Bug 179177

Summary: Do not check for CORS in case response is coming from a service worker
Product: WebKit Reporter: youenn fablet <youennf>
Component: WebCore Misc.Assignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, beidson, buildbot, cdumez, commit-queue, dbates, japhet, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Description youenn fablet 2017-11-02 09:09:52 PDT 
Service Worker should pass the response with the right tainting.
Comment 1 youenn fablet 2017-11-02 09:25:40 PDT 
Created attachment 325720 [details]
Patch
Comment 2 Chris Dumez 2017-11-02 10:36:22 PDT 
Comment on attachment 325720 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=325720&action=review

> Source/WebCore/ChangeLog:3
> +        Do not check for CORS in case response is coming from a service worker

Could you please point to the part of the spec that states this is what we should do?

> LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:6
> +FAIL: image loading failed

This looks bad, no?

> LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:7
> +Status is Got response for https://localhost:8443/resources/square100.png, status code is 404

404?
Comment 3 youenn fablet 2017-11-02 15:33:34 PDT 
Created attachment 325781 [details]
Patch
Comment 4 youenn fablet 2017-11-02 15:36:43 PDT 
Created attachment 325782 [details]
Patch
Comment 5 youenn fablet 2017-11-02 15:38:52 PDT 
> > Source/WebCore/ChangeLog:3
> > +        Do not check for CORS in case response is coming from a service worker
> 
> Could you please point to the part of the spec that states this is what we
> should do?

Added links to the spec.
Basically, CORS check is a HTTP thing which does not apply to appcache/service worker.
What applies to service worker is tainting.
Hence why there is a test for it (we still have to handle fetched tainted responses by sw properly though)

> > LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:6
> > +FAIL: image loading failed
> 
> This looks bad, no?

Removed from the patch, it was not supposed to be there.
Comment 6 WebKit Commit Bot 2017-11-02 18:36:41 PDT 
Comment on attachment 325782 [details]
Patch

Clearing flags on attachment: 325782

Committed r224369: <https://trac.webkit.org/changeset/224369>
Comment 7 WebKit Commit Bot 2017-11-02 18:36:42 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 8 Radar WebKit Bug Importer 2017-11-15 12:22:08 PST 
<rdar://problem/35567391>