RESOLVED FIXED 226678
Move Timing-Allow-Origin checks to the network process 
https://bugs.webkit.org/show_bug.cgi?id=226678
Summary Move Timing-Allow-Origin checks to the network process
Alex Christensen
Reported 2021-06-04 22:44:54 PDT
Move Timing-Allow-Origin checks to the network process
Attachments
Patch (257.98 KB, patch)
2021-06-04 22:51 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (240.16 KB, patch)
2021-06-07 15:06 PDT, Alex Christensen 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (241.79 KB, patch)
2021-06-07 15:15 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (242.50 KB, patch)
2021-06-08 11:20 PDT, Alex Christensen 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (244.66 KB, patch)
2021-06-08 12:38 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (245.55 KB, patch)
2021-06-08 14:43 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (246.72 KB, patch)
2021-06-08 17:57 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (250.63 KB, patch)
2021-06-09 10:18 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (251.38 KB, patch)
2021-06-10 10:27 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (8) View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2021-06-04 22:51:23 PDT
Created attachment 430645 [details] Patch
EWS Watchlist
Comment 2 2021-06-04 22:52:29 PDT
This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess
Alex Christensen
Comment 3 2021-06-07 15:06:47 PDT
Created attachment 430785 [details] Patch
Alex Christensen
Comment 4 2021-06-07 15:15:14 PDT
Created attachment 430787 [details] Patch
Alex Christensen
Comment 5 2021-06-08 11:20:24 PDT
Created attachment 430868 [details] Patch
Alex Christensen
Comment 6 2021-06-08 12:38:32 PDT
Created attachment 430876 [details] Patch
Alex Christensen
Comment 7 2021-06-08 14:43:41 PDT
Created attachment 430893 [details] Patch
Alex Christensen
Comment 8 2021-06-08 17:57:35 PDT
Created attachment 430927 [details] Patch
Alex Christensen
Comment 9 2021-06-09 10:18:26 PDT
Created attachment 430974 [details] Patch
Alex Christensen
Comment 10 2021-06-10 09:29:41 PDT
I need to mark http/wpt/resource-timing/rt-revalidate-requests-2.html as failing on Windows, but otherwise this should be ready for review
Chris Dumez
Comment 11 2021-06-10 09:41:54 PDT
Comment on attachment 430974 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=430974&action=review > Source/WebCore/platform/network/TimingAllowOrigin.cpp:42 > + const String& timingAllowOriginString = response.httpHeaderField(HTTPHeaderName::TimingAllowOrigin); auto& ? > Source/WebCore/platform/network/TimingAllowOrigin.cpp:43 > + const String& securityOrigin = initiatorSecurityOrigin.toString(); ditto. > Source/WebCore/platform/network/TimingAllowOrigin.cpp:44 > + for (auto& originWithSpace : timingAllowOriginString.split(',')) { Wouldn't it be more efficient to iterate over StringView(timingAllowOriginString).split(',') ? > Source/WebCore/platform/network/TimingAllowOrigin.cpp:45 > + auto origin = stripLeadingAndTrailingHTTPSpaces(StringView(originWithSpace)); Since you want StringViews anyway? > Source/WebCore/platform/network/TimingAllowOrigin.h:33 > +WEBCORE_EXPORT bool passesTimingAllowOriginCheck(const ResourceResponse&, const WebCore::SecurityOrigin& initiatorSecurityOrigin); WebCore:: is unnecessary. > Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp:525 > +void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentialsPolicy storedCredentialsPolicy, SecurityOrigin* sourceOrigin, ResourceError& error, ResourceResponse& response, Vector<uint8_t>& data) extra space before StoredCredentialsPolicy > Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp:540 > + RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &client, defersLoading, shouldContentSniff, shouldContentEncodingSniff, sourceOrigin, false)); A comment by the 'false' to clarify what it means or an enum class would be nice > LayoutTests/imported/w3c/web-platform-tests/resource-timing/buffer-full-inspect-buffer-during-callback-expected.txt:2 > +Harness Error (TIMEOUT), message = null Please skip in TestExpectations. > LayoutTests/imported/w3c/web-platform-tests/resource-timing/buffer-full-set-to-current-buffer-expected.txt:2 > +Harness Error (TIMEOUT), message = null Please skip in TestExpectations. > LayoutTests/imported/w3c/web-platform-tests/resource-timing/document-domain-no-impact-opener-expected.txt:2 > +Harness Error (TIMEOUT), message = null Please skip test in TestExpectations to avoid slowing runs.
Alex Christensen
Comment 12 2021-06-10 10:27:33 PDT
Created attachment 431092 [details] Patch
Alex Christensen
Comment 13 2021-06-10 16:30:49 PDT
Marked EWS failing tests as flaky and landed in r278738
Radar WebKit Bug Importer
Comment 14 2021-06-10 16:31:21 PDT
<rdar://problem/79166791>
Anne van Kesteren
Comment 15 2023-05-03 08:10:36 PDT
*** Bug 184627 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.