[webkit-changes] [209510] trunk

[wilander]

Title: [209510] trunk

Revision

209510

Author

wilan...@apple.com

Date

2016-12-07 18:08:28 -0800 (Wed, 07 Dec 2016)

Log Message

Allow commas in Accept, Accept-Language, and Content-Language request headers for simple CORS
https://bugs.webkit.org/show_bug.cgi?id=165566
<rdar://problem/29560983>

Reviewed by Alex Christensen.

Source/WebCore:

Updated the existing tests.

* platform/network/HTTPParsers.cpp:
(WebCore::isValidAcceptHeaderValue):
    Now also accepts ','.
(WebCore::isValidLanguageHeaderValue):
    Ditto.

LayoutTests:

* http/tests/xmlhttprequest/cors-non-standard-safelisted-headers-should-trigger-preflight.html:
    Added ',' to the tests as well as two examples from
    two sites where we found a regression.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/http/tests/xmlhttprequest/cors-non-standard-safelisted-headers-should-trigger-preflight.html
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/platform/network/HTTPParsers.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (209509 => 209510)

--- trunk/LayoutTests/ChangeLog	2016-12-08 02:01:30 UTC (rev 209509)
+++ trunk/LayoutTests/ChangeLog	2016-12-08 02:08:28 UTC (rev 209510)
@@ -1,3 +1,15 @@
+2016-12-07  John Wilander  <wilan...@apple.com>
+
+        Allow commas in Accept, Accept-Language, and Content-Language request headers for simple CORS
+        https://bugs.webkit.org/show_bug.cgi?id=165566
+        <rdar://problem/29560983>
+
+        Reviewed by Alex Christensen.
+
+        * http/tests/xmlhttprequest/cors-non-standard-safelisted-headers-should-trigger-preflight.html:
+            Added ',' to the tests as well as two examples from
+            two sites where we found a regression.
+
 2016-12-07  Dave Hyatt  <hy...@apple.com>
 
         [CSS Parser] Stop skipping tests in the css3 LayoutTests subdirectory

Modified: trunk/LayoutTests/http/tests/xmlhttprequest/cors-non-standard-safelisted-headers-should-trigger-preflight.html (209509 => 209510)

--- trunk/LayoutTests/http/tests/xmlhttprequest/cors-non-standard-safelisted-headers-should-trigger-preflight.html	2016-12-08 02:01:30 UTC (rev 209509)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/cors-non-standard-safelisted-headers-should-trigger-preflight.html	2016-12-08 02:08:28 UTC (rev 209510)
@@ -34,12 +34,12 @@
     }
 
     var abnormalSimpleCorsHeaderValue = "() { :;};"
-    var allAllowedNonAlphanumericCharactersForAcceptHeader = " *./;="
-    var allAllowedNonAlphanumericCharactersForAcceptAndContentLanguageHeader = " *-.;="
+    var allAllowedNonAlphanumericCharactersForAcceptHeader = " *,./;="
+    var allAllowedNonAlphanumericCharactersForAcceptAndContentLanguageHeader = " *,-.;="
     var testCases = [
         // Positive test cases with normal headers
         {
-            headersToAdd: [{ name : "Accept", value: "text/*" }],
+            headersToAdd: [{ name : "Accept", value: "application/json,text/*,*/*" }],
             explicitlyAllowHeaders: false,
             shouldCausePreflight: false,
             description: "Accept header with normal value SHOULD NOT cause a preflight"
@@ -51,7 +51,7 @@
             description: "Accept header value with all allowed non-alphanumeric characters SHOULD NOT cause a preflight"
         }
         ,{
-            headersToAdd: [{ name : "Accept-Language", value: "en" }],
+            headersToAdd: [{ name : "Accept-Language", value: "en-US,en;q=0.8" }],
             explicitlyAllowHeaders: false,
             shouldCausePreflight: false,
             description: "Accept-Language header with normal value SHOULD NOT cause a preflight"

Modified: trunk/Source/WebCore/ChangeLog (209509 => 209510)

--- trunk/Source/WebCore/ChangeLog	2016-12-08 02:01:30 UTC (rev 209509)
+++ trunk/Source/WebCore/ChangeLog	2016-12-08 02:08:28 UTC (rev 209510)
@@ -1,3 +1,19 @@
+2016-12-07  John Wilander  <wilan...@apple.com>
+
+        Allow commas in Accept, Accept-Language, and Content-Language request headers for simple CORS
+        https://bugs.webkit.org/show_bug.cgi?id=165566
+        <rdar://problem/29560983>
+
+        Reviewed by Alex Christensen.
+
+        Updated the existing tests.
+
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::isValidAcceptHeaderValue):
+            Now also accepts ','.
+        (WebCore::isValidLanguageHeaderValue):
+            Ditto.
+
 2016-12-07  Dave Hyatt  <hy...@apple.com>
 
         [CSS Parser] Stop skipping tests in the css3 LayoutTests subdirectory

Modified: trunk/Source/WebCore/platform/network/HTTPParsers.cpp (209509 => 209510)

--- trunk/Source/WebCore/platform/network/HTTPParsers.cpp	2016-12-08 02:01:30 UTC (rev 209509)
+++ trunk/Source/WebCore/platform/network/HTTPParsers.cpp	2016-12-08 02:08:28 UTC (rev 209510)
@@ -132,7 +132,7 @@
 {
     for (unsigned i = 0; i < value.length(); ++i) {
         UChar c = value[i];
-        if (isASCIIAlphanumeric(c) || c == ' ' || c == '*' || c == '.' || c == '/' || c == ';' || c == '=')
+        if (isASCIIAlphanumeric(c) || c == ' ' || c == '*' || c == ',' || c == '.' || c == '/' || c == ';' || c == '=')
             continue;
         return false;
     }
@@ -145,7 +145,7 @@
 {
     for (unsigned i = 0; i < value.length(); ++i) {
         UChar c = value[i];
-        if (isASCIIAlphanumeric(c) || c == ' ' || c == '*' || c == '-' || c == '.' || c == ';' || c == '=')
+        if (isASCIIAlphanumeric(c) || c == ' ' || c == '*' || c == ',' || c == '-' || c == '.' || c == ';' || c == '=')
             continue;
         return false;
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes