Diff
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (202541 => 202542)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2016-06-28 06:09:05 UTC (rev 202542)
@@ -1,3 +1,12 @@
+2016-06-27 Youenn Fablet <[email protected]>
+
+ Remove didFailAccessControlCheck ThreadableLoaderClient callback
+ https://bugs.webkit.org/show_bug.cgi?id=159149
+
+ Reviewed by Daniel Bates.
+
+ * web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt:
+
2016-06-27 Chris Dumez <[email protected]>
HTMLElement / SVGElement should implement GlobalEventHandlers, not Element
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt (202541 => 202542)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt 2016-06-28 06:09:05 UTC (rev 202542)
@@ -2,5 +2,5 @@
Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py
FAIL CORS request with setRequestHeader auth to URL accepting Authorization header assert_true: responseText should contain the right user and password expected true got false
-FAIL CORS request with setRequestHeader auth to URL NOT accepting Authorization header assert_true: The error event should fire expected true got false
+PASS CORS request with setRequestHeader auth to URL NOT accepting Authorization header
Modified: trunk/Source/WebCore/ChangeLog (202541 => 202542)
--- trunk/Source/WebCore/ChangeLog 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/ChangeLog 2016-06-28 06:09:05 UTC (rev 202542)
@@ -1,3 +1,46 @@
+2016-06-27 Youenn Fablet <[email protected]>
+
+ Remove didFailAccessControlCheck ThreadableLoaderClient callback
+ https://bugs.webkit.org/show_bug.cgi?id=159149
+
+ Reviewed by Daniel Bates.
+
+ Adding an AccessControl ResourceError type.
+ Replacing didFailAccessControlCheck callback by a direct call to didFail with an error of type AccessControl.
+
+ Making CrossOriginPreflightChecker always return an AccessControl error. Previously some errors created below
+ were passed directly to threadable loader clients.
+
+ When doing preflight on unauthorized web sites, WTR/DRT will trigger a cancellation error which was translating into an abort event in XMLHttpRequest.
+ This patch is changing the error type to AccessControl, which translates into an error event in XMLHttpReauest.
+
+ This change of behavior is seen in imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred.htm.
+ No other observable change of behavior should be expected.
+
+ * inspector/InspectorNetworkAgent.cpp: Computing error message in didFail according the error type.
+ * loader/CrossOriginPreflightChecker.cpp:
+ (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Setting preflightFailure error type to AccessControl.
+ (WebCore::CrossOriginPreflightChecker::notifyFinished): Ditto.
+ (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Replacing didFailAccessControlCheck
+ callback by a direct call to didFail with an error of type AccessControl.
+ (WebCore::reportContentSecurityPolicyError): Ditto.
+ (WebCore::reportCrossOriginResourceSharingError): Ditto.
+ (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
+ (WebCore::DocumentThreadableLoader::preflightFailure): Calling didFail directly.
+ * loader/ThreadableLoaderClient.h: Removing didFailAccessControlCheck.
+ * loader/ThreadableLoaderClientWrapper.h: Ditto.
+ * loader/WorkerThreadableLoader.cpp: Ditto.
+ * loader/WorkerThreadableLoader.h: Ditto.
+ * page/EventSource.cpp:
+ (WebCore::EventSource::didFail): Removing didFailAccessControlCheck and putting handling code in didFail.
+ * page/EventSource.h:
+ * platform/network/ResourceErrorBase.cpp:
+ (WebCore::ResourceErrorBase::setType): Softening the assertion to cover the case of migration to AccessControl.
+ * platform/network/ResourceErrorBase.h: Adding AccessControl error type.
+ (WebCore::ResourceErrorBase::isAccessControl):
+
2016-06-27 Chris Dumez <[email protected]>
HTMLElement / SVGElement should implement GlobalEventHandlers, not Element
Modified: trunk/Source/WebCore/inspector/InspectorNetworkAgent.cpp (202541 => 202542)
--- trunk/Source/WebCore/inspector/InspectorNetworkAgent.cpp 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/inspector/InspectorNetworkAgent.cpp 2016-06-28 06:09:05 UTC (rev 202542)
@@ -122,18 +122,12 @@
dispose();
}
- void didFail(const ResourceError&) override
+ void didFail(const ResourceError& error) override
{
- m_callback->sendFailure(ASCIILiteral("Loading resource for inspector failed"));
+ m_callback->sendFailure(error.isAccessControl() ? ASCIILiteral("Loading resource for inspector failed access control check") : ASCIILiteral("Loading resource for inspector failed"));
dispose();
}
- void didFailAccessControlCheck(const ResourceError&) final
- {
- m_callback->sendFailure(ASCIILiteral("Loading resource for inspector failed access control check"));
- dispose();
- }
-
void didFailLoaderCreation()
{
m_callback->sendFailure(ASCIILiteral("Could not create a loader"));
Modified: trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp (202541 => 202542)
--- trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-06-28 06:09:05 UTC (rev 202542)
@@ -64,13 +64,13 @@
InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, frame->loader().documentLoader(), response, 0);
if (!response.isSuccessful()) {
- loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), ASCIILiteral("Preflight response is not successful")));
+ loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), ASCIILiteral("Preflight response is not successful"), ResourceError::Type::AccessControl));
return;
}
String description;
if (!passesAccessControlCheck(response, loader.options().allowCredentials(), loader.securityOrigin(), description)) {
- loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description));
+ loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description, ResourceError::Type::AccessControl));
return;
}
@@ -78,7 +78,7 @@
if (!result->parse(response, description)
|| !result->allowsCrossOriginMethod(request.httpMethod(), description)
|| !result->allowsCrossOriginHeaders(request.httpHeaderFields(), description)) {
- loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description));
+ loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description, ResourceError::Type::AccessControl));
return;
}
@@ -90,7 +90,9 @@
{
ASSERT_UNUSED(resource, resource == m_resource);
if (m_resource->loadFailedOrCanceled()) {
- m_loader.preflightFailure(m_resource->identifier(), m_resource->resourceError());
+ ResourceError preflightError = m_resource->resourceError();
+ preflightError.setType(ResourceError::Type::AccessControl);
+ m_loader.preflightFailure(m_resource->identifier(), preflightError);
return;
}
validatePreflightResponse(m_loader, WTFMove(m_request), m_resource->identifier(), m_resource->response());
@@ -131,6 +133,7 @@
unsigned identifier = loader.document().frame()->loader().loadResourceSynchronously(preflightRequest, loader.options().allowCredentials(), loader.options().clientCredentialPolicy(), error, response, data);
if (!error.isNull() && response.httpStatusCode() <= 0) {
+ error.setType(ResourceError::Type::AccessControl);
loader.preflightFailure(identifier, error);
return;
}
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (202541 => 202542)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-06-28 06:09:05 UTC (rev 202542)
@@ -133,7 +133,7 @@
// Cross-origin requests are only allowed for HTTP and registered schemes. We would catch this when checking response headers later, but there is no reason to send a request that's guaranteed to be denied.
if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) {
- m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, request.url(), "Cross origin requests are only supported for HTTP."));
+ m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, request.url(), "Cross origin requests are only supported for HTTP.", ResourceError::Type::AccessControl));
return;
}
@@ -194,12 +194,12 @@
static inline void reportContentSecurityPolicyError(ThreadableLoaderClient& client, const URL& url)
{
- client.didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Content Security Policy."));
+ client.didFail(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Content Security Policy.", ResourceError::Type::AccessControl));
}
static inline void reportCrossOriginResourceSharingError(ThreadableLoaderClient& client, const URL& url)
{
- client.didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Cross-Origin Resource Sharing policy."));
+ client.didFail(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Cross-Origin Resource Sharing policy.", ResourceError::Type::AccessControl));
}
void DocumentThreadableLoader::redirectReceived(CachedResource* resource, ResourceRequest& request, const ResourceResponse& redirectResponse)
@@ -279,7 +279,7 @@
String accessControlErrorDescription;
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) {
- m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription));
+ m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription, ResourceError::Type::AccessControl));
return;
}
}
@@ -336,12 +336,13 @@
void DocumentThreadableLoader::preflightFailure(unsigned long identifier, const ResourceError& error)
{
+ ASSERT(error.isAccessControl());
m_preflightChecker = Nullopt;
InspectorInstrumentation::didFailLoading(m_document.frame(), m_document.frame()->loader().documentLoader(), identifier, error);
ASSERT(m_client);
- m_client->didFailAccessControlCheck(error);
+ m_client->didFail(error);
}
void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, SecurityCheckPolicy securityCheck)
Modified: trunk/Source/WebCore/loader/ThreadableLoaderClient.h (202541 => 202542)
--- trunk/Source/WebCore/loader/ThreadableLoaderClient.h 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/loader/ThreadableLoaderClient.h 2016-06-28 06:09:05 UTC (rev 202542)
@@ -46,7 +46,6 @@
virtual void didReceiveData(const char*, int /*dataLength*/) { }
virtual void didFinishLoading(unsigned long /*identifier*/, double /*finishTime*/) { }
virtual void didFail(const ResourceError&) { }
- virtual void didFailAccessControlCheck(const ResourceError& error) { didFail(error); }
protected:
ThreadableLoaderClient() { }
Modified: trunk/Source/WebCore/loader/ThreadableLoaderClientWrapper.h (202541 => 202542)
--- trunk/Source/WebCore/loader/ThreadableLoaderClientWrapper.h 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/loader/ThreadableLoaderClientWrapper.h 2016-06-28 06:09:05 UTC (rev 202542)
@@ -88,13 +88,6 @@
m_client->didFail(error);
}
- void didFailAccessControlCheck(const ResourceError& error)
- {
- m_done = true;
- if (m_client)
- m_client->didFailAccessControlCheck(error);
- }
-
void didReceiveAuthenticationCancellation(unsigned long identifier, const ResourceResponse& response)
{
if (m_client)
Modified: trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp (202541 => 202542)
--- trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp 2016-06-28 06:09:05 UTC (rev 202542)
@@ -197,13 +197,4 @@
}, m_taskMode);
}
-void WorkerThreadableLoader::MainThreadBridge::didFailAccessControlCheck(const ResourceError& error)
-{
- m_loadingFinished = true;
- m_loaderProxy.postTaskForModeToWorkerGlobalScope([workerClientWrapper = Ref<ThreadableLoaderClientWrapper>(*m_workerClientWrapper), error = error.isolatedCopy()] (ScriptExecutionContext& context) mutable {
- ASSERT_UNUSED(context, context.isWorkerGlobalScope());
- workerClientWrapper->didFailAccessControlCheck(error);
- }, m_taskMode);
-}
-
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/WorkerThreadableLoader.h (202541 => 202542)
--- trunk/Source/WebCore/loader/WorkerThreadableLoader.h 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/loader/WorkerThreadableLoader.h 2016-06-28 06:09:05 UTC (rev 202542)
@@ -104,7 +104,6 @@
void didReceiveData(const char*, int dataLength) override;
void didFinishLoading(unsigned long identifier, double finishTime) override;
void didFail(const ResourceError&) override;
- void didFailAccessControlCheck(const ResourceError&) override;
// Only to be used on the main thread.
RefPtr<ThreadableLoader> m_mainThreadLoader;
Modified: trunk/Source/WebCore/page/EventSource.cpp (202541 => 202542)
--- trunk/Source/WebCore/page/EventSource.cpp 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/page/EventSource.cpp 2016-06-28 06:09:05 UTC (rev 202542)
@@ -243,6 +243,15 @@
void EventSource::didFail(const ResourceError& error)
{
ASSERT(m_state != CLOSED);
+
+ if (error.isAccessControl()) {
+ String message = makeString("EventSource cannot load ", error.failingURL().string(), ". ", error.localizedDescription());
+ scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, message);
+
+ abortConnectionAttempt();
+ return;
+ }
+
ASSERT(m_requestInFlight);
if (error.isCancellation())
@@ -253,14 +262,6 @@
networkRequestEnded();
}
-void EventSource::didFailAccessControlCheck(const ResourceError& error)
-{
- String message = makeString("EventSource cannot load ", error.failingURL().string(), ". ", error.localizedDescription());
- scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, message);
-
- abortConnectionAttempt();
-}
-
void EventSource::abortConnectionAttempt()
{
ASSERT(m_state == CONNECTING);
Modified: trunk/Source/WebCore/page/EventSource.h (202541 => 202542)
--- trunk/Source/WebCore/page/EventSource.h 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/page/EventSource.h 2016-06-28 06:09:05 UTC (rev 202542)
@@ -81,7 +81,6 @@
void didReceiveData(const char*, int) final;
void didFinishLoading(unsigned long, double) final;
void didFail(const ResourceError&) final;
- void didFailAccessControlCheck(const ResourceError&) final;
void stop() final;
const char* activeDOMObjectName() const final;
Modified: trunk/Source/WebCore/platform/network/ResourceErrorBase.cpp (202541 => 202542)
--- trunk/Source/WebCore/platform/network/ResourceErrorBase.cpp 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/platform/network/ResourceErrorBase.cpp 2016-06-28 06:09:05 UTC (rev 202542)
@@ -59,7 +59,8 @@
void ResourceErrorBase::setType(Type type)
{
- ASSERT(m_type == Type::General || m_type == Type::Null);
+ // setType should only be used to specialize the error type.
+ ASSERT(m_type == Type::General || m_type == Type::Null || (m_type == Type::Cancellation && type == Type::AccessControl));
m_type = type;
}
Modified: trunk/Source/WebCore/platform/network/ResourceErrorBase.h (202541 => 202542)
--- trunk/Source/WebCore/platform/network/ResourceErrorBase.h 2016-06-28 06:07:58 UTC (rev 202541)
+++ trunk/Source/WebCore/platform/network/ResourceErrorBase.h 2016-06-28 06:09:05 UTC (rev 202542)
@@ -47,11 +47,13 @@
enum class Type {
Null,
General,
+ AccessControl,
Cancellation,
Timeout
};
bool isNull() const { return m_type == Type::Null; }
+ bool isAccessControl() const { return m_type == Type::AccessControl; }
bool isCancellation() const { return m_type == Type::Cancellation; }
bool isTimeout() const { return m_type == Type::Timeout; }
