[webkit-changes] [WebKit/WebKit] 63145f: Safari reuses Authorization header on second call ...

Wed, 16 Nov 2022 00:55:38 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 63145fa91bb8fb40c7103b9971d7292b6a3e0517
      
https://github.com/WebKit/WebKit/commit/63145fa91bb8fb40c7103b9971d7292b6a3e0517
  Author: Youenn Fablet <youe...@gmail.com>
  Date:   2022-11-16 (Wed, 16 Nov 2022)

  Changed paths:
    A 
LayoutTests/http/wpt/fetch/fetch-permanent-redirect-same-origin-authorization-expected.txt
    A 
LayoutTests/http/wpt/fetch/fetch-permanent-redirect-same-origin-authorization.html
    A LayoutTests/http/wpt/fetch/resources/dump-authorization-header.py
    A LayoutTests/http/wpt/fetch/resources/redirect301.py
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
    M Source/WebKit/NetworkProcess/cache/NetworkCache.cpp
    M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm

  Log Message:
  -----------
  Safari reuses Authorization header on second call to 301 redirects even if 
the header value changed when replaying the request
https://bugs.webkit.org/show_bug.cgi?id=247418
rdar://problem/101935060

Reviewed by Chris Dumez.

In case of serving a redirection from HTTP cache, we cannot reuse the 
Authorization header of the past redirect request.
Instead, we should reuse the latest request Authorization header.

To do this, we remove Authorization header from stored redirected requests in 
network cache.
This handles the case of a cached redirection stored with authorization and 
reused without authorization.

We also move the NetworkDataTaskCocoa code used to reuse the original request 
Authorization header to NetworkResourceLoader,
so that it handles both the cache code path as well as the regular network code 
path.

* 
LayoutTests/http/wpt/fetch/fetch-permanent-redirect-same-origin-authorization-expected.txt:
 Added.
* 
LayoutTests/http/wpt/fetch/fetch-permanent-redirect-same-origin-authorization.html:
 Added.
* LayoutTests/http/wpt/fetch/resources/dump-authorization-header.py: Added.
(main):
* LayoutTests/http/wpt/fetch/resources/redirect301.py: Added.
(main):
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::willSendRedirectedRequestInternal):
* Source/WebKit/NetworkProcess/cache/NetworkCache.cpp:
(WebKit::NetworkCache::Cache::makeRedirectEntry):
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):

Canonical link: https://commits.webkit.org/256726@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to