee12b4f26c2863832291..4507d9a1a146a9eb6c9f995bd800df3d72d882e3 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,16 @@ >+2018-05-21 Youenn Fablet <youenn@apple.com> >+ >+ NetworkLoadChecker should check cached redirections >+ https://bugs.webkit.org/show_bug.cgi?id=185849 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Covered by updated tests. >+ >+ * loader/SubresourceLoader.cpp: >+ (WebCore::SubresourceLoader::willSendRequestInternal): >+ Log the case of a redirection with fetch error mode. >+ > 2018-05-21 Chris Dumez <cdumez@apple.com> > > File's structured serialization should serialize lastModified attribute >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index d1815fc0aa2170df9c63407c9dcd9662314962d8..9d8b383811fbfe3725ab9db2b54477871d64af07 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,24 @@ >+2018-05-21 Youenn Fablet <youenn@apple.com> >+ >+ NetworkLoadChecker should check cached redirections >+ https://bugs.webkit.org/show_bug.cgi?id=185849 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * NetworkProcess/NetworkLoadChecker.cpp: >+ (WebKit::NetworkLoadChecker::checkRedirection): >+ Set the resource error url as done by WebCore SubresourceLoader. >+ * NetworkProcess/NetworkResourceLoader.cpp: >+ (WebKit::NetworkResourceLoader::retrieveCacheEntry): >+ Pass the resource request to dispatchWillSendRedirectedRequest now needs it. >+ (WebKit::NetworkResourceLoader::willSendRedirectedRequest): >+ Make sure that m_networkLoad is not null before cancelling it since we might be checking a cached redirection. >+ (WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest): >+ Ensure the redirect response is coming from the Network before adding it to the cache. >+ (WebKit::NetworkResourceLoader::dispatchWillSendRequestForCacheEntry): >+ Call willSendRedirectedRequest to make sure the cached redirect is validated. >+ * NetworkProcess/NetworkResourceLoader.h: >+ > 2018-05-21 Brian Burg <bburg@apple.com> > > Web Automation: always return an empty cookie list if document.cookieURL() is empty >diff --git a/Source/WebCore/loader/SubresourceLoader.cpp b/Source/WebCore/loader/SubresourceLoader.cpp >index f547035f3e3f273227408ed3ec4604417f5e3319..72eba827981b7dd453f68596afabf52f60176c1f 100644 >--- a/Source/WebCore/loader/SubresourceLoader.cpp >+++ b/Source/WebCore/loader/SubresourceLoader.cpp >@@ -209,7 +209,12 @@ void SubresourceLoader::willSendRequestInternal(ResourceRequest&& newRequest, co > if (!redirectResponse.isNull()) { > if (options().redirect != FetchOptions::Redirect::Follow) { > if (options().redirect == FetchOptions::Redirect::Error) { >- cancel(ResourceError { errorDomainWebKitInternal, 0, redirectResponse.url(), "Redirections are not allowed", ResourceError::Type::AccessControl }); >+ ResourceError error { errorDomainWebKitInternal, 0, request().url(), makeString("Load cannot follow redirection for ", request().url().string()), ResourceError::Type::AccessControl }; >+ >+ if (m_frame && m_frame->document()) >+ m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, error.localizedDescription()); >+ >+ cancel(error); > return completionHandler(WTFMove(newRequest)); > } > >diff --git a/Source/WebCore/platform/cf/CFURLExtras.mm b/Source/WebCore/platform/cf/CFURLExtras.mm >new file mode 100644 >index 0000000000000000000000000000000000000000..3a9c74c4dda67e314f2b6d7932a08089973e8b54 >--- /dev/null >+++ b/Source/WebCore/platform/cf/CFURLExtras.mm >@@ -0,0 +1,39 @@ >+/* >+ * Copyright (C) 2013 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#include "config.h" >+#include "CFURLExtras.h" >+ >+#include <wtf/text/CString.h> >+ >+namespace WebCore { >+ >+RetainPtr<CFURLRef> createCFURLFromString(const String& string) >+{ >+ auto urlComponents = adoptNS([[NSURLComponents alloc] initWithString: string]); >+ return (__bridge CFURLRef)[urlComponents URL]; >+} >+ >+} >diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >index 0a4d5c11308dfb2863f2ee56fb2bb8c491c7214a..df885f79d6f6a06ada3bc1380b83945e42054eca 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >@@ -100,12 +100,12 @@ void NetworkLoadChecker::checkRedirection(ResourceResponse& redirectResponse, Re > auto error = validateResponse(redirectResponse); > if (!error.isNull()) { > auto errorMessage = makeString("Cross-origin redirection to ", request.url().string(), " denied by Cross-Origin Resource Sharing policy: ", error.localizedDescription()); >- handler(makeUnexpected(ResourceError { String { }, 0, request.url(), WTFMove(errorMessage), ResourceError::Type::AccessControl })); >+ handler(makeUnexpected(ResourceError { String { }, 0, redirectResponse.url(), WTFMove(errorMessage), ResourceError::Type::AccessControl })); > return; > } > > if (m_options.redirect != FetchOptions::Redirect::Follow) { >- handler(accessControlErrorForValidationHandler(ASCIILiteral("Redirections are not allowed"))); >+ handler(accessControlErrorForValidationHandler(makeString("Load cannot follow redirection for ", redirectResponse.url().string()))); > return; > } > >diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >index 44a32543adad13b7e0e42fc9846db53a9eae155e..0cff3310ecc2f62d56ad4592235639b2ede54643 100644 >--- a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >@@ -230,7 +230,7 @@ void NetworkResourceLoader::retrieveCacheEntry(const ResourceRequest& request) > } > if (entry->redirectRequest()) { > RELEASE_LOG_IF_ALLOWED("retrieveCacheEntry: Handling redirect (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", isMainResource = %d, isSynchronous = %d)", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier, isMainResource(), isSynchronous()); >- loader->dispatchWillSendRequestForCacheEntry(WTFMove(entry)); >+ loader->dispatchWillSendRequestForCacheEntry(WTFMove(request), WTFMove(entry)); > return; > } > if (loader->m_parameters.needsCertificateInfo && !entry->response().certificateInfo()) { >@@ -615,6 +615,9 @@ void NetworkResourceLoader::willSendRedirectedRequest(ResourceRequest&& request, > { > ++m_redirectCount; > >+ if (redirectResponse.source() == ResourceResponse::Source::Network && canUseCachedRedirect(request)) >+ m_cache->storeRedirect(request, redirectResponse, redirectRequest); >+ > if (m_networkLoadChecker) { > m_networkLoadChecker->checkRedirection(redirectResponse, WTFMove(redirectRequest), [protectedThis = makeRef(*this), this, storedCredentialsPolicy = m_networkLoadChecker->storedCredentialsPolicy(), request = WTFMove(request), redirectResponse](auto&& result) mutable { > if (!result.has_value()) { >@@ -622,9 +625,7 @@ void NetworkResourceLoader::willSendRedirectedRequest(ResourceRequest&& request, > return; > > if (m_parameters.options.redirect == FetchOptions::Redirect::Manual) { >- redirectResponse.setType(ResourceResponse::Type::Opaqueredirect); >- this->didReceiveResponse(WTFMove(redirectResponse)); >- this->didFinishLoading({ }); >+ this->didFinishWithRedirectResponse(WTFMove(redirectResponse)); > return; > } > >@@ -634,7 +635,8 @@ void NetworkResourceLoader::willSendRedirectedRequest(ResourceRequest&& request, > > if (storedCredentialsPolicy != m_networkLoadChecker->storedCredentialsPolicy()) { > // We need to restart the load to update the session according the new credential policy. >- m_networkLoad->cancel(); >+ if (m_networkLoad) >+ m_networkLoad->cancel(); > auto request = WTFMove(result.value()); > m_networkLoadChecker->prepareRedirectedRequest(request); > >@@ -656,13 +658,10 @@ void NetworkResourceLoader::willSendRedirectedRequest(ResourceRequest&& request, > continueWillSendRedirectedRequest(WTFMove(request), WTFMove(redirectRequest), WTFMove(redirectResponse)); > } > >-void NetworkResourceLoader::continueWillSendRedirectedRequest(WebCore::ResourceRequest&& request, WebCore::ResourceRequest&& redirectRequest, ResourceResponse&& redirectResponse) >+void NetworkResourceLoader::continueWillSendRedirectedRequest(ResourceRequest&& request, ResourceRequest&& redirectRequest, ResourceResponse&& redirectResponse) > { > ASSERT(!isSynchronous()); > >- if (canUseCachedRedirect(request)) >- m_cache->storeRedirect(request, redirectResponse, redirectRequest); >- > if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(redirectResponse, m_parameters.frameAncestorOrigins) && m_networkLoad) { > didFailLoading(fromOriginResourceError(redirectResponse.url())); > return; >@@ -671,6 +670,23 @@ void NetworkResourceLoader::continueWillSendRedirectedRequest(WebCore::ResourceR > send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, sanitizeResponseIfPossible(WTFMove(redirectResponse), ResourceResponse::SanitizationType::Redirection))); > } > >+void NetworkResourceLoader::didFinishWithRedirectResponse(ResourceResponse&& redirectResponse) >+{ >+ redirectResponse.setType(ResourceResponse::Type::Opaqueredirect); >+ didReceiveResponse(WTFMove(redirectResponse)); >+ >+ WebCore::NetworkLoadMetrics networkLoadMetrics; >+ networkLoadMetrics.markComplete(); >+ networkLoadMetrics.requestHeaderBytesSent = 0; >+ networkLoadMetrics.requestBodyBytesSent = 0; >+ networkLoadMetrics.responseHeaderBytesReceived = 0; >+ networkLoadMetrics.responseBodyBytesReceived = 0; >+ networkLoadMetrics.responseBodyDecodedSize = 0; >+ send(Messages::WebResourceLoader::DidFinishResourceLoad { networkLoadMetrics }); >+ >+ cleanup(LoadResult::Success); >+} >+ > ResourceResponse NetworkResourceLoader::sanitizeResponseIfPossible(ResourceResponse&& response, ResourceResponse::SanitizationType type) > { > if (m_parameters.shouldRestrictHTTPResponseAccess) >@@ -903,22 +919,15 @@ void NetworkResourceLoader::validateCacheEntry(std::unique_ptr<NetworkCache::Ent > startNetworkLoad(WTFMove(revalidationRequest), FirstLoad::Yes); > } > >-void NetworkResourceLoader::dispatchWillSendRequestForCacheEntry(std::unique_ptr<NetworkCache::Entry> entry) >+void NetworkResourceLoader::dispatchWillSendRequestForCacheEntry(ResourceRequest&& request, std::unique_ptr<NetworkCache::Entry>&& entry) > { > ASSERT(entry->redirectRequest()); > ASSERT(!m_isWaitingContinueWillSendRequestForCachedRedirect); > > LOG(NetworkCache, "(NetworkProcess) Executing cached redirect"); > >- auto& response = entry->response(); >- if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(response, m_parameters.frameAncestorOrigins) && m_networkLoad) { >- didFailLoading(fromOriginResourceError(response.url())); >- return; >- } >- >- ++m_redirectCount; >- send(Messages::WebResourceLoader::WillSendRequest { *entry->redirectRequest(), sanitizeResponseIfPossible(ResourceResponse { response }, ResourceResponse::SanitizationType::Redirection) }); > m_isWaitingContinueWillSendRequestForCachedRedirect = true; >+ willSendRedirectedRequest(WTFMove(request), ResourceRequest { *entry->redirectRequest() }, ResourceResponse { entry->response() }); > } > > IPC::Connection* NetworkResourceLoader::messageSenderConnection() >diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.h b/Source/WebKit/NetworkProcess/NetworkResourceLoader.h >index 773ca82fc5c84350457ab6968760843806361e4f..c2ccdd94a99a180481a8c83a2b120f26e2355cb0 100644 >--- a/Source/WebKit/NetworkProcess/NetworkResourceLoader.h >+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoader.h >@@ -137,7 +137,7 @@ private: > void didRetrieveCacheEntry(std::unique_ptr<NetworkCache::Entry>); > void sendResultForCacheEntry(std::unique_ptr<NetworkCache::Entry>); > void validateCacheEntry(std::unique_ptr<NetworkCache::Entry>); >- void dispatchWillSendRequestForCacheEntry(std::unique_ptr<NetworkCache::Entry>); >+ void dispatchWillSendRequestForCacheEntry(WebCore::ResourceRequest&&, std::unique_ptr<NetworkCache::Entry>&&); > void continueProcessingCachedEntryAfterDidReceiveResponse(std::unique_ptr<NetworkCache::Entry>); > > bool shouldInterruptLoadForXFrameOptions(const String&, const WebCore::URL&); >@@ -169,7 +169,7 @@ private: > #endif > > void continueWillSendRedirectedRequest(WebCore::ResourceRequest&& request, WebCore::ResourceRequest&& redirectRequest, WebCore::ResourceResponse&&); >- >+ void didFinishWithRedirectResponse(WebCore::ResourceResponse&&); > WebCore::ResourceResponse sanitizeResponseIfPossible(WebCore::ResourceResponse&&, WebCore::ResourceResponse::SanitizationType); > > // ContentSecurityPolicyClient >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 441dcd8b882d044cdfd8e74b85b901c8ff3ee50c..36f3cdc2babc733be23e296e952990cf0d4c8b91 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,18 @@ >+2018-05-21 Youenn Fablet <youenn@apple.com> >+ >+ NetworkLoadChecker should check cached redirections >+ https://bugs.webkit.org/show_bug.cgi?id=185849 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * TestExpectations: >+ * http/tests/fetch/redirectmode-and-preload-expected.txt: >+ * http/tests/fetch/redirectmode-and-preload.html: >+ Removed tests that mix manual/error redirect mode with no-cors since this is no longer a valid possibility. >+ * http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt: >+ * http/tests/xmlhttprequest/access-control-and-redirects-expected.txt: >+ * platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt: Removed. >+ > 2018-05-21 Chris Dumez <cdumez@apple.com> > > File's structured serialization should serialize lastModified attribute >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index bf94d00e5c57e9e579668137ef882a3078364ee3..5b2a4617c1fc1c1af78214e59bb5d6ff596d6e73 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,13 @@ >+2018-05-22 Youenn Fablet <youenn@apple.com> >+ >+ NetworkLoadChecker should check cached redirections >+ https://bugs.webkit.org/show_bug.cgi?id=185849 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * web-platform-tests/service-workers/service-worker/redirected-response.https-expected.txt: >+ * web-platform-tests/service-workers/service-worker/registration-security-error.https-expected.txt: >+ > 2018-05-21 Chris Dumez <cdumez@apple.com> > > File's structured serialization should serialize lastModified attribute >diff --git a/LayoutTests/TestExpectations b/LayoutTests/TestExpectations >index 72aeb04e795d4f8f41e250dbc6aa8f979dcc052e..e8fb3090ae4ac0b602cf08f0b48f05d7b04d3f3a 100644 >--- a/LayoutTests/TestExpectations >+++ b/LayoutTests/TestExpectations >@@ -362,6 +362,8 @@ webkit.org/b/179881 imported/w3c/web-platform-tests/encoding/eof-shift_jis.html > imported/w3c/web-platform-tests/encoding/legacy-mb-tchinese/big5/big5-encode-form-errors-extBa.html [ Skip ] > [ Debug ] imported/w3c/web-platform-tests/encoding/legacy-mb-tchinese/big5/big5-encode-form-errors-extBb.html [ Skip ] > >+# redirect-chain.php is generating some random number that appear in console error logging. >+http/tests/cache/disk-cache/redirect-chain-limits.html [ DumpJSConsoleLogInStdErr ] > > # Content encoding sniffing is only supported by CFNetwork. > http/tests/xmlhttprequest/gzip-content-type-no-content-encoding.html [ Skip ] >diff --git a/LayoutTests/http/tests/fetch/redirectmode-and-preload-expected.txt b/LayoutTests/http/tests/fetch/redirectmode-and-preload-expected.txt >index 4ab5519ccf6f4aba81ca0bc8aff0d2c0e7b6386d..2b09c1d70aa12351245d019bfd438a2bcc907812 100644 >--- a/LayoutTests/http/tests/fetch/redirectmode-and-preload-expected.txt >+++ b/LayoutTests/http/tests/fetch/redirectmode-and-preload-expected.txt >@@ -1,13 +1,6 @@ >-CONSOLE MESSAGE: line 19: No-Cors mode requires follow redirect mode >-CONSOLE MESSAGE: line 19: Not allowed to request resource >-CONSOLE MESSAGE: line 19: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii due to access control checks. >-CONSOLE MESSAGE: line 32: No-Cors mode requires follow redirect mode >-CONSOLE MESSAGE: line 32: Not allowed to request resource >-CONSOLE MESSAGE: line 32: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii due to access control checks. >+CONSOLE MESSAGE: Load cannot follow redirection for http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii > CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii due to access control checks. > >-PASS Fetch should check for redirections even if resource is preloaded (same fetch options except for redirect mode) > PASS Fetch should check for redirections even if resource is preloaded (different fetch mode, different redirect mode) >-PASS Fetch should check for redirections even if resource is preloaded (same fetch options except for redirect mode) > PASS Fetch should check for redirections even if resource is preloaded (different fetch mode, different redirect mode) > >diff --git a/LayoutTests/http/tests/fetch/redirectmode-and-preload.html b/LayoutTests/http/tests/fetch/redirectmode-and-preload.html >index 8dbb0087e2ca2b491af068c7132e1f14e963674f..8bcd9b40b8ae4c61ea03e75a2e29131010a58473 100644 >--- a/LayoutTests/http/tests/fetch/redirectmode-and-preload.html >+++ b/LayoutTests/http/tests/fetch/redirectmode-and-preload.html >@@ -15,9 +15,6 @@ > function startTests() > { > var preloadUrl = "./resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii"; >- promise_test(function(test) { >- return promise_rejects(test,new TypeError(), fetch(preloadUrl, {redirect: "manual", mode: "no-cors", credentials: "include"})); >- }, "Fetch should check for redirections even if resource is preloaded (same fetch options except for redirect mode)"); > > promise_test(function(test) { > return fetch(preloadUrl, {redirect: "manual", mode: "cors", credentials: "include"}).then((response) => { >@@ -28,10 +25,6 @@ function startTests() > }); > }, "Fetch should check for redirections even if resource is preloaded (different fetch mode, different redirect mode)"); > >- promise_test(function(test) { >- return promise_rejects(test, new TypeError(), fetch(preloadUrl, {redirect: "error", mode: "no-cors", credentials: "include"})); >- }, "Fetch should check for redirections even if resource is preloaded (same fetch options except for redirect mode)"); >- > promise_test(function(test) { > return promise_rejects(test, new TypeError(), fetch(preloadUrl, {redirect: "error", mode: "cors", credentials: "include"})); > }, "Fetch should check for redirections even if resource is preloaded (different fetch mode, different redirect mode)"); >diff --git a/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt b/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt >index 593f6c62c082a17aa229bcd69b9d0b47bae1fec1..b7fe7446c7e2e630af5e4fcb80a0443460f2e806 100644 >--- a/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt >+++ b/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt >@@ -1,5 +1,5 @@ > CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi due to access control checks. >+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi due to access control checks. > CONSOLE MESSAGE: Cross-origin redirection to foo://bar.cgi denied by Cross-Origin Resource Sharing policy: URL is either a non-HTTP URL or contains credentials. > CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=foo://bar.cgi&%20%20access-control-allow-origin=http://127.0.0.1:8000 due to access control checks. > CONSOLE MESSAGE: Preflight response is not successful >diff --git a/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt b/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt >index ceca46892ca3db6c7af3ffb15af0e6fc621df765..2f32d7baf1cd13eda1cac43efee66ff7fdd2d490 100644 >--- a/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt >+++ b/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt >@@ -1,11 +1,11 @@ > CONSOLE MESSAGE: line 25: Cross-origin redirection to http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-CONSOLE MESSAGE: line 25: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi due to access control checks. >+CONSOLE MESSAGE: line 25: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi due to access control checks. > CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-CONSOLE MESSAGE: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi due to access control checks. >+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi due to access control checks. > CONSOLE MESSAGE: line 25: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-CONSOLE MESSAGE: line 25: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi due to access control checks. >+CONSOLE MESSAGE: line 25: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi due to access control checks. > CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi due to access control checks. >+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi due to access control checks. > Tests that redirects between origins are never allowed, even when access control is involved. > > Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore. >diff --git a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/redirected-response.https-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/redirected-response.https-expected.txt >index a44bdd42bd30c64e9e0045eb98cd24b1b4a0898f..e4ea6a43165d8ad28cc1b3091ccd99d156875305 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/redirected-response.https-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/redirected-response.https-expected.txt >@@ -1,4 +1,4 @@ >-CONSOLE MESSAGE: Redirections are not allowed >+CONSOLE MESSAGE: Load cannot follow redirection for https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Flocalhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt%3F&error > CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Flocalhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt%3F&error due to access control checks. > CONSOLE MESSAGE: Response served by service worker has redirections > CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/service-workers/service-worker/resources/simple.txt? due to access control checks. >@@ -8,6 +8,8 @@ CONSOLE MESSAGE: Response served by service worker is opaque redirect > CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Flocalhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt%3F&original-redirect-mode=follow&sw=manual due to access control checks. > CONSOLE MESSAGE: Response served by service worker is opaque redirect > CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Flocalhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt%3F&original-redirect-mode=error&sw=manual due to access control checks. >+CONSOLE MESSAGE: Load cannot follow redirection for https://localhost:9443/service-workers/service-worker/dummy?url=https%3A%2F%2Flocalhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt%3F&original-redirect-mode=error&sw=gen >+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/service-workers/service-worker/dummy?url=https%3A%2F%2Flocalhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt%3F&original-redirect-mode=error&sw=gen due to access control checks. > > PASS initialize global state (service worker registration and caches) > PASS mode: "follow", non-intercepted request, no server redirect >diff --git a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/registration-security-error.https-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/registration-security-error.https-expected.txt >index fae5ef2c831c2305c17145035976cb0b40877676..d3d6cae549d745c570a979aba9b76fe26107a131 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/registration-security-error.https-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/registration-security-error.https-expected.txt >@@ -3,7 +3,7 @@ PASS Registering same scope as the script directory without the last slash > PASS Registration scope outside the script directory > PASS Registering scope outside domain > PASS Registering script outside domain >-FAIL Registering redirected script assert_throws: Registration of redirected script should fail. function "function () { throw e }" threw object "TypeError: Script URL https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fservice-workers%2Fservice-worker%2Fresources%2Fregistration-worker.js fetch resulted in error: Redirections are not allowed" that is not a DOMException SecurityError: property "code" is equal to undefined, expected 18 >+FAIL Registering redirected script assert_throws: Registration of redirected script should fail. function "function () { throw e }" threw object "TypeError: Script URL https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fservice-workers%2Fservice-worker%2Fresources%2Fregistration-worker.js fetch resulted in error: Load cannot follow redirection for https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fservice-workers%2Fservice-worker%2Fresources%2Fregistration-worker.js" that is not a DOMException SecurityError: property "code" is equal to undefined, expected 18 > PASS Scope including parent-reference and not under the script directory > PASS Script URL including consecutive slashes > FAIL Script URL is same-origin filesystem: URL assert_throws: Registering a script which has same-origin filesystem: URL should fail with SecurityError. function "function () { throw e }" threw object "TypeError: serviceWorker.register() must be called with a script URL whose protocol is either HTTP or HTTPS" that is not a DOMException SecurityError: property "code" is equal to undefined, expected 18 >diff --git a/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt b/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt >deleted file mode 100644 >index b7fe7446c7e2e630af5e4fcb80a0443460f2e806..0000000000000000000000000000000000000000 >--- a/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt >+++ /dev/null >@@ -1,34 +0,0 @@ >-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi due to access control checks. >-CONSOLE MESSAGE: Cross-origin redirection to foo://bar.cgi denied by Cross-Origin Resource Sharing policy: URL is either a non-HTTP URL or contains credentials. >-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=foo://bar.cgi&%20%20access-control-allow-origin=http://127.0.0.1:8000 due to access control checks. >-CONSOLE MESSAGE: Preflight response is not successful >-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=* due to access control checks. >-CONSOLE MESSAGE: Request header field x-webkit is not allowed by Access-Control-Allow-Headers. >-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi due to access control checks. >-Tests that asynchronous XMLHttpRequests handle redirects according to the CORS standard. >- >-Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi without credentials >-Expecting success: false >-PASS: 0 >-Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi& access-control-allow-origin=http://127.0.0.1:8000 without credentials >-Expecting success: true >-PASS: PASS: Cross-domain access allowed. >- >-Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://username:password@localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi& access-control-allow-origin=http://127.0.0.1:8000 without credentials >-Expecting success: true >-PASS: PASS: Cross-domain access allowed. >- >-Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=foo://bar.cgi& access-control-allow-origin=http://127.0.0.1:8000 without credentials >-Expecting success: false >-PASS: 0 >-Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true& url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi& access-control-allow-origin=* without credentials >-Expecting success: false >-PASS: 0 >-Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=false& url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi& access-control-allow-origin=*& access-control-allow-headers=x-webkit without credentials >-Expecting success: false >-PASS: 0 >-Testing resources/redirect-cors.php?url=http://127.0.0.1:8000/xmlhttprequest/resources/get.txt without credentials >-Expecting success: true >-PASS: PASS >-
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=340994">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185849
:
340918
|
340931
|
340934
|
340949
|
340951
|
340991
|
340994
|
341022
|
341050
|
341108