Commit 5cc9ccfc authored by jchaffraix@webkit.org's avatar jchaffraix@webkit.org
Browse files

Unreviewed, rolling out my changes as it rendered the Qt bot unreliable.

WebCore:

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
(WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
(WebCore::DocumentThreadableLoader::loadRequest):

LayoutTests:

* http/tests/xmlhttprequest/access-control-preflight-credential-async-expected.txt: Removed.
* http/tests/xmlhttprequest/access-control-preflight-credential-async.html: Removed.
* http/tests/xmlhttprequest/access-control-preflight-credential-sync-expected.txt: Removed.
* http/tests/xmlhttprequest/access-control-preflight-credential-sync.html: Removed.
* http/tests/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php: Removed.
* platform/qt/Skipped:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@58373 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent e741bf14
2010-04-27 Julien Chaffraix <jchaffraix@webkit.org>
Unreviewed, rolling out my changes as it rendered the Qt bot unreliable.
* http/tests/xmlhttprequest/access-control-preflight-credential-async-expected.txt: Removed.
* http/tests/xmlhttprequest/access-control-preflight-credential-async.html: Removed.
* http/tests/xmlhttprequest/access-control-preflight-credential-sync-expected.txt: Removed.
* http/tests/xmlhttprequest/access-control-preflight-credential-sync.html: Removed.
* http/tests/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php: Removed.
* platform/qt/Skipped:
2010-04-27 Julien Chaffraix <jchaffraix@webkit.org>
 
Unreviewed.
......
Test case for bug 37781: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR
PASSED
<html>
<body>
<p>Test case for bug <a href="https://bugs.webkit.org/show_bug.cgi?id=37781">37781</a>: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR</p>
<pre id='console'></pre>
<script type="text/javascript">
function log(message)
{
document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
}
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
try {
var xhr = new XMLHttpRequest;
xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php?uid=fooUser", false, "fooUser", "barPass");
xhr.onerror = function (e) {
log("FAILED: received error");
if (window.layoutTestController)
layoutTestController.notifyDone();
};
xhr.onreadystatechange = function () {
if (xhr.readyState == 4) {
log((xhr.status == 401) ? "PASSED" : "FAILED: credential send!");
if (window.layoutTestController)
layoutTestController.notifyDone();
}
};
xhr.send();
} catch(e) {
log("FAILED: got exception " + e.message);
}
</script>
</body>
</html>
Test case for bug 37781: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR
PASSED
<html>
<body>
<p>Test case for bug <a href="https://bugs.webkit.org/show_bug.cgi?id=37781">37781</a>: [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR</p>
<pre id='console'></pre>
<script type="text/javascript">
function log(message)
{
document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
}
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
try {
var xhr = new XMLHttpRequest;
xhr.open("PUT", "http://localhost:8000/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php?uid=fooUser", false, "fooUser", "barPass");
xhr.onerror = function (e) {
log("FAILED: received error");
if (window.layoutTestController)
layoutTestController.notifyDone();
};
xhr.onreadystatechange = function () {
if (xhr.readyState == 4) {
log((xhr.status == 401) ? "PASSED" : "FAILED: credential send!");
if (window.layoutTestController)
layoutTestController.notifyDone();
}
};
xhr.send();
} catch(e) {
log("FAILED: got exception " + e.message);
}
</script>
</body>
</html>
<?php
header("Access-Control-Allow-Origin: http://127.0.0.1:8000/");
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Methods: PUT");
if ($_SERVER['REQUEST_METHOD'] != "OPTIONS") {
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="WebKit Test Realm/Cross Origin"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authentication canceled';
exit;
} else {
echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
}
}
?>
......@@ -4985,8 +4985,6 @@ http/tests/xmlhttprequest/access-control-basic-post-fail-non-simple-content-type
http/tests/xmlhttprequest/access-control-basic-whitelist-request-headers.html
http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html
http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html
http/tests/xmlhttprequest/access-control-preflight-credential-async.html
http/tests/xmlhttprequest/access-control-preflight-credential-sync.html
http/tests/xmlhttprequest/access-control-preflight-headers-async.html
http/tests/xmlhttprequest/access-control-preflight-headers-sync.html
http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html
......
2010-04-27 Julien Chaffraix <jchaffraix@webkit.org>
Unreviewed, rolling out my changes as it rendered the Qt bot unreliable.
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
(WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
(WebCore::DocumentThreadableLoader::loadRequest):
2010-04-27 Julien Chaffraix <jchaffraix@webkit.org>
 
Reviewed by Alexey Proskuryakov.
......@@ -81,19 +81,16 @@ DocumentThreadableLoader::DocumentThreadableLoader(Document* document, Threadabl
ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
OwnPtr<ResourceRequest> crossOriginRequest(new ResourceRequest(request));
crossOriginRequest->removeCredentials();
crossOriginRequest->setAllowCookies(m_options.allowCredentials);
if (!m_options.forcePreflight && isSimpleCrossOriginAccessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFields()))
makeSimpleCrossOriginAccessRequest(*crossOriginRequest);
if (!m_options.forcePreflight && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields()))
makeSimpleCrossOriginAccessRequest(request);
else {
m_actualRequest.set(crossOriginRequest.release());
m_actualRequest.set(new ResourceRequest(request));
m_actualRequest->setAllowCookies(m_options.allowCredentials);
if (CrossOriginPreflightResultCache::shared().canSkipPreflight(document->securityOrigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actualRequest->httpMethod(), m_actualRequest->httpHeaderFields()))
if (CrossOriginPreflightResultCache::shared().canSkipPreflight(document->securityOrigin()->toString(), request.url(), m_options.allowCredentials, request.httpMethod(), request.httpHeaderFields()))
preflightSuccess();
else
makeCrossOriginAccessRequestWithPreflight(*m_actualRequest);
makeCrossOriginAccessRequestWithPreflight(request);
}
}
......@@ -109,6 +106,8 @@ void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const Resource
// Make a copy of the passed request so that we can modify some details.
ResourceRequest crossOriginRequest(request);
crossOriginRequest.removeCredentials();
crossOriginRequest.setAllowCookies(m_options.allowCredentials);
crossOriginRequest.setHTTPOrigin(m_document->securityOrigin()->toString());
loadRequest(crossOriginRequest, DoSecurityCheck);
......@@ -298,11 +297,6 @@ void DocumentThreadableLoader::preflightFailure()
void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, SecurityCheckPolicy securityCheck)
{
// Any credential should have been removed from the cross-site requests.
const KURL& requestURL = request.url();
ASSERT(m_sameOriginRequest || requestURL.user().isEmpty());
ASSERT(m_sameOriginRequest || requestURL.pass().isEmpty());
if (m_async) {
// Don't sniff content or send load callbacks for the preflight request.
bool sendLoadCallbacks = m_options.sendLoadCallbacks && !m_actualRequest;
......@@ -326,15 +320,15 @@ void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, Secur
// No exception for file:/// resources, see <rdar://problem/4962298>.
// Also, if we have an HTTP response, then it wasn't a network error in fact.
if (!error.isNull() && !requestURL.isLocalFile() && response.httpStatusCode() <= 0) {
if (!error.isNull() && !request.url().isLocalFile() && response.httpStatusCode() <= 0) {
m_client->didFail(error);
return;
}
// FIXME: FrameLoader::loadSynchronously() does not tell us whether a redirect happened or not, so we guess by comparing the
// request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was
// requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials.
if (requestURL != response.url() && !isAllowedRedirect(response.url())) {
// requested.
if (request.url() != response.url() && !isAllowedRedirect(response.url())) {
m_client->didFailRedirectCheck();
return;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment