[WK2][NetworkSession] Ping requests should follow redirects if applicable
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 5 Oct 2016 14:26:40 +0000 (14:26 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 5 Oct 2016 14:26:40 +0000 (14:26 +0000)
https://bugs.webkit.org/show_bug.cgi?id=162580
<rdar://problem/28631274>

Reviewed by Alex Christensen.

Source/WebKit2:

Implement support for following redirects, if applicable, of a ping request when using the
Network Session (ENABLE(NETWORK_SESSION)) code path in WebKit2. For ping requests that are
in response to hyperlink auditing (e.g. <a ping>) we should follow redirect responses.
For Content Security Policy and XSS Auditor violation reports we should not follow redirect
responses.

Currently we always ignore redirects for ping requests that are sent using the Network Session
code path in WebKit2. This behavior disagrees with the behavior described in section
"Hyperlink auditing" of the HTML standard, <https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing> (27 September 2016),
as well as the behavior in Legacy WebKit and WebKit2 with Network Session disabled. We should
follow redirects for ping requests initiated as part of hyperlink auditing to more closely
conform to the HTML standard and match the behavior in Legacy WebKit and WebKit2 with Network
Session disabled.

* NetworkProcess/PingLoad.h:

LayoutTests:

Add tests to ensure that we follow redirects for ping requests that are initiated as part
of hyperlink auditing.

Modified http/tests/navigation/resources/save-Ping.php to include the host and request URI
information in the saved report and updated expected results for existing tests as a result
of this change.

* http/tests/contentextensions/block-cookies-in-csp-report-expected.txt:
* http/tests/contentextensions/block-cookies-in-image-load-in-onunload-expected.txt:
* http/tests/contentextensions/block-cookies-in-ping-expected.txt:
* http/tests/contentextensions/hide-on-csp-report-expected.txt:
* http/tests/contentextensions/hide-on-ping-expected.txt:
* http/tests/contentextensions/hide-on-ping-with-ping-that-redirects-expected.txt: Added.
* http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html: Added.
* http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html.json: Added.
* http/tests/contentextensions/resources/save-ping-and-redirect-to-save-ping.php: Added.
* http/tests/contentextensions/resources/save-ping.php:
* http/tests/navigation/image-load-in-pagehide-handler-expected.txt:
* http/tests/navigation/image-load-in-unload-handler-expected.txt:
* http/tests/navigation/ping-attribute/anchor-cookie-expected.txt:
* http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt:
* http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt:
* http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping-expected.txt: Added.
* http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping.html: Added.
* http/tests/navigation/ping-attribute/anchor-same-origin-expected.txt:
* http/tests/navigation/ping-attribute/area-cookie-expected.txt:
* http/tests/navigation/ping-attribute/area-cross-origin-expected.txt:
* http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt:
* http/tests/navigation/ping-attribute/area-same-origin-expected.txt:
* http/tests/navigation/resources/save-Ping.php:
* http/tests/navigation/resources/save-ping-and-redirect-to-save-ping.php: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@206810 268f45cc-cd09-0410-ab3c-d52691b4dbfc

27 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/contentextensions/block-cookies-in-csp-report-expected.txt
LayoutTests/http/tests/contentextensions/block-cookies-in-image-load-in-onunload-expected.txt
LayoutTests/http/tests/contentextensions/block-cookies-in-ping-expected.txt
LayoutTests/http/tests/contentextensions/hide-on-csp-report-expected.txt
LayoutTests/http/tests/contentextensions/hide-on-ping-expected.txt
LayoutTests/http/tests/contentextensions/hide-on-ping-with-ping-that-redirects-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html [new file with mode: 0644]
LayoutTests/http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html.json [new file with mode: 0644]
LayoutTests/http/tests/contentextensions/resources/save-ping-and-redirect-to-save-ping.php [new file with mode: 0644]
LayoutTests/http/tests/contentextensions/resources/save-ping.php
LayoutTests/http/tests/navigation/image-load-in-pagehide-handler-expected.txt
LayoutTests/http/tests/navigation/image-load-in-unload-handler-expected.txt
LayoutTests/http/tests/navigation/ping-attribute/anchor-cookie-expected.txt
LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt
LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt
LayoutTests/http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping.html [new file with mode: 0644]
LayoutTests/http/tests/navigation/ping-attribute/anchor-same-origin-expected.txt
LayoutTests/http/tests/navigation/ping-attribute/area-cookie-expected.txt
LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-expected.txt
LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt
LayoutTests/http/tests/navigation/ping-attribute/area-same-origin-expected.txt
LayoutTests/http/tests/navigation/resources/save-Ping.php
LayoutTests/http/tests/navigation/resources/save-ping-and-redirect-to-save-ping.php [new file with mode: 0644]
Source/WebKit2/ChangeLog
Source/WebKit2/NetworkProcess/PingLoad.h

index 64ba38f..fb74aa0 100644 (file)
@@ -1,5 +1,45 @@
 2016-10-05  Daniel Bates  <dabates@apple.com>
 
+        [WK2][NetworkSession] Ping requests should follow redirects if applicable
+        https://bugs.webkit.org/show_bug.cgi?id=162580
+        <rdar://problem/28631274>
+
+        Reviewed by Alex Christensen.
+
+        Add tests to ensure that we follow redirects for ping requests that are initiated as part
+        of hyperlink auditing.
+
+        Modified http/tests/navigation/resources/save-Ping.php to include the host and request URI
+        information in the saved report and updated expected results for existing tests as a result
+        of this change.
+
+        * http/tests/contentextensions/block-cookies-in-csp-report-expected.txt:
+        * http/tests/contentextensions/block-cookies-in-image-load-in-onunload-expected.txt:
+        * http/tests/contentextensions/block-cookies-in-ping-expected.txt:
+        * http/tests/contentextensions/hide-on-csp-report-expected.txt:
+        * http/tests/contentextensions/hide-on-ping-expected.txt:
+        * http/tests/contentextensions/hide-on-ping-with-ping-that-redirects-expected.txt: Added.
+        * http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html: Added.
+        * http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html.json: Added.
+        * http/tests/contentextensions/resources/save-ping-and-redirect-to-save-ping.php: Added.
+        * http/tests/contentextensions/resources/save-ping.php:
+        * http/tests/navigation/image-load-in-pagehide-handler-expected.txt:
+        * http/tests/navigation/image-load-in-unload-handler-expected.txt:
+        * http/tests/navigation/ping-attribute/anchor-cookie-expected.txt:
+        * http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt:
+        * http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt:
+        * http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping-expected.txt: Added.
+        * http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping.html: Added.
+        * http/tests/navigation/ping-attribute/anchor-same-origin-expected.txt:
+        * http/tests/navigation/ping-attribute/area-cookie-expected.txt:
+        * http/tests/navigation/ping-attribute/area-cross-origin-expected.txt:
+        * http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt:
+        * http/tests/navigation/ping-attribute/area-same-origin-expected.txt:
+        * http/tests/navigation/resources/save-Ping.php:
+        * http/tests/navigation/resources/save-ping-and-redirect-to-save-ping.php: Added.
+
+2016-10-05  Daniel Bates  <dabates@apple.com>
+
         Do not follow redirects when sending violation report
         https://bugs.webkit.org/show_bug.cgi?id=162520
         <rdar://problem/27957639>
index 8bade66..1d896b2 100644 (file)
@@ -7,4 +7,6 @@ This test creates a CSP violation report, but the report URL matches a 'block-co
 Frame: 'result_frame'
 --------
 Ping received.
+HTTP_HOST: 127.0.0.1:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-block-cookies-in-csp-report
 No cookies in ping.
index 8c8f52f..3158dc9 100644 (file)
@@ -1,3 +1,5 @@
 main frame - has 1 onunload handler(s)
 Ping received.
+HTTP_HOST: 127.0.0.1:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-block-cookies-in-image-load-in-onunload
 No cookies in ping.
index 4742c66..3a72f0e 100644 (file)
@@ -9,4 +9,6 @@ Link with ping was clicked.
 Frame: 'result_frame'
 --------
 Ping received.
+HTTP_HOST: 127.0.0.1:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-block-cookies-in-ping
 No cookies in ping.
index 335680f..6c0850b 100644 (file)
@@ -8,4 +8,6 @@ This text should remain visible.
 Frame: 'result_frame'
 --------
 Ping received.
+HTTP_HOST: localhost:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-hide-on-csp-report
 No cookies in ping.
index 080ac3b..847a18c 100644 (file)
@@ -7,4 +7,6 @@ This text should remain visible.
 Frame: 'result_frame'
 --------
 Ping received.
+HTTP_HOST: 127.0.0.1:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-hide-on-ping
 No cookies in ping.
diff --git a/LayoutTests/http/tests/contentextensions/hide-on-ping-with-ping-that-redirects-expected.txt b/LayoutTests/http/tests/contentextensions/hide-on-ping-with-ping-that-redirects-expected.txt
new file mode 100644 (file)
index 0000000..7de795c
--- /dev/null
@@ -0,0 +1,12 @@
+This test follows a link with a ping attribute where the redirected ping URL matches a 'css-display-none' rule.
+This text should remain visible.
+ Link with ping
+
+
+--------
+Frame: 'result_frame'
+--------
+Ping received.
+HTTP_HOST: 127.0.0.1:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-hide-on-ping-with-ping-that-redirects
+No cookies in ping.
diff --git a/LayoutTests/http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html b/LayoutTests/http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html
new file mode 100644 (file)
index 0000000..5888018
--- /dev/null
@@ -0,0 +1,46 @@
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpChildFramesAsText();
+    testRunner.overridePreference("WebKitHyperlinkAuditingEnabled", 1);
+    testRunner.waitUntilDone();
+}
+
+function clickOnLinkWithPing() {
+    if (window.eventSender) {
+        var a = document.getElementById("a");
+        var x = a.offsetLeft + 2;
+        var y = a.offsetTop + 2;
+        eventSender.mouseMoveTo(x, y);
+        eventSender.mouseDown();
+        eventSender.mouseUp();
+    }
+}
+
+function showPingResult() {
+    function actualShowPingResult() {
+        var iframe = document.getElementById("result_frame");
+        iframe.onload = function() {
+            if (window.testRunner) { testRunner.notifyDone(); }
+        }
+        iframe.src = "resources/get-ping-data.php?test=contentextensions-hide-on-ping-with-ping-that-redirects";
+    }
+    // We assume that if redirects were followed when saving a ping that they will complete within one second.
+    // FIXME: Is there are better way to test that a redirect occurred?
+    window.setTimeout(actualShowPingResult, 1000);
+}
+</script>
+</head>
+
+<body>
+This test follows a link with a ping attribute where the redirected ping URL matches a 'css-display-none' rule.
+<div class="foo">This text should be hidden once the ping is sent.</div>
+<div class="bar">This text should remain visible.</div>
+<div>
+<img src="resources/delete-ping.php?test=contentextensions-hide-on-ping" onerror="clickOnLinkWithPing();">
+<a id="a" href="#a" ping="resources/save-ping-and-redirect-to-save-ping.php?test=contentextensions-hide-on-ping-with-ping-that-redirects" onclick="showPingResult();">Link with ping</a>
+</div>
+<iframe id="result_frame" name="result_frame"><!-- Will contain ping data received by server --></iframe>
+</body>
+
diff --git a/LayoutTests/http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html.json b/LayoutTests/http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html.json
new file mode 100644 (file)
index 0000000..cc104ec
--- /dev/null
@@ -0,0 +1,11 @@
+[
+    {
+        "trigger": {
+            "url-filter": "save-ping.php"
+        },
+        "action": {
+            "type": "css-display-none",
+            "selector": ".foo"
+        }
+    }
+]
diff --git a/LayoutTests/http/tests/contentextensions/resources/save-ping-and-redirect-to-save-ping.php b/LayoutTests/http/tests/contentextensions/resources/save-ping-and-redirect-to-save-ping.php
new file mode 100644 (file)
index 0000000..afc9add
--- /dev/null
@@ -0,0 +1,9 @@
+<?php
+require_once 'ping-file-path.php';
+
+$DO_NOT_CLEAR_COOKIES = true;
+require_once 'save-ping.php';
+
+header('HTTP/1.1 307');
+header('Location: save-ping.php' . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''));
+?>
index a01d207..9045198 100644 (file)
@@ -5,7 +5,9 @@ $pingFile = fopen($pingFilePath . ".tmp", 'w');
 $httpHeaders = $_SERVER;
 $cookiesFound = false;
 foreach ($httpHeaders as $name => $value) {
-    if ($name === "HTTP_COOKIE") {
+    if ($name === "HTTP_HOST" || $name === "REQUEST_URI")
+        fwrite($pingFile, "$name: $value\n");
+    else if ($name === "HTTP_COOKIE") {
         fwrite($pingFile, "Cookies in ping: $value\n");
         $cookiesFound = true;
     }
@@ -15,6 +17,9 @@ if (!$cookiesFound) {
 }
 fclose($pingFile);
 rename($pingFilePath . ".tmp", $pingFilePath);
-foreach ($_COOKIE as $name => $value)
-    setcookie($name, "deleted", time() - 60, "/");
+
+if (!isset($DO_NOT_CLEAR_COOKIES) || !$DO_NOT_CLEAR_COOKIES) {
+    foreach ($_COOKIE as $name => $value)
+        setcookie($name, "deleted", time() - 60, "/");
+}
 ?>
index 71c4b3e..4cebac9 100644 (file)
@@ -1,3 +1,5 @@
 Ping sent successfully
+HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/navigation/image-load-in-pagehide-handler.html
 REQUEST_METHOD: GET
+REQUEST_URI: /navigation/resources/save-Ping.php
index 0ab3e9b..f53f47c 100644 (file)
@@ -1,4 +1,6 @@
 main frame - has 1 onunload handler(s)
 Ping sent successfully
+HTTP_HOST: 127.0.0.1:8000
 HTTP_REFERER: http://127.0.0.1:8000/navigation/image-load-in-unload-handler.html
 REQUEST_METHOD: GET
+REQUEST_URI: /navigation/resources/save-Ping.php
index 103f933..39f13e4 100644 (file)
@@ -1,6 +1,8 @@
 Ping sent successfully
 CONTENT_TYPE: text/ping
 HTTP_COOKIE: hello=world
+HTTP_HOST: 127.0.0.1:8000
 HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/anchor-cookie.html
 HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
 REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
index 1192ac2..17d2af2 100644 (file)
@@ -1,6 +1,8 @@
 Ping sent successfully
 CONTENT_TYPE: text/ping
+HTTP_HOST: localhost:8000
 HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/anchor-cross-origin.html
 HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
 HTTP_REFERER: http://127.0.0.1:8000/navigation/ping-attribute/anchor-cross-origin.html
 REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
index 5b9614c..31e67c2 100644 (file)
@@ -1,4 +1,6 @@
 Ping sent successfully
 CONTENT_TYPE: text/ping
+HTTP_HOST: localhost:8000
 HTTP_PING_TO: https://127.0.0.1:8443/navigation/resources/check-ping.php
 REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php?test=/navigation/ping-attribute/anchor-cross-origin-from-https.html
diff --git a/LayoutTests/http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping-expected.txt b/LayoutTests/http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping-expected.txt
new file mode 100644 (file)
index 0000000..7cb56cf
--- /dev/null
@@ -0,0 +1,7 @@
+Ping sent successfully
+CONTENT_TYPE: text/ping
+HTTP_HOST: 127.0.0.1:8000
+HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping.html
+HTTP_PING_TO: javascript:checkPing()
+REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
diff --git a/LayoutTests/http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping.html b/LayoutTests/http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping.html
new file mode 100644 (file)
index 0000000..3fcf3cc
--- /dev/null
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="resources/utilities.js"></script>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.overridePreference("WebKitHyperlinkAuditingEnabled", 1);
+    testRunner.waitUntilDone();
+}
+
+function test()
+{
+    clickElement(document.getElementById("a"));
+}
+
+function checkPing()
+{
+    function actualCheckPing()
+    {
+        window.location = "../resources/check-ping.php";
+    }
+    // We assume that if redirects were followed when saving a ping that they will complete within one second.
+    // FIXME: Is there are better way to test that a redirect occurred?
+    window.setTimeout(actualCheckPing, 1000);
+}
+
+window.onload = function ()
+{
+    clearLastPingResultAndRunTest(test);
+}
+</script>
+</head>
+<body>
+<p>This test PASSED if the filename of the REQUEST_URI in the dumped report is save-Ping.php. Otherwise, it FAIL.</p>
+<a id="a" href="javascript:checkPing()" ping="../resources/save-ping-and-redirect-to-save-ping.php">Navigate and send ping</a>
+</body>
+</html>
index 9a437ac..0826079 100644 (file)
@@ -1,5 +1,7 @@
 Ping sent successfully
 CONTENT_TYPE: text/ping
+HTTP_HOST: 127.0.0.1:8000
 HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/anchor-same-origin.html
 HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
 REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
index 305b7cc..c1c42a5 100644 (file)
@@ -1,6 +1,8 @@
 Ping sent successfully
 CONTENT_TYPE: text/ping
 HTTP_COOKIE: hello=world
+HTTP_HOST: 127.0.0.1:8000
 HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/area-cookie.html
 HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
 REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
index 2e6a244..571df1f 100644 (file)
@@ -1,6 +1,8 @@
 Ping sent successfully
 CONTENT_TYPE: text/ping
+HTTP_HOST: localhost:8000
 HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/area-cross-origin.html
 HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
 HTTP_REFERER: http://127.0.0.1:8000/navigation/ping-attribute/area-cross-origin.html
 REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
index 5b9614c..0464491 100644 (file)
@@ -1,4 +1,6 @@
 Ping sent successfully
 CONTENT_TYPE: text/ping
+HTTP_HOST: localhost:8000
 HTTP_PING_TO: https://127.0.0.1:8443/navigation/resources/check-ping.php
 REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php?test=/navigation/ping-attribute/area-cross-origin-from-https.html
index fc17660..128e8ba 100644 (file)
@@ -1,5 +1,7 @@
 Ping sent successfully
 CONTENT_TYPE: text/ping
+HTTP_HOST: 127.0.0.1:8000
 HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/area-same-origin.html
 HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
 REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
index 9e4edae..3f25bf5 100644 (file)
@@ -5,11 +5,15 @@ $pingFile = fopen($pingFilePath . ".tmp", 'w');
 $httpHeaders = $_SERVER;
 ksort($httpHeaders, SORT_STRING);
 foreach ($httpHeaders as $name => $value) {
-    if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "HTTP_PING_TO" || $name === "HTTP_PING_FROM" || $name === "REQUEST_METHOD" || $name === "HTTP_COOKIE")
+    if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "HTTP_PING_TO" || $name === "HTTP_PING_FROM"
+        || $name === "REQUEST_METHOD" || $name === "REQUEST_URI" || $name === "HTTP_HOST" || $name === "HTTP_COOKIE")
         fwrite($pingFile, "$name: $value\n");
 }
 fclose($pingFile);
 rename($pingFilePath . ".tmp", $pingFilePath);
-foreach ($_COOKIE as $name => $value)
-    setcookie($name, "deleted", time() - 60, "/");
+
+if (!isset($DO_NOT_CLEAR_COOKIES) || !$DO_NOT_CLEAR_COOKIES) {
+    foreach ($_COOKIE as $name => $value)
+        setcookie($name, "deleted", time() - 60, "/");
+}
 ?>
diff --git a/LayoutTests/http/tests/navigation/resources/save-ping-and-redirect-to-save-ping.php b/LayoutTests/http/tests/navigation/resources/save-ping-and-redirect-to-save-ping.php
new file mode 100644 (file)
index 0000000..f2bf718
--- /dev/null
@@ -0,0 +1,9 @@
+<?php
+require_once 'ping-file-path.php';
+
+$DO_NOT_CLEAR_COOKIES = true; // Used by save-Ping.php
+require_once 'save-Ping.php';
+
+header('HTTP/1.1 307');
+header('Location: save-Ping.php' . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''));
+?>
index 771e172..09526af 100644 (file)
@@ -1,5 +1,29 @@
 2016-10-05  Daniel Bates  <dabates@apple.com>
 
+        [WK2][NetworkSession] Ping requests should follow redirects if applicable
+        https://bugs.webkit.org/show_bug.cgi?id=162580
+        <rdar://problem/28631274>
+
+        Reviewed by Alex Christensen.
+
+        Implement support for following redirects, if applicable, of a ping request when using the
+        Network Session (ENABLE(NETWORK_SESSION)) code path in WebKit2. For ping requests that are
+        in response to hyperlink auditing (e.g. <a ping>) we should follow redirect responses.
+        For Content Security Policy and XSS Auditor violation reports we should not follow redirect
+        responses.
+
+        Currently we always ignore redirects for ping requests that are sent using the Network Session
+        code path in WebKit2. This behavior disagrees with the behavior described in section
+        "Hyperlink auditing" of the HTML standard, <https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing> (27 September 2016),
+        as well as the behavior in Legacy WebKit and WebKit2 with Network Session disabled. We should
+        follow redirects for ping requests initiated as part of hyperlink auditing to more closely
+        conform to the HTML standard and match the behavior in Legacy WebKit and WebKit2 with Network
+        Session disabled.
+
+        * NetworkProcess/PingLoad.h:
+
+2016-10-05  Daniel Bates  <dabates@apple.com>
+
         Do not follow redirects when sending violation report
         https://bugs.webkit.org/show_bug.cgi?id=162520
         <rdar://problem/27957639>
index f480e5d..7a7a3ad 100644 (file)
@@ -35,6 +35,7 @@ class PingLoad final : private NetworkDataTaskClient {
 public:
     PingLoad(const NetworkResourceLoadParameters& parameters)
         : m_timeoutTimer(*this, &PingLoad::timeoutTimerFired)
+        , m_shouldFollowRedirects(parameters.shouldFollowRedirects)
     {
         if (auto* networkSession = SessionTracker::networkSession(parameters.sessionID)) {
             m_task = NetworkDataTask::create(*networkSession, *this, parameters.request, parameters.allowStoredCredentials, parameters.contentSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect);
@@ -48,11 +49,9 @@ public:
     }
     
 private:
-    void willPerformHTTPRedirection(WebCore::ResourceResponse&&, WebCore::ResourceRequest&&, RedirectCompletionHandler&& completionHandler) final
+    void willPerformHTTPRedirection(WebCore::ResourceResponse&&, WebCore::ResourceRequest&& request, RedirectCompletionHandler&& completionHandler) final
     {
-        // FIXME: Follow redirects for hyperlink auditing. See <https://bugs.webkit.org/show_bug.cgi?id=162580>.
-        completionHandler({ });
-        delete this;
+        completionHandler(m_shouldFollowRedirects ? request : WebCore::ResourceRequest());
     }
     void didReceiveChallenge(const WebCore::AuthenticationChallenge&, ChallengeCompletionHandler&& completionHandler) final
     {
@@ -84,6 +83,7 @@ private:
     
     RefPtr<NetworkDataTask> m_task;
     WebCore::Timer m_timeoutTimer;
+    bool m_shouldFollowRedirects;
 };
 
 }