RESOLVED FIXED 179177
Do not check for CORS in case response is coming from a service worker 
https://bugs.webkit.org/show_bug.cgi?id=179177
Summary Do not check for CORS in case response is coming from a service worker
youenn fablet
Reported 2017-11-02 09:09:52 PDT
Service Worker should pass the response with the right tainting.
Attachments
Patch (9.86 KB, patch)
2017-11-02 09:25 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (9.61 KB, patch)
2017-11-02 15:33 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (9.53 KB, patch)
2017-11-02 15:36 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2017-11-02 09:25:40 PDT
Created attachment 325720 [details] Patch
Chris Dumez
Comment 2 2017-11-02 10:36:22 PDT
Comment on attachment 325720 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=325720&action=review > Source/WebCore/ChangeLog:3 > + Do not check for CORS in case response is coming from a service worker Could you please point to the part of the spec that states this is what we should do? > LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:6 > +FAIL: image loading failed This looks bad, no? > LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:7 > +Status is Got response for https://localhost:8443/resources/square100.png, status code is 404 404?
youenn fablet
Comment 3 2017-11-02 15:33:34 PDT
Created attachment 325781 [details] Patch
youenn fablet
Comment 4 2017-11-02 15:36:43 PDT
Created attachment 325782 [details] Patch
youenn fablet
Comment 5 2017-11-02 15:38:52 PDT
> > Source/WebCore/ChangeLog:3 > > + Do not check for CORS in case response is coming from a service worker > > Could you please point to the part of the spec that states this is what we > should do? Added links to the spec. Basically, CORS check is a HTTP thing which does not apply to appcache/service worker. What applies to service worker is tainting. Hence why there is a test for it (we still have to handle fetched tainted responses by sw properly though) > > LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:6 > > +FAIL: image loading failed > > This looks bad, no? Removed from the patch, it was not supposed to be there.
WebKit Commit Bot
Comment 6 2017-11-02 18:36:41 PDT
Comment on attachment 325782 [details] Patch Clearing flags on attachment: 325782 Committed r224369: <https://trac.webkit.org/changeset/224369>
WebKit Commit Bot
Comment 7 2017-11-02 18:36:42 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 8 2017-11-15 12:22:08 PST
<rdar://problem/35567391>
Note You need to log in before you can comment on or make changes to this bug.