Bug 36854 - REGRESSION (r47291): Body from cross origin preflight response is prepended to the actual response body
Summary: REGRESSION (r47291): Body from cross origin preflight response is prepended t...
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac (Intel) OS X 10.5
: P1 Normal
Assignee: Alexey Proskuryakov
URL: http://jbei-exwebapp.lbl.gov/maschup/...
Keywords: InRadar, Regression
Depends on:
Reported: 2010-03-30 14:42 PDT by Hiren Joshi
Modified: 2010-04-02 12:45 PDT (History)
4 users (show)

See Also:

proposed fix (6.66 KB, patch)
2010-04-01 17:06 PDT, Alexey Proskuryakov
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Hiren Joshi 2010-03-30 14:42:58 PDT
For a pre-flighted request (triggered for example when the X-Requested-With header is set), any data returned by the preflight request is prepended to the actual request data.

In the given url, a cross-domain request is triggered to a simple echo resource. The output for this resource is static, and sets the Access control headers to enable cross-origin requests:

curl -i ''

HTTP/1.1 200 OK
Date: Tue, 30 Mar 2010 21:34:50 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny8 with Suhosin-Patch
Access-control-allow-headers: X-Requested-With
Access-control-max-age: 1728000
Access-control-allow-origin: *
Access-control-allow-methods: *
Vary: Accept-Encoding
Content-Length: 4
Content-Type: text/plain


The output from this echo script is always static, and always returns the Access-Control headers.

When a cross-domain request is triggered from within a recent webkit (i.e. nightly webkit, or Chrome), the responseText contains the body from the preflight request as well as the body from the actual request.

This can be seen at the page given in the URL (http://jbei-exwebapp.lbl.gov/maschup/webkit_xdr_bug.html). 

The HTTP specifications don't seem to say what the user-agent should do with the body of the request. Firefox (3.6.2)  returns only the body from the actual request, and Safari (4.0.5 (5531.22.7) OS X 10.5) also returns only the body from the actual request.
Comment 1 Alexey Proskuryakov 2010-03-30 19:08:27 PDT
Comment 2 Alexey Proskuryakov 2010-04-01 17:06:26 PDT
Created attachment 52356 [details]
proposed fix
Comment 3 Alexey Proskuryakov 2010-04-01 17:26:56 PDT
Committed <http://trac.webkit.org/changeset/56955>.
Comment 5 Alexey Proskuryakov 2010-04-02 12:26:35 PDT
The test has been skipped on Qt: <http://trac.webkit.org/changeset/56998>.
Comment 6 Eric Seidel (no email) 2010-04-02 12:45:36 PDT
Thank you very much for the follow-up Alexey.