Merge parseAccessControlExposeHeadersAllowList into parseAccessControlAllowList
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 7 Dec 2018 18:33:43 +0000 (18:33 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 7 Dec 2018 18:33:43 +0000 (18:33 +0000)
https://bugs.webkit.org/show_bug.cgi?id=192288

Patch by Rob Buis <rbuis@igalia.com> on 2018-12-07
Reviewed by Frédéric Wang.

Merge parseAccessControlExposeHeadersAllowList into parseAccessControlAllowList
as they do the same thing. Also remove std::optional from parseAccessControlAllowList
since the function can't fail.

* WebCore.order:
* loader/CrossOriginAccessControl.cpp:
(WebCore::validatePreflightResponse):
* loader/CrossOriginPreflightResultCache.cpp:
(WebCore::CrossOriginPreflightResultCacheItem::parse):
* loader/CrossOriginPreflightResultCache.h:
* platform/network/HTTPParsers.cpp:
(WebCore::parseAccessControlExposeHeadersAllowList): Deleted.
* platform/network/HTTPParsers.h:
(WebCore::parseAccessControlAllowList):
* platform/network/ResourceResponseBase.cpp:
(WebCore::ResourceResponseBase::filter):
(WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@238953 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/WebCore.order
Source/WebCore/loader/CrossOriginAccessControl.cpp
Source/WebCore/loader/CrossOriginPreflightResultCache.cpp
Source/WebCore/loader/CrossOriginPreflightResultCache.h
Source/WebCore/platform/network/HTTPParsers.cpp
Source/WebCore/platform/network/HTTPParsers.h
Source/WebCore/platform/network/ResourceResponseBase.cpp

index a0ededd..5fce453 100644 (file)
@@ -1,3 +1,28 @@
+2018-12-07  Rob Buis  <rbuis@igalia.com>
+
+        Merge parseAccessControlExposeHeadersAllowList into parseAccessControlAllowList
+        https://bugs.webkit.org/show_bug.cgi?id=192288
+
+        Reviewed by Frédéric Wang.
+
+        Merge parseAccessControlExposeHeadersAllowList into parseAccessControlAllowList
+        as they do the same thing. Also remove std::optional from parseAccessControlAllowList
+        since the function can't fail.
+
+        * WebCore.order:
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::validatePreflightResponse):
+        * loader/CrossOriginPreflightResultCache.cpp:
+        (WebCore::CrossOriginPreflightResultCacheItem::parse):
+        * loader/CrossOriginPreflightResultCache.h:
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::parseAccessControlExposeHeadersAllowList): Deleted.
+        * platform/network/HTTPParsers.h:
+        (WebCore::parseAccessControlAllowList):
+        * platform/network/ResourceResponseBase.cpp:
+        (WebCore::ResourceResponseBase::filter):
+        (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
+
 2018-12-07  Eric Carlson  <eric.carlson@apple.com>
 
         [iOS] Don't update AVPlayerViewController currentTime while scrubbing
index 219747e..e8a6ca3 100644 (file)
@@ -7313,7 +7313,6 @@ __ZN7WebCore22jsXMLHttpRequestStatusEPN3JSC9ExecStateENS0_7JSValueENS0_12Propert
 __ZNK7WebCore14XMLHttpRequest6statusERi
 __ZN7WebCore54jsXMLHttpRequestPrototypeFunctionGetAllResponseHeadersEPN3JSC9ExecStateE
 __ZNK7WebCore14XMLHttpRequest21getAllResponseHeadersERi
-__ZN7WebCore40parseAccessControlExposeHeadersAllowListERKN3WTF6StringERNS0_7HashSetIS1_NS0_15CaseFoldingHashENS0_10HashTraitsIS1_EEEE
 __ZN7WebCore27jsXMLHttpRequestResponseXMLEPN3JSC9ExecStateENS0_7JSValueENS0_12PropertyNameE
 __ZN7WebCore14XMLHttpRequest11responseXMLERi
 __ZNK7WebCore14XMLHttpRequest16responseMIMETypeEv
index 0d26a1f..effbb57 100644 (file)
@@ -206,7 +206,7 @@ bool validatePreflightResponse(const ResourceRequest& request, const ResourceRes
         return false;
 
     auto result = std::make_unique<CrossOriginPreflightResultCacheItem>(storedCredentialsPolicy);
-    if (!result->parse(response, errorDescription)
+    if (!result->parse(response)
         || !result->allowsCrossOriginMethod(request.httpMethod(), errorDescription)
         || !result->allowsCrossOriginHeaders(request.httpHeaderFields(), errorDescription)) {
         return false;
index 632b68d..9d45b37 100644 (file)
@@ -52,23 +52,13 @@ static bool parseAccessControlMaxAge(const String& string, Seconds& expiryDelta)
     return ok;
 }
 
-bool CrossOriginPreflightResultCacheItem::parse(const ResourceResponse& response, String& errorDescription)
+bool CrossOriginPreflightResultCacheItem::parse(const ResourceResponse& response)
 {
     m_methods.clear();
-    auto methods = parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowMethods));
-    if (!methods) {
-        errorDescription = "Cannot parse Access-Control-Allow-Methods response header field.";
-        return false;
-    }
-    m_methods = WTFMove(methods.value());
+    parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowMethods), m_methods);
 
     m_headers.clear();
-    auto headers = parseAccessControlAllowList<ASCIICaseInsensitiveHash>(response.httpHeaderField(HTTPHeaderName::AccessControlAllowHeaders));
-    if (!headers) {
-        errorDescription = "Cannot parse Access-Control-Allow-Headers response header field.";
-        return false;
-    }
-    m_headers = WTFMove(headers.value());
+    parseAccessControlAllowList<ASCIICaseInsensitiveHash>(response.httpHeaderField(HTTPHeaderName::AccessControlAllowHeaders), m_headers);
 
     Seconds expiryDelta = 0_s;
     if (parseAccessControlMaxAge(response.httpHeaderField(HTTPHeaderName::AccessControlMaxAge), expiryDelta)) {
index 965de6f..3ff35b7 100644 (file)
@@ -45,7 +45,7 @@ public:
     {
     }
 
-    WEBCORE_EXPORT bool parse(const ResourceResponse&, String& errorDescription);
+    WEBCORE_EXPORT bool parse(const ResourceResponse&);
     WEBCORE_EXPORT bool allowsCrossOriginMethod(const String&, String& errorDescription) const;
     WEBCORE_EXPORT bool allowsCrossOriginHeaders(const HTTPHeaderMap&, String& errorDescription) const;
     bool allowsRequest(StoredCredentialsPolicy, const String& method, const HTTPHeaderMap& requestHeaders) const;
index 942c701..9b018b2 100644 (file)
@@ -769,15 +769,6 @@ size_t parseHTTPRequestBody(const char* data, size_t length, Vector<unsigned cha
     return length;
 }
 
-void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHeaderSet& headerSet)
-{
-    for (auto& header : headerValue.split(',')) {
-        String strippedHeader = header.stripWhiteSpace();
-        if (!strippedHeader.isEmpty())
-            headerSet.add(strippedHeader);
-    }
-}
-
 // Implements <https://fetch.spec.whatwg.org/#forbidden-header-name>.
 bool isForbiddenHeaderName(const String& name)
 {
index abe739d..0c9fd97 100644 (file)
@@ -97,8 +97,6 @@ size_t parseHTTPRequestLine(const char* data, size_t length, String& failureReas
 size_t parseHTTPHeader(const char* data, size_t length, String& failureReason, StringView& nameStr, String& valueStr, bool strict = true);
 size_t parseHTTPRequestBody(const char* data, size_t length, Vector<unsigned char>& body);
 
-void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHeaderSet&);
-
 // HTTP Header routine as per https://fetch.spec.whatwg.org/#terminology-headers
 bool isForbiddenHeaderName(const String&);
 bool isForbiddenResponseHeaderName(const String&);
@@ -151,9 +149,8 @@ void addToAccessControlAllowList(const String& string, unsigned start, unsigned
 }
 
 template<class HashType = DefaultHash<String>::Hash>
-std::optional<HashSet<String, HashType>> parseAccessControlAllowList(const String& string)
+void parseAccessControlAllowList(const String& string, HashSet<String, HashType>& set)
 {
-    HashSet<String, HashType> set;
     unsigned start = 0;
     size_t end;
     while ((end = string.find(',', start)) != notFound) {
@@ -163,8 +160,6 @@ std::optional<HashSet<String, HashType>> parseAccessControlAllowList(const Strin
     }
     if (start != string.length())
         addToAccessControlAllowList(string, start, string.length() - 1, set);
-
-    return set;
 }
 
 }
index 7667219..3538abf 100644 (file)
@@ -152,7 +152,7 @@ ResourceResponse ResourceResponseBase::filter(const ResourceResponse& response)
     filteredResponse.setType(Type::Cors);
 
     HTTPHeaderSet accessControlExposeHeaderSet;
-    parseAccessControlExposeHeadersAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders), accessControlExposeHeaderSet);
+    parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders), accessControlExposeHeaderSet);
     filteredResponse.m_httpHeaderFields.uncommonHeaders().removeAllMatching([&](auto& entry) {
         return !isCrossOriginSafeHeader(entry.key, accessControlExposeHeaderSet);
     });
@@ -419,13 +419,13 @@ void ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting()
             if (isSafeCrossOriginResponseHeader(header.key))
                 filteredHeaders.add(header.key, WTFMove(header.value));
         }
-        if (auto corsSafeHeaderSet = parseAccessControlAllowList(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders))) {
-            for (auto& headerName : *corsSafeHeaderSet) {
-                if (!filteredHeaders.contains(headerName)) {
-                    auto value = m_httpHeaderFields.get(headerName);
-                    if (!value.isNull())
-                        filteredHeaders.add(headerName, value);
-                }
+        HTTPHeaderSet corsSafeHeaderSet;
+        parseAccessControlAllowList(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders), corsSafeHeaderSet);
+        for (auto& headerName : corsSafeHeaderSet) {
+            if (!filteredHeaders.contains(headerName)) {
+                auto value = m_httpHeaderFields.get(headerName);
+                if (!value.isNull())
+                    filteredHeaders.add(headerName, value);
             }
         }
         m_httpHeaderFields = WTFMove(filteredHeaders);