RESOLVED FIXED 191356
Be strict on request's Content-Type 
https://bugs.webkit.org/show_bug.cgi?id=191356
Summary Be strict on request's Content-Type
Anne van Kesteren
Reported 2018-11-07 03:22:19 PST
See https://github.com/whatwg/fetch/pull/829 for the change to the standard and https://github.com/web-platform-tests/wpt/pull/13921 for tests. It's particularly concerning that WebKit allows spaces around / in MIME types, but the other failures probably also need to be addressed given the previously agreed upon threat model.
Attachments
Patch (2.94 KB, patch)
2019-06-08 04:39 PDT, Rob Buis 		no flags
DetailsFormatted DiffDiff
Patch (178.13 KB, patch)
2019-06-08 07:44 PDT, Rob Buis 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews102 for mac-highsierra (3.09 MB, application/zip)
2019-06-08 08:51 PDT, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews115 for mac-highsierra (2.96 MB, application/zip)
2019-06-08 09:33 PDT, EWS Watchlist 		no flags
Details
Patch (182.83 KB, patch)
2019-06-08 09:46 PDT, Rob Buis 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews100 for mac-highsierra (3.10 MB, application/zip)
2019-06-08 10:53 PDT, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews107 for mac-highsierra-wk2 (2.83 MB, application/zip)
2019-06-08 11:00 PDT, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews114 for mac-highsierra (2.89 MB, application/zip)
2019-06-08 11:30 PDT, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews123 for ios-simulator-wk2 (2.54 MB, application/zip)
2019-06-08 11:41 PDT, EWS Watchlist 		no flags
Details
Patch (195.99 KB, patch)
2019-06-08 12:04 PDT, Rob Buis 		no flags
DetailsFormatted DiffDiff
Patch (196.23 KB, patch)
2019-07-21 07:37 PDT, Rob Buis 		no flags
DetailsFormatted DiffDiff
Patch (179.10 KB, patch)
2019-10-22 01:29 PDT, Rob Buis 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from webkit-cq-01 for mac-highsierra (3.47 MB, application/zip)
2019-10-22 03:53 PDT, WebKit Commit Bot 		no flags
Details
Patch (179.00 KB, patch)
2019-10-22 05:10 PDT, Rob Buis 		no flags
DetailsFormatted DiffDiff
Patch (178.98 KB, patch)
2019-10-23 10:51 PDT, Rob Buis 		no flags
DetailsFormatted DiffDiff
Show Obsolete (7) View All Add attachment proposed patch, testcase, etc.
Anne van Kesteren
Comment 1 2018-11-07 03:25:30 PST
See also bug 188644 btw.
Rob Buis
Comment 2 2019-06-08 04:39:36 PDT
Created attachment 371652 [details] Patch
Rob Buis
Comment 3 2019-06-08 07:44:49 PDT
Created attachment 371653 [details] Patch
EWS Watchlist
Comment 4 2019-06-08 08:51:24 PDT
Comment on attachment 371653 [details] Patch Attachment 371653 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/12418613 New failing tests: imported/w3c/web-platform-tests/cors/client-hint-request-headers.htm imported/w3c/web-platform-tests/cors/late-upload-events.htm
EWS Watchlist
Comment 5 2019-06-08 08:51:25 PDT
Created attachment 371654 [details] Archive of layout-test-results from ews102 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-highsierra Platform: Mac OS X 10.13.6
EWS Watchlist
Comment 6 2019-06-08 09:33:05 PDT
Comment on attachment 371653 [details] Patch Attachment 371653 [details] did not pass mac-debug-ews (mac): Output: https://webkit-queues.webkit.org/results/12418647 New failing tests: imported/w3c/web-platform-tests/cors/basic.htm imported/w3c/web-platform-tests/cors/late-upload-events.htm imported/w3c/web-platform-tests/cors/client-hint-request-headers.htm
EWS Watchlist
Comment 7 2019-06-08 09:33:06 PDT
Created attachment 371655 [details] Archive of layout-test-results from ews115 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-highsierra Platform: Mac OS X 10.13.6
Rob Buis
Comment 8 2019-06-08 09:46:03 PDT
Created attachment 371656 [details] Patch
EWS Watchlist
Comment 9 2019-06-08 10:53:32 PDT
Comment on attachment 371656 [details] Patch Attachment 371656 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/12419174 New failing tests: imported/w3c/web-platform-tests/cors/remote-origin.htm
EWS Watchlist
Comment 10 2019-06-08 10:53:34 PDT
Created attachment 371658 [details] Archive of layout-test-results from ews100 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews100 Port: mac-highsierra Platform: Mac OS X 10.13.6
EWS Watchlist
Comment 11 2019-06-08 11:00:38 PDT
Comment on attachment 371656 [details] Patch Attachment 371656 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/12419184 New failing tests: imported/w3c/web-platform-tests/cors/remote-origin.htm
EWS Watchlist
Comment 12 2019-06-08 11:00:40 PDT
Created attachment 371659 [details] Archive of layout-test-results from ews107 for mac-highsierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6
EWS Watchlist
Comment 13 2019-06-08 11:30:00 PDT
Comment on attachment 371656 [details] Patch Attachment 371656 [details] did not pass mac-debug-ews (mac): Output: https://webkit-queues.webkit.org/results/12419201 New failing tests: imported/w3c/web-platform-tests/cors/remote-origin.htm
EWS Watchlist
Comment 14 2019-06-08 11:30:02 PDT
Created attachment 371660 [details] Archive of layout-test-results from ews114 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews114 Port: mac-highsierra Platform: Mac OS X 10.13.6
EWS Watchlist
Comment 15 2019-06-08 11:41:28 PDT
Comment on attachment 371656 [details] Patch Attachment 371656 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/12419301 New failing tests: imported/w3c/web-platform-tests/cors/remote-origin.htm
EWS Watchlist
Comment 16 2019-06-08 11:41:30 PDT
Created attachment 371661 [details] Archive of layout-test-results from ews123 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews123 Port: ios-simulator-wk2 Platform: Mac OS X 10.14.5
Rob Buis
Comment 17 2019-06-08 12:04:53 PDT
Created attachment 371663 [details] Patch
Rob Buis
Comment 18 2019-07-21 07:37:01 PDT
Created attachment 374569 [details] Patch
Alex Christensen
Comment 19 2019-10-21 13:32:24 PDT
Comment on attachment 374569 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=374569&action=review > Source/WebCore/platform/network/HTTPParsers.cpp:161 > +static bool isCorsUnsafeRequestHeaderByte(const UChar c) This function seems like excessive abstraction. You could just put the values in with containsCORSUnsafeRequestHeaderBytes
Rob Buis
Comment 20 2019-10-22 01:29:16 PDT
Created attachment 381526 [details] Patch
WebKit Commit Bot
Comment 21 2019-10-22 03:53:42 PDT
Comment on attachment 381526 [details] Patch Rejecting attachment 381526 [details] from commit-queue. New failing tests: imported/w3c/web-platform-tests/websockets/bufferedAmount-unchanged-by-sync-xhr.any.worker.html Full output: https://webkit-queues.webkit.org/results/13161760
WebKit Commit Bot
Comment 22 2019-10-22 03:53:44 PDT
Created attachment 381536 [details] Archive of layout-test-results from webkit-cq-01 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the commit-queue. Bot: webkit-cq-01 Port: mac-highsierra Platform: Mac OS X 10.13.6
Rob Buis
Comment 23 2019-10-22 05:10:34 PDT
Created attachment 381538 [details] Patch
Rob Buis
Comment 24 2019-10-23 10:51:18 PDT
Created attachment 381695 [details] Patch
WebKit Commit Bot
Comment 25 2019-10-23 12:41:16 PDT
Comment on attachment 381695 [details] Patch Clearing flags on attachment: 381695 Committed r251490: <https://trac.webkit.org/changeset/251490>
WebKit Commit Bot
Comment 26 2019-10-23 12:41:18 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 27 2019-10-23 12:42:19 PDT
<rdar://problem/56550011>
Note You need to log in before you can comment on or make changes to this bug.