Title: [258798] trunk
- Revision
- 258798
- Author
- [email protected]
- Date
- 2020-03-20 16:24:33 -0700 (Fri, 20 Mar 2020)
Log Message
CORS-disabling SPI introduced in r253978 should make responses non-opaque
https://bugs.webkit.org/show_bug.cgi?id=209351
<rdar://problem/60024850>
Reviewed by Chris Dumez.
Source/WebCore:
Covered by making the API test actually check that response content is readable.
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::responseReceived):
Tools:
* TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (258797 => 258798)
--- trunk/Source/WebCore/ChangeLog 2020-03-20 22:56:09 UTC (rev 258797)
+++ trunk/Source/WebCore/ChangeLog 2020-03-20 23:24:33 UTC (rev 258798)
@@ -1,3 +1,16 @@
+2020-03-20 Alex Christensen <[email protected]>
+
+ CORS-disabling SPI introduced in r253978 should make responses non-opaque
+ https://bugs.webkit.org/show_bug.cgi?id=209351
+ <rdar://problem/60024850>
+
+ Reviewed by Chris Dumez.
+
+ Covered by making the API test actually check that response content is readable.
+
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::responseReceived):
+
2020-03-20 Jer Noble <[email protected]>
Ensure media cache directory is created before passing to AVURLAsset.
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (258797 => 258798)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2020-03-20 22:56:09 UTC (rev 258797)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2020-03-20 23:24:33 UTC (rev 258798)
@@ -161,6 +161,7 @@
if (shouldDisableCORS) {
m_options.mode = FetchOptions::Mode::NoCors;
m_options.filteringPolicy = ResponseFilteringPolicy::Disable;
+ m_responsesCanBeOpaque = false;
}
m_options.cspResponseHeaders = m_options.contentSecurityPolicyEnforcement != ContentSecurityPolicyEnforcement::DoNotEnforce ? this->contentSecurityPolicy().responseHeaders() : ContentSecurityPolicyResponseHeaders { };
@@ -371,7 +372,12 @@
void DocumentThreadableLoader::responseReceived(CachedResource& resource, const ResourceResponse& response, CompletionHandler<void()>&& completionHandler)
{
ASSERT_UNUSED(resource, &resource == m_resource);
- didReceiveResponse(m_resource->identifier(), response);
+ if (!m_responsesCanBeOpaque) {
+ ResourceResponse responseWithoutTainting = response;
+ responseWithoutTainting.setTainting(ResourceResponse::Tainting::Basic);
+ didReceiveResponse(m_resource->identifier(), responseWithoutTainting);
+ } else
+ didReceiveResponse(m_resource->identifier(), response);
if (completionHandler)
completionHandler();
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.h (258797 => 258798)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.h 2020-03-20 22:56:09 UTC (rev 258797)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.h 2020-03-20 23:24:33 UTC (rev 258798)
@@ -123,6 +123,7 @@
ThreadableLoaderClient* m_client;
Document& m_document;
ThreadableLoaderOptions m_options;
+ bool m_responsesCanBeOpaque { true };
RefPtr<SecurityOrigin> m_origin;
String m_referrer;
bool m_sameOriginRequest;
Modified: trunk/Tools/ChangeLog (258797 => 258798)
--- trunk/Tools/ChangeLog 2020-03-20 22:56:09 UTC (rev 258797)
+++ trunk/Tools/ChangeLog 2020-03-20 23:24:33 UTC (rev 258798)
@@ -1,3 +1,13 @@
+2020-03-20 Alex Christensen <[email protected]>
+
+ CORS-disabling SPI introduced in r253978 should make responses non-opaque
+ https://bugs.webkit.org/show_bug.cgi?id=209351
+ <rdar://problem/60024850>
+
+ Reviewed by Chris Dumez.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
+
2020-03-20 Aakash Jain <[email protected]>
commit-queue should skip building and testing if patch already passed tests on mac-wk2 queue
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm (258797 => 258798)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm 2020-03-20 22:56:09 UTC (rev 258797)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm 2020-03-20 23:24:33 UTC (rev 258798)
@@ -836,7 +836,7 @@
TEST(URLSchemeHandler, DisableCORS)
{
TestWebKitAPI::HTTPServer server({
- { "/subresource", { "subresourcecontent" } }
+ { "/subresource", { {{ "Content-Type", "application/json" }}, "{\"testkey\":\"testvalue\"}" } }
});
bool corssuccess = false;
@@ -850,7 +850,18 @@
[handler setStartURLSchemeTaskHandler:[&](WKWebView *, id<WKURLSchemeTask> task) {
if ([task.request.URL.path isEqualToString:@"/main.html"]) {
- NSData *data = "" stringWithFormat:@"<script>fetch('http://127.0.0.1:%d/subresource').then(function(){fetch('/corssuccess')}).catch(function(){fetch('/corsfailure')})</script>", server.port()] dataUsingEncoding:NSUTF8StringEncoding];
+ NSData *data = "" stringWithFormat:
+ @"<script>"
+ "fetch('http://127.0.0.1:%d/subresource').then(function(r){"
+ "r.json().then(function(object) {"
+ "if (object.testkey == 'testvalue') {"
+ "fetch('/corssuccess')"
+ "} else {"
+ "fetch('/corsfailure')"
+ "}"
+ "}).catch(function(){fetch('/corsfailure')})"
+ "}).catch(function(){fetch('/corsfailure')})"
+ "</script>", server.port()] dataUsingEncoding:NSUTF8StringEncoding];
[task didReceiveResponse:[[[NSURLResponse alloc] initWithURL:task.request.URL MIMEType:@"text/html" expectedContentLength:data.length textEncodingName:nil] autorelease]];
[task didReceiveData:data];
[task didFinish];
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
