Service Worker should pass the response with the right tainting.
Created attachment 325720 [details]
Comment on attachment 325720 [details]
View in context: https://bugs.webkit.org/attachment.cgi?id=325720&action=review
> + Do not check for CORS in case response is coming from a service worker
Could you please point to the part of the spec that states this is what we should do?
> +FAIL: image loading failed
This looks bad, no?
> +Status is Got response for https://localhost:8443/resources/square100.png, status code is 404
Created attachment 325781 [details]
Created attachment 325782 [details]
> > Source/WebCore/ChangeLog:3
> > + Do not check for CORS in case response is coming from a service worker
> Could you please point to the part of the spec that states this is what we
> should do?
Added links to the spec.
Basically, CORS check is a HTTP thing which does not apply to appcache/service worker.
What applies to service worker is tainting.
Hence why there is a test for it (we still have to handle fetched tainted responses by sw properly though)
> > LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:6
> > +FAIL: image loading failed
> This looks bad, no?
Removed from the patch, it was not supposed to be there.
Comment on attachment 325782 [details]
Clearing flags on attachment: 325782
Committed r224369: <https://trac.webkit.org/changeset/224369>
All reviewed patches have been landed. Closing bug.