Use NetworkLoadChecker to handle synchronous HTTP loads
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 Apr 2018 21:50:26 +0000 (21:50 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 Apr 2018 21:50:26 +0000 (21:50 +0000)
commit8d3e3d08b987875b24e9dfd27e02364f76f3a5e0
tree5ecdaa3413812e8ab5812215220413591dc7a78e
parentb50799484f8cfe4d095bb58defd03d6984ae5d48
Use NetworkLoadChecker to handle synchronous HTTP loads
https://bugs.webkit.org/show_bug.cgi?id=184240

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/cors/request-headers-expected.txt:
* web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt:
* web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt:
* web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt:

Source/WebCore:

Update LoaderStrategy::loadResourceSynchronously to pass FetchOptions directly.
Update various call sites accordingly. This allows NetworkProcess to do all necessary checks.
Add an option to disable security checks if NetworkProcess does it for WebProcess.
This option will be also used for regular asynchronous loads in future patches.

Update DocumentThreadableLoader to bypass preflighting and response validation checks in case they are done in NetworkProcess.

Covered by existing and rebased tests.

* loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::doPreflight):
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
(WebCore::DocumentThreadableLoader::loadRequest):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadResourceSynchronously):
* loader/FrameLoader.h:
* loader/LoaderStrategy.h:
* xml/XSLTProcessorLibxslt.cpp:
(WebCore::docLoaderFunc):
* xml/parser/XMLDocumentParserLibxml2.cpp:
(WebCore::openFunc):

Source/WebKit:

For every NetworkResourceLoader synchronous load, we create a NetworkLoadChecker.
NetworkLoadChecker handles all security checks in that case.
This allows supporting cross-origin loads for synchronous XHR.

Updated NetworkCORSPreflightChecker to return the result as a ResourceError.
This is used to convey any error message from NetworkProcess to the JS console.
Ensure NetworkCORSPreflightChecker computes correctly Access-Control-Request-Headers value
by providing the headers set by the application plus Referrer/Origin.

* NetworkProcess/NetworkCORSPreflightChecker.cpp:
(WebKit::NetworkCORSPreflightChecker::~NetworkCORSPreflightChecker):
(WebKit::NetworkCORSPreflightChecker::willPerformHTTPRedirection):
(WebKit::NetworkCORSPreflightChecker::didReceiveChallenge):
(WebKit::NetworkCORSPreflightChecker::didCompleteWithError):
(WebKit::NetworkCORSPreflightChecker::wasBlocked):
(WebKit::NetworkCORSPreflightChecker::cannotShowURL):
* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::checkCORSRequestWithPreflight):
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::NetworkResourceLoader):
(WebKit::NetworkResourceLoader::retrieveCacheEntry):
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::willSendRedirectedRequest):
(WebKit::NetworkResourceLoader::continueWillSendRequest):
(WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
(WebKit::NetworkResourceLoader::validateCacheEntry):
* NetworkProcess/NetworkResourceLoader.h:
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::loadResourceSynchronously):
* WebProcess/Network/WebLoaderStrategy.h:

Source/WebKitLegacy:

* WebCoreSupport/WebResourceLoadScheduler.cpp:
(WebResourceLoadScheduler::loadResourceSynchronously):
* WebCoreSupport/WebResourceLoadScheduler.h:

LayoutTests:

* http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt:
* http/wpt/beacon/cors/cors-preflight-blob-failure.html: Fix buggy assertion.
Test should check for actual request header and not header name in Access-Control-Request-Headers.
* http/wpt/beacon/cors/cors-preflight-blob-success.html: Ditto.
* platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt: Added.
* platform/mac-wk1/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt: Added.
* platform/mac-wk1/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt: Added.
* platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt: Added.
* platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt: Added.
* platform/win/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt: Added.
* platform/win/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt: Added.
* platform/mac-highsierra-wk2/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt.
* platform/mac-highsierra-wk2/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt.
* platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt.
* platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt.
* platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt.
* platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt:
* platform/win/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt:
* platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt.
* platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt.
* platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230681 268f45cc-cd09-0410-ab3c-d52691b4dbfc
43 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt
LayoutTests/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt
LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-failure.html
LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-success.html
LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt
LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt
LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt
LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt
LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt [new file with mode: 0644]
LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt [new file with mode: 0644]
LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt [new file with mode: 0644]
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt [new file with mode: 0644]
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt [new file with mode: 0644]
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt [new file with mode: 0644]
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt [new file with mode: 0644]
LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt [new file with mode: 0644]
LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt [new file with mode: 0644]
LayoutTests/platform/win/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt [new file with mode: 0644]
LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt [new file with mode: 0644]
LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt [new file with mode: 0644]
LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt [new file with mode: 0644]
LayoutTests/platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/CrossOriginPreflightChecker.cpp
Source/WebCore/loader/DocumentThreadableLoader.cpp
Source/WebCore/loader/FrameLoader.cpp
Source/WebCore/loader/FrameLoader.h
Source/WebCore/loader/LoaderStrategy.h
Source/WebCore/xml/XSLTProcessorLibxslt.cpp
Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp
Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h
Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
Source/WebKit/NetworkProcess/NetworkResourceLoader.h
Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
Source/WebKit/WebProcess/Network/WebLoaderStrategy.h
Source/WebKitLegacy/ChangeLog
Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp
Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.h