LayoutTests/imported/w3c:
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Apr 2018 18:16:55 +0000 (18:16 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Apr 2018 18:16:55 +0000 (18:16 +0000)
Mak cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
https://bugs.webkit.org/show_bug.cgi?id=185023

Reviewed by Chris Dumez.

Fix message cross origin check failed in case of redirection

* web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt:

Source/WebKit:
Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
https://bugs.webkit.org/show_bug.cgi?id=185023

Reviewed by Chris Dumez.

Align NetworkLoadChecker with what SubresourceLoader is doing so that we can keep WK1 and WK2 error messages as consistent as possible.

* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::checkRedirection):
(WebKit::NetworkLoadChecker::validateResponse):

LayoutTests:
Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
https://bugs.webkit.org/show_bug.cgi?id=185023

Reviewed by Chris Dumez.

* http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt:
* http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt:
* http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt:
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed.
* platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed.
* platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed.
* platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed.
* platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed.
* platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@231055 268f45cc-cd09-0410-ab3c-d52691b4dbfc

17 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt
LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt
LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt
LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt
LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt
LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt
LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt
LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt [deleted file]
LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt [deleted file]
LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt [deleted file]
LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt [deleted file]
LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt [deleted file]
LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt [deleted file]
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp

index 552cef1..d0a95b6 100644 (file)
@@ -1,3 +1,20 @@
+2018-04-26  Youenn Fablet  <youenn@apple.com>
+
+        Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
+        https://bugs.webkit.org/show_bug.cgi?id=185023
+
+        Reviewed by Chris Dumez.
+
+        * http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt:
+        * http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt:
+        * http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt:
+        * platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed.
+        * platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed.
+        * platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed.
+        * platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed.
+        * platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed.
+        * platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed.
+
 2018-04-25  Megan Gardner  <megan_gardner@apple.com>
 
         Activate selection when interacting with editable content
index ccf51f7..b45a5b2 100644 (file)
@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8000/security/contentSecurityPolicy/resources/alert-pass.js denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
 This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
index 350dfdd..9b16047 100644 (file)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=false denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 Verify the error message in console in case of CORS failing checks.
 
 
index 350dfdd..9b16047 100644 (file)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=false denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 Verify the error message in console in case of CORS failing checks.
 
 
index 3d669c6..9fab1a5 100644 (file)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 31: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/reply.xml denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: line 31: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: line 31: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
 Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
 
index dd25e72..840531b 100644 (file)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 26: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/reply.xml denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: line 26: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
 Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
 
index f89a4ab..409191a 100644 (file)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 54: Cross-origin redirection to http://localhost:8080/xmlhttprequest/resources/forbidden.txt denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: line 54: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: line 54: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks.
 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks.
index a9f5633..ddd54e6 100644 (file)
@@ -1,3 +1,14 @@
+2018-04-26  Youenn Fablet  <youenn@apple.com>
+
+        Mak cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
+        https://bugs.webkit.org/show_bug.cgi?id=185023
+
+        Reviewed by Chris Dumez.
+
+        Fix message cross origin check failed in case of redirection
+
+        * web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt:
+
 2018-04-25  Youenn Fablet  <youenn@apple.com>
 
         Use NetworkLoadChecker for all subresource loads except fetch/XHR
index f911ac0..2d64762 100644 (file)
@@ -4,7 +4,7 @@ CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-
 CONSOLE MESSAGE: XMLHttpRequest cannot load https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py? due to access control checks.
 CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: Cannot load image https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE& due to access control checks.
-CONSOLE MESSAGE: Cross-origin redirection to https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE& denied by Cross-Origin Resource Sharing policy: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: Cannot load image https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2F127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FPNGIMAGE%26 due to access control checks.
 
 PASS initialize global state 
diff --git a/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt b/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt
deleted file mode 100644 (file)
index b45a5b2..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
diff --git a/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt b/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt
deleted file mode 100644 (file)
index 9b16047..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
diff --git a/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt b/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt
deleted file mode 100644 (file)
index 9b16047..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
diff --git a/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt b/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt
deleted file mode 100644 (file)
index b45a5b2..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
diff --git a/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt b/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt
deleted file mode 100644 (file)
index 9b16047..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
diff --git a/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt b/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt
deleted file mode 100644 (file)
index 9b16047..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
index 3d0287d..d59993e 100644 (file)
@@ -1,3 +1,16 @@
+2018-04-26  Youenn Fablet  <youenn@apple.com>
+
+        Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
+        https://bugs.webkit.org/show_bug.cgi?id=185023
+
+        Reviewed by Chris Dumez.
+
+        Align NetworkLoadChecker with what SubresourceLoader is doing so that we can keep WK1 and WK2 error messages as consistent as possible.
+
+        * NetworkProcess/NetworkLoadChecker.cpp:
+        (WebKit::NetworkLoadChecker::checkRedirection):
+        (WebKit::NetworkLoadChecker::validateResponse):
+
 2018-04-25  Megan Gardner  <megan_gardner@apple.com>
 
         Activate selection when interacting with editable content
index acd9f6e..46f9aab 100644 (file)
@@ -91,6 +91,13 @@ void NetworkLoadChecker::checkRedirection(WebCore::ResourceResponse& redirectRes
 {
     ASSERT(!isChecking());
 
+    auto error = validateResponse(redirectResponse);
+    if (!error.isNull()) {
+        auto errorMessage = makeString("Cross-origin redirection to ", request.url().string(), " denied by Cross-Origin Resource Sharing policy: ", error.localizedDescription());
+        handler(makeUnexpected(ResourceError { String { }, 0, request.url(), WTFMove(errorMessage), ResourceError::Type::AccessControl }));
+        return;
+    }
+
     if (m_options.redirect != FetchOptions::Redirect::Follow) {
         handler(returnError(ASCIILiteral("Redirections are not allowed")));
         return;
@@ -107,12 +114,6 @@ void NetworkLoadChecker::checkRedirection(WebCore::ResourceResponse& redirectRes
     m_previousURL = WTFMove(m_url);
     m_url = request.url();
 
-    auto error = validateResponse(redirectResponse);
-    if (!error.isNull()) {
-        handler(makeUnexpected(WTFMove(error)));
-        return;
-    }
-
     checkRequest(WTFMove(request), WTFMove(handler));
 }
 
@@ -134,11 +135,8 @@ ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response)
     ASSERT(m_options.mode == FetchOptions::Mode::Cors);
 
     String errorMessage;
-    if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage)) {
-        if (m_redirectCount)
-            errorMessage = makeString("Cross-origin redirection to ", m_url.string(), " denied by Cross-Origin Resource Sharing policy: ", errorMessage);
-        return ResourceError { errorDomainWebKitInternal, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl };
-    }
+    if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage))
+        return ResourceError { String { }, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl };
 
     response.setTainting(ResourceResponse::Tainting::Cors);
     return { };