179475 2017-11-09 05:09:35 -0800 [SOUP] Case of request headers depends on global state in libsoup 2021-07-03 06:56:07 -0700 1 1 1 Unclassified WebKit WebKitGTK WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=177530 https://bugzilla.gnome.org/show_bug.cgi?id=792176 P2 Normal --- 1 Ms2ger webkit-unassigned bugs-noreply clopez csaavedra mcatanzaro oldest_to_newest 1369850 0 Ms2ger 2017-11-09 05:09:35 -0800 http://w3c-test.org/fetch/api/basic/request-headers-case.any.html soup_message_headers_append interns the header name case-insensitively, and always uses the casing it got in the first call. This means that fetch("..", {headers: [["TEST", 1]] }) fetch("..", {headers: [["test", 1]] }) will the same header name twice. The name might be "TEST", or it might be any other casing which any other web page has used during the runtime of the browser. This also provides a way of cross-origin communication: if a web page A uses a sufficiently unique header name in a particular casing, another web page B can check if page A was loaded before page B by checking what happens when using the header name in a different casing. 1369866 1 mcatanzaro 2017-11-09 07:44:17 -0800 Wow, good find! I don't think there is anything to change in WebKit here. Do you want to report this on GNOME Bugzilla? Anyway, the fix would surely be in soup-message-headers.c: static const char * intern_header_name (const char *name, SoupHeaderSetter *setter) { // ... if (!header_pool) { header_pool = g_hash_table_new (soup_str_case_hash, soup_str_case_equal); // ... } Presumably that would need to be changed to: header_pool = g_hash_table_new (g_str_hash, g_str_equal); But we should probably audit other uses of soup_str_case_hash and soup_str_case_equal to ensure they are appropriate. 1369873 2 mcatanzaro 2017-11-09 08:20:17 -0800 danw the "cross-origin communication" idea seems a little crazy, but people have done crazier stuff... I'd say file a libsoup bug yeah. you can't just change intern_header_name to be non-case-sensitive though. that would definitely break things mcatanzaro What sort of things? danw eg, when you call soup_message_headers_get_content_type(), it has to return the content type whether it was specified as "Content-Type" or "CONTENT-type" I guess if you want to fix it, the fix would be to not intern header names at all. just copy both name and value, and use g_ascii_strcasecmp() rather than pointer equality to compare header names when needed 1379102 3 mcatanzaro 2017-12-07 07:58:29 -0800 This is a bug in libsoup, not in WebKit. This report needs to be moved to GNOME Bugzilla. 1774667 4 clopez 2021-07-03 06:54:02 -0700 This two tests pass now when webkit is built with libsoup3