Synchronous preflight should check for successful responses https://bugs.webkit.org/show_bug.cgi?id=159350 Patch by Youenn Fablet <youenn@apple.com> on 2016-07-30 Reviewed by Darin Adler. Source/WebCore: Test: http/tests/xmlhttprequest/access-control-preflight-not-successful.html * loader/CrossOriginPreflightChecker.cpp: (WebCore::CrossOriginPreflightChecker::doPreflight): Adding successful response check for synchronous preflighting. LayoutTests: * http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt: Added. * http/tests/xmlhttprequest/access-control-preflight-not-successful.html: Added, not all tests are passing as CORS checks. for redirections are not well supported for synchronous loading. * http/tests/xmlhttprequest/resources/status-404-without-body.php: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@203943 268f45cc-cd09-0410-ab3c-d52691b4dbfc

commit: 16c9f496a5ef398234b9469c972b40b01d24c6a6 [log] [tgz]
author: commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Sat Jul 30 19:27:09 2016 +0000
committer: commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Sat Jul 30 19:27:09 2016 +0000
tree: 79c9220479db42e1aca7912b06fcf8662be7fc00
parent: 973897aca8afb38f3875fe3e8266d7a809212677 [diff] [blame]
diff --git a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
index 42cebab..78cb74f 100644
--- a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
+++ b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp

@@ -132,11 +132,20 @@
     RefPtr<SharedBuffer> data;
     unsigned identifier = loader.document().frame()->loader().loadResourceSynchronously(preflightRequest, DoNotAllowStoredCredentials, ClientCredentialPolicy::CannotAskClientForCredentials, error, response, data);
 
+    // FIXME: Investigate why checking for response httpStatusCode here. In particular, can we have a not-null error and a 2XX response.
     if (!error.isNull() && response.httpStatusCode() <= 0) {
         error.setType(ResourceError::Type::AccessControl);
         loader.preflightFailure(identifier, error);
         return;
     }
+
+    // FIXME: Ideally, we should ask platformLoadResourceSynchronously to set ResourceResponse isRedirected and use it here.
+    bool isRedirect = preflightRequest.url().strippedForUseAsReferrer() != response.url().strippedForUseAsReferrer();
+    if (isRedirect || !response.isSuccessful()) {
+        loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), ASCIILiteral("Preflight response is not successful"), ResourceError::Type::AccessControl));
+        return;
+    }
+
     validatePreflightResponse(loader, WTFMove(request), identifier, response);
 }
commit	16c9f496a5ef398234b9469c972b40b01d24c6a6	[log] [tgz]
author	commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Sat Jul 30 19:27:09 2016 +0000
committer	commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Sat Jul 30 19:27:09 2016 +0000
tree	79c9220479db42e1aca7912b06fcf8662be7fc00
parent	973897aca8afb38f3875fe3e8266d7a809212677 [diff] [blame]