Bug 181693 - REGRESSION (r222795): Cardiogram never signs in
Summary: REGRESSION (r222795): Cardiogram never signs in
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: iPhone / iPad iOS 11
: P2 Normal
Assignee: Daniel Bates
Keywords: InRadar, Regression
Depends on:
Reported: 2018-01-16 11:22 PST by Daniel Bates
Modified: 2018-01-17 11:09 PST (History)
8 users (show)

See Also:

Patch and layout test (13.98 KB, patch)
2018-01-16 13:36 PST, Daniel Bates
rniwa: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2018-01-16 11:22:49 PST
Following the fix for bug #177824, <https://trac.webkit.org/changeset/r222795/>, WebKit disallows all documents from setting arbitrary XHR headers and this broke Cardiogram on iOS. Prior to bug #177824 documents that could load local resources (e.g. file URLs) were allowed to set arbitrary XHR headers. Cardiogram depends on this privilege to set the XHR header Cookie, a forbidden header per the XHR spec [1]. We should add a compatibility fix for Cardiogram to avoid app breakage and allow the developers of Cardiogram time to update their app.

[1] <https://fetch.spec.whatwg.org/#forbidden-header-name> (13 January 2018)
Comment 1 Daniel Bates 2018-01-16 11:23:22 PST
Comment 2 Daniel Bates 2018-01-16 13:36:58 PST
Created attachment 331425 [details]
Patch and layout test
Comment 3 Ryosuke Niwa 2018-01-16 20:32:31 PST
Comment on attachment 331425 [details]
Patch and layout test

View in context: https://bugs.webkit.org/attachment.cgi?id=331425&action=review

> Source/WebCore/ChangeLog:3143
> -2018-01-08  Zalan Bujtas  <zalan@apple.com>
> +2018-01-16  Daniel Bates  <dabates@apple.com>

Please fix the change log.
Comment 4 Daniel Bates 2018-01-17 11:09:31 PST
Committed r227075: <https://trac.webkit.org/changeset/227075>