Diff
Modified: branches/safari-605-branch/LayoutTests/ChangeLog (227331 => 227332)
--- branches/safari-605-branch/LayoutTests/ChangeLog 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/LayoutTests/ChangeLog 2018-01-22 17:58:46 UTC (rev 227332)
@@ -1,5 +1,20 @@
2018-01-22 Jason Marcell <jmarc...@apple.com>
+ Cherry-pick r227270. rdar://problem/36722650
+
+ 2018-01-20 Youenn Fablet <you...@apple.com>
+
+ fetch redirect is incompatible with "no-cors" mode
+ https://bugs.webkit.org/show_bug.cgi?id=181866
+ <rdar://problem/35827140>
+
+ Reviewed by Chris Dumez.
+
+ * http/tests/fetch/redirectmode-and-preload-expected.txt:
+ * http/tests/fetch/redirectmode-and-preload.html:
+
+2018-01-22 Jason Marcell <jmarc...@apple.com>
+
Cherry-pick r227245. rdar://problem/36722470
2018-01-19 Youenn Fablet <you...@apple.com>
Modified: branches/safari-605-branch/LayoutTests/http/tests/fetch/redirectmode-and-preload-expected.txt (227331 => 227332)
--- branches/safari-605-branch/LayoutTests/http/tests/fetch/redirectmode-and-preload-expected.txt 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/LayoutTests/http/tests/fetch/redirectmode-and-preload-expected.txt 2018-01-22 17:58:46 UTC (rev 227332)
@@ -1,5 +1,8 @@
+CONSOLE MESSAGE: line 19: No-Cors mode requires follow redirect mode
+CONSOLE MESSAGE: line 19: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url="" Not allowed to request resource
+CONSOLE MESSAGE: line 32: No-Cors mode requires follow redirect mode
+CONSOLE MESSAGE: line 32: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url="" Not allowed to request resource
CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url="" Redirections are not allowed
-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url="" Redirections are not allowed
PASS Fetch should check for redirections even if resource is preloaded (same fetch options except for redirect mode)
PASS Fetch should check for redirections even if resource is preloaded (different fetch mode, different redirect mode)
Modified: branches/safari-605-branch/LayoutTests/http/tests/fetch/redirectmode-and-preload.html (227331 => 227332)
--- branches/safari-605-branch/LayoutTests/http/tests/fetch/redirectmode-and-preload.html 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/LayoutTests/http/tests/fetch/redirectmode-and-preload.html 2018-01-22 17:58:46 UTC (rev 227332)
@@ -16,12 +16,7 @@
{
var preloadUrl = "./resources/redirect-with-cache.php?enableCaching&url=""
promise_test(function(test) {
- return fetch(preloadUrl, {redirect: "manual", mode: "no-cors", credentials: "include"}).then((response) => {
- assert_equals(response.type, "opaqueredirect", "Response's type should be opaqueRedirect");
- return response.text();
- }).then((text) => {
- assert_equals(text, "");
- });
+ return promise_rejects(test,new TypeError(), fetch(preloadUrl, {redirect: "manual", mode: "no-cors", credentials: "include"}));
}, "Fetch should check for redirections even if resource is preloaded (same fetch options except for redirect mode)");
promise_test(function(test) {
Modified: branches/safari-605-branch/LayoutTests/imported/w3c/ChangeLog (227331 => 227332)
--- branches/safari-605-branch/LayoutTests/imported/w3c/ChangeLog 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/LayoutTests/imported/w3c/ChangeLog 2018-01-22 17:58:46 UTC (rev 227332)
@@ -1,5 +1,25 @@
2018-01-22 Jason Marcell <jmarc...@apple.com>
+ Cherry-pick r227270. rdar://problem/36722650
+
+ 2018-01-20 Youenn Fablet <you...@apple.com>
+
+ fetch redirect is incompatible with "no-cors" mode
+ https://bugs.webkit.org/show_bug.cgi?id=181866
+ <rdar://problem/35827140>
+
+ Reviewed by Chris Dumez.
+
+ * web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt:
+ * web-platform-tests/fetch/api/redirect/redirect-mode-worker-expected.txt:
+ * web-platform-tests/fetch/api/redirect/redirect-mode.js:
+ (redirectMode):
+ * web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt:
+ * web-platform-tests/service-workers/service-worker/fetch-event-redirect.https.html:
+ * web-platform-tests/service-workers/service-worker/fetch-request-redirect.https-expected.txt:
+
+2018-01-22 Jason Marcell <jmarc...@apple.com>
+
Cherry-pick r227225. rdar://problem/36722527
2018-01-19 Joseph Pecoraro <pecor...@apple.com>
Modified: branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt (227331 => 227332)
--- branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt 2018-01-22 17:58:46 UTC (rev 227332)
@@ -1,17 +1,19 @@
-PASS Redirect 301 in "error" mode
-PASS Redirect 301 in "follow" mode
-PASS Redirect 301 in "manual" mode
-PASS Redirect 302 in "error" mode
-PASS Redirect 302 in "follow" mode
-PASS Redirect 302 in "manual" mode
-PASS Redirect 303 in "error" mode
-PASS Redirect 303 in "follow" mode
-PASS Redirect 303 in "manual" mode
-PASS Redirect 307 in "error" mode
-PASS Redirect 307 in "follow" mode
-PASS Redirect 307 in "manual" mode
-PASS Redirect 308 in "error" mode
-PASS Redirect 308 in "follow" mode
-PASS Redirect 308 in "manual" mode
+PASS Redirect 301 in "error" redirect, cors mode
+PASS Redirect 301 in "follow" redirect, cors mode
+PASS Redirect 301 in "manual" redirect, cors mode
+PASS Redirect 302 in "error" redirect, cors mode
+PASS Redirect 302 in "follow" redirect, cors mode
+PASS Redirect 302 in "manual" redirect, cors mode
+PASS Redirect 303 in "error" redirect, cors mode
+PASS Redirect 303 in "follow" redirect, cors mode
+PASS Redirect 303 in "manual" redirect, cors mode
+PASS Redirect 307 in "error" redirect, cors mode
+PASS Redirect 307 in "follow" redirect, cors mode
+PASS Redirect 307 in "manual" redirect, cors mode
+PASS Redirect 308 in "error" redirect, cors mode
+PASS Redirect 308 in "follow" redirect, cors mode
+PASS Redirect 308 in "manual" redirect, cors mode
+PASS Redirect in "error" redirect, no cors mode
+PASS Redirect in "manual" redirect, no cors mode
Modified: branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-worker-expected.txt (227331 => 227332)
--- branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-worker-expected.txt 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-worker-expected.txt 2018-01-22 17:58:46 UTC (rev 227332)
@@ -1,17 +1,21 @@
+CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
+CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
-PASS Redirect 301 in "error" mode
-PASS Redirect 301 in "follow" mode
-PASS Redirect 301 in "manual" mode
-PASS Redirect 302 in "error" mode
-PASS Redirect 302 in "follow" mode
-PASS Redirect 302 in "manual" mode
-PASS Redirect 303 in "error" mode
-PASS Redirect 303 in "follow" mode
-PASS Redirect 303 in "manual" mode
-PASS Redirect 307 in "error" mode
-PASS Redirect 307 in "follow" mode
-PASS Redirect 307 in "manual" mode
-PASS Redirect 308 in "error" mode
-PASS Redirect 308 in "follow" mode
-PASS Redirect 308 in "manual" mode
+PASS Redirect 301 in "error" redirect, cors mode
+PASS Redirect 301 in "follow" redirect, cors mode
+PASS Redirect 301 in "manual" redirect, cors mode
+PASS Redirect 302 in "error" redirect, cors mode
+PASS Redirect 302 in "follow" redirect, cors mode
+PASS Redirect 302 in "manual" redirect, cors mode
+PASS Redirect 303 in "error" redirect, cors mode
+PASS Redirect 303 in "follow" redirect, cors mode
+PASS Redirect 303 in "manual" redirect, cors mode
+PASS Redirect 307 in "error" redirect, cors mode
+PASS Redirect 307 in "follow" redirect, cors mode
+PASS Redirect 307 in "manual" redirect, cors mode
+PASS Redirect 308 in "error" redirect, cors mode
+PASS Redirect 308 in "follow" redirect, cors mode
+PASS Redirect 308 in "manual" redirect, cors mode
+PASS Redirect in "error" redirect, no cors mode
+PASS Redirect in "manual" redirect, no cors mode
Modified: branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.js (227331 => 227332)
--- branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.js 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.js 2018-01-22 17:58:46 UTC (rev 227332)
@@ -3,15 +3,15 @@
importScripts("/common/get-host-info.sub.js")
}
-function redirectMode(desc, redirectUrl, redirectLocation, redirectStatus, redirectMode) {
+function redirectMode(desc, redirectUrl, redirectLocation, redirectStatus, redirectMode, corsMode) {
var url = ""
var urlParameters = "?redirect_status=" + redirectStatus;
urlParameters += "&location=" + encodeURIComponent(redirectLocation);
- var requestInit = {"redirect": redirectMode};
+ var requestInit = {"redirect": redirectMode, mode: corsMode};
promise_test(function(test) {
- if (redirectMode === "error")
+ if (redirectMode === "error" || (corsMode === "no-cors" && redirectMode !== "follow"))
return promise_rejects(test, new TypeError(), fetch(url + urlParameters, requestInit));
if (redirectMode === "manual")
return fetch(url + urlParameters, requestInit).then(function(resp) {
@@ -33,9 +33,11 @@
var locationUrl = "top.txt";
for (var statusCode of [301, 302, 303, 307, 308]) {
- redirectMode("Redirect " + statusCode + " in \"error\" mode ", redirUrl, locationUrl, statusCode, "error");
- redirectMode("Redirect " + statusCode + " in \"follow\" mode ", redirUrl, locationUrl, statusCode, "follow");
- redirectMode("Redirect " + statusCode + " in \"manual\" mode ", redirUrl, locationUrl, statusCode, "manual");
+ redirectMode("Redirect " + statusCode + " in \"error\" redirect, cors mode", redirUrl, locationUrl, statusCode, "error", "cors");
+ redirectMode("Redirect " + statusCode + " in \"follow\" redirect, cors mode", redirUrl, locationUrl, statusCode, "follow", "cors");
+ redirectMode("Redirect " + statusCode + " in \"manual\" redirect, cors mode", redirUrl, locationUrl, statusCode, "manual", "cors");
}
+redirectMode("Redirect in \"error\" redirect, no cors mode", redirUrl, locationUrl, 301, "error", "no-cors");
+redirectMode("Redirect in \"manual\" redirect, no cors mode", redirUrl, locationUrl, 301, "manual", "no-cors");
done();
Modified: branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt (227331 => 227332)
--- branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt 2018-01-22 17:58:46 UTC (rev 227332)
@@ -1,3 +1,7 @@
+CONSOLE MESSAGE: line 51: No-Cors mode requires follow redirect mode
+CONSOLE MESSAGE: line 51: Fetch API cannot load https://localhost:9443/nonav-manual-nocors-redirects-to-sameorigin-nocreds?url="" Not allowed to request resource
+CONSOLE MESSAGE: line 51: No-Cors mode requires follow redirect mode
+CONSOLE MESSAGE: line 51: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-sameorigin-nocreds?url="" Not allowed to request resource
PASS initialize global state
PASS Non-navigation, manual redirect, cors mode Request redirected to same-origin without credentials should succeed opaqueredirect interception and response should not be redirected
@@ -6,9 +10,7 @@
PASS Non-navigation, manual redirect, same-origin mode Request redirected to same-origin without credentials should succeed opaqueredirect interception and response should not be redirected
PASS Non-navigation, manual redirect, same-origin mode Request redirected to no-cors without credentials should succeed opaqueredirect interception and response should not be redirected
PASS Non-navigation, manual redirect, same-origin mode Request redirected to cors without credentials should succeed opaqueredirect interception and response should not be redirected
-PASS Non-navigation, manual redirect, no-cors mode Request redirected to same-origin without credentials should succeed opaqueredirect interception and response should not be redirected
-PASS Non-navigation, manual redirect, no-cors mode Request redirected to no-cors without credentials should succeed interception and response should not be redirected
-PASS Non-navigation, manual redirect, no-cors mode Request redirected to cors without credentials should succeed interception and response should not be redirected
+PASS Non-navigation, manual redirect, no-cors mode Request should fail
PASS Non-navigation, manual redirect, cors mode Request redirected to same-origin with credentials should succeed opaqueredirect interception and response should not be redirected
PASS Non-navigation, manual redirect, cors mode Request redirected to no-cors with credentials should succeed opaqueredirect interception and response should not be redirected
PASS Non-navigation, manual redirect, cors mode Request redirected to cors with credentials should succeed opaqueredirect interception and response should not be redirected
@@ -15,9 +17,6 @@
PASS Non-navigation, manual redirect, same-origin mode Request redirected to same-origin with credentials should succeed opaqueredirect interception and response should not be redirected
PASS Non-navigation, manual redirect, same-origin mode Request redirected to no-cors with credentials should succeed opaqueredirect interception and response should not be redirected
PASS Non-navigation, manual redirect, same-origin mode Request redirected to cors with credentials should succeed opaqueredirect interception and response should not be redirected
-PASS Non-navigation, manual redirect, no-cors mode Request redirected to same-origin with credentials should succeed opaqueredirect interception and response should not be redirected
-PASS Non-navigation, manual redirect, no-cors mode Request redirected to no-cors with credentials should succeed interception and response should not be redirected
-PASS Non-navigation, manual redirect, no-cors mode Request redirected to cors with credentials should succeed interception and response should not be redirected
PASS Non-navigation, follow redirect, cors mode Request redirected to same-origin without credentials should succeed interception and response should be redirected
PASS Non-navigation, follow redirect, cors mode Request redirected to no-cors without credentials should fail interception and response should not be redirected
PASS Non-navigation, follow redirect, cors mode Request redirected to cors without credentials should succeed interception and response should be redirected
@@ -42,9 +41,7 @@
PASS Non-navigation, error redirect, same-origin mode Request redirected to same-origin without credentials should fail interception and response should not be redirected
PASS Non-navigation, error redirect, same-origin mode Request redirected to no-cors without credentials should fail interception and response should not be redirected
PASS Non-navigation, error redirect, same-origin mode Request redirected to cors without credentials should fail interception and response should not be redirected
-PASS Non-navigation, error redirect, no-cors mode Request redirected to same-origin without credentials should fail interception and response should not be redirected
-PASS Non-navigation, error redirect, no-cors mode Request redirected to no-cors without credentials should fail interception and response should not be redirected
-PASS Non-navigation, error redirect, no-cors mode Request redirected to cors without credentials should fail interception and response should not be redirected
+PASS Non-navigation, error redirect, no-cors mode Request should fail
PASS Non-navigation, error redirect, cors mode Request redirected to same-origin with credentials should fail interception and response should not be redirected
PASS Non-navigation, error redirect, cors mode Request redirected to no-cors with credentials should fail interception and response should not be redirected
PASS Non-navigation, error redirect, cors mode Request redirected to cors with credentials should fail interception and response should not be redirected
@@ -51,8 +48,5 @@
PASS Non-navigation, error redirect, same-origin mode Request redirected to same-origin with credentials should fail interception and response should not be redirected
PASS Non-navigation, error redirect, same-origin mode Request redirected to no-cors with credentials should fail interception and response should not be redirected
PASS Non-navigation, error redirect, same-origin mode Request redirected to cors with credentials should fail interception and response should not be redirected
-PASS Non-navigation, error redirect, no-cors mode Request redirected to same-origin with credentials should fail interception and response should not be redirected
-PASS Non-navigation, error redirect, no-cors mode Request redirected to no-cors with credentials should fail interception and response should not be redirected
-PASS Non-navigation, error redirect, no-cors mode Request redirected to cors with credentials should fail interception and response should not be redirected
PASS restore global state
Modified: branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https.html (227331 => 227332)
--- branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https.html 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https.html 2018-01-22 17:58:46 UTC (rev 227332)
@@ -212,48 +212,12 @@
redirect: 'manual',
mode: 'no-cors'
},
- should_reject: false
+ should_reject: true
});
-}, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' +
- 'same-origin without credentials should succeed opaqueredirect interception ' +
- 'and response should not be redirected');
+}, 'Non-navigation, manual redirect, no-cors mode Request should fail');
promise_test(function(t) {
return redirect_fetch_test(t, {
- name: 'nonav-manual-nocors-redirects-to-nocors-nocreds',
- redirect_dest: 'no-cors',
- url_credentials: false,
- expected_type: 'opaqueredirect',
- expected_redirected: false,
- request_init: {
- redirect: 'manual',
- mode: 'no-cors'
- },
- should_reject: false
- });
-}, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' +
- 'no-cors without credentials should succeed interception ' +
- 'and response should not be redirected');
-
-promise_test(function(t) {
- return redirect_fetch_test(t, {
- name: 'nonav-manual-nocors-redirects-to-cors-nocreds',
- redirect_dest: 'cors',
- url_credentials: false,
- expected_type: 'opaqueredirect',
- expected_redirected: false,
- request_init: {
- redirect: 'manual',
- mode: 'no-cors'
- },
- should_reject: false
- });
-}, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' +
- 'cors without credentials should succeed interception ' +
- 'and response should not be redirected');
-
-promise_test(function(t) {
- return redirect_fetch_test(t, {
name: 'nonav-manual-cors-redirects-to-sameorigin-creds',
redirect_dest: 'same-origin',
url_credentials: true,
@@ -356,57 +320,6 @@
promise_test(function(t) {
return redirect_fetch_test(t, {
- name: 'nonav-manual-nocors-redirects-to-sameorigin-creds',
- redirect_dest: 'same-origin',
- url_credentials: true,
- expected_type: 'opaqueredirect',
- expected_redirected: false,
- request_init: {
- redirect: 'manual',
- mode: 'no-cors'
- },
- should_reject: false
- });
-}, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' +
- 'same-origin with credentials should succeed opaqueredirect interception ' +
- 'and response should not be redirected');
-
-promise_test(function(t) {
- return redirect_fetch_test(t, {
- name: 'nonav-manual-nocors-redirects-to-nocors-creds',
- redirect_dest: 'no-cors',
- url_credentials: true,
- expected_type: 'opaqueredirect',
- expected_redirected: false,
- request_init: {
- redirect: 'manual',
- mode: 'no-cors'
- },
- should_reject: false
- });
-}, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' +
- 'no-cors with credentials should succeed interception ' +
- 'and response should not be redirected');
-
-promise_test(function(t) {
- return redirect_fetch_test(t, {
- name: 'nonav-manual-nocors-redirects-to-cors-creds',
- redirect_dest: 'cors',
- url_credentials: true,
- expected_type: 'opaqueredirect',
- expected_redirected: false,
- request_init: {
- redirect: 'manual',
- mode: 'no-cors'
- },
- should_reject: false
- });
-}, 'Non-navigation, manual redirect, no-cors mode Request redirected to ' +
- 'cors with credentials should succeed interception ' +
- 'and response should not be redirected');
-
-promise_test(function(t) {
- return redirect_fetch_test(t, {
name: 'nonav-follow-cors-redirects-to-sameorigin-nocreds',
redirect_dest: 'same-origin',
url_credentials: false,
@@ -823,50 +736,13 @@
redirect: 'error',
mode: 'no-cors'
},
- // should reject because requests with 'error' RequestRedirect cannot be
- // redirected.
+ // should reject because error + no-cors is not allowed.
should_reject: true
});
-}, 'Non-navigation, error redirect, no-cors mode Request redirected to ' +
- 'same-origin without credentials should fail interception ' +
- 'and response should not be redirected');
+}, 'Non-navigation, error redirect, no-cors mode Request should fail');
promise_test(function(t) {
return redirect_fetch_test(t, {
- name: 'nonav-error-nocors-redirects-to-nocors-nocreds',
- redirect_dest: 'no-cors',
- url_credentials: false,
- request_init: {
- redirect: 'error',
- mode: 'no-cors'
- },
- // should reject because requests with 'error' RequestRedirect cannot be
- // redirected.
- should_reject: true
- });
-}, 'Non-navigation, error redirect, no-cors mode Request redirected to ' +
- 'no-cors without credentials should fail interception ' +
- 'and response should not be redirected');
-
-promise_test(function(t) {
- return redirect_fetch_test(t, {
- name: 'nonav-error-nocors-redirects-to-cors-nocreds',
- redirect_dest: 'cors',
- url_credentials: false,
- request_init: {
- redirect: 'error',
- mode: 'no-cors'
- },
- // should reject because requests with 'error' RequestRedirect cannot be
- // redirected.
- should_reject: true
- });
-}, 'Non-navigation, error redirect, no-cors mode Request redirected to ' +
- 'cors without credentials should fail interception ' +
- 'and response should not be redirected');
-
-promise_test(function(t) {
- return redirect_fetch_test(t, {
name: 'nonav-error-cors-redirects-to-sameorigin-creds',
redirect_dest: 'same-origin',
url_credentials: true,
@@ -966,56 +842,5 @@
}, 'Non-navigation, error redirect, same-origin mode Request redirected to ' +
'cors with credentials should fail interception ' +
'and response should not be redirected');
-
-promise_test(function(t) {
- return redirect_fetch_test(t, {
- name: 'nonav-error-nocors-redirects-to-sameorigin-creds',
- redirect_dest: 'same-origin',
- url_credentials: true,
- request_init: {
- redirect: 'error',
- mode: 'no-cors'
- },
- // should reject because requests with 'error' RequestRedirect cannot be
- // redirected.
- should_reject: true
- });
-}, 'Non-navigation, error redirect, no-cors mode Request redirected to ' +
- 'same-origin with credentials should fail interception ' +
- 'and response should not be redirected');
-
-promise_test(function(t) {
- return redirect_fetch_test(t, {
- name: 'nonav-error-nocors-redirects-to-nocors-creds',
- redirect_dest: 'no-cors',
- url_credentials: true,
- request_init: {
- redirect: 'error',
- mode: 'no-cors'
- },
- // should reject because requests with 'error' RequestRedirect cannot be
- // redirected.
- should_reject: true
- });
-}, 'Non-navigation, error redirect, no-cors mode Request redirected to ' +
- 'no-cors with credentials should fail interception ' +
- 'and response should not be redirected');
-
-promise_test(function(t) {
- return redirect_fetch_test(t, {
- name: 'nonav-error-nocors-redirects-to-cors-creds',
- redirect_dest: 'cors',
- url_credentials: true,
- request_init: {
- redirect: 'error',
- mode: 'no-cors'
- },
- // should reject because requests with 'error' RequestRedirect cannot be
- // redirected.
- should_reject: true
- });
-}, 'Non-navigation, error redirect, no-cors mode Request redirected to ' +
- 'cors with credentials should fail interception and response should not ' +
- 'be redirected');
</script>
</body>
Modified: branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-redirect.https-expected.txt (227331 => 227332)
--- branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-redirect.https-expected.txt 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-redirect.https-expected.txt 2018-01-22 17:58:46 UTC (rev 227332)
@@ -1,7 +1,4 @@
CONSOLE MESSAGE: XMLHttpRequest cannot load https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt. Response served by service worker is opaque redirect
-CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
-CONSOLE MESSAGE: XMLHttpRequest cannot load https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt. Response served by service worker is opaque redirect
-CONSOLE MESSAGE: XMLHttpRequest cannot load https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fservice-workers%2Fservice-worker%2Fresources%2Fsimple.txt. Response served by service worker is opaque redirect
PASS Verify redirect mode of Fetch API and ServiceWorker FetchEvent.
PASS Verify redirected of Response(Fetch API) and ServiceWorker FetchEvent.
Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (227331 => 227332)
--- branches/safari-605-branch/Source/WebCore/ChangeLog 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog 2018-01-22 17:58:46 UTC (rev 227332)
@@ -1,5 +1,30 @@
2018-01-22 Jason Marcell <jmarc...@apple.com>
+ Cherry-pick r227270. rdar://problem/36722650
+
+ 2018-01-20 Youenn Fablet <you...@apple.com>
+
+ fetch redirect is incompatible with "no-cors" mode
+ https://bugs.webkit.org/show_bug.cgi?id=181866
+ <rdar://problem/35827140>
+
+ Reviewed by Chris Dumez.
+
+ Covered by updated tests.
+
+ Return a network error when no-cors mode and redirect mode is manual or error.
+ Update preflight implementation to no longer use manual redirect mode to simulate https://fetch.spec.whatwg.org/#http-network-or-cache-fetch.
+ Instead implement redirectReceived callback to treat any redirect response as the preflight response.
+
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::canRequest):
+ * loader/CrossOriginPreflightChecker.cpp:
+ (WebCore::CrossOriginPreflightChecker::redirectReceived):
+ (WebCore::CrossOriginPreflightChecker::startPreflight):
+ * loader/CrossOriginPreflightChecker.h:
+
+2018-01-22 Jason Marcell <jmarc...@apple.com>
+
Cherry-pick r227266. rdar://problem/36723017
2018-01-19 Wenson Hsieh <wenson_hs...@apple.com>
Modified: branches/safari-605-branch/Source/WebCore/loader/CrossOriginPreflightChecker.cpp (227331 => 227332)
--- branches/safari-605-branch/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2018-01-22 17:58:46 UTC (rev 227332)
@@ -95,11 +95,17 @@
validatePreflightResponse(m_loader, WTFMove(m_request), m_resource->identifier(), m_resource->response());
}
+void CrossOriginPreflightChecker::redirectReceived(CachedResource& resource, ResourceRequest&&, const ResourceResponse& response, CompletionHandler<void(ResourceRequest&&)>&& completionHandler)
+{
+ ASSERT_UNUSED(resource, &resource == m_resource);
+ validatePreflightResponse(m_loader, WTFMove(m_request), m_resource->identifier(), response);
+ completionHandler(ResourceRequest { });
+}
+
void CrossOriginPreflightChecker::startPreflight()
{
ResourceLoaderOptions options;
options.referrerPolicy = m_loader.options().referrerPolicy;
- options.redirect = FetchOptions::Redirect::Manual;
options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck;
options.serviceWorkersMode = ServiceWorkersMode::None;
Modified: branches/safari-605-branch/Source/WebCore/loader/CrossOriginPreflightChecker.h (227331 => 227332)
--- branches/safari-605-branch/Source/WebCore/loader/CrossOriginPreflightChecker.h 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/Source/WebCore/loader/CrossOriginPreflightChecker.h 2018-01-22 17:58:46 UTC (rev 227332)
@@ -54,6 +54,7 @@
private:
void notifyFinished(CachedResource&) final;
+ void redirectReceived(CachedResource&, ResourceRequest&&, const ResourceResponse&, CompletionHandler<void(ResourceRequest&&)>&&) final;
static void handleLoadingFailure(DocumentThreadableLoader&, unsigned long, const ResourceError&);
static void validatePreflightResponse(DocumentThreadableLoader&, ResourceRequest&&, unsigned long, const ResourceResponse&);
Modified: branches/safari-605-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp (227331 => 227332)
--- branches/safari-605-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2018-01-22 17:58:42 UTC (rev 227331)
+++ branches/safari-605-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2018-01-22 17:58:46 UTC (rev 227332)
@@ -507,6 +507,7 @@
return url.protocolIsData() && options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set;
}
+// Security checks defined in https://fetch.spec.whatwg.org/#main-fetch step 2 and 5.
bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url, const CachedResourceRequest& request, ForPreload forPreload)
{
auto& options = request.options();
@@ -523,6 +524,12 @@
return false;
}
+ if (options.mode == FetchOptions::Mode::NoCors && options.redirect != FetchOptions::Redirect::Follow) {
+ ASSERT(type != CachedResource::Type::MainResource);
+ frame()->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, ASCIILiteral("No-Cors mode requires follow redirect mode"));
+ return false;
+ }
+
if (!allowedByContentSecurityPolicy(type, url, options, ContentSecurityPolicy::RedirectResponseReceived::No))
return false;
