Set integrity fetch options for loading scripts and CSS
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Jan 2018 18:02:23 +0000 (18:02 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Jan 2018 18:02:23 +0000 (18:02 +0000)
https://bugs.webkit.org/show_bug.cgi?id=182077

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-25
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt:
* web-platform-tests/service-workers/service-worker/fetch-request-resources.https.html:

Source/WebCore:

Covered by updated test.

Set integrity fetch option in script and CSS loading.

* bindings/js/CachedModuleScriptLoader.cpp:
(WebCore::CachedModuleScriptLoader::load):
* bindings/js/CachedScriptFetcher.cpp:
(WebCore::CachedScriptFetcher::requestModuleScript const):
(WebCore::CachedScriptFetcher::requestScriptWithCache const):
* bindings/js/CachedScriptFetcher.h:
* dom/LoadableClassicScript.cpp:
(WebCore::LoadableClassicScript::load):
* dom/ScriptElementCachedScriptFetcher.cpp:
(WebCore::ScriptElementCachedScriptFetcher::requestModuleScript const):
* dom/ScriptElementCachedScriptFetcher.h:
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::process):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227612 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt
LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https.html
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/CachedModuleScriptLoader.cpp
Source/WebCore/bindings/js/CachedScriptFetcher.cpp
Source/WebCore/bindings/js/CachedScriptFetcher.h
Source/WebCore/dom/LoadableClassicScript.cpp
Source/WebCore/dom/ScriptElementCachedScriptFetcher.cpp
Source/WebCore/dom/ScriptElementCachedScriptFetcher.h
Source/WebCore/html/HTMLLinkElement.cpp

index a41f7df..cdd46b0 100644 (file)
@@ -1,3 +1,13 @@
+2018-01-25  Youenn Fablet  <youenn@apple.com>
+
+        Set integrity fetch options for loading scripts and CSS
+        https://bugs.webkit.org/show_bug.cgi?id=182077
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt:
+        * web-platform-tests/service-workers/service-worker/fetch-request-resources.https.html:
+
 2018-01-25  Manuel Rego Casasnovas  <rego@igalia.com>
 
         [css-multicol] Update WPT test suite
index 020a6c5..0ccd067 100644 (file)
@@ -1,19 +1,59 @@
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
-CONSOLE MESSAGE: Unhandled Promise Rejection: TypeError: Type error
 
-
-FAIL Verify FetchEvent for resources. assert_equals: integrity of Script load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test24) must be      . expected "     " but got ""
+PASS Verify FetchEvent for resources. 
+PASS Image load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test1 cross_origin:) 
+PASS Image load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test2 cross_origin:) 
+PASS CSS load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test3 cross_origin:) 
+PASS CSS load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test4 cross_origin:) 
+PASS Image load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test5 cross_origin:anonymous) 
+PASS Image load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test6 cross_origin:use-credentials) 
+PASS Image load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test7 cross_origin:) 
+PASS Image load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test8 cross_origin:anonymous) 
+PASS Image load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test9 cross_origin:use-credentials) 
+PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test10 cross_origin:) 
+PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test11 cross_origin:anonymous) 
+PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test12 cross_origin:use-credentials) 
+PASS Script load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test13 cross_origin:) 
+PASS Script load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test14 cross_origin:anonymous) 
+PASS Script load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test15 cross_origin:use-credentials) 
+PASS CSS load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test16 cross_origin:) 
+PASS CSS load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test17 cross_origin:anonymous) 
+PASS CSS load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test18 cross_origin:use-credentials) 
+PASS CSS load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test19 cross_origin:) 
+PASS CSS load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test20 cross_origin:anonymous) 
+PASS CSS load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test21 cross_origin:use-credentials) 
+FAIL FontFace load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test22) assert_equals: mode of FontFace load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test22) must be cors. expected "cors" but got "no-cors"
+FAIL FontFace load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test23) assert_equals: mode of FontFace load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test23) must be cors. expected "cors" but got "no-cors"
+PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test24) 
+PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test25) 
+PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test26) 
+PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test27) 
+PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test28) 
+PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test29) 
+PASS CSS load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test30) 
+PASS CSS load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test31) 
+PASS CSS load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test32) 
+PASS CSS load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test33) 
+PASS CSS load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test34) 
+PASS CSS load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test35) 
+PASS fetch (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test36 mode:same-origin credentials:omit) 
+PASS fetch (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test37 mode:same-origin credentials:same-origin) 
+PASS fetch (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test38 mode:same-origin credentials:include) 
+PASS fetch (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test39 mode:no-cors credentials:omit) 
+PASS fetch (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test40 mode:no-cors credentials:same-origin) 
+PASS fetch (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test41 mode:no-cors credentials:include) 
+PASS fetch (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test42 mode:cors credentials:omit) 
+PASS fetch (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test43 mode:cors credentials:same-origin) 
+PASS fetch (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test44 mode:cors credentials:include) 
+PASS fetch (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test45 mode:no-cors credentials:omit) 
+PASS fetch (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test46 mode:no-cors credentials:same-origin) 
+PASS fetch (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test47 mode:no-cors credentials:include) 
+PASS fetch (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test48 mode:cors credentials:omit) 
+PASS fetch (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test49 mode:cors credentials:same-origin) 
+PASS fetch (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test50 mode:cors credentials:include) 
+PASS Audio load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test51 cross_origin:) 
+PASS Audio load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test52 cross_origin:anonymous) 
+PASS Audio load (url:https://localhost:9443/service-workers/service-worker/resources/dummy?test53 cross_origin:use-credentials) 
+PASS Audio load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test54 cross_origin:) 
+PASS Audio load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test55 cross_origin:anonymous) 
+PASS Audio load (url:https://127.0.0.1:9443/service-workers/service-worker/resources/dummy?test56 cross_origin:use-credentials) 
 
index 92ef468..eeafad6 100644 (file)
@@ -8,6 +8,15 @@
 var url_count = 0;
 var expected_results = {};
 
+function add_promise_to_test(url)
+{
+  var expected = expected_results[url];
+  return new Promise((resolve, reject) => {
+    expected.resolve = resolve;
+    setTimeout(() => reject("test time out"), 5000);
+  });
+}
+
 function image_test(frame, url, cross_origin, expected_mode,
                     expected_credentials) {
   var actual_url = url + (++url_count);
@@ -20,7 +29,8 @@ function image_test(frame, url, cross_origin, expected_mode,
       message: 'Image load (url:' +
                actual_url + ' cross_origin:' + cross_origin + ')'
     };
-  return frame.contentWindow.load_image(actual_url, cross_origin);
+  frame.contentWindow.load_image(actual_url, cross_origin);
+  return add_promise_to_test(actual_url);
 }
 
 function script_test(frame, url, cross_origin, expected_mode,
@@ -35,7 +45,8 @@ function script_test(frame, url, cross_origin, expected_mode,
       message: 'Script load (url:' +
                actual_url + ' cross_origin:' + cross_origin + ')'
     };
-  return frame.contentWindow.load_script(actual_url, cross_origin);
+  frame.contentWindow.load_script(actual_url, cross_origin);
+  return add_promise_to_test(actual_url);
 }
 
 function css_test(frame, url, cross_origin, expected_mode,
@@ -50,7 +61,8 @@ function css_test(frame, url, cross_origin, expected_mode,
       message: 'CSS load (url:' +
                actual_url + ' cross_origin:' + cross_origin + ')'
     };
-  return frame.contentWindow.load_css(actual_url, cross_origin);
+  frame.contentWindow.load_css(actual_url, cross_origin);
+  return add_promise_to_test(actual_url);
 }
 
 function font_face_test(frame, url, expected_mode, expected_credentials) {
@@ -63,7 +75,8 @@ function font_face_test(frame, url, expected_mode, expected_credentials) {
       integrity: '',
       message: 'FontFace load (url:' + actual_url + ')'
     };
-  return frame.contentWindow.load_font(actual_url);
+  frame.contentWindow.load_font(actual_url);
+  return add_promise_to_test(actual_url);
 }
 
 function script_integrity_test(frame, url, integrity, expected_integrity) {
@@ -76,7 +89,8 @@ function script_integrity_test(frame, url, integrity, expected_integrity) {
       integrity: expected_integrity,
       message: 'Script load (url:' + actual_url + ')'
     };
-  return frame.contentWindow.load_script_with_integrity(actual_url, integrity);
+  frame.contentWindow.load_script_with_integrity(actual_url, integrity);
+  return add_promise_to_test(actual_url);
 }
 
 function css_integrity_test(frame, url, integrity, expected_integrity) {
@@ -89,7 +103,8 @@ function css_integrity_test(frame, url, integrity, expected_integrity) {
       integrity: expected_integrity,
       message: 'CSS load (url:' + actual_url + ')'
     };
-  return frame.contentWindow.load_css_with_integrity(actual_url, integrity);
+  frame.contentWindow.load_css_with_integrity(actual_url, integrity);
+  return add_promise_to_test(actual_url);
 }
 
 function fetch_test(frame, url, mode, credentials,
@@ -103,8 +118,10 @@ function fetch_test(frame, url, mode, credentials,
       message: 'fetch (url:' + actual_url + ' mode:' + mode + ' credentials:' +
                credentials + ')'
     };
-  return frame.contentWindow.fetch(
-      new Request(actual_url, {mode: mode, credentials: credentials}));
+  frame.contentWindow.fetch(
+      new Request(actual_url, {mode: mode, credentials: credentials})).then(() => {
+      }, () => { });
+  return add_promise_to_test(actual_url);
 }
 
 function audio_test(frame, url, cross_origin,
@@ -118,10 +135,11 @@ function audio_test(frame, url, cross_origin,
       message: 'Audio load (url:' + actual_url + ' cross_origin:' +
                cross_origin + ')'
     };
-  return frame.contentWindow.load_audio(actual_url, cross_origin);
+  frame.contentWindow.load_audio(actual_url, cross_origin);
+  return add_promise_to_test(actual_url);
 }
 
-async_test(function(t) {
+promise_test(function(t) {
     var SCOPE = 'resources/fetch-request-resources-iframe.https.html';
     var SCRIPT = 'resources/fetch-request-resources-worker.js';
     var host_info = get_host_info();
@@ -131,13 +149,13 @@ async_test(function(t) {
       host_info['HTTPS_REMOTE_ORIGIN'] + base_path() + 'resources/dummy?test';
     var worker;
     var frame;
-    service_worker_unregister_and_register(t, SCRIPT, SCOPE)
+    return service_worker_unregister_and_register(t, SCRIPT, SCOPE)
       .then(function(registration) {
           worker = registration.installing;
           return wait_for_state(t, worker, 'activated');
         })
       .then(function() {
-          return new Promise(function(resolve) {
+          return new Promise(function(resolve, reject) {
               var channel = new MessageChannel();
               channel.port1.onmessage = t.step_func(function(msg) {
                 if (msg.data.ready) {
@@ -149,110 +167,110 @@ async_test(function(t) {
                 if (!expected) {
                   return;
                 }
-                assert_equals(
+                test(() => {
+                  assert_equals(
                     result.mode, expected.mode,
                     'mode of ' + expected.message +  ' must be ' +
                     expected.mode + '.');
-                assert_equals(
+                  assert_equals(
                     result.credentials, expected.credentials,
                     'credentials of ' + expected.message +  ' must be ' +
                     expected.credentials + '.');
-                 assert_equals(
+                   assert_equals(
                     result.redirect, expected.redirect,
                     'redirect mode of ' + expected.message +  ' must be ' +
                     expected.redirect + '.');
-                assert_equals(
+                  assert_equals(
                     result.integrity, expected.integrity,
                     'integrity of ' + expected.message +  ' must be ' +
                     expected.integrity + '.');
-                --url_count;
+                }, expected.message);
+                expected.resolve();
                 delete expected_results[result.url];
-                if (url_count == 0) {
-                  frame.remove();
-                  service_worker_unregister_and_done(t, SCOPE);
-                }
               });
               worker.postMessage(
                 {port: channel.port2}, [channel.port2]);
             });
         })
       .then(function() { return with_iframe(SCOPE); })
-      .then(function(f) {
+      .then(async function(f) {
         frame = f;
 
-        image_test(f, LOCAL_URL, '', 'no-cors', 'include');
-        image_test(f, REMOTE_URL, '', 'no-cors', 'include');
-        css_test(f, LOCAL_URL, '', 'no-cors', 'include');
-        css_test(f, REMOTE_URL, '', 'no-cors', 'include');
+        await image_test(f, LOCAL_URL, '', 'no-cors', 'include');
+        await image_test(f, REMOTE_URL, '', 'no-cors', 'include');
+        await css_test(f, LOCAL_URL, '', 'no-cors', 'include');
+        await css_test(f, REMOTE_URL, '', 'no-cors', 'include');
+
+        await image_test(f, LOCAL_URL, 'anonymous', 'cors', 'same-origin');
+        await image_test(f, LOCAL_URL, 'use-credentials', 'cors', 'include');
+        await image_test(f, REMOTE_URL, '', 'no-cors', 'include');
+        await image_test(f, REMOTE_URL, 'anonymous', 'cors', 'same-origin');
+        await image_test(f, REMOTE_URL, 'use-credentials', 'cors', 'include');
 
-        image_test(f, LOCAL_URL, 'anonymous', 'cors', 'same-origin');
-        image_test(f, LOCAL_URL, 'use-credentials', 'cors', 'include');
-        image_test(f, REMOTE_URL, '', 'no-cors', 'include');
-        image_test(f, REMOTE_URL, 'anonymous', 'cors', 'same-origin');
-        image_test(f, REMOTE_URL, 'use-credentials', 'cors', 'include');
+        await script_test(f, LOCAL_URL, '', 'no-cors', 'include');
+        await script_test(f, LOCAL_URL, 'anonymous', 'cors', 'same-origin');
+        await script_test(f, LOCAL_URL, 'use-credentials', 'cors', 'include');
+        await script_test(f, REMOTE_URL, '', 'no-cors', 'include');
+        await script_test(f, REMOTE_URL, 'anonymous', 'cors', 'same-origin');
+        await script_test(f, REMOTE_URL, 'use-credentials', 'cors', 'include');
 
-        script_test(f, LOCAL_URL, '', 'no-cors', 'include');
-        script_test(f, LOCAL_URL, 'anonymous', 'cors', 'same-origin');
-        script_test(f, LOCAL_URL, 'use-credentials', 'cors', 'include');
-        script_test(f, REMOTE_URL, '', 'no-cors', 'include');
-        script_test(f, REMOTE_URL, 'anonymous', 'cors', 'same-origin');
-        script_test(f, REMOTE_URL, 'use-credentials', 'cors', 'include');
+        await css_test(f, LOCAL_URL, '', 'no-cors', 'include');
+        await css_test(f, LOCAL_URL, 'anonymous', 'cors', 'same-origin');
+        await css_test(f, LOCAL_URL, 'use-credentials', 'cors', 'include');
+        await css_test(f, REMOTE_URL, '', 'no-cors', 'include');
+        await css_test(f, REMOTE_URL, 'anonymous', 'cors', 'same-origin');
+        await css_test(f, REMOTE_URL, 'use-credentials', 'cors', 'include');
 
-        css_test(f, LOCAL_URL, '', 'no-cors', 'include');
-        css_test(f, LOCAL_URL, 'anonymous', 'cors', 'same-origin');
-        css_test(f, LOCAL_URL, 'use-credentials', 'cors', 'include');
-        css_test(f, REMOTE_URL, '', 'no-cors', 'include');
-        css_test(f, REMOTE_URL, 'anonymous', 'cors', 'same-origin');
-        css_test(f, REMOTE_URL, 'use-credentials', 'cors', 'include');
+        await font_face_test(f, LOCAL_URL, 'cors', 'same-origin');
+        await font_face_test(f, REMOTE_URL, 'cors', 'same-origin');
 
-        font_face_test(f, LOCAL_URL, 'cors', 'same-origin');
-        font_face_test(f, REMOTE_URL, 'cors', 'same-origin');
+        await script_integrity_test(f, LOCAL_URL, '     ', '     ');
+        await script_integrity_test(f, LOCAL_URL,
+                               'This is not a valid integrity because it has no dashes',
+                               'This is not a valid integrity because it has no dashes');
+        await script_integrity_test(f, LOCAL_URL, 'sha256-', 'sha256-');
+        await script_integrity_test(f, LOCAL_URL, 'sha256-foo?123', 'sha256-foo?123');
+        await script_integrity_test(f, LOCAL_URL, 'sha256-foo sha384-abc ', 'sha256-foo sha384-abc ');
+        await script_integrity_test(f, LOCAL_URL, 'sha256-foo sha256-abc', 'sha256-foo sha256-abc');
 
-        script_integrity_test(f, LOCAL_URL, '     ', '     ');
-        script_integrity_test(f, LOCAL_URL,
-                              'This is not a valid integrity because it has no dashes',
-                              'This is not a valid integrity because it has no dashes');
-        script_integrity_test(f, LOCAL_URL, 'sha256-', 'sha256-');
-        script_integrity_test(f, LOCAL_URL, 'sha256-foo?123', 'sha256-foo?123');
-        script_integrity_test(f, LOCAL_URL, 'sha256-foo sha384-abc ', 'sha256-foo sha384-abc ');
-        script_integrity_test(f, LOCAL_URL, 'sha256-foo sha256-abc', 'sha256-foo sha256-abc');
+        await css_integrity_test(f, LOCAL_URL, '     ', '     ');
+        await css_integrity_test(f, LOCAL_URL,
+                            'This is not a valid integrity because it has no dashes',
+                            'This is not a valid integrity because it has no dashes');
+        await css_integrity_test(f, LOCAL_URL, 'sha256-', 'sha256-');
+        await css_integrity_test(f, LOCAL_URL, 'sha256-foo?123', 'sha256-foo?123');
+        await css_integrity_test(f, LOCAL_URL, 'sha256-foo sha384-abc ', 'sha256-foo sha384-abc ');
+        await css_integrity_test(f, LOCAL_URL, 'sha256-foo sha256-abc', 'sha256-foo sha256-abc');
 
-        css_integrity_test(f, LOCAL_URL, '     ', '     ');
-        css_integrity_test(f, LOCAL_URL,
-                           'This is not a valid integrity because it has no dashes',
-                           'This is not a valid integrity because it has no dashes');
-        css_integrity_test(f, LOCAL_URL, 'sha256-', 'sha256-');
-        css_integrity_test(f, LOCAL_URL, 'sha256-foo?123', 'sha256-foo?123');
-        css_integrity_test(f, LOCAL_URL, 'sha256-foo sha384-abc ', 'sha256-foo sha384-abc ');
-        css_integrity_test(f, LOCAL_URL, 'sha256-foo sha256-abc', 'sha256-foo sha256-abc');
+        await fetch_test(f, LOCAL_URL, 'same-origin', 'omit', 'same-origin', 'omit');
+        await fetch_test(f, LOCAL_URL, 'same-origin', 'same-origin',
+                    'same-origin', 'same-origin');
+        await fetch_test(f, LOCAL_URL, 'same-origin', 'include',
+                    'same-origin', 'include');
+        await fetch_test(f, LOCAL_URL, 'no-cors', 'omit', 'no-cors', 'omit');
+        await fetch_test(f, LOCAL_URL, 'no-cors', 'same-origin',
+                    'no-cors', 'same-origin');
+        await fetch_test(f, LOCAL_URL, 'no-cors', 'include', 'no-cors', 'include');
+        await fetch_test(f, LOCAL_URL, 'cors', 'omit', 'cors', 'omit');
+        await fetch_test(f, LOCAL_URL, 'cors', 'same-origin', 'cors', 'same-origin');
+        await fetch_test(f, LOCAL_URL, 'cors', 'include', 'cors', 'include');
+        await fetch_test(f, REMOTE_URL, 'no-cors', 'omit', 'no-cors', 'omit');
+        await fetch_test(f, REMOTE_URL, 'no-cors', 'same-origin',
+                    'no-cors', 'same-origin');
+        await fetch_test(f, REMOTE_URL, 'no-cors', 'include', 'no-cors', 'include');
+        await fetch_test(f, REMOTE_URL, 'cors', 'omit', 'cors', 'omit');
+        await fetch_test(f, REMOTE_URL, 'cors', 'same-origin', 'cors', 'same-origin');
+        await fetch_test(f, REMOTE_URL, 'cors', 'include', 'cors', 'include');
 
-        fetch_test(f, LOCAL_URL, 'same-origin', 'omit', 'same-origin', 'omit');
-        fetch_test(f, LOCAL_URL, 'same-origin', 'same-origin',
-                   'same-origin', 'same-origin');
-        fetch_test(f, LOCAL_URL, 'same-origin', 'include',
-                   'same-origin', 'include');
-        fetch_test(f, LOCAL_URL, 'no-cors', 'omit', 'no-cors', 'omit');
-        fetch_test(f, LOCAL_URL, 'no-cors', 'same-origin',
-                   'no-cors', 'same-origin');
-        fetch_test(f, LOCAL_URL, 'no-cors', 'include', 'no-cors', 'include');
-        fetch_test(f, LOCAL_URL, 'cors', 'omit', 'cors', 'omit');
-        fetch_test(f, LOCAL_URL, 'cors', 'same-origin', 'cors', 'same-origin');
-        fetch_test(f, LOCAL_URL, 'cors', 'include', 'cors', 'include');
-        fetch_test(f, REMOTE_URL, 'no-cors', 'omit', 'no-cors', 'omit');
-        fetch_test(f, REMOTE_URL, 'no-cors', 'same-origin',
-                   'no-cors', 'same-origin');
-        fetch_test(f, REMOTE_URL, 'no-cors', 'include', 'no-cors', 'include');
-        fetch_test(f, REMOTE_URL, 'cors', 'omit', 'cors', 'omit');
-        fetch_test(f, REMOTE_URL, 'cors', 'same-origin', 'cors', 'same-origin');
-        fetch_test(f, REMOTE_URL, 'cors', 'include', 'cors', 'include');
+        await audio_test(f, LOCAL_URL, '', 'no-cors', 'include');
+        await audio_test(f, LOCAL_URL, 'anonymous', 'cors', 'same-origin');
+        await audio_test(f, LOCAL_URL, 'use-credentials', 'cors', 'include');
+        await audio_test(f, REMOTE_URL, '', 'no-cors', 'include');
+        await audio_test(f, REMOTE_URL, 'anonymous', 'cors', 'same-origin');
+        await audio_test(f, REMOTE_URL, 'use-credentials', 'cors', 'include');
 
-        audio_test(f, LOCAL_URL, '', 'no-cors', 'include');
-        audio_test(f, LOCAL_URL, 'anonymous', 'cors', 'same-origin');
-        audio_test(f, LOCAL_URL, 'use-credentials', 'cors', 'include');
-        audio_test(f, REMOTE_URL, '', 'no-cors', 'include');
-        audio_test(f, REMOTE_URL, 'anonymous', 'cors', 'same-origin');
-        audio_test(f, REMOTE_URL, 'use-credentials', 'cors', 'include');
-      })
-      .catch(unreached_rejection(t));
+        frame.remove();
+        service_worker_unregister(t, SCOPE);
+      }).catch(unreached_rejection(t));
   }, 'Verify FetchEvent for resources.');
 </script>
index 1ca8d87..cddf244 100644 (file)
@@ -1,3 +1,28 @@
+2018-01-25  Youenn Fablet  <youenn@apple.com>
+
+        Set integrity fetch options for loading scripts and CSS
+        https://bugs.webkit.org/show_bug.cgi?id=182077
+
+        Reviewed by Chris Dumez.
+
+        Covered by updated test.
+
+        Set integrity fetch option in script and CSS loading.
+
+        * bindings/js/CachedModuleScriptLoader.cpp:
+        (WebCore::CachedModuleScriptLoader::load):
+        * bindings/js/CachedScriptFetcher.cpp:
+        (WebCore::CachedScriptFetcher::requestModuleScript const):
+        (WebCore::CachedScriptFetcher::requestScriptWithCache const):
+        * bindings/js/CachedScriptFetcher.h:
+        * dom/LoadableClassicScript.cpp:
+        (WebCore::LoadableClassicScript::load):
+        * dom/ScriptElementCachedScriptFetcher.cpp:
+        (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript const):
+        * dom/ScriptElementCachedScriptFetcher.h:
+        * html/HTMLLinkElement.cpp:
+        (WebCore::HTMLLinkElement::process):
+
 2018-01-25  Zan Dobersek  <zdobersek@igalia.com>
 
         [Cairo] Use GraphicsContextImplCairo in Nicosia::PaintingContextCairo
index 2018847..5fb74e4 100644 (file)
@@ -63,7 +63,8 @@ CachedModuleScriptLoader::~CachedModuleScriptLoader()
 bool CachedModuleScriptLoader::load(Document& document, const URL& sourceURL)
 {
     ASSERT(!m_cachedScript);
-    m_cachedScript = m_scriptFetcher->requestModuleScript(document, sourceURL);
+    String integrity = m_parameters ? m_parameters->integrity() : String { };
+    m_cachedScript = m_scriptFetcher->requestModuleScript(document, sourceURL, WTFMove(integrity));
     if (!m_cachedScript)
         return false;
 
index d662139..fe2eeac 100644 (file)
@@ -39,12 +39,12 @@ Ref<CachedScriptFetcher> CachedScriptFetcher::create(const String& charset)
     return adoptRef(*new CachedScriptFetcher(charset));
 }
 
-CachedResourceHandle<CachedScript> CachedScriptFetcher::requestModuleScript(Document& document, const URL& sourceURL) const
+CachedResourceHandle<CachedScript> CachedScriptFetcher::requestModuleScript(Document& document, const URL& sourceURL, String&& integrity) const
 {
-    return requestScriptWithCache(document, sourceURL, String());
+    return requestScriptWithCache(document, sourceURL, String { }, WTFMove(integrity));
 }
 
-CachedResourceHandle<CachedScript> CachedScriptFetcher::requestScriptWithCache(Document& document, const URL& sourceURL, const String& crossOriginMode) const
+CachedResourceHandle<CachedScript> CachedScriptFetcher::requestScriptWithCache(Document& document, const URL& sourceURL, const String& crossOriginMode, String&& integrity) const
 {
     if (!document.settings().isScriptEnabled())
         return nullptr;
@@ -54,6 +54,7 @@ CachedResourceHandle<CachedScript> CachedScriptFetcher::requestScriptWithCache(D
     ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
     options.contentSecurityPolicyImposition = hasKnownNonce ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
     options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
+    options.integrity = WTFMove(integrity);
 
     CachedResourceRequest request(ResourceRequest(sourceURL), options);
     request.setAsPotentiallyCrossOrigin(crossOriginMode, document);
index a1a82ce..5821d7c 100644 (file)
@@ -37,7 +37,7 @@ class URL;
 
 class CachedScriptFetcher : public JSC::ScriptFetcher {
 public:
-    virtual CachedResourceHandle<CachedScript> requestModuleScript(Document&, const URL& sourceURL) const;
+    virtual CachedResourceHandle<CachedScript> requestModuleScript(Document&, const URL& sourceURL, String&& integrity) const;
 
     static Ref<CachedScriptFetcher> create(const String& charset);
 
@@ -55,7 +55,7 @@ protected:
     {
     }
 
-    CachedResourceHandle<CachedScript> requestScriptWithCache(Document&, const URL& sourceURL, const String& crossOriginMode) const;
+    CachedResourceHandle<CachedScript> requestScriptWithCache(Document&, const URL& sourceURL, const String& crossOriginMode, String&& integrity) const;
 
 private:
     String m_nonce;
index e7ec6fb..8fd6f5c 100644 (file)
@@ -114,7 +114,7 @@ void LoadableClassicScript::execute(ScriptElement& scriptElement)
 bool LoadableClassicScript::load(Document& document, const URL& sourceURL)
 {
     ASSERT(!m_cachedScript);
-    m_cachedScript = requestScriptWithCache(document, sourceURL, crossOriginMode());
+    m_cachedScript = requestScriptWithCache(document, sourceURL, crossOriginMode(), String { m_integrity });
     if (!m_cachedScript)
         return false;
     m_cachedScript->addClient(*this);
index bd49f90..489ab83 100644 (file)
 
 namespace WebCore {
 
-CachedResourceHandle<CachedScript> ScriptElementCachedScriptFetcher::requestModuleScript(Document& document, const URL& sourceURL) const
+CachedResourceHandle<CachedScript> ScriptElementCachedScriptFetcher::requestModuleScript(Document& document, const URL& sourceURL, String&& integrity) const
 {
     // https://github.com/tc39/proposal-dynamic-import/blob/master/HTML Integration.md
     // If the fetcher is not module script, credential mode is always "omit".
 
-    return requestScriptWithCache(document, sourceURL, isClassicScript() ? ASCIILiteral("omit") : m_crossOriginMode);
+    return requestScriptWithCache(document, sourceURL, isClassicScript() ? ASCIILiteral("omit") : m_crossOriginMode, WTFMove(integrity));
 }
 
 }
index 410cd30..03c3896 100644 (file)
@@ -31,7 +31,7 @@ namespace WebCore {
 
 class ScriptElementCachedScriptFetcher : public CachedScriptFetcher {
 public:
-    virtual CachedResourceHandle<CachedScript> requestModuleScript(Document&, const URL& sourceURL) const;
+    virtual CachedResourceHandle<CachedScript> requestModuleScript(Document&, const URL& sourceURL, String&& integrity) const;
 
     virtual bool isClassicScript() const = 0;
     virtual bool isModuleScript() const = 0;
index 8404e34..f32b6c6 100644 (file)
@@ -309,7 +309,7 @@ void HTMLLinkElement::process()
         options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
         if (document().contentSecurityPolicy()->allowStyleWithNonce(attributeWithoutSynchronization(HTMLNames::nonceAttr)))
             options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck;
-
+        options.integrity = m_integrityMetadataForPendingSheetRequest;
         CachedResourceRequest request(url, options, priority, WTFMove(charset));
         request.setInitiator(*this);
         request.setAsPotentiallyCrossOrigin(crossOrigin(), document());