Bug 184723

Summary: Allow SameOrigin credentials handling for synchronous XHR
Product: WebKit Reporter: youenn fablet <youennf>
Component: WebKit Misc.Assignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, cdumez, commit-queue, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch for landing none

youenn fablet
Reported 2018-04-17 19:18:34 PDT
Allow cross-origin redirections for synchronous XHR
Attachments
Patch (19.28 KB, patch)
2018-04-17 19:25 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (19.29 KB, patch)
2018-04-17 21:59 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (21.90 KB, patch)
2018-04-18 16:20 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2018-04-17 19:25:48 PDT
Created attachment 338185 [details] Patch
youenn fablet
Comment 2 2018-04-17 21:59:20 PDT
Created attachment 338195 [details] Patch
Alex Christensen
Comment 3 2018-04-18 10:16:15 PDT
Comment on attachment 338195 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=338195&action=review Are these WK1 regressions, or are we just preserving existing behavior and that's hard to see in the patch? > Source/WebKit/NetworkProcess/NetworkResourceLoader.h:134 > + void startNetworkLoad(WebCore::ResourceRequest&&, FirstLoad = FirstLoad::Yes); I'd prefer to not have a default parameter so we don't accidentally omit the parameter when writing redirection code.
youenn fablet
Comment 4 2018-04-18 10:23:17 PDT
(In reply to Alex Christensen from comment #3) > Comment on attachment 338195 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=338195&action=review > > Are these WK1 regressions, or are we just preserving existing behavior and > that's hard to see in the patch? For WK1, we keep the previous behavior (no change to WebCore nor WebKitLegacy) which is to not follow any cross origin redirection. > > > Source/WebKit/NetworkProcess/NetworkResourceLoader.h:134 > > + void startNetworkLoad(WebCore::ResourceRequest&&, FirstLoad = FirstLoad::Yes); > > I'd prefer to not have a default parameter so we don't accidentally omit the > parameter when writing redirection code. There are 6 calls to startNetworkLoad so I would tend to prefer keeping it, but I can make the change. If we are not using the right parameter, there will be crashes anyway since we are consuming sandbox extensions.
Alex Christensen
Comment 5 2018-04-18 14:14:17 PDT
Comment on attachment 338195 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=338195&action=review >>> Source/WebKit/NetworkProcess/NetworkResourceLoader.h:134 >>> + void startNetworkLoad(WebCore::ResourceRequest&&, FirstLoad = FirstLoad::Yes); >> >> I'd prefer to not have a default parameter so we don't accidentally omit the parameter when writing redirection code. > > There are 6 calls to startNetworkLoad so I would tend to prefer keeping it, but I can make the change. > If we are not using the right parameter, there will be crashes anyway since we are consuming sandbox extensions. I'd still prefer to add explicit calls.
youenn fablet
Comment 6 2018-04-18 16:20:18 PDT
Created attachment 338273 [details] Patch for landing
youenn fablet
Comment 7 2018-04-18 16:20:39 PDT
(In reply to Alex Christensen from comment #5) > Comment on attachment 338195 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=338195&action=review > > >>> Source/WebKit/NetworkProcess/NetworkResourceLoader.h:134 > >>> + void startNetworkLoad(WebCore::ResourceRequest&&, FirstLoad = FirstLoad::Yes); > >> > >> I'd prefer to not have a default parameter so we don't accidentally omit the parameter when writing redirection code. > > > > There are 6 calls to startNetworkLoad so I would tend to prefer keeping it, but I can make the change. > > If we are not using the right parameter, there will be crashes anyway since we are consuming sandbox extensions. > > I'd still prefer to add explicit calls. Done in the uploaded patch
WebKit Commit Bot
Comment 8 2018-04-18 17:47:26 PDT
Comment on attachment 338273 [details] Patch for landing Clearing flags on attachment: 338273 Committed r230791: <https://trac.webkit.org/changeset/230791>
WebKit Commit Bot
Comment 9 2018-04-18 17:47:27 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 10 2018-04-18 17:48:23 PDT
<rdar://problem/39548418>
Note You need to log in before you can comment on or make changes to this bug.