-
jchaffraix@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=37781 <rdar://problem/7905150> Reviewed by Alexey Proskuryakov. WebCore: Tests: http/tests/xmlhttprequest/access-control-preflight-credential-async.html http/tests/xmlhttprequest/access-control-preflight-credential-sync.html Rolling the patch in as I could not reproduce Qt results locally. * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Now we remove the credential from the request here to avoid forgetting to do so in the different code path. (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Just add the "Origin" header. (WebCore::DocumentThreadableLoader::loadRequest): Check here the the credential have been removed so that we don't leak them. Also tweaked a comment to make it clear that the URL check has issue when credential is involved. LayoutTests: Test that doing a cross-origin request with a preflight check does not raise a NETWORK_ERR exception and does not send the credentials. * http/tests/xmlhttprequest/access-control-preflight-credential-async-expected.txt: Added. * http/tests/xmlhttprequest/access-control-preflight-credential-async.html: Added. * http/tests/xmlhttprequest/access-control-preflight-credential-sync-expected.txt: Added. * http/tests/xmlhttprequest/access-control-preflight-credential-sync.html: Added. * http/tests/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php: Added. * platform/mac-tiger/Skipped: * platform/qt/Skipped: Added those 2 tests to the Skipped lists. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@58409 268f45cc-cd09-0410-ab3c-d52691b4dbfc
5ace159f