Make fetch() use "same-origin" credentials by default
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 11 Jul 2018 02:50:58 +0000 (02:50 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 11 Jul 2018 02:50:58 +0000 (02:50 +0000)
commit9bca1e07fdf9d645c9dfe75f2d1371cf3ae52fa0
tree7ef38ff79a43bed84ab9532cdfa3a4be3609ea89
parentf188dacb825dbd45041079c450fea61940c6b780
Make fetch() use "same-origin" credentials by default
https://bugs.webkit.org/show_bug.cgi?id=176023

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

Tests updated according upstream WPT repo.

* web-platform-tests/fetch/api/request/request-init-003.sub.html:
* web-platform-tests/fetch/api/request/request-structure.html:

Source/WebCore:

Covered by updated tests.

* Modules/fetch/FetchRequest.cpp:
(WebCore::FetchRequest::initializeWith):
Setting credentials mode to same-origin for FetchRequest by default.
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::redirectReceived):
Handle correctly referrer in case we restart a load.
* page/PerformanceResourceTiming.cpp:
(WebCore::entryStartTime):
(WebCore::entryEndTime):
In case it is not allowed to disclose resource timing info, update as
https://www.w3.org/TR/resource-timing-1/#performanceresourcetiming

Source/WebKit:

Before the patch, when changing the credential mode in case of redirection,
we were not waiting for WebProcess response to restart the load.
This patch updates the implementation to ask the WebProcess whether to proceed as for other regular asynchronous loads.
This requires some refactoring in particular we now pass request, redirectRequest and redirectResponse to NetworkLoadChecker
that will send them back as part of the completion handler.

To do so, we change manual redirection handling and make it a successful case and not an error case as before.

* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::redirectionError):
(WebKit::NetworkLoadChecker::checkRedirection):
* NetworkProcess/NetworkLoadChecker.h:
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::willSendRedirectedRequest):
(WebKit::NetworkResourceLoader::restartNetworkLoad):
(WebKit::NetworkResourceLoader::continueWillSendRequest):
* NetworkProcess/NetworkResourceLoader.h:
* NetworkProcess/PingLoad.cpp:
(WebKit::PingLoad::willPerformHTTPRedirection):

LayoutTests:

Resource timing does not work properly on WK1 when stopping fetch/XHR load to restart it without credentials.
Updated expected results accordingly.

* http/tests/inspector/network/resource-mime-type.html:
Update resource-mime-type.html to ensure we go to the network for every load.
* http/wpt/resource-timing/rt-cors.js:
(assertRedirectWithDisallowedTimingData):
Updated test according https://www.w3.org/TR/resource-timing-1/#performanceresourcetiming.
* platform/mac-wk1/http/wpt/resource-timing/rt-cors-expected.txt: Added.
* platform/mac-wk1/http/wpt/resource-timing/rt-cors.worker-expected.txt: Added.
* platform/win/http/wpt/resource-timing/rt-cors-expected.txt: Added.
* platform/win/http/wpt/resource-timing/rt-cors.worker-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233720 268f45cc-cd09-0410-ab3c-d52691b4dbfc
20 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/inspector/network/resource-mime-type.html
LayoutTests/http/wpt/resource-timing/rt-cors.js
LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/fetch/api/request/request-init-003.sub.html
LayoutTests/imported/w3c/web-platform-tests/fetch/api/request/request-structure.html
LayoutTests/platform/mac-wk1/http/wpt/resource-timing/rt-cors-expected.txt [new file with mode: 0644]
LayoutTests/platform/mac-wk1/http/wpt/resource-timing/rt-cors.worker-expected.txt [new file with mode: 0644]
LayoutTests/platform/win/http/wpt/resource-timing/rt-cors-expected.txt [new file with mode: 0644]
LayoutTests/platform/win/http/wpt/resource-timing/rt-cors.worker-expected.txt [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/Modules/fetch/FetchRequest.cpp
Source/WebCore/loader/DocumentThreadableLoader.cpp
Source/WebCore/page/PerformanceResourceTiming.cpp
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
Source/WebKit/NetworkProcess/NetworkLoadChecker.h
Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
Source/WebKit/NetworkProcess/NetworkResourceLoader.h
Source/WebKit/NetworkProcess/PingLoad.cpp