XMLHttpRequest should not treat file URLs as same origin
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 9 Nov 2017 00:46:33 +0000 (00:46 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 9 Nov 2017 00:46:33 +0000 (00:46 +0000)
commitc25ef40a02997783dd24e4cfc4729b6f34cd3d9e
treec0932abcb5167ab30334037758ea8d8f4d764c70
parent0ae749fba7ee48dd63483a1120685d4f7a2b8eda
XMLHttpRequest should not treat file URLs as same origin
https://bugs.webkit.org/show_bug.cgi?id=178565
<rdar://problem/11115901>

Reviewed by Daniel Bates.

Source/WebCore:

Based on a Blink patch by <jannhorn@googlemail.com>.
https://chromium.googlesource.com/chromium/src/+/c362e001551abc2bea392773f32eaf043d8bc29f

Test: security/cannot-read-self-from-file.html

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::passesFileCheck const): Do not treat file as same-origin.

LayoutTests:

* security/cannot-read-self-from-file-expected.txt: Added.
* security/cannot-read-self-from-file.html: Added.
* security/resources/cannot-read-self-from-file.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@224609 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/security/cannot-read-self-from-file-expected.txt [new file with mode: 0644]
LayoutTests/security/cannot-read-self-from-file.html [new file with mode: 0644]
LayoutTests/security/resources/cannot-read-self-from-file.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/page/SecurityOrigin.cpp