RESOLVED FIXED Bug 231174
CORS: Allow particular Range header values without a preflight 
https://bugs.webkit.org/show_bug.cgi?id=231174
Summary CORS: Allow particular Range header values without a preflight
Jake Archibald
Reported 2021-10-04 09:10:15 PDT
Spec discussion: https://github.com/whatwg/fetch/issues/1310 Spec PR: https://github.com/whatwg/fetch/pull/1312 Tests PR: https://github.com/web-platform-tests/wpt/pull/31058 `Range` was added as a safe-listed header as long as the value is in a particular format, which aligns with formats the browser uses when requesting media and resuming downloads.
Attachments
Patch (10.30 KB, patch)
2022-04-04 01:14 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-10-11 09:11:19 PDT
<rdar://problem/84101544>
jon.ronnenberg
Comment 2 2022-04-03 15:21:51 PDT
CORS-safelisted request-header: https://fetch.spec.whatwg.org/#cors-safelisted-request-header Allowed particular Range header values (simple range header value): https://fetch.spec.whatwg.org/#simple-range-header-value Examples: Range:bytes=0-255 Range:bytes=255-
youenn fablet
Comment 3 2022-04-04 01:14:35 PDT
Created attachment 456547 [details] Patch
EWS Watchlist
Comment 4 2022-04-04 01:16:02 PDT
This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess
youenn fablet
Comment 5 2022-04-04 01:21:09 PDT
Submitted web-platform-tests pull request: https://github.com/web-platform-tests/wpt/pull/33488
Alex Christensen
Comment 6 2022-04-04 09:33:05 PDT
Comment on attachment 456547 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=456547&action=review > LayoutTests/imported/w3c/web-platform-tests/fetch/range/general.any.js:129 > + 'bytes=00000000000000000000000000000000000000000000000000000000011-00000000000000000000000000000000000000000000000000000000000111', This isn't 128 bytes. Let's add such a test.
youenn fablet
Comment 7 2022-04-04 09:43:32 PDT
Comment on attachment 456547 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=456547&action=review >> LayoutTests/imported/w3c/web-platform-tests/fetch/range/general.any.js:129 >> + 'bytes=00000000000000000000000000000000000000000000000000000000011-00000000000000000000000000000000000000000000000000000000000111', > > This isn't 128 bytes. Let's add such a test. I think this is 128 bytes, the other one above should be 129 and fail.
EWS
Comment 8 2022-04-04 10:08:34 PDT
Committed r292293 (249191@main): <https://commits.webkit.org/249191@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 456547 [details].
Note You need to log in before you can comment on or make changes to this bug.