Bug 44888

Summary: Local frame loads should check against origin (not referrer))
Product: WebKit Reporter: Justin Schuh <jschuh>
Component: Page LoadingAssignee: Justin Schuh <jschuh>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, japhet
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: OS X 10.5   
Attachments:
Description Flags
Patch
none
Patch japhet: review+, commit-queue: commit-queue-

Justin Schuh
Reported 2010-08-30 12:40:27 PDT
Local frame loads should check against origin (not referrer))
Attachments
Patch (4.44 KB, patch)
2010-08-30 12:48 PDT, Justin Schuh 		no flags
DetailsFormatted DiffDiff
Patch (4.44 KB, patch)
2010-08-30 13:00 PDT, Justin Schuh 		japhet: review+
commit-queue: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Justin Schuh
Comment 1 2010-08-30 12:48:31 PDT
Created attachment 65942 [details] Patch
Justin Schuh
Comment 2 2010-08-30 13:00:36 PDT
Created attachment 65946 [details] Patch Fixed some formatting issues in the layout test.
WebKit Commit Bot
Comment 3 2010-08-30 23:38:28 PDT
Comment on attachment 65946 [details] Patch Rejecting patch 65946 from commit-queue. Failed to run "['WebKitTools/Scripts/run-webkit-tests', '--no-launch-safari', '--exit-after-n-failures=1', '--wait-for-httpd', '--ignore-tests', 'compositing,media', '--quiet']" exit_code: 1 Running build-dumprendertree Compiling Java tests make: Nothing to be done for `default'. Running tests from /Users/eseidel/Projects/CommitQueue/LayoutTests Testing 20871 test cases. fast/loader/recursive-before-unload-crash.html -> failed Exiting early after 1 failures. 14296 tests run. 364.51s total testing time 14295 test cases (99%) succeeded 1 test case (<1%) had incorrect layout 1 test case (<1%) had stderr output Full output: http://queues.webkit.org/results/3881173
Justin Schuh
Comment 4 2010-08-31 10:04:48 PDT
Committed r66496: <http://trac.webkit.org/changeset/66496>
Alexey Proskuryakov
Comment 5 2010-08-31 10:07:58 PDT
Could you please document the reason for this change for posterity? Is this matching other browsers and/or HTML5? Are there known Web pages affected by this problem?
Justin Schuh
Comment 6 2010-08-31 11:47:48 PDT
Sorry for the lack of explanation. I ran into this bug while implementing @srcdoc and testing with local URLs. The problem is that we were blocking local sub-frame loads from a local frame with no referrer. (The layout test demonstrates this by adding a child file: frame to an about:blank frame on a file: URL.) I couldn't find any spec on this case (local URL behavior is grossly under-specified). So, I verified that both Firefox and IE allow the access, and that in all other cases we use the parent document's origin for access checking. Based on that, both Nate and I decided it was a bug. I doubt anyone is hitting this now because it's such an odd corner case. However, it would be hit more often once srcdoc lands.
Note You need to log in before you can comment on or make changes to this bug.