Bug 159351

Summary: Synchronous preflight checker should set loading options to not use credentials
Product: WebKit Reporter: youenn fablet <youennf>
Component: WebCore Misc.Assignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, cdumez, commit-queue, darin, japhet
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description youenn fablet 2016-07-01 07:35:10 PDT 
Currently, synchronous preflight loading options are the same as the request triggering the preflight.
Comment 1 youenn fablet 2016-07-01 07:38:37 PDT 
Created attachment 282547 [details]
Patch
Comment 2 youenn fablet 2016-07-01 07:41:37 PDT 
(In reply to comment #0)
> Currently, synchronous preflight loading options are the same as the request
> triggering the preflight.

Note that this change should have no real effect as credentials should be disabled when creating the preflight request.
Some layout tests actually check that, like LayoutTests/http/tests/xmlhttprequest/access-control-preflight-credential-sync.html
Comment 3 Alex Christensen 2016-07-01 09:34:51 PDT 
Comment on attachment 282547 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=282547&action=review

> Source/WebCore/ChangeLog:8
> +        Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials.

disable

> Source/WebCore/ChangeLog:11
> +        No change of behavior as preflight request is expressly set to not use credentials in
> +        createAccessControlPreflightRequest.

Then why make the change?
Comment 4 youenn fablet 2016-07-01 09:52:07 PDT 
(In reply to comment #3)
> Comment on attachment 282547 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=282547&action=review
> 
> > Source/WebCore/ChangeLog:8
> > +        Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials.
> 
> disable
> 
> > Source/WebCore/ChangeLog:11
> > +        No change of behavior as preflight request is expressly set to not use credentials in
> > +        createAccessControlPreflightRequest.
> 
> Then why make the change?

Because the code looks wrong with the spec, is inconsistent with the async path and may be broken more easily.
Comment 5 Alex Christensen 2016-07-01 11:50:07 PDT 
Comment on attachment 282547 [details]
Patch

True.
Comment 6 WebKit Commit Bot 2016-07-02 10:45:10 PDT 
Comment on attachment 282547 [details]
Patch

Clearing flags on attachment: 282547

Committed r202779: <http://trac.webkit.org/changeset/202779>
Comment 7 WebKit Commit Bot 2016-07-02 10:45:16 PDT 
All reviewed patches have been landed.  Closing bug.