RESOLVED FIXED 226910
Partition CrossOriginPreflightResultCache by SessionID 
https://bugs.webkit.org/show_bug.cgi?id=226910
Summary Partition CrossOriginPreflightResultCache by SessionID
Alex Christensen
Reported 2021-06-10 20:13:40 PDT
Partition CrossOriginPreflightResultCache by SessionID
Attachments
Patch (13.89 KB, patch)
2021-06-10 20:14 PDT, Alex Christensen 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (13.90 KB, patch)
2021-06-10 21:30 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (17.59 KB, patch)
2021-06-11 10:55 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2021-06-10 20:14:32 PDT
Created attachment 431172 [details] Patch
Alex Christensen
Comment 2 2021-06-10 21:30:38 PDT
Created attachment 431179 [details] Patch
youenn fablet
Comment 3 2021-06-10 23:43:17 PDT
Comment on attachment 431179 [details] Patch Can we get an API test for this one? Something like: - load a page with a sessionID, trigger a preflight and verify server has received a preflight. - load another page in same pool but with a different sessionID, trigger the same prefllight and verify again the server has received the preflight. View in context: https://bugs.webkit.org/attachment.cgi?id=431179&action=review > Source/WebCore/loader/CrossOriginAccessControl.cpp:260 > +Expected<void, String> validatePreflightResponse(const PAL::SessionID& sessionID, const ResourceRequest& request, const ResourceResponse& response, StoredCredentialsPolicy storedCredentialsPolicy, const SecurityOrigin& securityOrigin, const CrossOriginAccessControlCheckDisabler* checkDisabler) s/const PAL::SessionID&/PAL::SessionID > Source/WebCore/loader/CrossOriginAccessControl.h:85 > +WEBCORE_EXPORT Expected<void, String> validatePreflightResponse(const PAL::SessionID&, const ResourceRequest&, const ResourceResponse&, StoredCredentialsPolicy, const SecurityOrigin&, const CrossOriginAccessControlCheckDisabler*); Ditto here and below I guess.
Alex Christensen
Comment 4 2021-06-11 09:16:29 PDT
That's a good idea for a test. Will do. const PAL::SessionID& is used so we can only forward declare SessionID.
Alex Christensen
Comment 5 2021-06-11 10:55:46 PDT
Created attachment 431210 [details] Patch
EWS
Comment 6 2021-06-11 17:06:28 PDT
Committed r278800 (238757@main): <https://commits.webkit.org/238757@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 431210 [details].
Radar WebKit Bug Importer
Comment 7 2021-06-11 17:07:22 PDT
<rdar://problem/79223523>
Darin Adler
Comment 8 2021-06-13 12:21:45 PDT
Comment on attachment 431210 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=431210&action=review > Source/WebCore/loader/CrossOriginAccessControl.h:85 > +WEBCORE_EXPORT Expected<void, String> validatePreflightResponse(const PAL::SessionID&, const ResourceRequest&, const ResourceResponse&, StoredCredentialsPolicy, const SecurityOrigin&, const CrossOriginAccessControlCheckDisabler*); Since a SessionID is just a single 64-bit integer, I suggest we pass it by value, not const&.
Alex Christensen
Comment 9 2021-06-14 12:38:15 PDT
(In reply to Darin Adler from comment #8) > Comment on attachment 431210 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=431210&action=review > > > Source/WebCore/loader/CrossOriginAccessControl.h:85 > > +WEBCORE_EXPORT Expected<void, String> validatePreflightResponse(const PAL::SessionID&, const ResourceRequest&, const ResourceResponse&, StoredCredentialsPolicy, const SecurityOrigin&, const CrossOriginAccessControlCheckDisabler*); > > Since a SessionID is just a single 64-bit integer, I suggest we pass it by > value, not const&. I'm doing this in bug 226983
Note You need to log in before you can comment on or make changes to this bug.