159351 – Synchronous preflight checker should set loading options to not use credentials

Bug 159351 - Synchronous preflight checker should set loading options to not use credentials

Summary: Synchronous preflight checker should set loading options to not use credentials

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	youenn fablet

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-07-01 07:35 PDT by youenn fablet
Modified:	2016-07-02 10:45 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (2.06 KB, patch) 2016-07-01 07:38 PDT, youenn fablet	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description youenn fablet 2016-07-01 07:35:10 PDT

Currently, synchronous preflight loading options are the same as the request triggering the preflight.

Comment 1 youenn fablet 2016-07-01 07:38:37 PDT

Created attachment 282547 [details]
Patch

Comment 2 youenn fablet 2016-07-01 07:41:37 PDT

(In reply to comment #0)
> Currently, synchronous preflight loading options are the same as the request
> triggering the preflight.

Note that this change should have no real effect as credentials should be disabled when creating the preflight request.
Some layout tests actually check that, like LayoutTests/http/tests/xmlhttprequest/access-control-preflight-credential-sync.html

Comment 3 Alex Christensen 2016-07-01 09:34:51 PDT

Comment on attachment 282547 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=282547&action=review

> Source/WebCore/ChangeLog:8
> +        Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials.

disable

> Source/WebCore/ChangeLog:11
> +        No change of behavior as preflight request is expressly set to not use credentials in
> +        createAccessControlPreflightRequest.

Then why make the change?

Comment 4 youenn fablet 2016-07-01 09:52:07 PDT

(In reply to comment #3)
> Comment on attachment 282547 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=282547&action=review
> 
> > Source/WebCore/ChangeLog:8
> > +        Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials.
> 
> disable
> 
> > Source/WebCore/ChangeLog:11
> > +        No change of behavior as preflight request is expressly set to not use credentials in
> > +        createAccessControlPreflightRequest.
> 
> Then why make the change?

Because the code looks wrong with the spec, is inconsistent with the async path and may be broken more easily.

Comment 5 Alex Christensen 2016-07-01 11:50:07 PDT

Comment on attachment 282547 [details]
Patch

True.

Comment 6 WebKit Commit Bot 2016-07-02 10:45:10 PDT

Comment on attachment 282547 [details]
Patch

Clearing flags on attachment: 282547

Committed r202779: <http://trac.webkit.org/changeset/202779>

Comment 7 WebKit Commit Bot 2016-07-02 10:45:16 PDT

All reviewed patches have been landed.  Closing bug.