RESOLVED FIXED 157370
CORS check is sometimes incorrectly failing for media loads 
https://bugs.webkit.org/show_bug.cgi?id=157370
Summary CORS check is sometimes incorrectly failing for media loads
Chris Dumez
Reported 2016-05-04 21:45:41 PDT
CORS check is sometimes incorrectly failing for media loads. This happens when our media library issues a conditional request and when the sever responds with a "304 Not Modified" response which does not have the "Access-Control-Allow-Origin: *" header. Apache for example does not provide such header for 304 responses.
Attachments
WIP Patch (2.89 KB, patch)
2016-05-04 21:48 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (9.47 KB, patch)
2016-05-05 15:07 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-05-04 21:46:18 PDT
<rdar://problem/26071607>
Chris Dumez
Comment 2 2016-05-04 21:48:21 PDT
Created attachment 278156 [details] WIP Patch
Alex Christensen
Comment 3 2016-05-05 10:30:11 PDT
Comment on attachment 278156 [details] WIP Patch View in context: https://bugs.webkit.org/attachment.cgi?id=278156&action=review > Source/WebCore/loader/MediaResourceLoader.cpp:73 > + if (updatedRequest.isConditional() && corsPolicy == PotentiallyCrossOriginEnabled) { We shouldn't need to check if a request is conditional. Just make it unconditional, which won't do anything if it is not conditional. This will reduce iterating. We also don't need to make a new ResourceRequest for non-cors requests.
Chris Dumez
Comment 4 2016-05-05 10:32:22 PDT
Comment on attachment 278156 [details] WIP Patch View in context: https://bugs.webkit.org/attachment.cgi?id=278156&action=review >> Source/WebCore/loader/MediaResourceLoader.cpp:73 >> + if (updatedRequest.isConditional() && corsPolicy == PotentiallyCrossOriginEnabled) { > > We shouldn't need to check if a request is conditional. Just make it unconditional, which won't do anything if it is not conditional. This will reduce iterating. > We also don't need to make a new ResourceRequest for non-cors requests. Yes, I thought about calling makeUnconditional() directly as well. I have it done locally already. It is true we do not have to copy the request in the non-CORS case, it is just easier to write this way.
Chris Dumez
Comment 5 2016-05-05 15:07:06 PDT
Created attachment 278193 [details] Patch
WebKit Commit Bot
Comment 6 2016-05-05 16:26:28 PDT
Comment on attachment 278193 [details] Patch Clearing flags on attachment: 278193 Committed r200493: <http://trac.webkit.org/changeset/200493>
WebKit Commit Bot
Comment 7 2016-05-05 16:26:36 PDT
All reviewed patches have been landed. Closing bug.
Michael Catanzaro
Comment 8 2016-06-19 17:47:41 PDT
This test is timing out for GTK, see bug #158921.
Note You need to log in before you can comment on or make changes to this bug.