[Beacon] Add support for CORS-preflighting for WK2 / NETWORK_SESSION
https://bugs.webkit.org/show_bug.cgi?id=175264
<rdar://problem/33547793>
Reviewed by Youenn Fablet.
Source/WebCore:
Pass additional information when creating a PingHandle so that the PingLoad
can deal with CORS-preflighting on Network process side.
Tests: http/wpt/beacon/cors/cors-preflight-arraybufferview-failure.html
http/wpt/beacon/cors/cors-preflight-arraybufferview-success.html
http/wpt/beacon/cors/cors-preflight-blob-failure.html
http/wpt/beacon/cors/cors-preflight-blob-success.html
http/wpt/beacon/cors/cors-preflight-cookie.html
* WebCore.xcodeproj/project.pbxproj:
* loader/CrossOriginAccessControl.cpp:
(WebCore::validatePreflightResponse):
* loader/CrossOriginAccessControl.h:
* loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
* loader/CrossOriginPreflightResultCache.h:
* loader/LoaderStrategy.h:
* loader/PingLoader.cpp:
(WebCore::PingLoader::loadImage):
(WebCore::PingLoader::sendPing):
(WebCore::PingLoader::sendViolationReport):
(WebCore::PingLoader::startPingLoad):
* loader/PingLoader.h:
* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::load):
* page/SecurityOrigin.h:
Source/WebKit:
Implement CORS-preflighting for beacons with a payload that has a non
safelisted MIME type, as per:
- https://w3c.github.io/beacon/#privacy
- https://www.w3.org/TR/beacon/#sec-processing-model
CORS-preflighting is completely handled on Network Process side because
a beacon request can outlive its page and therefore its WebContent
process. This requires us to pass a little more information to the
Network process, in particular the source origin and the corsMode.
The current implementation does not currently deal with CORS preflights
needed upon a redirect. This will be added in a follow-up.
* CMakeLists.txt:
* NetworkProcess/NetworkCORSPreflightChecker.cpp: Added.
(WebKit::NetworkCORSPreflightChecker::NetworkCORSPreflightChecker):
(WebKit::NetworkCORSPreflightChecker::~NetworkCORSPreflightChecker):
(WebKit::NetworkCORSPreflightChecker::startPreflight):
(WebKit::NetworkCORSPreflightChecker::willPerformHTTPRedirection):
(WebKit::NetworkCORSPreflightChecker::didReceiveChallenge):
(WebKit::NetworkCORSPreflightChecker::didReceiveResponseNetworkSession):
(WebKit::NetworkCORSPreflightChecker::didReceiveData):
(WebKit::NetworkCORSPreflightChecker::didCompleteWithError):
(WebKit::NetworkCORSPreflightChecker::didSendData):
(WebKit::NetworkCORSPreflightChecker::wasBlocked):
(WebKit::NetworkCORSPreflightChecker::cannotShowURL):
* NetworkProcess/NetworkCORSPreflightChecker.h: Added.
* NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::loadPing):
* NetworkProcess/NetworkConnectionToWebProcess.h:
* NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):
* NetworkProcess/NetworkResourceLoadParameters.h:
* NetworkProcess/PingLoad.cpp: Added.
(WebKit::PingLoad::PingLoad):
(WebKit::PingLoad::~PingLoad):
(WebKit::PingLoad::startNetworkLoad):
(WebKit::PingLoad::willPerformHTTPRedirection):
(WebKit::PingLoad::didReceiveChallenge):
(WebKit::PingLoad::didReceiveResponseNetworkSession):
(WebKit::PingLoad::didReceiveData):
(WebKit::PingLoad::didCompleteWithError):
(WebKit::PingLoad::didSendData):
(WebKit::PingLoad::wasBlocked):
(WebKit::PingLoad::cannotShowURL):
(WebKit::PingLoad::timeoutTimerFired):
(WebKit::PingLoad::needsCORSPreflight const):
(WebKit::PingLoad::doCORSPreflight):
* NetworkProcess/PingLoad.h:
* WebKit.xcodeproj/project.pbxproj:
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::createPingHandle):
* WebProcess/Network/WebLoaderStrategy.h:
Source/WebKitLegacy:
createPingHandle() now takes new parameters but there is currently no behavior
change on WebKit1.
* WebCoreSupport/WebResourceLoadScheduler.cpp:
(WebResourceLoadScheduler::createPingHandle):
* WebCoreSupport/WebResourceLoadScheduler.h:
LayoutTests:
Add layout test coverage.
* http/wpt/beacon/cors/cors-preflight-arraybufferview-failure-expected.txt: Added.
* http/wpt/beacon/cors/cors-preflight-arraybufferview-failure.html: Added.
* http/wpt/beacon/cors/cors-preflight-arraybufferview-success-expected.txt: Added.
* http/wpt/beacon/cors/cors-preflight-arraybufferview-success.html: Added.
* http/wpt/beacon/cors/cors-preflight-blob-failure-expected.txt: Added.
* http/wpt/beacon/cors/cors-preflight-blob-failure.html: Added.
* http/wpt/beacon/cors/cors-preflight-blob-success-expected.txt: Added.
* http/wpt/beacon/cors/cors-preflight-blob-success.html: Added.
* http/wpt/beacon/cors/cors-preflight-cookie-expected.txt: Added.
* http/wpt/beacon/cors/cors-preflight-cookie.html: Added.
* http/wpt/beacon/resources/beacon-preflight.py: Added.
(respondToCORSPreflight):
(main):
* http/wpt/beacon/resources/set-cookie.py: Added.
(main):
* platform/mac-wk1/TestExpectations:
* platform/mac-wk2/TestExpectations:
* platform/win/TestExpectations:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@220442 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
index 6cfd427..a6e309c 100644
--- a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
+++ b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
@@ -60,28 +60,15 @@
void CrossOriginPreflightChecker::validatePreflightResponse(DocumentThreadableLoader& loader, ResourceRequest&& request, unsigned long identifier, const ResourceResponse& response)
{
+ String errorDescription;
+ if (!WebCore::validatePreflightResponse(request, response, loader.options().allowCredentials, loader.securityOrigin(), errorDescription)) {
+ loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), errorDescription, ResourceError::Type::AccessControl));
+ return;
+ }
+
Frame* frame = loader.document().frame();
ASSERT(frame);
- if (!response.isSuccessful()) {
- loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), ASCIILiteral("Preflight response is not successful"), ResourceError::Type::AccessControl));
- return;
- }
-
- String description;
- if (!passesAccessControlCheck(response, loader.options().allowCredentials, loader.securityOrigin(), description)) {
- loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description, ResourceError::Type::AccessControl));
- return;
- }
-
- auto result = std::make_unique<CrossOriginPreflightResultCacheItem>(loader.options().allowCredentials);
- if (!result->parse(response, description)
- || !result->allowsCrossOriginMethod(request.httpMethod(), description)
- || !result->allowsCrossOriginHeaders(request.httpHeaderFields(), description)) {
- loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description, ResourceError::Type::AccessControl));
- return;
- }
-
// FIXME: <https://webkit.org/b/164889> Web Inspector: Show Preflight Request information in inspector
// This is only showing success preflight requests and responses but we should show network events
// for preflight failures and distinguish them better from non-preflight requests.
@@ -89,7 +76,6 @@
InspectorInstrumentation::didReceiveResourceResponse(*frame, identifier, frame->loader().documentLoader(), response, nullptr);
InspectorInstrumentation::didFinishLoading(frame, frame->loader().documentLoader(), identifier, emptyMetrics, nullptr);
- CrossOriginPreflightResultCache::singleton().appendEntry(loader.securityOrigin().toString(), request.url(), WTFMove(result));
loader.preflightSuccess(WTFMove(request));
}
