Bug 191356 - Be strict on request's Content-Type
Summary: Be strict on request's Content-Type
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Rob Buis
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-11-07 03:22 PST by Anne van Kesteren
Modified: 2019-10-23 12:42 PDT (History)
7 users (show)

See Also:

Attachments
Patch (2.94 KB, patch)
2019-06-08 04:39 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Patch (178.13 KB, patch)
2019-06-08 07:44 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews102 for mac-highsierra (3.09 MB, application/zip)
2019-06-08 08:51 PDT, EWS Watchlist 		no flags Details
Archive of layout-test-results from ews115 for mac-highsierra (2.96 MB, application/zip)
2019-06-08 09:33 PDT, EWS Watchlist 		no flags Details
Patch (182.83 KB, patch)
2019-06-08 09:46 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews100 for mac-highsierra (3.10 MB, application/zip)
2019-06-08 10:53 PDT, EWS Watchlist 		no flags Details
Archive of layout-test-results from ews107 for mac-highsierra-wk2 (2.83 MB, application/zip)
2019-06-08 11:00 PDT, EWS Watchlist 		no flags Details
Archive of layout-test-results from ews114 for mac-highsierra (2.89 MB, application/zip)
2019-06-08 11:30 PDT, EWS Watchlist 		no flags Details
Archive of layout-test-results from ews123 for ios-simulator-wk2 (2.54 MB, application/zip)
2019-06-08 11:41 PDT, EWS Watchlist 		no flags Details
Patch (195.99 KB, patch)
2019-06-08 12:04 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Patch (196.23 KB, patch)
2019-07-21 07:37 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Patch (179.10 KB, patch)
2019-10-22 01:29 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from webkit-cq-01 for mac-highsierra (3.47 MB, application/zip)
2019-10-22 03:53 PDT, WebKit Commit Bot 		no flags Details
Patch (179.00 KB, patch)
2019-10-22 05:10 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Patch (178.98 KB, patch)
2019-10-23 10:51 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Show Obsolete (7) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anne van Kesteren 2018-11-07 03:22:19 PST 
See https://github.com/whatwg/fetch/pull/829 for the change to the standard and https://github.com/web-platform-tests/wpt/pull/13921 for tests. It's particularly concerning that WebKit allows spaces around / in MIME types, but the other failures probably also need to be addressed given the previously agreed upon threat model.
Comment 1 Anne van Kesteren 2018-11-07 03:25:30 PST 
See also bug 188644 btw.
Comment 2 Rob Buis 2019-06-08 04:39:36 PDT 
Created attachment 371652 [details]
Patch
Comment 3 Rob Buis 2019-06-08 07:44:49 PDT 
Created attachment 371653 [details]
Patch
Comment 4 EWS Watchlist 2019-06-08 08:51:24 PDT 
Comment on attachment 371653 [details]
Patch

Attachment 371653 [details] did not pass mac-ews (mac):
Output: https://webkit-queues.webkit.org/results/12418613

New failing tests:
imported/w3c/web-platform-tests/cors/client-hint-request-headers.htm
imported/w3c/web-platform-tests/cors/late-upload-events.htm
Comment 5 EWS Watchlist 2019-06-08 08:51:25 PDT 
Created attachment 371654 [details]
Archive of layout-test-results from ews102 for mac-highsierra

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews102  Port: mac-highsierra  Platform: Mac OS X 10.13.6
Comment 6 EWS Watchlist 2019-06-08 09:33:05 PDT 
Comment on attachment 371653 [details]
Patch

Attachment 371653 [details] did not pass mac-debug-ews (mac):
Output: https://webkit-queues.webkit.org/results/12418647

New failing tests:
imported/w3c/web-platform-tests/cors/basic.htm
imported/w3c/web-platform-tests/cors/late-upload-events.htm
imported/w3c/web-platform-tests/cors/client-hint-request-headers.htm
Comment 7 EWS Watchlist 2019-06-08 09:33:06 PDT 
Created attachment 371655 [details]
Archive of layout-test-results from ews115 for mac-highsierra

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews115  Port: mac-highsierra  Platform: Mac OS X 10.13.6
Comment 8 Rob Buis 2019-06-08 09:46:03 PDT 
Created attachment 371656 [details]
Patch
Comment 9 EWS Watchlist 2019-06-08 10:53:32 PDT 
Comment on attachment 371656 [details]
Patch

Attachment 371656 [details] did not pass mac-ews (mac):
Output: https://webkit-queues.webkit.org/results/12419174

New failing tests:
imported/w3c/web-platform-tests/cors/remote-origin.htm
Comment 10 EWS Watchlist 2019-06-08 10:53:34 PDT 
Created attachment 371658 [details]
Archive of layout-test-results from ews100 for mac-highsierra

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews100  Port: mac-highsierra  Platform: Mac OS X 10.13.6
Comment 11 EWS Watchlist 2019-06-08 11:00:38 PDT 
Comment on attachment 371656 [details]
Patch

Attachment 371656 [details] did not pass mac-wk2-ews (mac-wk2):
Output: https://webkit-queues.webkit.org/results/12419184

New failing tests:
imported/w3c/web-platform-tests/cors/remote-origin.htm
Comment 12 EWS Watchlist 2019-06-08 11:00:40 PDT 
Created attachment 371659 [details]
Archive of layout-test-results from ews107 for mac-highsierra-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews107  Port: mac-highsierra-wk2  Platform: Mac OS X 10.13.6
Comment 13 EWS Watchlist 2019-06-08 11:30:00 PDT 
Comment on attachment 371656 [details]
Patch

Attachment 371656 [details] did not pass mac-debug-ews (mac):
Output: https://webkit-queues.webkit.org/results/12419201

New failing tests:
imported/w3c/web-platform-tests/cors/remote-origin.htm
Comment 14 EWS Watchlist 2019-06-08 11:30:02 PDT 
Created attachment 371660 [details]
Archive of layout-test-results from ews114 for mac-highsierra

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews114  Port: mac-highsierra  Platform: Mac OS X 10.13.6
Comment 15 EWS Watchlist 2019-06-08 11:41:28 PDT 
Comment on attachment 371656 [details]
Patch

Attachment 371656 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: https://webkit-queues.webkit.org/results/12419301

New failing tests:
imported/w3c/web-platform-tests/cors/remote-origin.htm
Comment 16 EWS Watchlist 2019-06-08 11:41:30 PDT 
Created attachment 371661 [details]
Archive of layout-test-results from ews123 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews123  Port: ios-simulator-wk2  Platform: Mac OS X 10.14.5
Comment 17 Rob Buis 2019-06-08 12:04:53 PDT 
Created attachment 371663 [details]
Patch
Comment 18 Rob Buis 2019-07-21 07:37:01 PDT 
Created attachment 374569 [details]
Patch
Comment 19 Alex Christensen 2019-10-21 13:32:24 PDT 
Comment on attachment 374569 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=374569&action=review

> Source/WebCore/platform/network/HTTPParsers.cpp:161
> +static bool isCorsUnsafeRequestHeaderByte(const UChar c)

This function seems like excessive abstraction.  You could just put the values in with containsCORSUnsafeRequestHeaderBytes
Comment 20 Rob Buis 2019-10-22 01:29:16 PDT 
Created attachment 381526 [details]
Patch
Comment 21 WebKit Commit Bot 2019-10-22 03:53:42 PDT 
Comment on attachment 381526 [details]
Patch

Rejecting attachment 381526 [details] from commit-queue.

New failing tests:
imported/w3c/web-platform-tests/websockets/bufferedAmount-unchanged-by-sync-xhr.any.worker.html
Full output: https://webkit-queues.webkit.org/results/13161760
Comment 22 WebKit Commit Bot 2019-10-22 03:53:44 PDT 
Created attachment 381536 [details]
Archive of layout-test-results from webkit-cq-01 for mac-highsierra

The attached test failures were seen while running run-webkit-tests on the commit-queue.
Bot: webkit-cq-01  Port: mac-highsierra  Platform: Mac OS X 10.13.6
Comment 23 Rob Buis 2019-10-22 05:10:34 PDT 
Created attachment 381538 [details]
Patch
Comment 24 Rob Buis 2019-10-23 10:51:18 PDT 
Created attachment 381695 [details]
Patch
Comment 25 WebKit Commit Bot 2019-10-23 12:41:16 PDT 
Comment on attachment 381695 [details]
Patch

Clearing flags on attachment: 381695

Committed r251490: <https://trac.webkit.org/changeset/251490>
Comment 26 WebKit Commit Bot 2019-10-23 12:41:18 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 27 Radar WebKit Bug Importer 2019-10-23 12:42:19 PDT 
<rdar://problem/56550011>