Origin header is not included in CORS requests for preloaded cross-origin resources
authoryouenn.fablet@crf.canon.fr <youenn.fablet@crf.canon.fr@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 10 Jun 2016 18:17:11 +0000 (18:17 +0000)
committeryouenn.fablet@crf.canon.fr <youenn.fablet@crf.canon.fr@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 10 Jun 2016 18:17:11 +0000 (18:17 +0000)
commit2ec7b2fcb119d0cfaa0c23d3bcf9cfa147ca30d8
treed225bdc26a9cd30d8c7be85f7dcc587083eb673b
parent848bef9969955591c50a3108f25a09aa35b55899
Origin header is not included in CORS requests for preloaded cross-origin resources
https://bugs.webkit.org/show_bug.cgi?id=155761
<rdar://problem/25351850>

Reviewed by Alex Christensen.

Source/WebCore:

Making HTML preloader fully aware of crossorigin attribute value.
Introducing CachedResourceRequest::setAsPotentiallyCrossOrigin as a helper routine to activate CORS mode.
Making HTMLLinkElement and HTMLResourcePreloader use that routine.
Making TokenPreloadScanner store the crossorigin attribute value in preload requests.
Making TokenPreloadScanner store the crossorigin attribute value for link elements.

Test: http/tests/security/cross-origin-css-9.html

* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::process):
* html/parser/HTMLPreloadScanner.cpp:
(WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest):
(WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
* html/parser/HTMLResourcePreloader.cpp:
(WebCore::crossOriginModeAllowsCookies):
(WebCore::PreloadRequest::resourceRequest):
* html/parser/HTMLResourcePreloader.h:
(WebCore::PreloadRequest::setCrossOriginMode):
(WebCore::PreloadRequest::PreloadRequest): Deleted.
(WebCore::PreloadRequest::resourceType): Deleted.
* loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):
* loader/cache/CachedResourceRequest.h:

LayoutTests:

* http/tests/security/cross-origin-css-9-expected.txt: Added.
* http/tests/security/cross-origin-css-9.html: Added.
* http/tests/security/resources/get-css-if-origin-header.php: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201930 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-origin-css-9-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-css-9.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/get-css-if-origin-header.php [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLLinkElement.cpp
Source/WebCore/html/parser/HTMLPreloadScanner.cpp
Source/WebCore/html/parser/HTMLResourcePreloader.cpp
Source/WebCore/html/parser/HTMLResourcePreloader.h
Source/WebCore/loader/cache/CachedResourceRequest.cpp
Source/WebCore/loader/cache/CachedResourceRequest.h