Bug 82354

Summary:

AssociatedURLLoader does not support Cross Origin Redirects when using Access Control

Product:

WebKit

Reporter:

Bill Budge <bbudge>

Component:

Platform

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, dpranke, fishd, webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Proposed patch	none
Proposed Patch	none
Proposed Patch	abarth: review+, webkit.review.bot: commit-queue-
Proposed Patch	none

Bill Budge

Reported 2012-03-27 10:23:43 PDT

AssociatedURLLoader should handle CORS requests that redirect. Specifically, it should cancel the load when the redirect fails the CORS check.

Attachments
Proposed patch (3.77 KB, patch) 2012-03-27 10:31 PDT, Bill Budge	no flags	Details Formatted Diff Diff
Proposed Patch (6.33 KB, patch) 2012-03-27 16:37 PDT, Bill Budge	no flags	Details Formatted Diff Diff
Proposed Patch (6.01 KB, patch) 2012-03-28 13:29 PDT, Bill Budge	abarth: review+ webkit.review.bot: commit-queue-	Details Formatted Diff Diff
Proposed Patch (5.63 KB, patch) 2012-03-28 16:34 PDT, Bill Budge	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Bill Budge

Comment 1 2012-03-27 10:31:43 PDT

Created attachment 134096 [details] Proposed patch

Adam Barth

Comment 2 2012-03-27 10:54:33 PDT

Comment on attachment 134096 [details] Proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=134096&action=review > Source/WebKit/chromium/tests/AssociatedURLLoaderTest.cpp:471 > - EXPECT_TRUE(m_willSendRequest); > + // CORS requires that the redirect be transparent. > + EXPECT_FALSE(m_willSendRequest); I'm not sure I understand this comment. This means that willSendRequest isn't called, right?

Bill Budge

Comment 3 2012-03-27 12:30:51 PDT

Yes, that's right. I'll make it clearer. (In reply to comment #2) > (From update of attachment 134096 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=134096&action=review > > > Source/WebKit/chromium/tests/AssociatedURLLoaderTest.cpp:471 > > - EXPECT_TRUE(m_willSendRequest); > > + // CORS requires that the redirect be transparent. > > + EXPECT_FALSE(m_willSendRequest); > > I'm not sure I understand this comment. This means that willSendRequest isn't called, right?

Bill Budge

Comment 4 2012-03-27 16:37:10 PDT

Created attachment 134165 [details] Proposed Patch I worked around the test crash on Mac by not clearing the mocked responses in the test class's TearDown method.

Adam Barth

Comment 5 2012-03-27 16:38:45 PDT

Comment on attachment 134165 [details] Proposed Patch Thanks Bill.

WebKit Review Bot

Comment 6 2012-03-27 17:20:05 PDT

Comment on attachment 134165 [details] Proposed Patch Clearing flags on attachment: 134165 Committed r112339: <http://trac.webkit.org/changeset/112339>

WebKit Review Bot

Comment 7 2012-03-27 17:20:16 PDT

All reviewed patches have been landed. Closing bug.

Dirk Pranke

Comment 8 2012-03-27 17:52:07 PDT

This change seems to have caused crashes in webkit_unit_tests on snow leopard and lion (chromium) http://build.chromium.org/p/chromium.webkit/builders/Webkit%20Mac10.7/builds/2934/steps/webkit_unit_tests/logs/stdio

Dirk Pranke

Comment 9 2012-03-27 17:52:51 PDT

Reverted r112339 for reason: webkit_unit_tests crashing on chromium mac bots Committed r112346: <http://trac.webkit.org/changeset/112346>

Dirk Pranke

Comment 10 2012-03-27 17:53:59 PDT

also linux, it appears ... http://build.chromium.org/p/chromium.webkit/builders/Webkit%20Linux%2032/builds/15415/steps/webkit_unit_tests/logs/stdio

Bill Budge

Comment 11 2012-03-28 10:59:13 PDT

I'll like to re-land this after the fix lands in webkit_support. http://codereview.chromium.org/9874008/

Adam Barth

Comment 12 2012-03-28 11:04:09 PDT

After that patch lands, would you be willing to update http://trac.webkit.org/browser/trunk/Source/WebKit/chromium/DEPS past that revision so that webkit.org builds see the fix as well?

Bill Budge

Comment 13 2012-03-28 12:37:17 PDT

I will update DEPS before resubmitting.

Bill Budge

Comment 14 2012-03-28 13:29:21 PDT

Created attachment 134382 [details] Proposed Patch Fixed WebURLLoaderMockFactory to handle canceled loaders. Bumped DEPS to get fix.

WebKit Review Bot

Comment 15 2012-03-28 16:19:31 PDT

Comment on attachment 134382 [details] Proposed Patch Rejecting attachment 134382 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2 Last 500 characters of output: rce/WebKit/chromium/src/AssociatedURLLoader.cpp patching file Source/WebKit/chromium/tests/AssociatedURLLoaderTest.cpp Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', u'--force', u'--reviewer', u'Adam Barth']" exit_code: 1 cwd: /mnt/git/webkit-commit-queue/ --mac-only' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' ________ running '/usr/bin/python gyp_webkit' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' Updating webkit projects from gyp files... Full output: http://queues.webkit.org/results/12156375

Bill Budge

Comment 16 2012-03-28 16:34:28 PDT

Created attachment 134440 [details] Proposed Patch Refreshed patch. DEPS got rolled by someone else.

WebKit Review Bot

Comment 17 2012-03-28 18:14:23 PDT

Comment on attachment 134440 [details] Proposed Patch Clearing flags on attachment: 134440 Committed r112485: <http://trac.webkit.org/changeset/112485>

WebKit Review Bot

Comment 18 2012-03-28 18:14:28 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.