WebKit Bugzilla
Attachment 342332 Details for
Bug 186441
: http/tests/security/cors-post-redirect-307.html fails with PSON enabled
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186441-20180608143005.patch (text/plain), 3.90 KB, created by
Chris Dumez
on 2018-06-08 14:30:06 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Chris Dumez
Created:
2018-06-08 14:30:06 PDT
Size:
3.90 KB
patch
obsolete
>Subversion Revision: 232619 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 4df30a9f2664855a12b93defa7c5dd84d5f9dfab..de1479e264ca476a5c456980c1c6430ba76b0639 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,20 @@ >+2018-06-08 Chris Dumez <cdumez@apple.com> >+ >+ http/tests/security/cors-post-redirect-307.html fails with PSON enabled >+ https://bugs.webkit.org/show_bug.cgi?id=186441 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Stop adding a "null" Origin header on POST requests in the case where >+ we do not know the origin. This was incorrectly adding an Origin header >+ in the case where a POST request would get redirected cross-origin and >+ swap process. >+ >+ Test: http/tests/security/cors-post-redirect-307-pson.html >+ >+ * loader/FrameLoader.cpp: >+ (WebCore::FrameLoader::addHTTPOriginIfNeeded): >+ > 2018-06-07 Yusuke Suzuki <utatane.tea@gmail.com> > > [WTF] Add WorkerPool >diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp >index 3fb4f280fa06e80c63d549478782c4357bb549b7..f3dc4ebd76ef33dd7303bc634ed918aeaf927681 100644 >--- a/Source/WebCore/loader/FrameLoader.cpp >+++ b/Source/WebCore/loader/FrameLoader.cpp >@@ -2832,13 +2832,6 @@ void FrameLoader::addHTTPOriginIfNeeded(ResourceRequest& request, const String& > // For non-GET and non-HEAD methods, always send an Origin header so the > // server knows we support this feature. > >- if (origin.isEmpty()) { >- // If we don't know what origin header to attach, we attach the value >- // for an empty origin. >- request.setHTTPOrigin(SecurityOrigin::createUnique()->toString()); >- return; >- } >- > request.setHTTPOrigin(origin); > } > >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index b4d409afd9ba15e441b629ca07423cd74245262f..5b041614176371cf219bcbd74223768962874866 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,15 @@ >+2018-06-08 Chris Dumez <cdumez@apple.com> >+ >+ http/tests/security/cors-post-redirect-307.html fails with PSON enabled >+ https://bugs.webkit.org/show_bug.cgi?id=186441 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add layout test coverage. >+ >+ * http/tests/security/cors-post-redirect-307-pson-expected.txt: Added. >+ * http/tests/security/cors-post-redirect-307-pson.html: Added. >+ > 2018-06-07 Mark Lam <mark.lam@apple.com> > > Enhance run-jsc-stress-tests to allow a test to specify test specific options required for it to run. >diff --git a/LayoutTests/http/tests/security/cors-post-redirect-307-pson-expected.txt b/LayoutTests/http/tests/security/cors-post-redirect-307-pson-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..5ac1a76c4ce10678688a2c51ede542d5fb8b9cc9 >--- /dev/null >+++ b/LayoutTests/http/tests/security/cors-post-redirect-307-pson-expected.txt >@@ -0,0 +1 @@ >+There was no origin header >diff --git a/LayoutTests/http/tests/security/cors-post-redirect-307-pson.html b/LayoutTests/http/tests/security/cors-post-redirect-307-pson.html >new file mode 100644 >index 0000000000000000000000000000000000000000..133ff75c5a48451a64afbd00485d50ddfb58c114 >--- /dev/null >+++ b/LayoutTests/http/tests/security/cors-post-redirect-307-pson.html >@@ -0,0 +1,25 @@ >+<!DOCTYPE html><!-- webkit-test-runner [ enableProcessSwapOnNavigation=true ] --> >+<head> >+<script> >+if (window.testRunner) { >+ testRunner.waitUntilDone(); >+ testRunner.dumpAsText(); >+} >+</script> >+</head> >+<body> >+ >+This test is designed to work only when loaded from http://127.0.0.1:8000 >+ >+<form id='testForm' method='POST'> >+<input id='redircode' type='hidden' name='redircode' value='307'> >+</form> >+ >+<script> >+ >+var form = document.getElementById('testForm'); >+form.action = "/resources/redirect.php?code=307&url=http://localhost:8000/security/resources/cors-post-redirect-target.php"; >+form.submit(); >+ >+</script> >+</body>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=342332">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186441
:
342325
|
342330
|
342332
|
342454
|
342461