Crash when calling XMLHttpRequest.setRequestHeader() in a worker
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 4 Jun 2019 23:31:34 +0000 (23:31 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 4 Jun 2019 23:31:34 +0000 (23:31 +0000)
https://bugs.webkit.org/show_bug.cgi?id=198534
<rdar://problem/51393912>

Reviewed by Alex Christensen.

Source/WebCore:

Make sure the script execution context is a Document because calling document()
to get the settings.

Test: fast/workers/worker-xhr-setRequestHeader.html

* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::setRequestHeader):

LayoutTests:

Add layout test coverage.

* fast/workers/resources/worker-xhr-setRequestHeader.js: Added.
* fast/workers/worker-xhr-setRequestHeader-expected.txt: Added.
* fast/workers/worker-xhr-setRequestHeader.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246087 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/workers/resources/worker-xhr-setRequestHeader.js [new file with mode: 0644]
LayoutTests/fast/workers/worker-xhr-setRequestHeader-expected.txt [new file with mode: 0644]
LayoutTests/fast/workers/worker-xhr-setRequestHeader.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/xml/XMLHttpRequest.cpp

index ddf3ddd..f71a239 100644 (file)
@@ -1,3 +1,17 @@
+2019-06-04  Chris Dumez  <cdumez@apple.com>
+
+        Crash when calling XMLHttpRequest.setRequestHeader() in a worker
+        https://bugs.webkit.org/show_bug.cgi?id=198534
+        <rdar://problem/51393912>
+
+        Reviewed by Alex Christensen.
+
+        Add layout test coverage.
+
+        * fast/workers/resources/worker-xhr-setRequestHeader.js: Added.
+        * fast/workers/worker-xhr-setRequestHeader-expected.txt: Added.
+        * fast/workers/worker-xhr-setRequestHeader.html: Added.
+
 2019-06-04  Antti Koivisto  <antti@apple.com>
 
         Sticky positioning is jumpy in many overflow cases
diff --git a/LayoutTests/fast/workers/resources/worker-xhr-setRequestHeader.js b/LayoutTests/fast/workers/resources/worker-xhr-setRequestHeader.js
new file mode 100644 (file)
index 0000000..64cd8bb
--- /dev/null
@@ -0,0 +1,14 @@
+importScripts('../../../resources/js-test-pre.js');
+
+var global = this;
+global.jsTestIsAsync = true;
+
+description("Tests XMLHttpRequest.setRequestHeader() in workers");
+
+var xhr = new XMLHttpRequest;
+xhr.open("GET", "empty-worker.js", false);
+xhr.setRequestHeader("Accept", "*/*");
+xhr.send(null);
+
+finishJSTest();
+
diff --git a/LayoutTests/fast/workers/worker-xhr-setRequestHeader-expected.txt b/LayoutTests/fast/workers/worker-xhr-setRequestHeader-expected.txt
new file mode 100644 (file)
index 0000000..25f9ec5
--- /dev/null
@@ -0,0 +1,10 @@
+[Worker] Tests XMLHttpRequest.setRequestHeader() in workers
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Starting worker: resources/worker-xhr-setRequestHeader.js
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/workers/worker-xhr-setRequestHeader.html b/LayoutTests/fast/workers/worker-xhr-setRequestHeader.html
new file mode 100644 (file)
index 0000000..f6fa138
--- /dev/null
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script>
+worker = startWorker('resources/worker-xhr-setRequestHeader.js');
+</script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
index 18993da..c7abe4c 100644 (file)
@@ -1,3 +1,19 @@
+2019-06-04  Chris Dumez  <cdumez@apple.com>
+
+        Crash when calling XMLHttpRequest.setRequestHeader() in a worker
+        https://bugs.webkit.org/show_bug.cgi?id=198534
+        <rdar://problem/51393912>
+
+        Reviewed by Alex Christensen.
+
+        Make sure the script execution context is a Document because calling document()
+        to get the settings.
+
+        Test: fast/workers/worker-xhr-setRequestHeader.html
+
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::setRequestHeader):
+
 2019-06-04  Antti Koivisto  <antti@apple.com>
 
         Sticky positioning is jumpy in many overflow cases
index 2f717c3..4c351f6 100644 (file)
@@ -817,7 +817,9 @@ ExceptionOr<void> XMLHttpRequest::setRequestHeader(const String& name, const Str
 #if ENABLE(DASHBOARD_SUPPORT)
     allowUnsafeHeaderField = usesDashboardBackwardCompatibilityMode();
 #endif
-    if (securityOrigin()->canLoadLocalResources() && document()->settings().allowSettingAnyXHRHeaderFromFileURLs())
+
+    // FIXME: The allowSettingAnyXHRHeaderFromFileURLs setting currently only applies to Documents, not workers.
+    if (securityOrigin()->canLoadLocalResources() && scriptExecutionContext()->isDocument() && document()->settings().allowSettingAnyXHRHeaderFromFileURLs())
         allowUnsafeHeaderField = true;
     if (!allowUnsafeHeaderField && isForbiddenHeaderName(name)) {
         logConsoleError(scriptExecutionContext(), "Refused to set unsafe header \"" + name + "\"");