Diff
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (229906 => 229907)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2018-03-23 18:06:08 UTC (rev 229906)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2018-03-23 18:06:34 UTC (rev 229907)
@@ -1,3 +1,16 @@
+2018-03-23 Youenn Fablet <you...@apple.com>
+
+ DocumentThreadableLoader should send credentials after redirections and preflight if fetch option credentials is include
+ https://bugs.webkit.org/show_bug.cgi?id=183928
+
+ Reviewed by Chris Dumez.
+
+ * web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html: Added.
+ * web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.js: Added.
+ * web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html: Added.
+ * web-platform-tests/fetch/api/resources/inspect-headers.py:
+ * web-platform-tests/fetch/api/resources/redirect.py:
+
2018-03-23 Sergio Villar Senin <svil...@igalia.com>
[css-grid] Fix auto repeat tracks computation with definite min sizes
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any-expected.txt (0 => 229907)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any-expected.txt 2018-03-23 18:06:34 UTC (rev 229907)
@@ -0,0 +1,6 @@
+
+PASS Set cookies
+PASS Testing credentials after cross-origin redirection with CORS and no preflight
+PASS Testing credentials after cross-origin redirection with CORS and preflight
+PASS Clean cookies
+
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html (0 => 229907)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html 2018-03-23 18:06:34 UTC (rev 229907)
@@ -0,0 +1 @@
+<!-- This file is required for WebKit test infrastructure to run the templated test -->
\ No newline at end of file
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.js (0 => 229907)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.js (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.js 2018-03-23 18:06:34 UTC (rev 229907)
@@ -0,0 +1,49 @@
+// META: script=/common/utils.js
+// META: script=../resources/utils.js
+// META: script=/common/get-host-info.sub.js
+
+var redirectUrl = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "redirect.py";
+var urlSetCookies1 = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "top.txt";
+var urlSetCookies2 = get_host_info().HTTP_ORIGIN_WITH_DIFFERENT_PORT + dirname(location.pathname) + RESOURCES_DIR + "top.txt";
+var urlCheckCookies = get_host_info().HTTP_ORIGIN_WITH_DIFFERENT_PORT + dirname(location.pathname) + RESOURCES_DIR + "inspect-headers.py?cors&headers=cookie";
+
+var urlSetCookiesParameters = "?pipe=header(Access-Control-Allow-Origin," + location.origin + ")";
+urlSetCookiesParameters += "|header(Access-Control-Allow-Credentials,true)";
+
+urlSetCookiesParameters1 = urlSetCookiesParameters + "|header(Set-Cookie,a=1)";
+urlSetCookiesParameters2 = urlSetCookiesParameters + "|header(Set-Cookie,a=2)";
+
+urlClearCookiesParameters1 = urlSetCookiesParameters + "|header(Set-Cookie,a=1%3B%20max-age=0)";
+urlClearCookiesParameters2 = urlSetCookiesParameters + "|header(Set-Cookie,a=2%3B%20max-age=0)";
+
+promise_test(async (test) => {
+ await fetch(urlSetCookies1 + urlSetCookiesParameters1, {"credentials": "include", "mode": "cors"});
+ await fetch(urlSetCookies2 + urlSetCookiesParameters2, {"credentials": "include", "mode": "cors"});
+}, "Set cookies");
+
+function doTest(usePreflight) {
+ promise_test(async (test) => {
+ var url = ""
+ var uuid_token = token();
+ var urlParameters = "?token=" + uuid_token + "&max_age=0";
+ urlParameters += "&redirect_status=301";
+ urlParameters += "&location=" + encodeURIComponent(urlCheckCookies);
+ urlParameters += "&allow_headers=a&headers=Cookie";
+ headers = [];
+ if (usePreflight)
+ headers.push(["a", "b"]);
+
+ var requestInit = {"credentials": "include", "mode": "cors", "headers": headers};
+ var response = await fetch(url + urlParameters, requestInit);
+
+ assert_equals(response.headers.get("x-request-cookie") , "a=2", "Request includes cookie(s)");
+ }, "Testing credentials after cross-origin redirection with CORS and " + (usePreflight ? "" : "no ") + "preflight");
+}
+
+doTest(false);
+doTest(true);
+
+promise_test(async (test) => {
+ await fetch(urlSetCookies1 + urlClearCookiesParameters1, {"credentials": "include", "mode": "cors"});
+ await fetch(urlSetCookies2 + urlClearCookiesParameters2, {"credentials": "include", "mode": "cors"});
+}, "Clean cookies");
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker-expected.txt (0 => 229907)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker-expected.txt 2018-03-23 18:06:34 UTC (rev 229907)
@@ -0,0 +1,6 @@
+
+PASS Set cookies
+PASS Testing credentials after cross-origin redirection with CORS and no preflight
+PASS Testing credentials after cross-origin redirection with CORS and preflight
+PASS Clean cookies
+
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html (0 => 229907)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html 2018-03-23 18:06:34 UTC (rev 229907)
@@ -0,0 +1 @@
+<!-- This file is required for WebKit test infrastructure to run the templated test -->
\ No newline at end of file
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/inspect-headers.py (229906 => 229907)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/inspect-headers.py 2018-03-23 18:06:08 UTC (rev 229906)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/inspect-headers.py 2018-03-23 18:06:34 UTC (rev 229907)
@@ -16,7 +16,10 @@
headers.append(("Access-Control-Allow-Methods", "GET, POST, HEAD"))
exposed_headers = ["x-request-" + header for header in checked_headers]
headers.append(("Access-Control-Expose-Headers", ", ".join(exposed_headers)))
- headers.append(("Access-Control-Allow-Headers", ", ".join(request.headers)))
+ if "allow_headers" in request.GET:
+ headers.append(("Access-Control-Allow-Headers", request.GET['allow_headers']))
+ else:
+ headers.append(("Access-Control-Allow-Headers", ", ".join(request.headers)))
headers.append(("content-type", "text/plain"))
return headers, ""
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/redirect.py (229906 => 229907)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/redirect.py 2018-03-23 18:06:08 UTC (rev 229906)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/redirect.py 2018-03-23 18:06:34 UTC (rev 229907)
@@ -6,10 +6,14 @@
status = 302
headers = [("Content-Type", "text/plain"),
("Cache-Control", "no-cache"),
- ("Pragma", "no-cache"),
- ("Access-Control-Allow-Origin", "*")]
+ ("Pragma", "no-cache")]
+ if "Origin" in request.headers:
+ headers.append(("Access-Control-Allow-Origin", request.headers.get("Origin", "")))
+ headers.append(("Access-Control-Allow-Credentials", "true"))
+ else:
+ headers.append(("Access-Control-Allow-Origin", "*"))
+
token = None
-
if "token" in request.GET:
token = request.GET.first("token")
data = ""
Modified: trunk/Source/WebCore/ChangeLog (229906 => 229907)
--- trunk/Source/WebCore/ChangeLog 2018-03-23 18:06:08 UTC (rev 229906)
+++ trunk/Source/WebCore/ChangeLog 2018-03-23 18:06:34 UTC (rev 229907)
@@ -1,3 +1,18 @@
+2018-03-23 Youenn Fablet <you...@apple.com>
+
+ DocumentThreadableLoader should send credentials after redirections and preflight if fetch option credentials is include
+ https://bugs.webkit.org/show_bug.cgi?id=183928
+
+ Reviewed by Chris Dumez.
+
+ Tests: imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.html
+ imported/w3c/web-platform-tests/fetch/api/cors/cors-cookies-redirect.any.worker.html
+
+ In case mode is include, keep sending credentials even after redirection with preflight.
+
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::redirectReceived):
+
2018-03-23 Tim Horton <timothy_hor...@apple.com>
Fix the build after r229858
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (229906 => 229907)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2018-03-23 18:06:08 UTC (rev 229906)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2018-03-23 18:06:34 UTC (rev 229907)
@@ -283,7 +283,8 @@
if (m_options.credentials != FetchOptions::Credentials::SameOrigin && m_simpleRequest && isSimpleCrossOriginAccessRequest(request.httpMethod(), *m_originalHeaders))
return completionHandler(WTFMove(request));
- m_options.storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
+ if (m_options.credentials == FetchOptions::Credentials::SameOrigin)
+ m_options.storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
clearResource();