<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[204795] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/204795">204795</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2016-08-23 03:18:38 -0700 (Tue, 23 Aug 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Implement redirect support post CORS-preflight
https://bugs.webkit.org/show_bug.cgi?id=159056
Patch by Youenn Fablet <youenn@apple.com> on 2016-08-23
Reviewed by Alex Christensen.
LayoutTests/imported/w3c:
* web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt: Added.
* web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt: Added.
* web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html: Added.
* web-platform-tests/fetch/api/cors/cors-redirect-preflight.html: Added.
* web-platform-tests/fetch/api/cors/cors-redirect-preflight.js: Added.
(corsRedirect):
Source/WebCore:
Tests: imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html
imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html
Covered also by rebased tests.
Enabling to follow cross-origin redirections for not-simple requests, through preflight checks.
Making sure that same-origin redirections to cross-origin resources use preflight if they are not simple.
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::redirectReceived):
LayoutTests:
* TestExpectations: Skipping new fetch worker test in Debug mode as it may crash and disrupt other tests.
* http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt:
* http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt:
* http/tests/xmlhttprequest/redirections-and-user-headers.html:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsTestExpectations">trunk/LayoutTests/TestExpectations</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestaccesscontrolandredirectsasyncexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestredirectionsanduserheadersexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestredirectionsanduserheadershtml">trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cChangeLog">trunk/LayoutTests/imported/w3c/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreloaderDocumentThreadableLoadercpp">trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectpreflightexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectpreflightworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectpreflightworkerhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectpreflighthtml">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectpreflightjs">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (204794 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog        2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/ChangeLog        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -1,3 +1,15 @@
</span><ins>+2016-08-23 Youenn Fablet <youenn@apple.com>
+
+ Implement redirect support post CORS-preflight
+ https://bugs.webkit.org/show_bug.cgi?id=159056
+
+ Reviewed by Alex Christensen.
+
+ * TestExpectations: Skipping new fetch worker test in Debug mode as it may crash and disrupt other tests.
+ * http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt:
+ * http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt:
+ * http/tests/xmlhttprequest/redirections-and-user-headers.html:
+
</ins><span class="cx"> 2016-08-22 Chris Dumez <cdumez@apple.com>
</span><span class="cx">
</span><span class="cx"> Drop TextTrackCue's constructor as per the latest specification
</span></span></pre></div>
<a id="trunkLayoutTestsTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/TestExpectations (204794 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/TestExpectations        2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/TestExpectations        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -354,6 +354,7 @@
</span><span class="cx"> [ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker.html [ Skip ]
</span><span class="cx"> [ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker.html [ Skip ]
</span><span class="cx"> [ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-worker.html [ Skip ]
</span><ins>+[ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html [ Skip ]
</ins><span class="cx"> [ Debug ] imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic-worker.html [ Skip ]
</span><span class="cx"> [ Debug ] imported/w3c/web-platform-tests/fetch/api/credentials/cookies-worker.html [ Skip ]
</span><span class="cx"> [ Debug ] imported/w3c/web-platform-tests/fetch/api/policies/csp-blocked-worker.html [ Skip ]
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestaccesscontrolandredirectsasyncexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt (204794 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt        2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -3,7 +3,7 @@
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to foo://bar.cgi denied by Cross-Origin Resource Sharing policy: URL is either a non-HTTP URL or contains credentials.
</span><span class="cx"> CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=foo://bar.cgi&%20%20access-control-allow-origin=http://127.0.0.1:8000 due to access control checks.
</span><span class="cx"> CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*. Preflight response is not successful
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=false&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*&%20%20access-control-allow-headers=x-webkit. Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
</del><ins>+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi. Request header field x-webkit is not allowed by Access-Control-Allow-Headers.
</ins><span class="cx"> Tests that asynchronous XMLHttpRequests handle redirects according to the CORS standard.
</span><span class="cx">
</span><span class="cx"> Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi without credentials
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestredirectionsanduserheadersexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt (204794 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt        2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -1,5 +1,3 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php. Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php. Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
</del><span class="cx">
</span><span class="cx"> PASS Check headers after same-origin redirection to same-origin resource (simple request)
</span><span class="cx"> PASS Check headers after same-origin redirection to same-origin resource (not simple request)
</span><span class="lines">@@ -6,7 +4,7 @@
</span><span class="cx"> PASS Check headers after same origin redirection to cross-origin resource (simple request)
</span><span class="cx"> PASS Check headers after same origin redirection to cross-origin resource (not simple request)
</span><span class="cx"> PASS Check headers after cross-origin redirection to same-origin resource (simple request)
</span><del>-FAIL Check headers after cross-origin redirection to same-origin resource (not simple request) promise_test: Unhandled rejection with value: "Loading failure"
</del><ins>+PASS Check headers after cross-origin redirection to same-origin resource (not simple request)
</ins><span class="cx"> PASS Check headers after cross-origin redirection to cross-origin resource (simple request)
</span><del>-FAIL Check headers after cross-origin redirection to cross-origin resource (not simple request) promise_test: Unhandled rejection with value: "Loading failure"
</del><ins>+PASS Check headers after cross-origin redirection to cross-origin resource (not simple request)
</ins><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestredirectionsanduserheadershtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers.html (204794 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers.html        2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers.html        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -71,7 +71,6 @@
</span><span class="cx"> "http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
</span><span class="cx"> simpleRequest);
</span><span class="cx">
</span><del>-// FIXME: Thistest will not pass as long as not-simple cross origin requests are not allowed to redirect. See https://bugs.webkit.org/show_bug.cgi?id=159056.
</del><span class="cx"> doTest("Check headers after cross-origin redirection to same-origin resource (not simple request)",
</span><span class="cx"> "http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-preflight-redirect.php",
</span><span class="cx"> !simpleRequest);
</span><span class="lines">@@ -80,7 +79,6 @@
</span><span class="cx"> "http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",
</span><span class="cx"> simpleRequest);
</span><span class="cx">
</span><del>-// FIXME: Thistest will not pass as long as not-simple cross origin requests are not allowed to redirect. See https://bugs.webkit.org/show_bug.cgi?id=159056.
</del><span class="cx"> doTest("Check headers after cross-origin redirection to cross-origin resource (not simple request)",
</span><span class="cx"> "http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php",
</span><span class="cx"> !simpleRequest);
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/ChangeLog (204794 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/ChangeLog        2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/imported/w3c/ChangeLog        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2016-08-23 Youenn Fablet <youenn@apple.com>
+
+ Implement redirect support post CORS-preflight
+ https://bugs.webkit.org/show_bug.cgi?id=159056
+
+ Reviewed by Alex Christensen.
+
+ * web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt: Added.
+ * web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt: Added.
+ * web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html: Added.
+ * web-platform-tests/fetch/api/cors/cors-redirect-preflight.html: Added.
+ * web-platform-tests/fetch/api/cors/cors-redirect-preflight.js: Added.
+ (corsRedirect):
+
</ins><span class="cx"> 2016-08-22 Chris Dumez <cdumez@apple.com>
</span><span class="cx">
</span><span class="cx"> Drop TextTrackCue's constructor as per the latest specification
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectpreflightexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt (0 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -0,0 +1,32 @@
</span><ins>+
+PASS Redirect 301: same origin to cors (preflight after redirection success case)
+PASS Redirect 301: same origin to cors (preflight after redirection failure case)
+PASS Redirect 301: cors to same origin (preflight after redirection success case)
+PASS Redirect 301: cors to same origin (preflight after redirection failure case)
+PASS Redirect 301: cors to another cors (preflight after redirection success case)
+PASS Redirect 301: cors to another cors (preflight after redirection failure case)
+PASS Redirect 302: same origin to cors (preflight after redirection success case)
+PASS Redirect 302: same origin to cors (preflight after redirection failure case)
+PASS Redirect 302: cors to same origin (preflight after redirection success case)
+PASS Redirect 302: cors to same origin (preflight after redirection failure case)
+PASS Redirect 302: cors to another cors (preflight after redirection success case)
+PASS Redirect 302: cors to another cors (preflight after redirection failure case)
+PASS Redirect 303: same origin to cors (preflight after redirection success case)
+PASS Redirect 303: same origin to cors (preflight after redirection failure case)
+PASS Redirect 303: cors to same origin (preflight after redirection success case)
+PASS Redirect 303: cors to same origin (preflight after redirection failure case)
+PASS Redirect 303: cors to another cors (preflight after redirection success case)
+PASS Redirect 303: cors to another cors (preflight after redirection failure case)
+PASS Redirect 307: same origin to cors (preflight after redirection success case)
+PASS Redirect 307: same origin to cors (preflight after redirection failure case)
+PASS Redirect 307: cors to same origin (preflight after redirection success case)
+PASS Redirect 307: cors to same origin (preflight after redirection failure case)
+PASS Redirect 307: cors to another cors (preflight after redirection success case)
+PASS Redirect 307: cors to another cors (preflight after redirection failure case)
+PASS Redirect 308: same origin to cors (preflight after redirection success case)
+PASS Redirect 308: same origin to cors (preflight after redirection failure case)
+PASS Redirect 308: cors to same origin (preflight after redirection success case)
+PASS Redirect 308: cors to same origin (preflight after redirection failure case)
+PASS Redirect 308: cors to another cors (preflight after redirection success case)
+PASS Redirect 308: cors to another cors (preflight after redirection failure case)
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectpreflightworkerexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt (0 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -0,0 +1,32 @@
</span><ins>+
+PASS Redirect 301: same origin to cors (preflight after redirection success case)
+PASS Redirect 301: same origin to cors (preflight after redirection failure case)
+PASS Redirect 301: cors to same origin (preflight after redirection success case)
+PASS Redirect 301: cors to same origin (preflight after redirection failure case)
+PASS Redirect 301: cors to another cors (preflight after redirection success case)
+PASS Redirect 301: cors to another cors (preflight after redirection failure case)
+PASS Redirect 302: same origin to cors (preflight after redirection success case)
+PASS Redirect 302: same origin to cors (preflight after redirection failure case)
+PASS Redirect 302: cors to same origin (preflight after redirection success case)
+PASS Redirect 302: cors to same origin (preflight after redirection failure case)
+PASS Redirect 302: cors to another cors (preflight after redirection success case)
+PASS Redirect 302: cors to another cors (preflight after redirection failure case)
+PASS Redirect 303: same origin to cors (preflight after redirection success case)
+PASS Redirect 303: same origin to cors (preflight after redirection failure case)
+PASS Redirect 303: cors to same origin (preflight after redirection success case)
+PASS Redirect 303: cors to same origin (preflight after redirection failure case)
+PASS Redirect 303: cors to another cors (preflight after redirection success case)
+PASS Redirect 303: cors to another cors (preflight after redirection failure case)
+PASS Redirect 307: same origin to cors (preflight after redirection success case)
+PASS Redirect 307: same origin to cors (preflight after redirection failure case)
+PASS Redirect 307: cors to same origin (preflight after redirection success case)
+PASS Redirect 307: cors to same origin (preflight after redirection failure case)
+PASS Redirect 307: cors to another cors (preflight after redirection success case)
+PASS Redirect 307: cors to another cors (preflight after redirection failure case)
+PASS Redirect 308: same origin to cors (preflight after redirection success case)
+PASS Redirect 308: same origin to cors (preflight after redirection failure case)
+PASS Redirect 308: cors to same origin (preflight after redirection success case)
+PASS Redirect 308: cors to same origin (preflight after redirection failure case)
+PASS Redirect 308: cors to another cors (preflight after redirection success case)
+PASS Redirect 308: cors to another cors (preflight after redirection failure case)
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectpreflightworkerhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html (0 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in worker: CORS preflight after redirection</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-redirect-fetch">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script>
+ fetch_tests_from_worker(new Worker("cors-redirect-preflight.js"));
+ </script>
+ </body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectpreflighthtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html (0 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch: CORS preflight after redirection</title>
+ <meta name="help" href="https://fetch.spec.whatwg.org/#http-redirect-fetch">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script src="/common/utils.js"></script>
+ <script src="../resources/utils.js"></script>
+ <script src="../resources/get-host-info.sub.js"></script>
+ <script src="cors-redirect-preflight.js"></script>
+ </body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectpreflightjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.js (0 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.js         (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.js        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -0,0 +1,50 @@
</span><ins>+if (this.document === undefined) {
+ importScripts("/resources/testharness.js");
+ importScripts("/common/utils.js");
+ importScripts("../resources/utils.js");
+ importScripts("../resources/get-host-info.sub.js");
+}
+
+function corsRedirect(desc, redirectUrl, redirectLocation, redirectStatus, expectSuccess) {
+ var urlBaseParameters = "&redirect_status=" + redirectStatus;
+ var urlParametersSuccess = urlBaseParameters + "&allow_headers=x-w3c&location=" + encodeURIComponent(redirectLocation + "?allow_headers=x-w3c");
+ var urlParametersFailure = urlBaseParameters + "&location=" + encodeURIComponent(redirectLocation);
+
+ var requestInit = {"mode": "cors", "redirect": "follow", "headers" : [["x-w3c", "test"]]};
+
+ promise_test(function(test) {
+ var uuid_token = token();
+ return fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token).then(function(resp) {
+ return fetch(redirectUrl + "?token=" + uuid_token + "&max_age=0" + urlParametersSuccess, requestInit).then(function(resp) {
+ assert_equals(resp.status, 200, "Response's status is 200");
+ assert_equals(resp.headers.get("x-did-preflight"), "1", "Preflight request has been made");
+ });
+ });
+ }, desc + " (preflight after redirection success case)");
+ promise_test(function(test) {
+ var uuid_token = token();
+ return fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token).then(function(resp) {
+ return promise_rejects(test, new TypeError(), fetch(redirectUrl + "?token=" + uuid_token + "&max_age=0" + urlParametersFailure, requestInit));
+ });
+ }, desc + " (preflight after redirection failure case)");
+}
+
+var redirPath = dirname(location.pathname) + RESOURCES_DIR + "redirect.py";
+var preflightPath = dirname(location.pathname) + RESOURCES_DIR + "preflight.py";
+
+var host_info = get_host_info();
+
+var localRedirect = host_info.HTTP_ORIGIN + redirPath;
+var remoteRedirect = host_info.HTTP_REMOTE_ORIGIN + redirPath;
+
+var localLocation = host_info.HTTP_ORIGIN + preflightPath;
+var remoteLocation = host_info.HTTP_REMOTE_ORIGIN + preflightPath;
+var remoteLocation2 = host_info.HTTP_ORIGIN_WITH_DIFFERENT_PORT + preflightPath;
+
+for (var code of [301, 302, 303, 307, 308]) {
+ corsRedirect("Redirect " + code + ": same origin to cors", localRedirect, remoteLocation, code);
+ corsRedirect("Redirect " + code + ": cors to same origin", remoteRedirect, localLocation, code);
+ corsRedirect("Redirect " + code + ": cors to another cors", remoteRedirect, remoteLocation2, code);
+}
+
+done();
</ins></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (204794 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog        2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/Source/WebCore/ChangeLog        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -1,3 +1,20 @@
</span><ins>+2016-08-23 Youenn Fablet <youenn@apple.com>
+
+ Implement redirect support post CORS-preflight
+ https://bugs.webkit.org/show_bug.cgi?id=159056
+
+ Reviewed by Alex Christensen.
+
+ Tests: imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html
+ imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html
+ Covered also by rebased tests.
+
+ Enabling to follow cross-origin redirections for not-simple requests, through preflight checks.
+ Making sure that same-origin redirections to cross-origin resources use preflight if they are not simple.
+
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::redirectReceived):
+
</ins><span class="cx"> 2016-08-23 Frederic Wang <fred.wang@free.fr>
</span><span class="cx">
</span><span class="cx"> Introduce a MathMLRowElement class for mrow-like elements
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderDocumentThreadableLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (204794 => 204795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp        2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp        2016-08-23 10:18:38 UTC (rev 204795)
</span><span class="lines">@@ -232,20 +232,14 @@
</span><span class="cx"> ASSERT(m_resource);
</span><span class="cx"> ASSERT(m_resource->loader());
</span><span class="cx"> ASSERT(m_options.mode == FetchOptions::Mode::Cors);
</span><ins>+ ASSERT(m_originalHeaders);
</ins><span class="cx">
</span><del>- // FIXME: We could remove that restriction, since we can use preflighting.
- if (!m_simpleRequest) {
- reportCrossOriginResourceSharingError(*m_client, redirectResponse.url());
- request = ResourceRequest();
- return;
- }
-
</del><span class="cx"> // Loader might have modified the origin to a unique one, let's reuse it for subsequent loads.
</span><span class="cx"> m_origin = m_resource->loader()->origin();
</span><span class="cx">
</span><span class="cx"> // Except in case where preflight is needed, loading should be able to continue on its own.
</span><span class="cx"> // But we also handle credentials here if it is restricted to SameOrigin.
</span><del>- if (m_options.credentials != FetchOptions::Credentials::SameOrigin)
</del><ins>+ if (m_options.credentials != FetchOptions::Credentials::SameOrigin && m_simpleRequest && isSimpleCrossOriginAccessRequest(request.httpMethod(), *m_originalHeaders))
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> m_options.allowCredentials = DoNotAllowStoredCredentials;
</span><span class="lines">@@ -252,7 +246,6 @@
</span><span class="cx">
</span><span class="cx"> clearResource();
</span><span class="cx">
</span><del>- ASSERT(m_originalHeaders);
</del><span class="cx"> // Let's fetch the request with the original headers (equivalent to request cloning specified by fetch algorithm).
</span><span class="cx"> // Do not copy the Authorization header if removed by the network layer.
</span><span class="cx"> if (!request.httpHeaderFields().contains(HTTPHeaderName::Authorization))
</span></span></pre>
</div>
</div>
</body>
</html>