[Fetch API] SubresourceLoader::checkRedirectionCrossOriginAccessControl should not...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 5 Aug 2016 16:26:04 +0000 (16:26 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 5 Aug 2016 16:26:04 +0000 (16:26 +0000)
https://bugs.webkit.org/show_bug.cgi?id=160594

Patch by Youenn Fablet <youenn@apple.com> on 2016-08-05
Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

* web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt:
* web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt:
* web-platform-tests/fetch/api/basic/mode-same-origin.js: Adding redirection tests for same origin mode.

Source/WebCore:

Covered by rebased tests.

* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):
It should not throw is mode is SameOrigin and resource is same origin.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@204172 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt
LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt
LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin.js
Source/WebCore/ChangeLog
Source/WebCore/loader/SubresourceLoader.cpp

index b44cd16..d45c096 100644 (file)
@@ -1,5 +1,16 @@
 2016-08-05  Youenn Fablet  <youenn@apple.com>
 
+        [Fetch API] SubresourceLoader::checkRedirectionCrossOriginAccessControl should not always assert in SameOrigin mode
+        https://bugs.webkit.org/show_bug.cgi?id=160594
+
+        Reviewed by Alex Christensen.
+
+        * web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt:
+        * web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt:
+        * web-platform-tests/fetch/api/basic/mode-same-origin.js: Adding redirection tests for same origin mode.
+
+2016-08-05  Youenn Fablet  <youenn@apple.com>
+
         [Fetch API] Response.blob should not assert in case the created blob is empty
         https://bugs.webkit.org/show_bug.cgi?id=160592
 
index 86260c8..e08b34b 100644 (file)
@@ -1,6 +1,14 @@
+CONSOLE MESSAGE: Unsafe attempt to load URL https://localhost:9443/fetch/api/resources/top.txt?location=%5B%27https%3A%2F%2Flocalhost%3A9443%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe attempt to load URL http://127.0.0.1:8800/fetch/api/resources/top.txt?location=%5B%27http%3A%2F%2F127.0.0.1%3A8800%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin.html. Domains, protocols and ports must match.
+
 
 PASS Fetch ../resources/top.txt with same-origin mode 
 PASS Fetch http://localhost:8800/fetch/api/resources/top.txt with same-origin mode 
 PASS Fetch https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
 PASS Fetch http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=../resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://localhost:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
 
index 86260c8..fb5e2c7 100644 (file)
@@ -1,6 +1,14 @@
+CONSOLE MESSAGE: Unsafe attempt to load URL https://localhost:9443/fetch/api/resources/top.txt?location=%5B%27https%3A%2F%2Flocalhost%3A9443%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin-worker.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe attempt to load URL http://127.0.0.1:8800/fetch/api/resources/top.txt?location=%5B%27http%3A%2F%2F127.0.0.1%3A8800%2Ffetch%2Fapi%2Fresources%2Ftop.txt%27%5D&count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin-worker.html. Domains, protocols and ports must match.
+
 
 PASS Fetch ../resources/top.txt with same-origin mode 
 PASS Fetch http://localhost:8800/fetch/api/resources/top.txt with same-origin mode 
 PASS Fetch https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
 PASS Fetch http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=../resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://localhost:8800/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=https://localhost:9443/fetch/api/resources/top.txt with same-origin mode 
+PASS Fetch /fetch/api/basic/../resources/redirect.py?location=http://127.0.0.1:8800/fetch/api/resources/top.txt with same-origin mode 
 
index ba3cb39..85daa50 100644 (file)
@@ -23,5 +23,12 @@ fetchSameOrigin(host_info.HTTP_ORIGIN + "/fetch/api/resources/top.txt", true);
 fetchSameOrigin(host_info.HTTPS_ORIGIN + "/fetch/api/resources/top.txt", false);
 fetchSameOrigin(host_info.HTTP_REMOTE_ORIGIN + "/fetch/api/resources/top.txt", false);
 
+var redirPath = dirname(location.pathname) + RESOURCES_DIR + "redirect.py?location=";
+
+fetchSameOrigin(redirPath + RESOURCES_DIR + "top.txt", true);
+fetchSameOrigin(redirPath + host_info.HTTP_ORIGIN + "/fetch/api/resources/top.txt", true);
+fetchSameOrigin(redirPath + host_info.HTTPS_ORIGIN + "/fetch/api/resources/top.txt", false);
+fetchSameOrigin(redirPath + host_info.HTTP_REMOTE_ORIGIN + "/fetch/api/resources/top.txt", false);
+
 done();
 
index 6acc7e9..c298b52 100644 (file)
@@ -1,5 +1,18 @@
 2016-08-05  Youenn Fablet  <youenn@apple.com>
 
+        [Fetch API] SubresourceLoader::checkRedirectionCrossOriginAccessControl should not always assert in SameOrigin mode
+        https://bugs.webkit.org/show_bug.cgi?id=160594
+
+        Reviewed by Alex Christensen.
+
+        Covered by rebased tests.
+
+        * loader/SubresourceLoader.cpp:
+        (WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):
+        It should not throw is mode is SameOrigin and resource is same origin.
+
+2016-08-05  Youenn Fablet  <youenn@apple.com>
+
         [Fetch API] Response.blob should not assert in case the created blob is empty
         https://bugs.webkit.org/show_bug.cgi?id=160592
 
index 3abd4f2..30577e9 100644 (file)
@@ -403,14 +403,14 @@ static void logResourceLoaded(Frame* frame, CachedResource::Type type)
 
 bool SubresourceLoader::checkRedirectionCrossOriginAccessControl(const ResourceRequest& previousRequest, const ResourceResponse& redirectResponse, ResourceRequest& newRequest, String& errorMessage)
 {
-    ASSERT(options().mode != FetchOptions::Mode::SameOrigin);
-
     bool crossOriginFlag = m_resource->isCrossOrigin();
     bool isNextRequestCrossOrigin = m_origin && !m_origin->canRequest(newRequest.url());
 
     if (isNextRequestCrossOrigin)
         m_resource->setCrossOrigin();
 
+    ASSERT(options().mode != FetchOptions::Mode::SameOrigin || !m_resource->isCrossOrigin());
+
     if (options().mode != FetchOptions::Mode::Cors)
         return true;