commit 48cade35cdb245bccd411921b4c6003d42541f98
author abarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Oct 23 09:43:34 2008 +0000
committer abarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Oct 23 09:43:34 2008 +0000
tree dd95fb91e52b8b6b1309d2b7dfdc452414c3b458
parent 81903a76e8ff149f6640254cf768beedc4b5631a

WebCore:

2008-10-23  Adam Barth  <abarth@webkit.org>

        Reviewed by Sam Weinig.

        https://bugs.webkit.org/show_bug.cgi?id=21787

        Update postMessage to send origin = "null" for non-serializable
        origins to match latest spec.  Merge SecurityOrigin::toString and
        SecurityOrigin::toHTTPOrigin because they are now the same.

        Test: http/tests/security/postMessage/data-url-sends-null-origin.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::outgoingOrigin):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::addHTTPOriginIfNeeded):
        (WebCore::FrameLoader::loadItem):
        * loader/loader.cpp:
        (WebCore::Loader::Host::servePendingRequests):
        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::toString):
        * page/SecurityOrigin.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::makeSimpleCrossSiteAccessRequest):
        (WebCore::XMLHttpRequest::makeCrossSiteAccessRequestWithPreflight):
        (WebCore::XMLHttpRequest::handleAsynchronousPreflightResult):
        (WebCore::XMLHttpRequest::didReceiveResponsePreflight):

LayoutTests:

2008-10-23  Adam Barth  <abarth@webkit.org>

        Reviewed by Sam Weinig.

        https://bugs.webkit.org/show_bug.cgi?id=21787

        Add test coverage for postMessaging from a data URL.

        * http/tests/security/postMessage/data-url-sends-null-origin-expected.txt: Added.
        * http/tests/security/postMessage/data-url-sends-null-origin.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@37805 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/loader/FrameLoader.cpp

diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp
index 0c97231..ae2cab7 100644
--- a/WebCore/loader/FrameLoader.cpp
+++ b/WebCore/loader/FrameLoader.cpp
@@ -1790,9 +1790,9 @@
 String FrameLoader::outgoingOrigin() const
 {
     if (m_frame->document())
-        return m_frame->document()->securityOrigin()->toHTTPOrigin();
+        return m_frame->document()->securityOrigin()->toString();
 
-    return SecurityOrigin::createEmpty()->toHTTPOrigin();
+    return SecurityOrigin::createEmpty()->toString();
 }
 
 Frame* FrameLoader::opener()
@@ -2138,7 +2138,7 @@
     if (!referrer.isEmpty()) {
         request.setHTTPReferrer(referrer);
         RefPtr<SecurityOrigin> referrerOrigin = SecurityOrigin::createFromString(referrer);
-        addHTTPOriginIfNeeded(request, referrerOrigin->toHTTPOrigin());
+        addHTTPOriginIfNeeded(request, referrerOrigin->toString());
     }
     addExtraFieldsToRequest(request, true, event || isFormSubmission);
     if (newLoadType == FrameLoadTypeReload)
@@ -3444,7 +3444,7 @@
     if (origin.isEmpty()) {
         // If we don't know what origin header to attach, we attach the value
         // for an empty origin.
-        origin = SecurityOrigin::createEmpty()->toHTTPOrigin();
+        origin = SecurityOrigin::createEmpty()->toString();
     }
 
     request.setHTTPOrigin(origin);
@@ -4356,7 +4356,7 @@
                 request.setHTTPBody(formData);
                 request.setHTTPContentType(item->formContentType());
                 RefPtr<SecurityOrigin> securityOrigin = SecurityOrigin::createFromString(item->formReferrer());
-                addHTTPOriginIfNeeded(request, securityOrigin->toHTTPOrigin());
+                addHTTPOriginIfNeeded(request, securityOrigin->toString());
         
                 // FIXME: Slight hack to test if the NSURL cache contains the page we're going to.
                 // We want to know this before talking to the policy delegate, since it affects whether