[Qt] Redirection of HTTP POST (3xx) incorrectly includes original POST data
authorluiz@webkit.org <luiz@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 May 2011 19:00:37 +0000 (19:00 +0000)
committerluiz@webkit.org <luiz@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 May 2011 19:00:37 +0000 (19:00 +0000)
https://bugs.webkit.org/show_bug.cgi?id=60440

Reviewed by Kenneth Rohde Christiansen.

Source/WebCore:

Makes sure that the HTTP headers Content-type and Content-length are not included in
the requests that do not have any content.

Tests: http/tests/navigation/post-301-response.html
       http/tests/navigation/post-302-response.html
       http/tests/navigation/post-303-response.html
       http/tests/navigation/post-307-response.html

* platform/network/qt/QNetworkReplyHandler.cpp:
(WebCore::QNetworkReplyHandler::sendNetworkRequest):

LayoutTests:

These new tests check that no POST content is sent to the new URL after receiving http
status codes 301, 302 and 303, and checks that the POST content is sent to the new URL
after receiving a 307 http status code.

* http/tests/navigation/post-301-response-expected.txt: Added.
* http/tests/navigation/post-301-response.html: Added.
* http/tests/navigation/post-302-response-expected.txt: Added.
* http/tests/navigation/post-302-response.html: Added.
* http/tests/navigation/post-303-response-expected.txt: Added.
* http/tests/navigation/post-303-response.html: Added.
* http/tests/navigation/post-307-response-expected.txt: Added.
* http/tests/navigation/post-307-response.html: Added.
* http/tests/navigation/resources/redirected-post-request-contents.php: Added.
* http/tests/navigation/resources/redirection-response.php: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@86693 268f45cc-cd09-0410-ab3c-d52691b4dbfc

13 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/navigation/post-301-response-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/navigation/post-301-response.html [new file with mode: 0644]
LayoutTests/http/tests/navigation/post-302-response-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/navigation/post-302-response.html [new file with mode: 0644]
LayoutTests/http/tests/navigation/post-303-response-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/navigation/post-303-response.html [new file with mode: 0644]
LayoutTests/http/tests/navigation/post-307-response-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/navigation/post-307-response.html [new file with mode: 0644]
LayoutTests/http/tests/navigation/resources/redirected-post-request-contents.php [new file with mode: 0644]
LayoutTests/http/tests/navigation/resources/redirection-response.php [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp

index 8e9d2da..e404f61 100644 (file)
@@ -1,3 +1,25 @@
+2011-05-09  Luiz Agostini  <luiz.agostini@openbossa.org>
+
+        Reviewed by Kenneth Rohde Christiansen.
+
+        [Qt] Redirection of HTTP POST (3xx) incorrectly includes original POST data
+        https://bugs.webkit.org/show_bug.cgi?id=60440
+
+        These new tests check that no POST content is sent to the new URL after receiving http
+        status codes 301, 302 and 303, and checks that the POST content is sent to the new URL
+        after receiving a 307 http status code.
+
+        * http/tests/navigation/post-301-response-expected.txt: Added.
+        * http/tests/navigation/post-301-response.html: Added.
+        * http/tests/navigation/post-302-response-expected.txt: Added.
+        * http/tests/navigation/post-302-response.html: Added.
+        * http/tests/navigation/post-303-response-expected.txt: Added.
+        * http/tests/navigation/post-303-response.html: Added.
+        * http/tests/navigation/post-307-response-expected.txt: Added.
+        * http/tests/navigation/post-307-response.html: Added.
+        * http/tests/navigation/resources/redirected-post-request-contents.php: Added.
+        * http/tests/navigation/resources/redirection-response.php: Added.
+
 2011-05-17  Sakamuri Ramakrishna  <ramakrishna.sakamuri@nokia.com>
 
         Reviewed by Andreas Kling.
diff --git a/LayoutTests/http/tests/navigation/post-301-response-expected.txt b/LayoutTests/http/tests/navigation/post-301-response-expected.txt
new file mode 100644 (file)
index 0000000..9e0f30a
--- /dev/null
@@ -0,0 +1,6 @@
+headers CONTENT_TYPE and CONTENT_LENGTH should not be present.
+headers CONTENT_TYPE and CONTENT_LENGTH are not present.
+
+no POST data should be present.
+no POST data is present.
+
diff --git a/LayoutTests/http/tests/navigation/post-301-response.html b/LayoutTests/http/tests/navigation/post-301-response.html
new file mode 100644 (file)
index 0000000..d75edc9
--- /dev/null
@@ -0,0 +1,18 @@
+<html>
+<head>
+<script>
+var doTest = function () {
+    if (window.layoutTestController) {
+        window.layoutTestController.dumpAsText();
+        window.layoutTestController.waitUntilDone();
+    }
+    document.getElementById("form1").submit();
+};
+</script>
+</head>
+<body onload="doTest()">
+<form id="form1" action="resources/redirection-response.php?status=301&target=redirected-post-request-contents.php?content=false" method="post">
+<input type="text" name="text1" value="some text"><br>
+</form>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/navigation/post-302-response-expected.txt b/LayoutTests/http/tests/navigation/post-302-response-expected.txt
new file mode 100644 (file)
index 0000000..9e0f30a
--- /dev/null
@@ -0,0 +1,6 @@
+headers CONTENT_TYPE and CONTENT_LENGTH should not be present.
+headers CONTENT_TYPE and CONTENT_LENGTH are not present.
+
+no POST data should be present.
+no POST data is present.
+
diff --git a/LayoutTests/http/tests/navigation/post-302-response.html b/LayoutTests/http/tests/navigation/post-302-response.html
new file mode 100644 (file)
index 0000000..3f425c6
--- /dev/null
@@ -0,0 +1,18 @@
+<html>
+<head>
+<script>
+var doTest = function () {
+    if (window.layoutTestController) {
+        window.layoutTestController.dumpAsText();
+        window.layoutTestController.waitUntilDone();
+    }
+    document.getElementById("form1").submit();
+};
+</script>
+</head>
+<body onload="doTest()">
+<form id="form1" action="resources/redirection-response.php?status=302&target=redirected-post-request-contents.php?content=false" method="post">
+<input type="text" name="text1" value="some text"><br>
+</form>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/navigation/post-303-response-expected.txt b/LayoutTests/http/tests/navigation/post-303-response-expected.txt
new file mode 100644 (file)
index 0000000..9e0f30a
--- /dev/null
@@ -0,0 +1,6 @@
+headers CONTENT_TYPE and CONTENT_LENGTH should not be present.
+headers CONTENT_TYPE and CONTENT_LENGTH are not present.
+
+no POST data should be present.
+no POST data is present.
+
diff --git a/LayoutTests/http/tests/navigation/post-303-response.html b/LayoutTests/http/tests/navigation/post-303-response.html
new file mode 100644 (file)
index 0000000..a01bc7d
--- /dev/null
@@ -0,0 +1,18 @@
+<html>
+<head>
+<script>
+var doTest = function () {
+    if (window.layoutTestController) {
+        window.layoutTestController.dumpAsText();
+        window.layoutTestController.waitUntilDone();
+    }
+    document.getElementById("form1").submit();
+};
+</script>
+</head>
+<body onload="doTest()">
+<form id="form1" action="resources/redirection-response.php?status=303&target=redirected-post-request-contents.php?content=false" method="post">
+<input type="text" name="text1" value="some text"><br>
+</form>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/navigation/post-307-response-expected.txt b/LayoutTests/http/tests/navigation/post-307-response-expected.txt
new file mode 100644 (file)
index 0000000..594c57b
--- /dev/null
@@ -0,0 +1,7 @@
+headers CONTENT_TYPE and CONTENT_LENGTH should be present.
+CONTENT_TYPE is present. Its value is: application/x-www-form-urlencoded
+CONTENT_LENGTH is present. Its value is: 15
+
+POST data should be present.
+POST data is present.
+
diff --git a/LayoutTests/http/tests/navigation/post-307-response.html b/LayoutTests/http/tests/navigation/post-307-response.html
new file mode 100644 (file)
index 0000000..37b393e
--- /dev/null
@@ -0,0 +1,18 @@
+<html>
+<head>
+<script>
+var doTest = function () {
+    if (window.layoutTestController) {
+        window.layoutTestController.dumpAsText();
+        window.layoutTestController.waitUntilDone();
+    }
+    document.getElementById("form1").submit();
+};
+</script>
+</head>
+<body onload="doTest()">
+<form id="form1" action="resources/redirection-response.php?status=307&target=redirected-post-request-contents.php?content=true" method="post">
+<input type="text" name="text1" value="some text"><br>
+</form>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/navigation/resources/redirected-post-request-contents.php b/LayoutTests/http/tests/navigation/resources/redirected-post-request-contents.php
new file mode 100644 (file)
index 0000000..93b2da3
--- /dev/null
@@ -0,0 +1,38 @@
+<?php
+function checkHeader($header) {
+    if (array_key_exists($header, $_SERVER)) {
+        echo $header . " is present. Its value is: " . $_SERVER[$header] . "<br>";
+        return true;
+    }
+    return false;
+}
+
+if ($_GET["content"] == "true") {
+    echo "headers CONTENT_TYPE and CONTENT_LENGTH should be present.<br>";
+} else {
+    echo "headers CONTENT_TYPE and CONTENT_LENGTH should not be present.<br>";
+}
+
+$content_type = checkHeader("CONTENT_TYPE");
+$content_length = checkHeader("CONTENT_LENGTH");
+
+if (!$content_type && !$content_length) {
+    echo "headers CONTENT_TYPE and CONTENT_LENGTH are not present.<br>";
+}
+
+echo "<br>";
+
+if ($_GET["content"] == "true") {
+    echo "POST data should be present.<br>";
+} else {
+    echo "no POST data should be present.<br>";
+}
+
+if (sizeof($_POST) > 0 || sizeof($_FILES) > 0) {
+    echo "POST data is present.<br>";
+} else {
+    echo "no POST data is present.<br>";
+}
+
+echo "<script>if (window.layoutTestController) layoutTestController.notifyDone();</script>"
+?>
diff --git a/LayoutTests/http/tests/navigation/resources/redirection-response.php b/LayoutTests/http/tests/navigation/resources/redirection-response.php
new file mode 100644 (file)
index 0000000..c9c2561
--- /dev/null
@@ -0,0 +1,27 @@
+<?php
+$status_code = $_GET['status'];
+
+$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/" . $_GET['target'];
+
+switch ($status_code) {
+    case 301:
+        header("HTTP/1.1 301 Moved Permanently");
+        header("Location: http://" . $_SERVER['HTTP_HOST'] . $uri);
+        break;
+    case 302:
+        header("HTTP/1.1 302 Found");
+        header("Location: http://" . $_SERVER['HTTP_HOST'] . $uri);
+        break;
+    case 303:
+        header("HTTP/1.1 303 See Other");
+        header("Location: http://" . $_SERVER['HTTP_HOST'] . $uri);
+        break;
+    case 307:
+        header("HTTP/1.1 307 Temporary Redirect");
+        header("Location: http://" . $_SERVER['HTTP_HOST'] . $uri);
+        break;
+    default:
+        header("HTTP/1.1 500 Internal Server Error");
+        echo "Unexpected status code ($status_code) received.";
+}
+?>
index 048eec8..f12586e 100644 (file)
@@ -1,3 +1,21 @@
+2011-05-09  Luiz Agostini  <luiz.agostini@openbossa.org>
+
+        Reviewed by Kenneth Rohde Christiansen.
+
+        [Qt] Redirection of HTTP POST (3xx) incorrectly includes original POST data
+        https://bugs.webkit.org/show_bug.cgi?id=60440
+
+        Makes sure that the HTTP headers Content-type and Content-length are not included in
+        the requests that do not have any content.
+
+        Tests: http/tests/navigation/post-301-response.html
+               http/tests/navigation/post-302-response.html
+               http/tests/navigation/post-303-response.html
+               http/tests/navigation/post-307-response.html
+
+        * platform/network/qt/QNetworkReplyHandler.cpp:
+        (WebCore::QNetworkReplyHandler::sendNetworkRequest):
+
 2011-05-17  Andreas Kling  <kling@webkit.org>
 
         Reviewed by Benjamin Poulain.
index b7d67ae..59d2245 100644 (file)
@@ -615,6 +615,12 @@ QNetworkReply* QNetworkReplyHandler::sendNetworkRequest(QNetworkAccessManager* m
         && (!url.toLocalFile().isEmpty() || url.scheme() == QLatin1String("data")))
         m_method = QNetworkAccessManager::GetOperation;
 
+    if (m_method != QNetworkAccessManager::PostOperation && m_method != QNetworkAccessManager::PutOperation) {
+        // clearing Contents-length and Contents-type of the requests that do not have contents.
+        m_request.setHeader(QNetworkRequest::ContentTypeHeader, QVariant());
+        m_request.setHeader(QNetworkRequest::ContentLengthHeader, QVariant());
+    }
+
     switch (m_method) {
         case QNetworkAccessManager::GetOperation:
             return manager->get(m_request);