Diff
Modified: trunk/Source/WebCore/ChangeLog (235616 => 235617)
--- trunk/Source/WebCore/ChangeLog 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/ChangeLog 2018-09-04 17:11:03 UTC (rev 235617)
@@ -1,5 +1,46 @@
2018-09-04 Daniel Bates <daba...@apple.com>
+ Add helper function to create a potential CORS request
+ https://bugs.webkit.org/show_bug.cgi?id=189251
+
+ Reviewed by Andy Estes.
+
+ Add a new function, createPotentialAccessControlRequest, that we will use to implement the algorithm Create a potential-
+ CORS request from the HTML standard: <https://html.spec.whatwg.org/multipage/urls-and-fetching.html#create-a-potential-cors-request> (31 August 2018).
+ This function replaces CachedResourceRequest::setAsPotentiallyCrossOrigin() and is the first step towards separating
+ the concepts of CORS settings states and module script credentials mode as well as implementing the aforementioned
+ algorithm. Rename CachedResourceRequest::setAsPotentiallyCrossOrigin() to deprecatedSetAsPotentiallyCrossOrigin()
+ and switch existing callers to use createPotentialAccessControlRequest(). For now, createPotentialAccessControlRequest()
+ is implemented in terms of deprecatedSetAsPotentiallyCrossOrigin().
+
+ No functionality changed. So, no new tests.
+
+ * bindings/js/CachedScriptFetcher.cpp:
+ (WebCore::CachedScriptFetcher::requestScriptWithCache const): Write in terms of WebCore::createPotentialAccessControlRequest().
+ * html/HTMLLinkElement.cpp:
+ (WebCore::HTMLLinkElement::process): Ditto.
+ * html/parser/HTMLResourcePreloader.cpp:
+ (WebCore::PreloadRequest::resourceRequest): Ditto.
+ * loader/CrossOriginAccessControl.cpp:
+ (WebCore::createPotentialAccessControlRequest): For now, implemented in terms of CachedResourceRequest::deprecatedSetAsPotentiallyCrossOrigin().
+ * loader/CrossOriginAccessControl.h:
+ * loader/ImageLoader.cpp:
+ (WebCore::ImageLoader::updateFromElement): Write in terms of WebCore::createPotentialAccessControlRequest().
+ * loader/LinkLoader.cpp:
+ (WebCore::LinkLoader::preloadIfNeeded): Ditto.
+ * loader/MediaResourceLoader.cpp:
+ (WebCore::MediaResourceLoader::requestResource): Ditto. Also renamed local variable cacheRequest to cachedRequest.
+ * loader/TextTrackLoader.cpp:
+ (WebCore::TextTrackLoader::load): Write in terms of WebCore::createPotentialAccessControlRequest(). Also change local variable
+ document from a pointer to a reference since this function asserts that the script execution context is a non-null Document.
+ * loader/cache/CachedResourceRequest.cpp:
+ (WebCore::CachedResourceRequest::deprecatedSetAsPotentiallyCrossOrigin): Renamed; formerly named setAsPotentiallyCrossOrigin.
+ (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin): Deleted.
+ * loader/cache/CachedResourceRequest.h:
+ (WebCore::CachedResourceRequest::setPriority): Added.
+
+2018-09-04 Daniel Bates <daba...@apple.com>
+
Remove redundant inline text boxes for empty combined text
https://bugs.webkit.org/show_bug.cgi?id=189119
Modified: trunk/Source/WebCore/bindings/js/CachedScriptFetcher.cpp (235616 => 235617)
--- trunk/Source/WebCore/bindings/js/CachedScriptFetcher.cpp 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/bindings/js/CachedScriptFetcher.cpp 2018-09-04 17:11:03 UTC (rev 235617)
@@ -29,6 +29,7 @@
#include "CachedResourceLoader.h"
#include "CachedScript.h"
#include "ContentSecurityPolicy.h"
+#include "CrossOriginAccessControl.h"
#include "Document.h"
#include "Settings.h"
@@ -56,14 +57,11 @@
options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
options.integrity = WTFMove(integrity);
- CachedResourceRequest request(ResourceRequest(sourceURL), options);
- request.setAsPotentiallyCrossOrigin(crossOriginMode, document);
+ auto request = createPotentialAccessControlRequest(sourceURL, document, crossOriginMode, WTFMove(options));
request.upgradeInsecureRequestIfNeeded(document);
-
request.setCharset(m_charset);
if (!m_initiatorName.isNull())
request.setInitiator(m_initiatorName);
-
return document.cachedResourceLoader().requestScript(WTFMove(request)).value_or(nullptr);
}
Modified: trunk/Source/WebCore/html/HTMLLinkElement.cpp (235616 => 235617)
--- trunk/Source/WebCore/html/HTMLLinkElement.cpp 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/html/HTMLLinkElement.cpp 2018-09-04 17:11:03 UTC (rev 235617)
@@ -31,6 +31,7 @@
#include "CachedResourceLoader.h"
#include "CachedResourceRequest.h"
#include "ContentSecurityPolicy.h"
+#include "CrossOriginAccessControl.h"
#include "DOMTokenList.h"
#include "Document.h"
#include "Event.h"
@@ -314,9 +315,11 @@
if (document().contentSecurityPolicy()->allowStyleWithNonce(attributeWithoutSynchronization(HTMLNames::nonceAttr)))
options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck;
options.integrity = m_integrityMetadataForPendingSheetRequest;
- CachedResourceRequest request(url, options, priority, WTFMove(charset));
+
+ auto request = createPotentialAccessControlRequest(WTFMove(url), document(), crossOrigin(), WTFMove(options));
+ request.setPriority(WTFMove(priority));
+ request.setCharset(WTFMove(charset));
request.setInitiator(*this);
- request.setAsPotentiallyCrossOrigin(crossOrigin(), document());
ASSERT_WITH_SECURITY_IMPLICATION(!m_cachedSheet);
m_cachedSheet = document().cachedResourceLoader().requestCSSStyleSheet(WTFMove(request)).value_or(nullptr);
Modified: trunk/Source/WebCore/html/parser/HTMLResourcePreloader.cpp (235616 => 235617)
--- trunk/Source/WebCore/html/parser/HTMLResourcePreloader.cpp 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/html/parser/HTMLResourcePreloader.cpp 2018-09-04 17:11:03 UTC (rev 235617)
@@ -27,6 +27,7 @@
#include "HTMLResourcePreloader.h"
#include "CachedResourceLoader.h"
+#include "CrossOriginAccessControl.h"
#include "Document.h"
#include "MediaQueryEvaluator.h"
@@ -53,14 +54,13 @@
if (skipContentSecurityPolicyCheck)
options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck;
- CachedResourceRequest request { completeURL(document), options };
- request.setInitiator(m_initiator);
String crossOriginMode = m_crossOriginMode;
if (m_moduleScript == ModuleScript::Yes) {
if (crossOriginMode.isNull())
crossOriginMode = "omit"_s;
}
- request.setAsPotentiallyCrossOrigin(crossOriginMode, document);
+ auto request = createPotentialAccessControlRequest(completeURL(document), document, crossOriginMode, WTFMove(options));
+ request.setInitiator(m_initiator);
return request;
}
Modified: trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp (235616 => 235617)
--- trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp 2018-09-04 17:11:03 UTC (rev 235617)
@@ -27,6 +27,7 @@
#include "config.h"
#include "CrossOriginAccessControl.h"
+#include "CachedResourceRequest.h"
#include "CrossOriginPreflightResultCache.h"
#include "HTTPHeaderNames.h"
#include "HTTPParsers.h"
@@ -117,6 +118,15 @@
return preflightRequest;
}
+CachedResourceRequest createPotentialAccessControlRequest(ResourceRequest&& request, Document& document, const String& crossOriginAttribute, ResourceLoaderOptions&& options)
+{
+ // FIXME: This does not match the algorithm "create a potential-CORS request":
+ // <https://html.spec.whatwg.org/multipage/urls-and-fetching.html#create-a-potential-cors-request> (31 August 2018).
+ auto cachedRequest = CachedResourceRequest { WTFMove(request), WTFMove(options) };
+ cachedRequest.deprecatedSetAsPotentiallyCrossOrigin(crossOriginAttribute, document);
+ return cachedRequest;
+}
+
bool isValidCrossOriginRedirectionURL(const URL& redirectURL)
{
return SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(redirectURL.protocol().toStringWithoutCopying())
Modified: trunk/Source/WebCore/loader/CrossOriginAccessControl.h (235616 => 235617)
--- trunk/Source/WebCore/loader/CrossOriginAccessControl.h 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/loader/CrossOriginAccessControl.h 2018-09-04 17:11:03 UTC (rev 235617)
@@ -33,6 +33,8 @@
namespace WebCore {
+class CachedResourceRequest;
+class Document;
class HTTPHeaderMap;
class ResourceError;
class ResourceRequest;
@@ -40,6 +42,8 @@
class SecurityOrigin;
class URL;
+struct ResourceLoaderOptions;
+
WEBCORE_EXPORT bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap&);
bool isOnAccessControlSimpleRequestMethodWhitelist(const String&);
@@ -46,7 +50,9 @@
void updateRequestReferrer(ResourceRequest&, ReferrerPolicy, const String&);
WEBCORE_EXPORT void updateRequestForAccessControl(ResourceRequest&, SecurityOrigin&, StoredCredentialsPolicy);
+
WEBCORE_EXPORT ResourceRequest createAccessControlPreflightRequest(const ResourceRequest&, SecurityOrigin&, const String&);
+CachedResourceRequest createPotentialAccessControlRequest(ResourceRequest&&, Document&, const String& crossOriginAttribute, ResourceLoaderOptions&&);
bool isValidCrossOriginRedirectionURL(const URL&);
Modified: trunk/Source/WebCore/loader/ImageLoader.cpp (235616 => 235617)
--- trunk/Source/WebCore/loader/ImageLoader.cpp 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/loader/ImageLoader.cpp 2018-09-04 17:11:03 UTC (rev 235617)
@@ -178,11 +178,10 @@
options.contentSecurityPolicyImposition = element().isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
- CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))), options);
+ auto crossOriginAttribute = element().attributeWithoutSynchronization(HTMLNames::crossoriginAttr);
+ auto request = createPotentialAccessControlRequest(document.completeURL(sourceURI(attr)), document, crossOriginAttribute, WTFMove(options));
request.setInitiator(element());
- request.setAsPotentiallyCrossOrigin(element().attributeWithoutSynchronization(HTMLNames::crossoriginAttr), document);
-
if (m_loadManually) {
bool autoLoadOtherImages = document.cachedResourceLoader().autoLoadImages();
document.cachedResourceLoader().setAutoLoadImages(false);
Modified: trunk/Source/WebCore/loader/LinkLoader.cpp (235616 => 235617)
--- trunk/Source/WebCore/loader/LinkLoader.cpp 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/loader/LinkLoader.cpp 2018-09-04 17:11:03 UTC (rev 235617)
@@ -246,12 +246,13 @@
if (!isSupportedType(type.value(), mimeType))
return nullptr;
- CachedResourceRequest linkRequest(document.completeURL(href), CachedResourceLoader::defaultCachedResourceOptions(), CachedResource::defaultPriorityForResourceType(type.value()));
+ auto options = CachedResourceLoader::defaultCachedResourceOptions();
+ auto linkRequest = createPotentialAccessControlRequest(document.completeURL(href), document, crossOriginMode, WTFMove(options));
+ linkRequest.setPriority(CachedResource::defaultPriorityForResourceType(type.value()));
linkRequest.setInitiator("link");
linkRequest.setIgnoreForRequestCount(true);
linkRequest.setIsLinkPreload();
- linkRequest.setAsPotentiallyCrossOrigin(crossOriginMode, document);
auto cachedLinkResource = document.cachedResourceLoader().preload(type.value(), WTFMove(linkRequest)).value_or(nullptr);
if (cachedLinkResource && cachedLinkResource->type() != *type)
Modified: trunk/Source/WebCore/loader/MediaResourceLoader.cpp (235616 => 235617)
--- trunk/Source/WebCore/loader/MediaResourceLoader.cpp 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/loader/MediaResourceLoader.cpp 2018-09-04 17:11:03 UTC (rev 235617)
@@ -90,12 +90,11 @@
DefersLoadingPolicy::AllowDefersLoading,
cachingPolicy };
loaderOptions.destination = m_mediaElement && !m_mediaElement->isVideo() ? FetchOptions::Destination::Audio : FetchOptions::Destination::Video;
- CachedResourceRequest cacheRequest { WTFMove(request), WTFMove(loaderOptions) };
- cacheRequest.setAsPotentiallyCrossOrigin(m_crossOriginMode, *m_document);
+ auto cachedRequest = createPotentialAccessControlRequest(WTFMove(request), *m_document, m_crossOriginMode, WTFMove(loaderOptions));
if (m_mediaElement)
- cacheRequest.setInitiator(*m_mediaElement.get());
+ cachedRequest.setInitiator(*m_mediaElement.get());
- auto resource = m_document->cachedResourceLoader().requestMedia(WTFMove(cacheRequest)).value_or(nullptr);
+ auto resource = m_document->cachedResourceLoader().requestMedia(WTFMove(cachedRequest)).value_or(nullptr);
if (!resource)
return nullptr;
Modified: trunk/Source/WebCore/loader/TextTrackLoader.cpp (235616 => 235617)
--- trunk/Source/WebCore/loader/TextTrackLoader.cpp 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/loader/TextTrackLoader.cpp 2018-09-04 17:11:03 UTC (rev 235617)
@@ -147,20 +147,16 @@
cancelLoad();
ASSERT(is<Document>(m_scriptExecutionContext));
- Document* document = downcast<Document>(m_scriptExecutionContext);
+ Document& document = downcast<Document>(*m_scriptExecutionContext);
ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
options.contentSecurityPolicyImposition = isInitiatingElementInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
- CachedResourceRequest cueRequest(ResourceRequest(document->completeURL(url)), options);
- cueRequest.setAsPotentiallyCrossOrigin(crossOriginMode, *document);
-
- m_resource = document->cachedResourceLoader().requestTextTrack(WTFMove(cueRequest)).value_or(nullptr);
+ auto cueRequest = createPotentialAccessControlRequest(document.completeURL(url), document, crossOriginMode, WTFMove(options));
+ m_resource = document.cachedResourceLoader().requestTextTrack(WTFMove(cueRequest)).value_or(nullptr);
if (!m_resource)
return false;
-
m_resource->addClient(*this);
-
return true;
}
Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp (235616 => 235617)
--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2018-09-04 17:11:03 UTC (rev 235617)
@@ -85,7 +85,7 @@
return defaultName;
}
-void CachedResourceRequest::setAsPotentiallyCrossOrigin(const String& mode, Document& document)
+void CachedResourceRequest::deprecatedSetAsPotentiallyCrossOrigin(const String& mode, Document& document)
{
ASSERT(m_options.mode == FetchOptions::Mode::NoCors);
Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.h (235616 => 235617)
--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.h 2018-09-04 17:06:52 UTC (rev 235616)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.h 2018-09-04 17:11:03 UTC (rev 235617)
@@ -55,14 +55,20 @@
ResourceRequest&& releaseResourceRequest() { return WTFMove(m_resourceRequest); }
const ResourceRequest& resourceRequest() const { return m_resourceRequest; }
ResourceRequest& resourceRequest() { return m_resourceRequest; }
+
const String& charset() const { return m_charset; }
void setCharset(const String& charset) { m_charset = charset; }
+
const ResourceLoaderOptions& options() const { return m_options; }
void setOptions(const ResourceLoaderOptions& options) { m_options = options; }
+
const std::optional<ResourceLoadPriority>& priority() const { return m_priority; }
+ void setPriority(std::optional<ResourceLoadPriority>&& priority) { m_priority = WTFMove(priority); }
+
void setInitiator(Element&);
void setInitiator(const AtomicString& name);
const AtomicString& initiatorName() const;
+
bool allowsCaching() const { return m_options.cachingPolicy == CachingPolicy::AllowCaching; }
void setCachingPolicy(CachingPolicy policy) { m_options.cachingPolicy = policy; }
@@ -72,7 +78,8 @@
void setDestinationIfNotSet(FetchOptions::Destination);
- void setAsPotentiallyCrossOrigin(const String&, Document&);
+ void deprecatedSetAsPotentiallyCrossOrigin(const String&, Document&); // Use WebCore::createPotentialAccessControlRequest() instead.
+
void updateForAccessControl(Document&);
void updateReferrerPolicy(ReferrerPolicy);