Bug 181693

Summary: REGRESSION (r222795): Cardiogram never signs in
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, ap, benjamin, cdumez, cmarcelo, ews-watchlist, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar, Regression
Version: WebKit Local Build   
Hardware: iPhone / iPad   
OS: iOS 11   
Attachments:
Description Flags
Patch and layout test rniwa: review+

Daniel Bates
Reported 2018-01-16 11:22:49 PST
Following the fix for bug #177824, <https://trac.webkit.org/changeset/r222795/>, WebKit disallows all documents from setting arbitrary XHR headers and this broke Cardiogram on iOS. Prior to bug #177824 documents that could load local resources (e.g. file URLs) were allowed to set arbitrary XHR headers. Cardiogram depends on this privilege to set the XHR header Cookie, a forbidden header per the XHR spec [1]. We should add a compatibility fix for Cardiogram to avoid app breakage and allow the developers of Cardiogram time to update their app. [1] <https://fetch.spec.whatwg.org/#forbidden-header-name> (13 January 2018)
Attachments
Patch and layout test (13.98 KB, patch)
2018-01-16 13:36 PST, Daniel Bates 		rniwa: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2018-01-16 11:23:22 PST
<rdar://problem/36286293>
Daniel Bates
Comment 2 2018-01-16 13:36:58 PST
Created attachment 331425 [details] Patch and layout test
Ryosuke Niwa
Comment 3 2018-01-16 20:32:31 PST
Comment on attachment 331425 [details] Patch and layout test View in context: https://bugs.webkit.org/attachment.cgi?id=331425&action=review > Source/WebCore/ChangeLog:3143 > -2018-01-08 Zalan Bujtas <zalan@apple.com> > +2018-01-16 Daniel Bates <dabates@apple.com> Please fix the change log.
Daniel Bates
Comment 4 2018-01-17 11:09:31 PST
Committed r227075: <https://trac.webkit.org/changeset/227075>
Note You need to log in before you can comment on or make changes to this bug.