| Summary: | http/tests/security/cors-post-redirect-307.html fails with PSON enabled | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> | ||||||||||||
| Component: | Page Loading | Assignee: | Chris Dumez <cdumez> | ||||||||||||
| Status: | RESOLVED FIXED | ||||||||||||||
| Severity: | Normal | CC: | beidson, commit-queue, dbates, ews-watchlist, ggaren, japhet, webkit-bug-importer, youennf | ||||||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||||||
| Version: | WebKit Nightly Build | ||||||||||||||
| Hardware: | Unspecified | ||||||||||||||
| OS: | Unspecified | ||||||||||||||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=184142 | ||||||||||||||
| Bug Depends on: | |||||||||||||||
| Bug Blocks: | 186542 | ||||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
Chris Dumez
2018-06-08 13:12:56 PDT
Looks like a legit bug in our PSON implementation. The Origin header should not be present on cross-origin redirect requests. The origin gets cleared in NetworkDataTaskCocoa::willPerformHTTPRedirection() but I suspect we add the header back later on in the case where we decide to do the redirect load in a new process. It is added later on by this code:
if (origin.isEmpty()) {
// If we don't know what origin header to attach, we attach the value
// for an empty origin.
request.setHTTPOrigin(SecurityOrigin::createUnique()->toString());
return;
}
in FrameLoader::addHTTPOriginIfNeeded().
Created attachment 342325 [details]
For EWS
Created attachment 342330 [details]
WIP Patch
Created attachment 342332 [details]
Patch
Comment on attachment 342332 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=342332&action=review > Source/WebCore/loader/FrameLoader.cpp:-2835 > - if (origin.isEmpty()) { This code was intentionally added and a reason was given in the comment above. Please read through the comments on <https://bugs.webkit.org/show_bug.cgi?id=20792> and ensure we are not breaking anything. Obviously think about WebKit legacy. (In reply to Daniel Bates from comment #7) > Comment on attachment 342332 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=342332&action=review > > > Source/WebCore/loader/FrameLoader.cpp:-2835 > > - if (origin.isEmpty()) { > > This code was intentionally added and a reason was given in the comment > above. Please read through the comments on > <https://bugs.webkit.org/show_bug.cgi?id=20792> and ensure we are not > breaking anything. Yes, I suspected this was not OK. Still uploaded it without review flag before my lab to see which tests would fail. If this is important behavior, it is sad there is no test coverage for it. I have a proper fix, will upload shortly. Created attachment 342454 [details]
Patch
Comment on attachment 342454 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=342454&action=review > Source/WebCore/loader/FrameLoader.cpp:2839 > + WTFReportBacktrace(); Probably to be removed. (In reply to youenn fablet from comment #12) > Comment on attachment 342454 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=342454&action=review > > > Source/WebCore/loader/FrameLoader.cpp:2839 > > + WTFReportBacktrace(); > > Probably to be removed. LoL XD Created attachment 342461 [details]
Patch
Comment on attachment 342461 [details] Patch Clearing flags on attachment: 342461 Committed r232730: <https://trac.webkit.org/changeset/232730> All reviewed patches have been landed. Closing bug. |