159351 2016-07-01 07:35:10 -0700 Synchronous preflight checker should set loading options to not use credentials 2016-07-02 10:45:16 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 youennf youennf achristensen ap cdumez commit-queue darin japhet oldest_to_newest 1207102 0 youennf 2016-07-01 07:35:10 -0700 Currently, synchronous preflight loading options are the same as the request triggering the preflight. 1207103 1 282547 youennf 2016-07-01 07:38:37 -0700 Created attachment 282547 Patch 1207104 2 youennf 2016-07-01 07:41:37 -0700 (In reply to comment #0) > Currently, synchronous preflight loading options are the same as the request > triggering the preflight. Note that this change should have no real effect as credentials should be disabled when creating the preflight request. Some layout tests actually check that, like LayoutTests/http/tests/xmlhttprequest/access-control-preflight-credential-sync.html 1207150 3 282547 achristensen 2016-07-01 09:34:51 -0700 Comment on attachment 282547 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=282547&action=review > Source/WebCore/ChangeLog:8 > + Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials. disable > Source/WebCore/ChangeLog:11 > + No change of behavior as preflight request is expressly set to not use credentials in > + createAccessControlPreflightRequest. Then why make the change? 1207167 4 youennf 2016-07-01 09:52:07 -0700 (In reply to comment #3) > Comment on attachment 282547 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=282547&action=review > > > Source/WebCore/ChangeLog:8 > > + Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials. > > disable > > > Source/WebCore/ChangeLog:11 > > + No change of behavior as preflight request is expressly set to not use credentials in > > + createAccessControlPreflightRequest. > > Then why make the change? Because the code looks wrong with the spec, is inconsistent with the async path and may be broken more easily. 1207212 5 282547 achristensen 2016-07-01 11:50:07 -0700 Comment on attachment 282547 Patch True. 1207448 6 282547 commit-queue 2016-07-02 10:45:10 -0700 Comment on attachment 282547 Patch Clearing flags on attachment: 282547 Committed r202779: <http://trac.webkit.org/changeset/202779> 1207449 7 commit-queue 2016-07-02 10:45:16 -0700 All reviewed patches have been landed. Closing bug. 282547 2016-07-01 07:38:37 -0700 2016-07-02 10:45:10 -0700 Patch bug-159351-20160701163814.patch text/plain 2114 youennf U3VidmVyc2lvbiBSZXZpc2lvbjogMjAyNzI5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYWNlNzVhOWVkMWM4MjAx MWMwZDkyYWM4NDBjODA1ZWI0Nzk0MTcyMC4uYzBhNDY4MzhkMWE4ZWI2NDllMzE0OTczNmYxYWU3 N2VmYjE0OWM3NyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSw1ICsxLDIwIEBACiAyMDE2LTA3LTAxICBZb3Vl bm4gRmFibGV0ICA8eW91ZW5uQGFwcGxlLmNvbT4KIAorICAgICAgICBTeW5jaHJvbm91cyBwcmVm bGlnaHQgY2hlY2tlciBzaG91bGQgc2V0IGxvYWRpbmcgb3B0aW9ucyB0byBub3QgdXNlIGNyZWRl bnRpYWxzCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0x NTkzNTEKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBM aWtlIGZvciBhc3luY2hyb25vdXMgcHJlZmxpZ2h0aW5nLCBzeW5jaHJvbm91cyBwcmVmbGlnaHRp bmcgbG9hZGluZyBvcHRpb25zIHNob3VsZCBkaXNxYmxlIGFueSBjcmVkZW50aWFscy4KKworICAg ICAgICBObyBjaGFuZ2Ugb2YgYmVoYXZpb3IgYXMgcHJlZmxpZ2h0IHJlcXVlc3QgaXMgZXhwcmVz c2x5IHNldCB0byBub3QgdXNlIGNyZWRlbnRpYWxzIGluCisgICAgICAgIGNyZWF0ZUFjY2Vzc0Nv bnRyb2xQcmVmbGlnaHRSZXF1ZXN0LgorCisgICAgICAgICogbG9hZGVyL0Nyb3NzT3JpZ2luUHJl ZmxpZ2h0Q2hlY2tlci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpDcm9zc09yaWdpblByZWZsaWdo dENoZWNrZXI6OmRvUHJlZmxpZ2h0KToKKworMjAxNi0wNy0wMSAgWW91ZW5uIEZhYmxldCAgPHlv dWVubkBhcHBsZS5jb20+CisKICAgICAgICAgTWFrZSBSZXNvdXJjZUxvYWRlck9wdGlvbnMgZGVy aXZlIGZyb20gRmV0Y2hPcHRpb25zCiAgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3No b3dfYnVnLmNnaT9pZD0xNTkzNDUKIApkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvbG9hZGVy L0Nyb3NzT3JpZ2luUHJlZmxpZ2h0Q2hlY2tlci5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIv Q3Jvc3NPcmlnaW5QcmVmbGlnaHRDaGVja2VyLmNwcAppbmRleCA3ZWE0ZDdlZTg5YzlkOTQxNzZi NTU2YzY2MjJmNDNmMmQxNzZlZmJiLi40MzMwOWY0MjU1NjhmZDVmNTZlNWNlNWQzM2VjMmRhN2M2 NjZmMGRiIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvQ3Jvc3NPcmlnaW5QcmVm bGlnaHRDaGVja2VyLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvQ3Jvc3NPcmlnaW5Q cmVmbGlnaHRDaGVja2VyLmNwcApAQCAtMTMwLDcgKzEzMCw3IEBAIHZvaWQgQ3Jvc3NPcmlnaW5Q cmVmbGlnaHRDaGVja2VyOjpkb1ByZWZsaWdodChEb2N1bWVudFRocmVhZGFibGVMb2FkZXImIGxv YWRlciwKICAgICBSZXNvdXJjZUVycm9yIGVycm9yOwogICAgIFJlc291cmNlUmVzcG9uc2UgcmVz cG9uc2U7CiAgICAgUmVmUHRyPFNoYXJlZEJ1ZmZlcj4gZGF0YTsKLSAgICB1bnNpZ25lZCBpZGVu dGlmaWVyID0gbG9hZGVyLmRvY3VtZW50KCkuZnJhbWUoKS0+bG9hZGVyKCkubG9hZFJlc291cmNl U3luY2hyb25vdXNseShwcmVmbGlnaHRSZXF1ZXN0LCBsb2FkZXIub3B0aW9ucygpLmFsbG93Q3Jl ZGVudGlhbHMoKSwgbG9hZGVyLm9wdGlvbnMoKS5jbGllbnRDcmVkZW50aWFsUG9saWN5KCksIGVy cm9yLCByZXNwb25zZSwgZGF0YSk7CisgICAgdW5zaWduZWQgaWRlbnRpZmllciA9IGxvYWRlci5k b2N1bWVudCgpLmZyYW1lKCktPmxvYWRlcigpLmxvYWRSZXNvdXJjZVN5bmNocm9ub3VzbHkocHJl ZmxpZ2h0UmVxdWVzdCwgRG9Ob3RBbGxvd1N0b3JlZENyZWRlbnRpYWxzLCBEb05vdEFza0NsaWVu dEZvckNyb3NzT3JpZ2luQ3JlZGVudGlhbHMsIGVycm9yLCByZXNwb25zZSwgZGF0YSk7CiAKICAg ICBpZiAoIWVycm9yLmlzTnVsbCgpICYmIHJlc3BvbnNlLmh0dHBTdGF0dXNDb2RlKCkgPD0gMCkg ewogICAgICAgICBlcnJvci5zZXRUeXBlKFJlc291cmNlRXJyb3I6OlR5cGU6OkFjY2Vzc0NvbnRy b2wpOwo=