Bug 226760

Summary: Origin is null in http requests when baseURL has custom scheme on iOS 15.0
Product: WebKit Reporter: zhuoran1997
Component: PlatformAssignee: Alex Christensen <achristensen>
Status: RESOLVED FIXED    
Severity: Critical CC: achristensen, beidson, cdumez, john.hartmann, niklasmerz, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: iPhone / iPad   
OS: Other   
Bug Depends on: 227560    
Bug Blocks:    
Attachments:
Description Flags
A demo project and results of iOS 14.5 and iOS 15.0
none
Patch
none
Patch
none
Patch ews-feeder: commit-queue-

zhuoran1997
Reported 2021-06-08 01:20:05 PDT
Created attachment 430817 [details] A demo project and results of iOS 14.5 and iOS 15.0 There is a regression in WKWebView on iOS 15.0. When setting the baseURL of the WKWebView to `custom-scheme://` via webView.loadHTMLString(, baseURL:), the Origin in http request header becomes `null` instead of `custom-sheme://` on iOS 15.0. iOS 14.6 doesn't have this issue. I have attached a demo project. You can run it with Xcode 12.5 and Xcode 13.0 to see the difference. After attaching inspector, press the "Request data" button. Then you can see the different Origin value in network request.
Attachments
A demo project and results of iOS 14.5 and iOS 15.0 (130.17 KB, application/zip)
2021-06-08 01:20 PDT, zhuoran1997 		no flags
Details
Patch (6.74 KB, patch)
2021-06-09 21:43 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (6.48 KB, patch)
2021-06-09 23:16 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (6.75 KB, patch)
2021-06-10 08:56 PDT, Alex Christensen 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-06-08 12:22:40 PDT
<rdar://problem/79027280>
Alex Christensen
Comment 2 2021-06-09 21:43:13 PDT
Created attachment 431049 [details] Patch
Chris Dumez
Comment 3 2021-06-09 21:50:23 PDT
Comment on attachment 431049 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=431049&action=review > Source/WebCore/page/SecurityOrigin.h:280 > + origin->m_data = WTFMove(*data); I have read your change log twice and I still don’t understand this change. It looks suspicious to set the securityorigindata (which is protocol / host / port) right after constructing a security origin with those same protocol / host / port.
Chris Dumez
Comment 4 2021-06-09 22:11:45 PDT
Comment on attachment 431049 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=431049&action=review R=me with the change >> Source/WebCore/page/SecurityOrigin.h:280 >> + origin->m_data = WTFMove(*data); > > I have read your change log twice and I still don’t understand this change. It looks suspicious to set the securityorigindata (which is protocol / host / port) right after constructing a security origin with those same protocol / host / port. I looked at the create() function and it looks like it constructs a url from the components, only to then later on extract the components from the URL :( this is a bit unfortunate. I think your change would probably look better if you did: auto origin = adoptRef(*new SecurityOrigin); origin->m_data = WTFMove(*data); It would also be more efficient.
Alex Christensen
Comment 5 2021-06-09 23:16:56 PDT
Created attachment 431051 [details] Patch
Alex Christensen
Comment 6 2021-06-10 08:56:26 PDT
Created attachment 431084 [details] Patch
Alex Christensen
Comment 7 2021-06-10 16:26:12 PDT
r278737
Alex Christensen
Comment 8 2021-06-10 16:26:33 PDT
Thanks for reporting this bug!
Alex Christensen
Comment 9 2021-06-11 17:23:32 PDT
*** Bug 226769 has been marked as a duplicate of this bug. ***
Niklas Merz
Comment 10 2021-07-01 23:35:07 PDT
Looks like the latest Developer Beta 2 (19A5281j) brought this issue back. I got CORS issues (failed preflight request) again. > Failed to load resource: Preflight response is not successful
Note You need to log in before you can comment on or make changes to this bug.