Bug 179177 - Do not check for CORS in case response is coming from a service worker
Summary: Do not check for CORS in case response is coming from a service worker
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: youenn fablet
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-11-02 09:09 PDT by youenn fablet
Modified: 2017-11-15 12:22 PST (History)
8 users (show)

See Also:


Attachments
Patch (9.86 KB, patch)
2017-11-02 09:25 PDT, youenn fablet
no flags Details | Formatted Diff | Diff
Patch (9.61 KB, patch)
2017-11-02 15:33 PDT, youenn fablet
no flags Details | Formatted Diff | Diff
Patch (9.53 KB, patch)
2017-11-02 15:36 PDT, youenn fablet
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description youenn fablet 2017-11-02 09:09:52 PDT
Service Worker should pass the response with the right tainting.
Comment 1 youenn fablet 2017-11-02 09:25:40 PDT
Created attachment 325720 [details]
Patch
Comment 2 Chris Dumez 2017-11-02 10:36:22 PDT
Comment on attachment 325720 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=325720&action=review

> Source/WebCore/ChangeLog:3
> +        Do not check for CORS in case response is coming from a service worker

Could you please point to the part of the spec that states this is what we should do?

> LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:6
> +FAIL: image loading failed

This looks bad, no?

> LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:7
> +Status is Got response for https://localhost:8443/resources/square100.png, status code is 404

404?
Comment 3 youenn fablet 2017-11-02 15:33:34 PDT
Created attachment 325781 [details]
Patch
Comment 4 youenn fablet 2017-11-02 15:36:43 PDT
Created attachment 325782 [details]
Patch
Comment 5 youenn fablet 2017-11-02 15:38:52 PDT
> > Source/WebCore/ChangeLog:3
> > +        Do not check for CORS in case response is coming from a service worker
> 
> Could you please point to the part of the spec that states this is what we
> should do?

Added links to the spec.
Basically, CORS check is a HTTP thing which does not apply to appcache/service worker.
What applies to service worker is tainting.
Hence why there is a test for it (we still have to handle fetched tainted responses by sw properly though)

> > LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:6
> > +FAIL: image loading failed
> 
> This looks bad, no?

Removed from the patch, it was not supposed to be there.
Comment 6 WebKit Commit Bot 2017-11-02 18:36:41 PDT
Comment on attachment 325782 [details]
Patch

Clearing flags on attachment: 325782

Committed r224369: <https://trac.webkit.org/changeset/224369>
Comment 7 WebKit Commit Bot 2017-11-02 18:36:42 PDT
All reviewed patches have been landed.  Closing bug.
Comment 8 Radar WebKit Bug Importer 2017-11-15 12:22:08 PST
<rdar://problem/35567391>