Partition CrossOriginPreflightResultCache by SessionID
Created attachment 431172 [details] Patch
Created attachment 431179 [details] Patch
Comment on attachment 431179 [details] Patch Can we get an API test for this one? Something like: - load a page with a sessionID, trigger a preflight and verify server has received a preflight. - load another page in same pool but with a different sessionID, trigger the same prefllight and verify again the server has received the preflight. View in context: https://bugs.webkit.org/attachment.cgi?id=431179&action=review > Source/WebCore/loader/CrossOriginAccessControl.cpp:260 > +Expected<void, String> validatePreflightResponse(const PAL::SessionID& sessionID, const ResourceRequest& request, const ResourceResponse& response, StoredCredentialsPolicy storedCredentialsPolicy, const SecurityOrigin& securityOrigin, const CrossOriginAccessControlCheckDisabler* checkDisabler) s/const PAL::SessionID&/PAL::SessionID > Source/WebCore/loader/CrossOriginAccessControl.h:85 > +WEBCORE_EXPORT Expected<void, String> validatePreflightResponse(const PAL::SessionID&, const ResourceRequest&, const ResourceResponse&, StoredCredentialsPolicy, const SecurityOrigin&, const CrossOriginAccessControlCheckDisabler*); Ditto here and below I guess.
That's a good idea for a test. Will do. const PAL::SessionID& is used so we can only forward declare SessionID.
Created attachment 431210 [details] Patch
Committed r278800 (238757@main): <https://commits.webkit.org/238757@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 431210 [details].
<rdar://problem/79223523>
Comment on attachment 431210 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=431210&action=review > Source/WebCore/loader/CrossOriginAccessControl.h:85 > +WEBCORE_EXPORT Expected<void, String> validatePreflightResponse(const PAL::SessionID&, const ResourceRequest&, const ResourceResponse&, StoredCredentialsPolicy, const SecurityOrigin&, const CrossOriginAccessControlCheckDisabler*); Since a SessionID is just a single 64-bit integer, I suggest we pass it by value, not const&.
(In reply to Darin Adler from comment #8) > Comment on attachment 431210 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=431210&action=review > > > Source/WebCore/loader/CrossOriginAccessControl.h:85 > > +WEBCORE_EXPORT Expected<void, String> validatePreflightResponse(const PAL::SessionID&, const ResourceRequest&, const ResourceResponse&, StoredCredentialsPolicy, const SecurityOrigin&, const CrossOriginAccessControlCheckDisabler*); > > Since a SessionID is just a single 64-bit integer, I suggest we pass it by > value, not const&. I'm doing this in bug 226983