Some minor X-Content-Type-Options parsing issues
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 6 Nov 2018 09:44:16 +0000 (09:44 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 6 Nov 2018 09:44:16 +0000 (09:44 +0000)
https://bugs.webkit.org/show_bug.cgi?id=191107

Patch by Rob Buis <rbuis@igalia.com> on 2018-11-06
Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Update improved result.

* web-platform-tests/fetch/nosniff/parsing-nosniff-expected.txt:

Source/WebCore:

Implement new parsing rules for X-Content-Type-Options [1]:
https://github.com/whatwg/fetch/pull/818

[1] https://fetch.spec.whatwg.org/#x-content-type-options-header

Test: web-platform-tests/fetch/nosniff/parsing-nosniff.html

* platform/network/HTTPParsers.cpp:
(WebCore::isHTTPTabOrSpace):
(WebCore::parseContentTypeOptionsHeader):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@237850 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/platform/network/HTTPParsers.cpp
Source/WebCore/platform/network/HTTPParsers.h

index e27cbb5..25ab097 100644 (file)
@@ -1,3 +1,14 @@
+2018-11-06  Rob Buis  <rbuis@igalia.com>
+
+        Some minor X-Content-Type-Options parsing issues
+        https://bugs.webkit.org/show_bug.cgi?id=191107
+
+        Reviewed by Darin Adler.
+
+        Update improved result.
+
+        * web-platform-tests/fetch/nosniff/parsing-nosniff-expected.txt:
+
 2018-11-05  Ali Juma  <ajuma@chromium.org>
 
         [IntersectionObserver] Update WPTs to the latest upstream version
index 4742962..6a008c7 100644 (file)
@@ -1,5 +1,5 @@
 
-FAIL URL query: first assert_unreached: Unexpected load event Reached unreachable code
+PASS URL query: first 
 PASS URL query: uppercase 
 PASS URL query: last 
 PASS URL query: quoted 
index 026d594..e6409da 100644 (file)
@@ -1,3 +1,21 @@
+2018-11-06  Rob Buis  <rbuis@igalia.com>
+
+        Some minor X-Content-Type-Options parsing issues
+        https://bugs.webkit.org/show_bug.cgi?id=191107
+
+        Reviewed by Darin Adler.
+
+        Implement new parsing rules for X-Content-Type-Options [1]:
+        https://github.com/whatwg/fetch/pull/818
+
+        [1] https://fetch.spec.whatwg.org/#x-content-type-options-header
+
+        Test: web-platform-tests/fetch/nosniff/parsing-nosniff.html
+
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::isHTTPTabOrSpace):
+        (WebCore::parseContentTypeOptionsHeader):
+
 2018-11-06  Frederic Wang  <fwang@igalia.com>
 
         Overlay with -webkit-overflow-scrolling:touch doesn't become scrollable after added text makes it taller
index d8113d5..942c701 100644 (file)
@@ -474,9 +474,10 @@ XSSProtectionDisposition parseXSSProtectionHeader(const String& header, String&
     }
 }
 
-ContentTypeOptionsDisposition parseContentTypeOptionsHeader(const String& header)
+ContentTypeOptionsDisposition parseContentTypeOptionsHeader(StringView header)
 {
-    if (equalLettersIgnoringASCIICase(header.stripWhiteSpace(), "nosniff"))
+    StringView leftToken = header.left(header.find(','));
+    if (equalLettersIgnoringASCIICase(stripLeadingAndTrailingHTTPSpaces(leftToken), "nosniff"))
         return ContentTypeOptionsNosniff;
     return ContentTypeOptionsNone;
 }
index a6592f2..abe739d 100644 (file)
@@ -89,7 +89,7 @@ WEBCORE_EXPORT XFrameOptionsDisposition parseXFrameOptionsHeader(const String&);
 // -1 could be set to one of the return parameters to indicate the value is not specified.
 WEBCORE_EXPORT bool parseRange(const String&, long long& rangeOffset, long long& rangeEnd, long long& rangeSuffixLength);
 
-ContentTypeOptionsDisposition parseContentTypeOptionsHeader(const String& header);
+ContentTypeOptionsDisposition parseContentTypeOptionsHeader(StringView header);
 
 // Parsing Complete HTTP Messages.
 enum HTTPVersion { Unknown, HTTP_1_0, HTTP_1_1 };