Sending a `Ping-From` header for cross-origin pings from non-HTTPS documents.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 19 Jul 2011 21:56:38 +0000 (21:56 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 19 Jul 2011 21:56:38 +0000 (21:56 +0000)
https://bugs.webkit.org/show_bug.cgi?id=64789

Also a drive-by cleanup of whitespace.

Patch by Mike West <mkwst@chromium.org> on 2011-07-19
Reviewed by Nate Chapin.

Source/WebCore:

* loader/PingLoader.cpp:
(WebCore::PingLoader::loadImage):
(WebCore::PingLoader::sendPing):

LayoutTests:

* http/tests/navigation/ping-cross-origin-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@91306 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/navigation/ping-cross-origin-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/loader/PingLoader.cpp

index d406c95..baba043 100644 (file)
@@ -1,3 +1,14 @@
+2011-07-19  Mike West  <mkwst@chromium.org>
+
+        Sending a `Ping-From` header for cross-origin pings from non-HTTPS documents.
+        https://bugs.webkit.org/show_bug.cgi?id=64789
+
+        Also a drive-by cleanup of whitespace.
+
+        Reviewed by Nate Chapin.
+
+        * http/tests/navigation/ping-cross-origin-expected.txt:
+
 2011-07-19  Gavin Barraclough  <barraclough@apple.com>
 
         https://bugs.webkit.org/show_bug.cgi?id=64809
index a28fcb4..06823a5 100644 (file)
@@ -1,5 +1,6 @@
 Ping sent successfully
 CONTENT_TYPE: text/ping
+HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-cross-origin.html
 HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
 HTTP_REFERER: http://127.0.0.1:8000/navigation/ping-cross-origin.html
 REQUEST_METHOD: POST
index c6feddf..53a1f6f 100644 (file)
@@ -1,3 +1,16 @@
+2011-07-19  Mike West  <mkwst@chromium.org>
+
+        Sending a `Ping-From` header for cross-origin pings from non-HTTPS documents.
+        https://bugs.webkit.org/show_bug.cgi?id=64789
+
+        Also a drive-by cleanup of whitespace.
+
+        Reviewed by Nate Chapin.
+
+        * loader/PingLoader.cpp:
+        (WebCore::PingLoader::loadImage):
+        (WebCore::PingLoader::sendPing):
+
 2011-07-15  Luke Zarko  <lukezarko@gmail.com>
 
        Bring V8's SerializedScriptValue implementation up to date.
index bda74fb..e5cdb01 100644 (file)
@@ -61,7 +61,7 @@ void PingLoader::loadImage(Frame* frame, const KURL& url)
         request.setHTTPReferrer(frame->loader()->outgoingReferrer());
     frame->loader()->addExtraFieldsToSubresourceRequest(request);
     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request));
-    
+
     // Leak the ping loader, since it will kill itself as soon as it receives a response.
     PingLoader* leakedPingLoader = pingLoader.leakPtr();
     UNUSED_PARAM(leakedPingLoader);
@@ -82,12 +82,13 @@ void PingLoader::sendPing(Frame* frame, const KURL& pingURL, const KURL& destina
     RefPtr<SecurityOrigin> pingOrigin = SecurityOrigin::create(pingURL);
     FrameLoader::addHTTPOriginIfNeeded(request, sourceOrigin->toString());
     request.setHTTPHeaderField("Ping-To", destinationURL);
-    if (sourceOrigin->isSameSchemeHostPort(pingOrigin.get()))
-        request.setHTTPHeaderField("Ping-From", frame->document()->url());
-    else if (!SecurityOrigin::shouldHideReferrer(pingURL, frame->loader()->outgoingReferrer()))
+    if (!SecurityOrigin::shouldHideReferrer(pingURL, frame->loader()->outgoingReferrer())) {
+      request.setHTTPHeaderField("Ping-From", frame->document()->url());
+      if (!sourceOrigin->isSameSchemeHostPort(pingOrigin.get()))
         request.setHTTPReferrer(frame->loader()->outgoingReferrer());
+    }
     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request));
-    
+
     // Leak the ping loader, since it will kill itself as soon as it receives a response.
     PingLoader* leakedPingLoader = pingLoader.leakPtr();
     UNUSED_PARAM(leakedPingLoader);