CachedResourceLoader is forbidding data URL loads in SameOrigin mode currently.
Created attachment 287510 [details] Patch
Comment on attachment 287510 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287510&action=review > Source/WebCore/loader/cache/CachedResourceLoader.cpp:388 > +static inline bool isSameOriginDataURL(const URL& url, const ResourceLoaderOptions& options, bool didReceiveRedirectResponse) > +{ > + return !didReceiveRedirectResponse && url.protocolIsData() && options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set; > +} I don't understand why !didReceiveRedirectResponse is here.
(In reply to comment #2) > Comment on attachment 287510 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=287510&action=review > > > Source/WebCore/loader/cache/CachedResourceLoader.cpp:388 > > +static inline bool isSameOriginDataURL(const URL& url, const ResourceLoaderOptions& options, bool didReceiveRedirectResponse) > > +{ > > + return !didReceiveRedirectResponse && url.protocolIsData() && options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set; > > +} > > I don't understand why !didReceiveRedirectResponse is here. Step 7 of https://fetch.spec.whatwg.org/#http-redirect-fetch stipulates that same-origin url flag is unset after a redirection. Basically, data-url after redirection is only allowed in no-cors mode, and will lead to opaque responses. I haven't searched for the rationale of this decision, this seems like an edge case. Also, there is no real interop here: as shown by the new tests, chrome, firefox and webkit have all different behaviours for data urls after redirections.
Comment on attachment 287510 [details] Patch Clearing flags on attachment: 287510 Committed r205265: <http://trac.webkit.org/changeset/205265>
All reviewed patches have been landed. Closing bug.