LayoutTests/imported/w3c:
Mak cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
https://bugs.webkit.org/show_bug.cgi?id=185023
Reviewed by Chris Dumez.
Fix message cross origin check failed in case of redirection
* web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt:
Source/WebKit:
Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
https://bugs.webkit.org/show_bug.cgi?id=185023
Reviewed by Chris Dumez.
Align NetworkLoadChecker with what SubresourceLoader is doing so that we can keep WK1 and WK2 error messages as consistent as possible.
* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::checkRedirection):
(WebKit::NetworkLoadChecker::validateResponse):
LayoutTests:
Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
https://bugs.webkit.org/show_bug.cgi?id=185023
Reviewed by Chris Dumez.
* http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt:
* http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt:
* http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt:
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed.
* platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed.
* platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed.
* platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed.
* platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed.
* platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@231055 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 552cef1..d0a95b6 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,20 @@
+2018-04-26 Youenn Fablet <youenn@apple.com>
+
+ Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
+ https://bugs.webkit.org/show_bug.cgi?id=185023
+
+ Reviewed by Chris Dumez.
+
+ * http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt:
+ * http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt:
+ * http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt:
+ * platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed.
+ * platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed.
+ * platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed.
+ * platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed.
+ * platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed.
+ * platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed.
+
2018-04-25 Megan Gardner <megan_gardner@apple.com>
Activate selection when interacting with editable content
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt
index ccf51f7..b45a5b2 100644
--- a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt
@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8000/security/contentSecurityPolicy/resources/alert-pass.js denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
diff --git a/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt b/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt
index 350dfdd..9b16047 100644
--- a/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt
+++ b/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=false denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
Verify the error message in console in case of CORS failing checks.
diff --git a/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt b/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt
index 350dfdd..9b16047 100644
--- a/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt
+++ b/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=false denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
Verify the error message in console in case of CORS failing checks.
diff --git a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt
index 3d669c6..9fab1a5 100644
--- a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt
+++ b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 31: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/reply.xml denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: line 31: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: line 31: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
diff --git a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt
index dd25e72..840531b 100644
--- a/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt
+++ b/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 26: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/reply.xml denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: line 26: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
diff --git a/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt b/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt
index f89a4ab..409191a 100644
--- a/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt
+++ b/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 54: Cross-origin redirection to http://localhost:8080/xmlhttprequest/resources/forbidden.txt denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: line 54: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: line 54: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks.
CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks.
diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog
index a9f5633..ddd54e6 100644
--- a/LayoutTests/imported/w3c/ChangeLog
+++ b/LayoutTests/imported/w3c/ChangeLog
@@ -1,3 +1,14 @@
+2018-04-26 Youenn Fablet <youenn@apple.com>
+
+ Mak cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
+ https://bugs.webkit.org/show_bug.cgi?id=185023
+
+ Reviewed by Chris Dumez.
+
+ Fix message cross origin check failed in case of redirection
+
+ * web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt:
+
2018-04-25 Youenn Fablet <youenn@apple.com>
Use NetworkLoadChecker for all subresource loads except fetch/XHR
diff --git a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt
index f911ac0..2d64762 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt
@@ -4,7 +4,7 @@
CONSOLE MESSAGE: XMLHttpRequest cannot load https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py? due to access control checks.
CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: Cannot load image https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE& due to access control checks.
-CONSOLE MESSAGE: Cross-origin redirection to https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE& denied by Cross-Origin Resource Sharing policy: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: Cannot load image https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2F127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FPNGIMAGE%26 due to access control checks.
PASS initialize global state
diff --git a/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt b/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt
deleted file mode 100644
index b45a5b2..0000000
--- a/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
diff --git a/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt b/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt
deleted file mode 100644
index 9b16047..0000000
--- a/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
diff --git a/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt b/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt
deleted file mode 100644
index 9b16047..0000000
--- a/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
diff --git a/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt b/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt
deleted file mode 100644
index b45a5b2..0000000
--- a/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
diff --git a/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt b/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt
deleted file mode 100644
index 9b16047..0000000
--- a/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
diff --git a/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt b/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt
deleted file mode 100644
index 9b16047..0000000
--- a/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index 3d0287d..d59993e 100644
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog
@@ -1,3 +1,16 @@
+2018-04-26 Youenn Fablet <youenn@apple.com>
+
+ Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
+ https://bugs.webkit.org/show_bug.cgi?id=185023
+
+ Reviewed by Chris Dumez.
+
+ Align NetworkLoadChecker with what SubresourceLoader is doing so that we can keep WK1 and WK2 error messages as consistent as possible.
+
+ * NetworkProcess/NetworkLoadChecker.cpp:
+ (WebKit::NetworkLoadChecker::checkRedirection):
+ (WebKit::NetworkLoadChecker::validateResponse):
+
2018-04-25 Megan Gardner <megan_gardner@apple.com>
Activate selection when interacting with editable content
diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
index acd9f6e..46f9aab 100644
--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
@@ -91,6 +91,13 @@
{
ASSERT(!isChecking());
+ auto error = validateResponse(redirectResponse);
+ if (!error.isNull()) {
+ auto errorMessage = makeString("Cross-origin redirection to ", request.url().string(), " denied by Cross-Origin Resource Sharing policy: ", error.localizedDescription());
+ handler(makeUnexpected(ResourceError { String { }, 0, request.url(), WTFMove(errorMessage), ResourceError::Type::AccessControl }));
+ return;
+ }
+
if (m_options.redirect != FetchOptions::Redirect::Follow) {
handler(returnError(ASCIILiteral("Redirections are not allowed")));
return;
@@ -107,12 +114,6 @@
m_previousURL = WTFMove(m_url);
m_url = request.url();
- auto error = validateResponse(redirectResponse);
- if (!error.isNull()) {
- handler(makeUnexpected(WTFMove(error)));
- return;
- }
-
checkRequest(WTFMove(request), WTFMove(handler));
}
@@ -134,11 +135,8 @@
ASSERT(m_options.mode == FetchOptions::Mode::Cors);
String errorMessage;
- if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage)) {
- if (m_redirectCount)
- errorMessage = makeString("Cross-origin redirection to ", m_url.string(), " denied by Cross-Origin Resource Sharing policy: ", errorMessage);
- return ResourceError { errorDomainWebKitInternal, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl };
- }
+ if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage))
+ return ResourceError { String { }, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl };
response.setTainting(ResourceResponse::Tainting::Cors);
return { };
