[Fetch API] Add support to ReferrerPolicy
https://bugs.webkit.org/show_bug.cgi?id=160404
Patch by Youenn Fablet <youenn@apple.com> on 2016-08-02
Reviewed by Alex Christensen.
LayoutTests/imported/w3c:
* web-platform-tests/fetch/api/basic/referrer-expected.txt: Added.
* web-platform-tests/fetch/api/basic/referrer-worker-expected.txt: Added.
* web-platform-tests/fetch/api/basic/referrer-worker.html: Added.
* web-platform-tests/fetch/api/basic/referrer.html: Added.
* web-platform-tests/fetch/api/basic/referrer.js: Added.
(runTest):
* web-platform-tests/fetch/api/cors/cors-preflight-referrer-expected.txt:
* web-platform-tests/fetch/api/cors/cors-preflight-referrer-worker-expected.txt:
* web-platform-tests/fetch/api/cors/cors-preflight-referrer.js:
(corsPreflightReferrer): fix infrastructure bug in test and fix expected referrer policy in default case.
* web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt:
Source/WebCore:
Tests: imported/w3c/web-platform-tests/fetch/api/basic/referrer-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/referrer.html
Refactored ThreadableLoader API to take more references.
Updated loading code in CachedResource to take into account referrer policy, that can be set by fetch API.
To enable correct handling of OriginWhenCrossOrigin policy, the computation of the cross-origin status of a request is
moved from ResourceLoader to CachedResource.
Referrer is passed to the loading code through HTTP headers.
This was triggering preflighting for Workers request as WorkerThreadableLoader was setting the referrer.
It is now done in DocumentThreadableLoader::loadRequest so that preflighting is done before setting the referrer.
Note that this referrer setting is only a way to pass a specific referrer value to the loading code.
CachedResource code will compute the actual referer value based on the referrer policy.
It might be good in the future to have a different way of conveying this information to CachedResource, maybe
through CachedResourceRequest.
* Modules/fetch/FetchLoader.cpp:
(WebCore::FetchLoader::start): Refactoring of ThreadableLoader API.
* Modules/fetch/FetchRequest.cpp:
(WebCore::FetchRequest::internalRequest): Setting referrer if it has a specific value.
* fileapi/FileReaderLoader.cpp:
(WebCore::FileReaderLoader::start): Ractoring of ThreadableLoader API.
* loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::startPreflight): Set referrer in the preflight request if any.
(WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadResourceSynchronously): Refactoring of ThreadableLoader API.
(WebCore::DocumentThreadableLoader::create): Ditto.
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
(WebCore::DocumentThreadableLoader::loadRequest): Ditto.
* loader/DocumentThreadableLoader.h:
(WebCore::DocumentThreadableLoader::referrer): Storing referrer in case one is defined.
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::init): Removing of cross origin computation since it is done earlier in CachedResource.
* loader/ThreadableLoader.cpp:
(WebCore::ThreadableLoader::create): Refactoring of ThreadableLoader API.
(WebCore::ThreadableLoader::loadResourceSynchronously): Ditto.
* loader/ThreadableLoader.h:
* loader/ThreadableLoaderClientWrapper.h:
(WebCore::ThreadableLoaderClientWrapper::create): Ditto.
(WebCore::ThreadableLoaderClientWrapper::ThreadableLoaderClientWrapper): Ditto.
* loader/WorkerThreadableLoader.cpp:
(WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Ditto.
(WebCore::WorkerThreadableLoader::loadResourceSynchronously): Removing setting of referrer in header and passing
it as a parameter.
(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Ditto.
* loader/WorkerThreadableLoader.h:
(WebCore::WorkerThreadableLoader::create): Refactoring of ThreadableLoader API.
* loader/cache/CachedResource.cpp:
(WebCore::addAdditionalRequestHeadersToRequest): Computation of referrer based on referrer policy.
(WebCore::CachedResource::addAdditionalRequestHeaders): Ditto.
(WebCore::CachedResource::load): Computation of cross origin status.
(WebCore::CachedResource::varyHeaderValuesMatch):
* loader/cache/CachedResource.h:
(WebCore::CachedResource::options):
* page/EventSource.cpp:
(WebCore::EventSource::connect): Refactoring of ThreadableLoader API.
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadSynchronously): Ditto.
(WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::createRequest): Ditto.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@204019 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
index 9f6f1f3..3447239 100644
--- a/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
+++ b/Source/WebCore/loader/CrossOriginPreflightChecker.cpp
@@ -108,6 +108,9 @@
if (RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled())
preflightRequest.setInitiator(m_loader.options().initiator);
+ if (!m_loader.referrer().isNull())
+ preflightRequest.mutableResourceRequest().setHTTPReferrer(m_loader.referrer());
+
ASSERT(!m_resource);
m_resource = m_loader.document().cachedResourceLoader().requestRawResource(preflightRequest);
if (m_resource)
@@ -123,6 +126,10 @@
ResourceError error;
ResourceResponse response;
RefPtr<SharedBuffer> data;
+
+ if (!loader.referrer().isNull())
+ preflightRequest.setHTTPReferrer(loader.referrer());
+
unsigned identifier = loader.document().frame()->loader().loadResourceSynchronously(preflightRequest, DoNotAllowStoredCredentials, ClientCredentialPolicy::CannotAskClientForCredentials, error, response, data);
// FIXME: Investigate why checking for response httpStatusCode here. In particular, can we have a not-null error and a 2XX response.
