WebKit Bugzilla
Attachment 341890 Details for
Bug 186254
: NetworkCORSPreflightChecker should set the preflight request User-Agent header
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186254-20180603220043.patch (text/plain), 9.00 KB, created by
youenn fablet
on 2018-06-03 22:00:43 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-06-03 22:00:43 PDT
Size:
9.00 KB
patch
obsolete
>Subversion Revision: 232334 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index c3ba6e523e3fc156346e0fd630c3a58e5614a5d6..5636fdd4adcf977e787fc924cfc3b25aaee06b55 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,20 @@ >+2018-06-03 Youenn Fablet <youenn@apple.com> >+ >+ NetworkCORSPreflightChecker should set the preflight request User-Agent header >+ https://bugs.webkit.org/show_bug.cgi?id=186254 >+ <rdar://problem/40293504> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Some servers misbehave if the User-Agent header is not set properly on preflight requests. >+ Set it to the same value as the request triggering the preflight. >+ >+ * NetworkProcess/NetworkCORSPreflightChecker.cpp: >+ (WebKit::NetworkCORSPreflightChecker::startPreflight): >+ * NetworkProcess/NetworkCORSPreflightChecker.h: >+ * NetworkProcess/NetworkLoadChecker.cpp: >+ (WebKit::NetworkLoadChecker::checkCORSRequestWithPreflight): >+ > 2018-06-01 Youenn Fablet <youenn@apple.com> > > Add a sandbox profile for com.cisco.webex.plugin.gpc64 plugin >diff --git a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp >index 3274326b5dfc60061d989ec88cac35635d571b12..29250baaed205f32af218bdb386471788f13cd2a 100644 >--- a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp >@@ -64,6 +64,9 @@ void NetworkCORSPreflightChecker::startPreflight() > loadParameters.sessionID = m_parameters.sessionID; > loadParameters.request = createAccessControlPreflightRequest(m_parameters.originalRequest, m_parameters.sourceOrigin, m_parameters.referrer); > loadParameters.shouldFollowRedirects = false; >+ if (!m_parameters.userAgent.isNull()) >+ loadParameters.request.setHTTPHeaderField(HTTPHeaderName::UserAgent, m_parameters.userAgent); >+ > if (auto* networkSession = SessionTracker::networkSession(loadParameters.sessionID)) { > m_task = NetworkDataTask::create(*networkSession, *this, WTFMove(loadParameters)); > m_task->resume(); >diff --git a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h >index 47944cf25508accc9a4600f8484941ea4c0ac77d..42e69e60df1ede2749cf056fffdc4040a5255406 100644 >--- a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h >+++ b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h >@@ -46,6 +46,7 @@ public: > WebCore::ResourceRequest originalRequest; > Ref<WebCore::SecurityOrigin> sourceOrigin; > String referrer; >+ String userAgent; > PAL::SessionID sessionID; > WebCore::StoredCredentialsPolicy storedCredentialsPolicy; > }; >diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >index 1d2bb0c66eb0cbb2d649322ffa7ff69c33d14d97..d0f21256534a9be2de01838b9e0ba6965caa074d 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >@@ -354,6 +354,7 @@ void NetworkLoadChecker::checkCORSRequestWithPreflight(ResourceRequest&& request > WTFMove(requestForPreflight), > *m_origin, > request.httpReferrer(), >+ request.httpUserAgent(), > m_sessionID, > m_storedCredentialsPolicy > }; >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index ed0f91e2fa86911e6b8005cd444d369a63b6a89e..2510d14c37eb4e4dd78aac012131ab23c644084d 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,18 @@ >+2018-06-03 Youenn Fablet <youenn@apple.com> >+ >+ NetworkCORSPreflightChecker should set the preflight request User-Agent header >+ https://bugs.webkit.org/show_bug.cgi?id=186254 >+ <rdar://problem/40293504> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * web-platform-tests/fetch/api/cors/cors-preflight.any-expected.txt: >+ * web-platform-tests/fetch/api/cors/cors-preflight.any.js: >+ (corsPreflight): >+ * web-platform-tests/fetch/api/cors/cors-preflight.any.worker-expected.txt: >+ * web-platform-tests/fetch/api/resources/preflight.py: >+ (main): >+ > 2018-06-01 Youenn Fablet <youenn@apple.com> > > ServiceWorker registration should store any script fetched through importScripts >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any-expected.txt >index a27e27b5cf10800fd368cd0287c3cc9f4e8e28a1..07596b5d29448afc7848d90705b88e7ac10a5e9e 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any-expected.txt >@@ -2,6 +2,7 @@ > PASS CORS [DELETE], server allows > PASS CORS [DELETE], server refuses > PASS CORS [PUT], server allows >+PASS CORS [PUT], server allows, check preflight has user agent > PASS CORS [PUT], server refuses > PASS CORS [PATCH], server allows > PASS CORS [PATCH], server refuses >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any.js b/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any.js >index 1ece7e3cbc5f2ce9b03f473f3846c94fe8f3c876..4765c5684cf84ddfad2dadace08e99d609bed6e6 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any.js >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any.js >@@ -19,8 +19,8 @@ function corsPreflight(desc, corsUrl, method, allowed, headers, safeHeaders) { > return promise_test(function(test) { > var uuid_token = token(); > return fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token).then(function(response) { >- var url = corsUrl; >- var urlParameters = "?token=" + uuid_token + "&max_age=0"; >+ var url = corsUrl + (corsUrl.indexOf("?") === -1 ? "?" : "&"); >+ var urlParameters = "token=" + uuid_token + "&max_age=0"; > var requestInit = {"mode": "cors", "method": method}; > var requestHeaders = []; > if (headers) >@@ -66,6 +66,7 @@ var corsUrl = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + > corsPreflight("CORS [DELETE], server allows", corsUrl, "DELETE", true); > corsPreflight("CORS [DELETE], server refuses", corsUrl, "DELETE", false); > corsPreflight("CORS [PUT], server allows", corsUrl, "PUT", true); >+corsPreflight("CORS [PUT], server allows, check preflight has user agent", corsUrl + "?checkUserAgentHeaderInPreflight", "PUT", true); > corsPreflight("CORS [PUT], server refuses", corsUrl, "PUT", false); > corsPreflight("CORS [PATCH], server allows", corsUrl, "PATCH", true); > corsPreflight("CORS [PATCH], server refuses", corsUrl, "PATCH", false); >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any.worker-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any.worker-expected.txt >index d6511741518083b1f5dd7fa619ed10e0c42c446e..3fd32dfd7f6652e1addef02bcec7f4135676d0a8 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any.worker-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.any.worker-expected.txt >@@ -9,6 +9,7 @@ CONSOLE MESSAGE: Method PUT is not allowed by Access-Control-Allow-Methods. > PASS CORS [DELETE], server allows > PASS CORS [DELETE], server refuses > PASS CORS [PUT], server allows >+PASS CORS [PUT], server allows, check preflight has user agent > PASS CORS [PUT], server refuses > PASS CORS [PATCH], server allows > PASS CORS [PATCH], server refuses >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/preflight.py b/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/preflight.py >index 6263eaef6216b837bb4e162c81401c9d01dedfda..4345647c212c35bedfaee09723b09dab16046d51 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/preflight.py >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/preflight.py >@@ -44,6 +44,7 @@ def main(request, response): > > stashed_data['preflight'] = "1" > stashed_data['preflight_referrer'] = request.headers.get("Referer", "") >+ stashed_data['preflight_user_agent'] = request.headers.get("User-Agent", "") > if token: > request.server.stash.put(token, stashed_data) > >@@ -55,6 +56,9 @@ def main(request, response): > if data: > stashed_data = data > >+ if "checkUserAgentHeaderInPreflight" in request.GET and request.headers.get("User-Agent") != stashed_data['preflight_user_agent']: >+ return 400, headers, "ERROR: No user-agent header in preflight" >+ > #use x-* headers for returning value to bodyless responses > headers.append(("Access-Control-Expose-Headers", "x-did-preflight, x-control-request-headers, x-referrer, x-preflight-referrer, x-origin")) > headers.append(("x-did-preflight", stashed_data['preflight']))
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=341890">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186254
:
341890
|
341891