Service Worker should pass the response with the right tainting.
Created attachment 325720 [details] Patch
Comment on attachment 325720 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=325720&action=review > Source/WebCore/ChangeLog:3 > + Do not check for CORS in case response is coming from a service worker Could you please point to the part of the spec that states this is what we should do? > LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:6 > +FAIL: image loading failed This looks bad, no? > LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:7 > +Status is Got response for https://localhost:8443/resources/square100.png, status code is 404 404?
Created attachment 325781 [details] Patch
Created attachment 325782 [details] Patch
> > Source/WebCore/ChangeLog:3 > > + Do not check for CORS in case response is coming from a service worker > > Could you please point to the part of the spec that states this is what we > should do? Added links to the spec. Basically, CORS check is a HTTP thing which does not apply to appcache/service worker. What applies to service worker is tainting. Hence why there is a test for it (we still have to handle fetched tainted responses by sw properly though) > > LayoutTests/http/tests/workers/service/cors-image-fetch.https-expected.txt:6 > > +FAIL: image loading failed > > This looks bad, no? Removed from the patch, it was not supposed to be there.
Comment on attachment 325782 [details] Patch Clearing flags on attachment: 325782 Committed r224369: <https://trac.webkit.org/changeset/224369>
All reviewed patches have been landed. Closing bug.
<rdar://problem/35567391>