Summary: | Synchronous preflight checker should set loading options to not use credentials | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | youenn fablet <youennf> | ||||
Component: | WebCore Misc. | Assignee: | youenn fablet <youennf> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | achristensen, ap, cdumez, commit-queue, darin, japhet | ||||
Priority: | P2 | ||||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
youenn fablet
2016-07-01 07:35:10 PDT
Created attachment 282547 [details]
Patch
(In reply to comment #0) > Currently, synchronous preflight loading options are the same as the request > triggering the preflight. Note that this change should have no real effect as credentials should be disabled when creating the preflight request. Some layout tests actually check that, like LayoutTests/http/tests/xmlhttprequest/access-control-preflight-credential-sync.html Comment on attachment 282547 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=282547&action=review > Source/WebCore/ChangeLog:8 > + Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials. disable > Source/WebCore/ChangeLog:11 > + No change of behavior as preflight request is expressly set to not use credentials in > + createAccessControlPreflightRequest. Then why make the change? (In reply to comment #3) > Comment on attachment 282547 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=282547&action=review > > > Source/WebCore/ChangeLog:8 > > + Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials. > > disable > > > Source/WebCore/ChangeLog:11 > > + No change of behavior as preflight request is expressly set to not use credentials in > > + createAccessControlPreflightRequest. > > Then why make the change? Because the code looks wrong with the spec, is inconsistent with the async path and may be broken more easily. Comment on attachment 282547 [details]
Patch
True.
Comment on attachment 282547 [details] Patch Clearing flags on attachment: 282547 Committed r202779: <http://trac.webkit.org/changeset/202779> All reviewed patches have been landed. Closing bug. |