Bug 175628

Summary: Cross origin Beacon requests with a ArrayBuffer / ArrayBufferView payload should not do a CORS preflight
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebCore Misc.Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: buildbot, commit-queue, dbates, ggaren, japhet, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=175635
Bug Depends on: 175679    
Bug Blocks:    
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2017-08-16 08:58:51 PDT
Cross origin Beacon requests with a ArrayBuffer / ArrayBufferView payload should not do a CORS preflight. Firefox and Chrome do not require a CORS preflight in this case. The reason it is not needed is because the request does not have a "Content-Type" header as per the specification.
Attachments
Patch (59.17 KB, patch)
2017-08-16 14:29 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2017-08-16 08:59:31 PDT
<rdar://problem/33919278>
Chris Dumez
Comment 2 2017-08-16 14:29:15 PDT
Created attachment 318290 [details] Patch
Geoffrey Garen
Comment 3 2017-08-16 16:37:45 PDT
Comment on attachment 318290 [details] Patch r=me
youenn fablet
Comment 4 2017-08-16 17:17:38 PDT
Comment on attachment 318290 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=318290&action=review > Source/WebCore/loader/cache/CachedResourceRequest.cpp:44 > + , m_originalRequestHeaders(m_resourceRequest.httpHeaderFields()) This field seems unnecessary in CachedResourceRequest, as well as the header map copy for all requests. Why not using an optional<header-map> in CachedResource and do the copy only for keep alive and/or beacon requests at CachedResourceLoader level?
WebKit Commit Bot
Comment 5 2017-08-16 17:28:29 PDT
Comment on attachment 318290 [details] Patch Clearing flags on attachment: 318290 Committed r220817: <http://trac.webkit.org/changeset/220817>
WebKit Commit Bot
Comment 6 2017-08-16 17:28:31 PDT
All reviewed patches have been landed. Closing bug.
Chris Dumez
Comment 7 2017-08-17 08:09:08 PDT
(In reply to youenn fablet from comment #4) > Comment on attachment 318290 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=318290&action=review > > > Source/WebCore/loader/cache/CachedResourceRequest.cpp:44 > > + , m_originalRequestHeaders(m_resourceRequest.httpHeaderFields()) > > This field seems unnecessary in CachedResourceRequest, as well as the header > map copy for all requests. > Why not using an optional<header-map> in CachedResource and do the copy only > for keep alive and/or beacon requests at CachedResourceLoader level? I hesitated to do this, I was trying to avoid special casing keepalive/beacon too much. I can follow-up to see how it looks.
youenn fablet
Comment 8 2017-08-17 08:38:04 PDT
We should try to remove the header map copy. DTL is already doing this copy and other resources will not do preflights. Ideally, this copy should be only visible/manipulated by CachedResourceLoader/CachedResource. It might be easier to have CachedResourceRequest convey this information between the two but other users of CachedResourceRequest should not be tempted to start using it.
Chris Dumez
Comment 9 2017-08-17 12:16:19 PDT
(In reply to Chris Dumez from comment #7) > (In reply to youenn fablet from comment #4) > > Comment on attachment 318290 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=318290&action=review > > > > > Source/WebCore/loader/cache/CachedResourceRequest.cpp:44 > > > + , m_originalRequestHeaders(m_resourceRequest.httpHeaderFields()) > > > > This field seems unnecessary in CachedResourceRequest, as well as the header > > map copy for all requests. > > Why not using an optional<header-map> in CachedResource and do the copy only > > for keep alive and/or beacon requests at CachedResourceLoader level? > > I hesitated to do this, I was trying to avoid special casing > keepalive/beacon too much. I can follow-up to see how it looks. https://bugs.webkit.org/show_bug.cgi?id=175679
Note You need to log in before you can comment on or make changes to this bug.