LayoutTests/imported/w3c:
preflight checker should add a console message when preflight load is blocked
https://bugs.webkit.org/show_bug.cgi?id=185021
Reviewed by Chris Dumez.
* web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt:
* web-platform-tests/cors/late-upload-events-expected.txt:
Source/WebCore:
CORS preflight checker should add a console message when preflight load is blocked
https://bugs.webkit.org/show_bug.cgi?id=185021
Reviewed by Chris Dumez.
No change of behavior, adding a JS console message when preflight load is blocked.
This mirrors what is being done in preflighting done from NetworkProcess.
Covered by existing tests.
* loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::notifyFinished):
(WebCore::CrossOriginPreflightChecker::doPreflight):
LayoutTests:
CORS preflight checker should add a console message when preflight load is blocked
https://bugs.webkit.org/show_bug.cgi?id=185021
Reviewed by Chris Dumez.
* TestExpectations: Skipping console JS logging for some WPT tests to keep them consistent between WK1 and WK2.
* http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt:
* http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Removed.
* platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Removed.
* platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: Removed.
* platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Removed.
* platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Removed.
* platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: Removed.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@231056 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index d0a95b6..aaa0bd9 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,5 +1,22 @@
2018-04-26 Youenn Fablet <youenn@apple.com>
+ CORS preflight checker should add a console message when preflight load is blocked
+ https://bugs.webkit.org/show_bug.cgi?id=185021
+
+ Reviewed by Chris Dumez.
+
+ * TestExpectations: Skipping console JS logging for some WPT tests to keep them consistent between WK1 and WK2.
+ * http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt:
+ * http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt:
+ * platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Removed.
+ * platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Removed.
+ * platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: Removed.
+ * platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Removed.
+ * platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Removed.
+ * platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: Removed.
+
+2018-04-26 Youenn Fablet <youenn@apple.com>
+
Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
https://bugs.webkit.org/show_bug.cgi?id=185023
diff --git a/LayoutTests/TestExpectations b/LayoutTests/TestExpectations
index e07f231..4a2289d 100644
--- a/LayoutTests/TestExpectations
+++ b/LayoutTests/TestExpectations
@@ -246,6 +246,9 @@
imported/w3c/web-platform-tests/XMLHttpRequest/access-control-basic-cors-safelisted-request-headers.htm [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/XMLHttpRequest/access-control-basic-get-fail-non-simple.htm [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/XMLHttpRequest/access-control-basic-post-with-non-cors-safelisted-content-type.htm [ DumpJSConsoleLogInStdErr ]
+imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred.htm [ DumpJSConsoleLogInStdErr ]
+imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader.htm [ DumpJSConsoleLogInStdErr ]
+imported/w3c/web-platform-tests/cors/request-headers.htm [ DumpJSConsoleLogInStdErr ]
http/tests/security/cross-origin-cached-images-parallel.html [ DumpJSConsoleLogInStdErr ]
diff --git a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt
index 86bb8e1..3445871 100644
--- a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt
+++ b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
+CONSOLE MESSAGE: CORS-preflight request was blocked
CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:7/ due to access control checks.
Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
diff --git a/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt b/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt
index 7192144..0cad5067 100644
--- a/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt
+++ b/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
+CONSOLE MESSAGE: CORS-preflight request was blocked
CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:7/ due to access control checks.
Test that a simple cross-origin request to a server that responds (but does not permit cross-origin requests) is indistinguishable from one that does not exist. Should say PASS:
diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog
index ddd54e6..23ba0bc 100644
--- a/LayoutTests/imported/w3c/ChangeLog
+++ b/LayoutTests/imported/w3c/ChangeLog
@@ -1,5 +1,15 @@
2018-04-26 Youenn Fablet <youenn@apple.com>
+ preflight checker should add a console message when preflight load is blocked
+ https://bugs.webkit.org/show_bug.cgi?id=185021
+
+ Reviewed by Chris Dumez.
+
+ * web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt:
+ * web-platform-tests/cors/late-upload-events-expected.txt:
+
+2018-04-26 Youenn Fablet <youenn@apple.com>
+
Mak cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
https://bugs.webkit.org/show_bug.cgi?id=185023
diff --git a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt
index 8c0bfa2..5037802 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-basic-cors-expected.txt
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: CORS-preflight request was blocked
CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth1/corsenabled.py due to access control checks.
PASS XMLHttpRequest: send() - "Basic" authenticated CORS requests with user name and password passed to open() (asserts failure)
diff --git a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt
index bd71159..b20bc2c 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-network-error-async-events.sub-expected.txt
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: CORS-preflight request was blocked
CONSOLE MESSAGE: XMLHttpRequest cannot load http://nonexistent-origin.localhost:8800/ due to access control checks.
PASS XMLHttpRequest: The send() method: Fire a progress event named error when Network error happens (synchronous flag is unset)
diff --git a/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt
index 8f9a1e0..5d86ccf 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/cors/late-upload-events-expected.txt
@@ -1,5 +1,6 @@
Blocked access to external URL http://www1.localhost:8800/cors/resources/status.py?headers=custom-header
CONSOLE MESSAGE: line 30: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?headers=custom-header due to access control checks.
+CONSOLE MESSAGE: CORS-preflight request was blocked
CONSOLE MESSAGE: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/status.py?headers=custom-header due to access control checks.
Adding upload event listeners after send()
diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt
deleted file mode 100644
index d0a1e16..0000000
--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py
-CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py due to access control checks.
-
-FAIL XMLHttpRequest: send() - "Basic" authenticated CORS request using setRequestHeader() (expects to succeed) A network error occurred.
-
diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt
deleted file mode 100644
index 4762bc8..0000000
--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py
-CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py due to access control checks.
-Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py
-CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py due to access control checks.
-
-FAIL CORS request with setRequestHeader auth to URL accepting Authorization header assert_true: responseText should contain the right user and password expected true got false
-PASS CORS request with setRequestHeader auth to URL NOT accepting Authorization header
-
diff --git a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt b/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt
deleted file mode 100644
index 9049408..0000000
--- a/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
-CONSOLE MESSAGE: line 22: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
-Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print,
-CONSOLE MESSAGE: line 36: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print, due to access control checks.
-Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
-CONSOLE MESSAGE: line 51: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
-Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
-CONSOLE MESSAGE: line 59: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT due to access control checks.
-Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
-Request headers
-
-
-FAIL basic request header A network error occurred.
-FAIL Simple request headers need not be in allow-headers A network error occurred.
-PASS Unspecified request headers are disallowed
-FAIL Strange allowheaders (case insensitive) A network error occurred.
-PASS INVALID_STATE_ERR on setRequestHeader before open()
-FAIL INVALID_STATE_ERR on setRequestHeader after send() A network error occurred.
-
diff --git a/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt b/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt
deleted file mode 100644
index d0a1e16..0000000
--- a/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py
-CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py due to access control checks.
-
-FAIL XMLHttpRequest: send() - "Basic" authenticated CORS request using setRequestHeader() (expects to succeed) A network error occurred.
-
diff --git a/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt b/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt
deleted file mode 100644
index 4762bc8..0000000
--- a/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py
-CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py due to access control checks.
-Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py
-CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py due to access control checks.
-
-FAIL CORS request with setRequestHeader auth to URL accepting Authorization header assert_true: responseText should contain the right user and password expected true got false
-PASS CORS request with setRequestHeader auth to URL NOT accepting Authorization header
-
diff --git a/LayoutTests/platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt b/LayoutTests/platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt
deleted file mode 100644
index 9049408..0000000
--- a/LayoutTests/platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
-CONSOLE MESSAGE: line 22: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
-Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print,
-CONSOLE MESSAGE: line 36: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print, due to access control checks.
-Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
-CONSOLE MESSAGE: line 51: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
-Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
-CONSOLE MESSAGE: line 59: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT due to access control checks.
-Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
-Request headers
-
-
-FAIL basic request header A network error occurred.
-FAIL Simple request headers need not be in allow-headers A network error occurred.
-PASS Unspecified request headers are disallowed
-FAIL Strange allowheaders (case insensitive) A network error occurred.
-PASS INVALID_STATE_ERR on setRequestHeader before open()
-FAIL INVALID_STATE_ERR on setRequestHeader after send() A network error occurred.
-
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 2e7131a..a8468e0 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2018-04-26 Youenn Fablet <youenn@apple.com>
+
+ CORS preflight checker should add a console message when preflight load is blocked
+ https://bugs.webkit.org/show_bug.cgi?id=185021
+
+ Reviewed by Chris Dumez.
+
+ No change of behavior, adding a JS console message when preflight load is blocked.
+ This mirrors what is being done in preflighting done from NetworkProcess.
+ Covered by existing tests.
+
+ * loader/CrossOriginPreflightChecker.cpp:
+ (WebCore::CrossOriginPreflightChecker::notifyFinished):
+ (WebCore::CrossOriginPreflightChecker::doPreflight):
+
2018-04-26 Daniel Bates <dabates@apple.com>
DocumentLoader::loadMainResource() should WTFMove() the passed ResourceRequest
diff --git a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
index f2c5f5c..7e55616 100644
--- a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
+++ b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
@@ -92,6 +92,8 @@
if (preflightError.isNull() || preflightError.isCancellation() || preflightError.isGeneral())
preflightError.setType(ResourceError::Type::AccessControl);
+ if (!preflightError.isTimeout())
+ m_loader.document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, ASCIILiteral("CORS-preflight request was blocked"));
m_loader.preflightFailure(m_resource->identifier(), preflightError);
return;
}
@@ -140,6 +142,10 @@
// FIXME:: According fetch, we should just pass the error to the layer above. But this may impact some clients like XHR or EventSource.
if (error.isCancellation() || error.isGeneral())
error.setType(ResourceError::Type::AccessControl);
+
+ if (!error.isTimeout())
+ loader.document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, ASCIILiteral("CORS-preflight request was blocked"));
+
loader.preflightFailure(identifier, error);
return;
}
diff --git a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp
index 973263d..de833d6 100644
--- a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp
@@ -123,7 +123,7 @@
void NetworkCORSPreflightChecker::wasBlocked()
{
RELEASE_LOG_IF_ALLOWED("wasBlocked");
- m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("Preflight request was blocked"), ResourceError::Type::AccessControl });
+ m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("CORS-preflight request was blocked"), ResourceError::Type::AccessControl });
}
void NetworkCORSPreflightChecker::cannotShowURL()
