RESOLVED FIXED 159351
Synchronous preflight checker should set loading options to not use credentials 
https://bugs.webkit.org/show_bug.cgi?id=159351
Summary Synchronous preflight checker should set loading options to not use credentials
youenn fablet
Reported 2016-07-01 07:35:10 PDT
Currently, synchronous preflight loading options are the same as the request triggering the preflight.
Attachments
Patch (2.06 KB, patch)
2016-07-01 07:38 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2016-07-01 07:38:37 PDT
Created attachment 282547 [details] Patch
youenn fablet
Comment 2 2016-07-01 07:41:37 PDT
(In reply to comment #0) > Currently, synchronous preflight loading options are the same as the request > triggering the preflight. Note that this change should have no real effect as credentials should be disabled when creating the preflight request. Some layout tests actually check that, like LayoutTests/http/tests/xmlhttprequest/access-control-preflight-credential-sync.html
Alex Christensen
Comment 3 2016-07-01 09:34:51 PDT
Comment on attachment 282547 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=282547&action=review > Source/WebCore/ChangeLog:8 > + Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials. disable > Source/WebCore/ChangeLog:11 > + No change of behavior as preflight request is expressly set to not use credentials in > + createAccessControlPreflightRequest. Then why make the change?
youenn fablet
Comment 4 2016-07-01 09:52:07 PDT
(In reply to comment #3) > Comment on attachment 282547 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=282547&action=review > > > Source/WebCore/ChangeLog:8 > > + Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials. > > disable > > > Source/WebCore/ChangeLog:11 > > + No change of behavior as preflight request is expressly set to not use credentials in > > + createAccessControlPreflightRequest. > > Then why make the change? Because the code looks wrong with the spec, is inconsistent with the async path and may be broken more easily.
Alex Christensen
Comment 5 2016-07-01 11:50:07 PDT
Comment on attachment 282547 [details] Patch True.
WebKit Commit Bot
Comment 6 2016-07-02 10:45:10 PDT
Comment on attachment 282547 [details] Patch Clearing flags on attachment: 282547 Committed r202779: <http://trac.webkit.org/changeset/202779>
WebKit Commit Bot
Comment 7 2016-07-02 10:45:16 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.