Diff
Modified: trunk/LayoutTests/ChangeLog (225590 => 225591)
--- trunk/LayoutTests/ChangeLog 2017-12-06 20:42:29 UTC (rev 225590)
+++ trunk/LayoutTests/ChangeLog 2017-12-06 20:51:59 UTC (rev 225591)
@@ -1,3 +1,18 @@
+2017-12-06 Youenn Fablet <you...@apple.com>
+
+ Preflight should bypass service worker
+ https://bugs.webkit.org/show_bug.cgi?id=180463
+
+ Reviewed by Alex Christensen.
+
+ * http/tests/workers/service/resources/service-worker-crossorigin-fetch.js: Removed.
+ * http/tests/workers/service/resources/service-worker-crossorigin-fetch-worker.js:
+ (event.event.request.url.endsWith):
+ * http/tests/workers/service/resources/service-worker-crossorigin-fetch.js:
+ (async.test):
+ * http/tests/workers/service/service-worker-crossorigin-fetch-expected.txt:
+ * http/tests/workers/service/service-worker-crossorigin-fetch.html:
+
2017-12-06 Ryan Haddad <ryanhad...@apple.com>
Update TestExpectations for http/tests/workers/service/registration-task-queue-scheduling-1.html.
Modified: trunk/LayoutTests/http/tests/workers/service/resources/service-worker-crossorigin-fetch-worker.js (225590 => 225591)
--- trunk/LayoutTests/http/tests/workers/service/resources/service-worker-crossorigin-fetch-worker.js 2017-12-06 20:42:29 UTC (rev 225590)
+++ trunk/LayoutTests/http/tests/workers/service/resources/service-worker-crossorigin-fetch-worker.js 2017-12-06 20:51:59 UTC (rev 225591)
@@ -1,5 +1,13 @@
var status = "no status";
self.addEventListener("fetch", (event) => {
+ if (event.request.method == "OPTIONS") {
+ event.respondWith(new Response("OK", {status: 200, headers : {
+ "Access-Control-Allow-Headers" : "custom",
+ "Access-Control-Allow-Origin" : "*"
+ }}));
+ return;
+ }
+
if (event.request.url.indexOf("status") !== -1) {
event.respondWith(new Response(null, {status: 200, statusText: status}));
return;
@@ -9,6 +17,11 @@
event.respondWith(new Response(null, {status: 404, statusText: "Not Found"}));
return;
}
+ if (event.request.url.endsWith(".error.fromserviceworker")) {
+ state = "error";
+ event.respondWith(Response.error());
+ return;
+ }
// Changing cors fetch into same origin fetch.
status = event.request.url.substring(21, event.request.url.length - 18) + " through " + "fetch";
event.respondWith(fetch(event.request.url.substring(21, event.request.url.length - 18)));
Deleted: trunk/LayoutTests/http/tests/workers/service/resources/service-worker-crossorigin-fetch.js (225590 => 225591)
--- trunk/LayoutTests/http/tests/workers/service/resources/service-worker-crossorigin-fetch.js 2017-12-06 20:42:29 UTC (rev 225590)
+++ trunk/LayoutTests/http/tests/workers/service/resources/service-worker-crossorigin-fetch.js 2017-12-06 20:51:59 UTC (rev 225591)
@@ -1,26 +0,0 @@
-async function test()
-{
- try {
- // Triggering potential prefligh through custom header.
- try {
- var response = await fetch("http://localhost:8080/resources/square100.png.fromserviceworker", {headers: {"custom": "header"}});
- log("Failed: fetch suceeded unexpectedly");
- } catch(e) {
- log("PASS: Fetch failed as expected with: " + e);
- }
-
- var frame = await interceptedFrame("resources/service-worker-crossorigin-fetch-worker.js", "/");
-
- var response = await frame.contentWindow.fetch("http://localhost:8080/resources/square100.png.fromserviceworker", {headers: {"custom": "header"}});
- var buffer = await response.arrayBuffer();
- log("PASS: Got response with buffer byte length being " + buffer.byteLength);
-
- response = await frame.contentWindow.fetch("status");
- log("Status is " + response.statusText);
- } catch(e) {
- log("Got exception: " + e);
- }
- finishSWTest();
-}
-
-test();
Modified: trunk/LayoutTests/http/tests/workers/service/service-worker-crossorigin-fetch-expected.txt (225590 => 225591)
--- trunk/LayoutTests/http/tests/workers/service/service-worker-crossorigin-fetch-expected.txt 2017-12-06 20:42:29 UTC (rev 225590)
+++ trunk/LayoutTests/http/tests/workers/service/service-worker-crossorigin-fetch-expected.txt 2017-12-06 20:51:59 UTC (rev 225591)
@@ -1,5 +1,8 @@
CONSOLE MESSAGE: Fetch API cannot load http://localhost:8080/resources/square100.png.fromserviceworker. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-PASS: Fetch failed as expected with: TypeError: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-PASS: Got response with buffer byte length being 12940
-Status is /resources/square100.png through fetch
+
+PASS Testing unintercepted fetch with preflight, fetch should fail
+PASS Registering service worker and controlled frame
+PASS Testing intercepted fetch with preflight, fetch should succeed
+PASS Testing intercepted fetch with preflight, fetch should fail
+
Modified: trunk/LayoutTests/http/tests/workers/service/service-worker-crossorigin-fetch.html (225590 => 225591)
--- trunk/LayoutTests/http/tests/workers/service/service-worker-crossorigin-fetch.html 2017-12-06 20:42:29 UTC (rev 225590)
+++ trunk/LayoutTests/http/tests/workers/service/service-worker-crossorigin-fetch.html 2017-12-06 20:51:59 UTC (rev 225591)
@@ -1,8 +1,34 @@
<html>
<head>
<script src=""
+<script src=""
+<script src=""
</head>
<body>
-<script src=""
+<script>
+promise_test(test => {
+ // Triggering potential preflight through custom header.
+ var fetchPromise = fetch("http://localhost:8080/resources/square100.png.fromserviceworker", { headers: {"custom": "header"}});
+ return promise_rejects(test, new TypeError(), fetchPromise);
+}, "Testing unintercepted fetch with preflight, fetch should fail");
+
+var frame;
+promise_test(async test => {
+ frame = await interceptedFrame("resources/service-worker-crossorigin-fetch-worker.js", "/");
+}, "Registering service worker and controlled frame");
+
+promise_test(async test => {
+ // Triggering potential preflight through custom header.
+ var response = await frame.contentWindow.fetch("http://localhost:8080/resources/square100.png.fromserviceworker", { headers: {"custom": "header"}});
+ var buffer = await response.arrayBuffer();
+ assert_true(buffer.byteLength > 0);
+}, "Testing intercepted fetch with preflight, fetch should succeed");
+
+promise_test(test => {
+ // Triggering potential preflight through custom header.
+ var fetchPromise = frame.contentWindow.fetch("http://localhost:8080/resources/square100.png.error.fromserviceworker", { headers: {"custom": "header"}});
+ return promise_rejects(test, new TypeError(), fetchPromise);
+}, "Testing intercepted fetch with preflight, fetch should fail");
+</script>
</body>
</html>
Modified: trunk/Source/WebCore/ChangeLog (225590 => 225591)
--- trunk/Source/WebCore/ChangeLog 2017-12-06 20:42:29 UTC (rev 225590)
+++ trunk/Source/WebCore/ChangeLog 2017-12-06 20:51:59 UTC (rev 225591)
@@ -1,3 +1,17 @@
+2017-12-06 Youenn Fablet <you...@apple.com>
+
+ Preflight should bypass service worker
+ https://bugs.webkit.org/show_bug.cgi?id=180463
+
+ Reviewed by Alex Christensen.
+
+ Covered by updated test.
+
+ * loader/CrossOriginPreflightChecker.cpp:
+ (WebCore::CrossOriginPreflightChecker::startPreflight): Ensure service worker is not used.
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::didFail): Tighten check and clear resource proactively to not hit loadRequest ASSERT.
+
2017-12-06 John Wilander <wilan...@apple.com>
Storage Access API: Make document.hasStorageAccess a function and always allow access for same-origin iframes
Modified: trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp (225590 => 225591)
--- trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2017-12-06 20:42:29 UTC (rev 225590)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2017-12-06 20:51:59 UTC (rev 225591)
@@ -101,6 +101,7 @@
options.referrerPolicy = m_loader.options().referrerPolicy;
options.redirect = FetchOptions::Redirect::Manual;
options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck;
+ options.serviceWorkersMode = ServiceWorkersMode::None;
CachedResourceRequest preflightRequest(createAccessControlPreflightRequest(m_request, m_loader.securityOrigin(), m_loader.referrer()), options);
if (RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled())
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (225590 => 225591)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2017-12-06 20:42:29 UTC (rev 225590)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2017-12-06 20:51:59 UTC (rev 225591)
@@ -405,9 +405,12 @@
{
ASSERT(m_client);
#if ENABLE(SERVICE_WORKER)
- if (m_bypassingPreflightForServiceWorkerRequest) {
+ if (m_bypassingPreflightForServiceWorkerRequest && error.isAccessControl()) {
+ clearResource();
+
m_options.serviceWorkersMode = ServiceWorkersMode::None;
- makeCrossOriginAccessRequest(WTFMove(m_bypassingPreflightForServiceWorkerRequest.value()));
+ makeCrossOriginAccessRequestWithPreflight(WTFMove(m_bypassingPreflightForServiceWorkerRequest.value()));
+ ASSERT(!m_bypassingPreflightForServiceWorkerRequest);
return;
}
#endif