<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[205473] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/205473">205473</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2016-09-06 04:06:52 -0700 (Tue, 06 Sep 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>CachedResourceLoader is not taking into account fetch options to use or not cached resources
https://bugs.webkit.org/show_bug.cgi?id=161389
Patch by Youenn Fablet <youenn@apple.com> on 2016-09-06
Reviewed by Darin Adler.
LayoutTests/imported/w3c:
Updated as new console log messages appear now that cors checks are done at SubresourceLoader level.
* web-platform-tests/XMLHttpRequest/security-consideration.sub-expected.txt:
* web-platform-tests/fetch/api/cors/cors-basic-expected.txt:
* web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt:
* web-platform-tests/fetch/api/cors/cors-basic.js: Fixing a typo in the test making the test always passing, since the fetch promise was not taken into account.
* web-platform-tests/fetch/api/cors/cors-multiple-origins-expected.txt:
* web-platform-tests/fetch/api/cors/cors-multiple-origins-worker-expected.txt:
* web-platform-tests/fetch/api/cors/cors-origin-expected.txt:
* web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt:
* web-platform-tests/fetch/api/cors/cors-origin.js:
(corsOrigin): Fixing a typo in the test making the tests always passing, since the fetch promise was not taken into account.
* web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt:
* web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt:
Source/WebCore:
Tests: http/tests/fetch/fetching-same-resource-with-diffferent-options.html
http/tests/security/cross-origin-cached-resource-parallel.html
http/tests/security/cross-origin-cached-resource.html
http/tests/security/load-image-after-redirection-2.html
http/tests/security/shape-outside-and-cached-resources.html
Adding CORS checks for the response in case of CORS fetch mode, in SubresourceLoader.
Removing the CORS checks in Image and DocumentThreadableLoader.
The direction of this patch is to make CachedResource origin-specific/fetch mode specific.
This will remove the need for CachedResource clients to do CORS checks when receiving the notifyFinished call.
This will also make the computation of whether a resource is clean or not much easier since the CachedResource knowd its origin and its response tainting.
Removing the CORS checks at ImageLoader creates the risk of using some cached resources loaded from previously no-cors mode without doing the actual CORS check.
Note that the risk was already there in case of a resource loaded through redirections.
Reusing a cached resource for a load with different options also leads to bad computation of the resource tainting.
As a first step, improvements are done but only for CachedImage resources.
This patch limits the direct reuse of cached resources as follow:
- If the request and existing resources have different origins.
- If the fetch mode is different between request and existing resource.
In those cases, a new CachedResource is created with the correct options and origin.
The data and response of the CachedResource found in the cache are copied efficiently in the new CachedResource, if the matching CachedResource finished loading (CachedImage specific).
If the matching CachedResource is still loading, we trigger a reload (with caching=false to not disturb the being loaded resource).
This should be made more efficient at some point, especially if the matching CachedResource already has its response set.
This triggers a change of behavior: previously, the CORS checks were done by the ImageLoader when the resource was finished loading.
The CORS checks were controlled by the crossOrigin attribute, which may be set or unset between the load start and the load end.
Now the crossOrigin attribute is checked at load start. If it is set, the CORS checks will happen even if the attribute is unset before the end of the load.
This is more consistent as the actual request was built with CORS enabled.
* loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::startPreflight): Setting correctly the preflight options as per fetch spec.
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::didReceiveResponse): Removing CORS check.
(WebCore::DocumentThreadableLoader::loadRequest): Adding CORS check in sync mode.
* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement):
(WebCore::ImageLoader::notifyFinished):
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didReceiveResponse): Adding CORS checks to the response
(WebCore::SubresourceLoader::checkResponseCrossOriginAccessControl): Helper routine to do CORS checks
* loader/SubresourceLoader.h:
* loader/cache/CachedImage.cpp:
(WebCore::CachedImage::cloneData): Responsible to set image content from another CachedImage.
* loader/cache/CachedImage.h:
* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::computeOrigin): Helper routine to set the origin and whether the resource is cross-origin or not.
(WebCore::CachedResource::load): Using computeOrigin.
(WebCore::CachedResource::loadFrom): Loading from a CachedResource from the same type and which finished loading.
* loader/cache/CachedResource.h:
(WebCore::CachedResource::cloneData):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Helper routine responsible to adapt the CachedResource
that can be reused to the origin and options of a new request.
(WebCore::CachedResourceLoader::requestResource): Calling updateCachedResourceWithCurrentRequest before actually returning the resource.
(WebCore::CachedResourceLoader::determineRevalidationPolicy): Space clean-up.
* loader/cache/CachedResourceLoader.h:
* loader/cache/CachedResourceRequest.h:
(WebCore::CachedResourceRequest::setCachingPolicy):
* style/StylePendingResources.cpp:
(WebCore::Style::loadPendingImage): Allowing data URLs for ShapeOutside data.
LayoutTests:
Added specific expectations for fetch cors-origin* tests for mac-wk2 and ios-simulator-wk2 as these tests use
HTTPS, and the connection is refused.
* TestExpectations: Marking http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html as flaky.
* http/tests/eventsource/eventsource-cors-basic-expected.txt:
* http/tests/eventsource/eventsource-cors-with-credentials-expected.txt:
* http/tests/fetch/fetching-same-resource-with-diffferent-options-expected.txt: Added.
* http/tests/fetch/fetching-same-resource-with-diffferent-options.html: Added.
* http/tests/loading/cross-origin-XHR-willLoadRequest-expected.txt:
* http/tests/resources/download-json-with-delay.php:
* http/tests/resources/redirect.php:
* http/tests/security/cross-origin-cached-resource-expected.txt: Added.
* http/tests/security/cross-origin-cached-resource-parallel-expected.txt: Added.
* http/tests/security/cross-origin-cached-resource-parallel.html: Added.
* http/tests/security/cross-origin-cached-resource.html: Added.
* http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt:
* http/tests/security/load-image-after-redirection-2-expected.txt: Added.
* http/tests/security/load-image-after-redirection-2.html: Added.
* http/tests/security/resources/abe-allow-star.php:
* http/tests/security/resources/allow-if-origin.php: Added.
* http/tests/security/resources/cross-origin-cached-resource-iframe.html: Added.
* http/tests/security/resources/rgbalpha.png: Added.
* http/tests/security/shape-outside-and-cached-resources-expected.html: Added.
* http/tests/security/shape-outside-and-cached-resources.html: Added.
* http/tests/security/video-poster-cross-origin-crash-expected.txt:
* http/tests/security/video-poster-cross-origin-crash2-expected.txt:
* http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt:
* http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt:
* http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt:
* http/tests/xmlhttprequest/cross-origin-no-credential-prompt-expected.txt:
* http/tests/xmlhttprequest/cross-site-denied-response-expected.txt:
* http/tests/xmlhttprequest/onerror-event-expected.txt:
* http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt:
* http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt:
* http/tests/xmlhttprequest/post-blob-content-type-async-expected.txt:
* http/tests/xmlhttprequest/redirect-cross-origin-2-expected.txt:
* http/tests/xmlhttprequest/redirect-cross-origin-expected.txt:
* http/tests/xmlhttprequest/simple-cross-origin-denied-events-expected.txt:
* http/tests/xmlhttprequest/simple-cross-origin-progress-events-expected.txt:
* http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt:
* platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt:
* platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt:
* platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt: Added.
* platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt: Added.
* platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt:
* platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt:
* platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt: Added.
* platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsTestExpectations">trunk/LayoutTests/TestExpectations</a></li>
<li><a href="#trunkLayoutTestshttptestseventsourceeventsourcecorsbasicexpectedtxt">trunk/LayoutTests/http/tests/eventsource/eventsource-cors-basic-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestseventsourceeventsourcecorswithcredentialsexpectedtxt">trunk/LayoutTests/http/tests/eventsource/eventsource-cors-with-credentials-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsloadingcrossoriginXHRwillLoadRequestexpectedtxt">trunk/LayoutTests/http/tests/loading/cross-origin-XHR-willLoadRequest-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsresourcesdownloadjsonwithdelayphp">trunk/LayoutTests/http/tests/resources/download-json-with-delay.php</a></li>
<li><a href="#trunkLayoutTestshttptestsresourcesredirectphp">trunk/LayoutTests/http/tests/resources/redirect.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityimgwithfailedcorscheckfailstoloadexpectedtxt">trunk/LayoutTests/http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcesabeallowstarphp">trunk/LayoutTests/http/tests/security/resources/abe-allow-star.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityvideopostercrossorigincrashexpectedtxt">trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityvideopostercrossorigincrash2expectedtxt">trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestaccesscontrolandredirectsasyncsameoriginexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestaccesscontrolrepeatedfailedpreflightcrashexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestcrossoriginnoauthorizationexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestcrossoriginnocredentialpromptexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-credential-prompt-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestcrosssitedeniedresponseexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/cross-site-denied-response-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestonerroreventexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/onerror-event-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestoriginwhitelistinghttpsexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestoriginwhitelistingipaddresseswithsubdomainsexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestpostblobcontenttypeasyncexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/post-blob-content-type-async-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestredirectcrossorigin2expectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestredirectcrossoriginexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestsimplecrossorigindeniedeventsexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestsimplecrossoriginprogresseventsexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-progress-events-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsxmlhttprequestxmlhttprequestunsaferedirectexpectedtxt">trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cChangeLog">trunk/LayoutTests/imported/w3c/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsXMLHttpRequestsecurityconsiderationsubexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/security-consideration.sub-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsbasicexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsbasicworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsbasicjs">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic.js</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsmultipleoriginsexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsmultipleoriginsworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-worker-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsoriginexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsoriginworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsoriginjs">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin.js</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectcredentialsexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectcredentialsworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformiossimulatorwk2importedw3cwebplatformtestsfetchapicorscorsbasicexpectedtxt">trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformiossimulatorwk2importedw3cwebplatformtestsfetchapicorscorsbasicworkerexpectedtxt">trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestsfetchapicorscorsbasicexpectedtxt">trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestsfetchapicorscorsbasicworkerexpectedtxt">trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreloaderCrossOriginPreflightCheckercpp">trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderDocumentThreadableLoadercpp">trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderImageLoadercpp">trunk/Source/WebCore/loader/ImageLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderSubresourceLoadercpp">trunk/Source/WebCore/loader/SubresourceLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderSubresourceLoaderh">trunk/Source/WebCore/loader/SubresourceLoader.h</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedImagecpp">trunk/Source/WebCore/loader/cache/CachedImage.cpp</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedImageh">trunk/Source/WebCore/loader/cache/CachedImage.h</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedResourcecpp">trunk/Source/WebCore/loader/cache/CachedResource.cpp</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedResourceh">trunk/Source/WebCore/loader/cache/CachedResource.h</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedResourceLoadercpp">trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedResourceLoaderh">trunk/Source/WebCore/loader/cache/CachedResourceLoader.h</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedResourceRequesth">trunk/Source/WebCore/loader/cache/CachedResourceRequest.h</a></li>
<li><a href="#trunkSourceWebCorestyleStylePendingResourcescpp">trunk/Source/WebCore/style/StylePendingResources.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestsfetchfetchingsameresourcewithdiffferentoptionsexpectedtxt">trunk/LayoutTests/http/tests/fetch/fetching-same-resource-with-diffferent-options-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsfetchfetchingsameresourcewithdiffferentoptionshtml">trunk/LayoutTests/http/tests/fetch/fetching-same-resource-with-diffferent-options.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincachedresourceexpectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincachedresourceparallelexpectedtxt">trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-parallel-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincachedresourceparallelhtml">trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossorigincachedresourcehtml">trunk/LayoutTests/http/tests/security/cross-origin-cached-resource.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityloadimageafterredirection2expectedtxt">trunk/LayoutTests/http/tests/security/load-image-after-redirection-2-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityloadimageafterredirection2html">trunk/LayoutTests/http/tests/security/load-image-after-redirection-2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcesallowiforiginphp">trunk/LayoutTests/http/tests/security/resources/allow-if-origin.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcescrossorigincachedresourceiframehtml">trunk/LayoutTests/http/tests/security/resources/cross-origin-cached-resource-iframe.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcesrgbalphapng">trunk/LayoutTests/http/tests/security/resources/rgbalpha.png</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityshapeoutsideandcachedresourcesexpectedhtml">trunk/LayoutTests/http/tests/security/shape-outside-and-cached-resources-expected.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityshapeoutsideandcachedresourceshtml">trunk/LayoutTests/http/tests/security/shape-outside-and-cached-resources.html</a></li>
<li><a href="#trunkLayoutTestsplatformiossimulatorwk2importedw3cwebplatformtestsfetchapicorscorsoriginexpectedtxt">trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformiossimulatorwk2importedw3cwebplatformtestsfetchapicorscorsoriginworkerexpectedtxt">trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestsfetchapicorscorsoriginexpectedtxt">trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestsfetchapicorscorsoriginworkerexpectedtxt">trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/ChangeLog 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,59 @@
</span><ins>+2016-09-06 Youenn Fablet <youenn@apple.com>
+
+ CachedResourceLoader is not taking into account fetch options to use or not cached resources
+ https://bugs.webkit.org/show_bug.cgi?id=161389
+
+ Reviewed by Darin Adler.
+
+ Added specific expectations for fetch cors-origin* tests for mac-wk2 and ios-simulator-wk2 as these tests use
+ HTTPS, and the connection is refused.
+
+ * TestExpectations: Marking http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html as flaky.
+ * http/tests/eventsource/eventsource-cors-basic-expected.txt:
+ * http/tests/eventsource/eventsource-cors-with-credentials-expected.txt:
+ * http/tests/fetch/fetching-same-resource-with-diffferent-options-expected.txt: Added.
+ * http/tests/fetch/fetching-same-resource-with-diffferent-options.html: Added.
+ * http/tests/loading/cross-origin-XHR-willLoadRequest-expected.txt:
+ * http/tests/resources/download-json-with-delay.php:
+ * http/tests/resources/redirect.php:
+ * http/tests/security/cross-origin-cached-resource-expected.txt: Added.
+ * http/tests/security/cross-origin-cached-resource-parallel-expected.txt: Added.
+ * http/tests/security/cross-origin-cached-resource-parallel.html: Added.
+ * http/tests/security/cross-origin-cached-resource.html: Added.
+ * http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt:
+ * http/tests/security/load-image-after-redirection-2-expected.txt: Added.
+ * http/tests/security/load-image-after-redirection-2.html: Added.
+ * http/tests/security/resources/abe-allow-star.php:
+ * http/tests/security/resources/allow-if-origin.php: Added.
+ * http/tests/security/resources/cross-origin-cached-resource-iframe.html: Added.
+ * http/tests/security/resources/rgbalpha.png: Added.
+ * http/tests/security/shape-outside-and-cached-resources-expected.html: Added.
+ * http/tests/security/shape-outside-and-cached-resources.html: Added.
+ * http/tests/security/video-poster-cross-origin-crash-expected.txt:
+ * http/tests/security/video-poster-cross-origin-crash2-expected.txt:
+ * http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt:
+ * http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt:
+ * http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt:
+ * http/tests/xmlhttprequest/cross-origin-no-credential-prompt-expected.txt:
+ * http/tests/xmlhttprequest/cross-site-denied-response-expected.txt:
+ * http/tests/xmlhttprequest/onerror-event-expected.txt:
+ * http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt:
+ * http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt:
+ * http/tests/xmlhttprequest/post-blob-content-type-async-expected.txt:
+ * http/tests/xmlhttprequest/redirect-cross-origin-2-expected.txt:
+ * http/tests/xmlhttprequest/redirect-cross-origin-expected.txt:
+ * http/tests/xmlhttprequest/simple-cross-origin-denied-events-expected.txt:
+ * http/tests/xmlhttprequest/simple-cross-origin-progress-events-expected.txt:
+ * http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt:
+ * platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt:
+ * platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt:
+ * platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt: Added.
+ * platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt: Added.
+ * platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt:
+ * platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt:
+ * platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt: Added.
+ * platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt: Added.
+
</ins><span class="cx"> 2016-09-06 Philippe Normand <pnormand@igalia.com>
</span><span class="cx">
</span><span class="cx"> Unreviewed GTK gardening
</span></span></pre></div>
<a id="trunkLayoutTestsTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/TestExpectations (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/TestExpectations 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/TestExpectations 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -795,6 +795,8 @@
</span><span class="cx"> http/tests/security/contentSecurityPolicy/script-src-blocked-error-event.html [ Pass Failure ]
</span><span class="cx"> webkit.org/b/158480 http/tests/websocket/tests/hybi/upgrade-simple-ws.html [ Skip ]
</span><span class="cx">
</span><ins>+webkit.org/b/161389 http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html [ Pass Failure ]
+
</ins><span class="cx"> # These state object tests purposefully stress a resource limit, and take multiple seconds to run.
</span><span class="cx"> loader/stateobjects/pushstate-size-iframe.html [ Slow ]
</span><span class="cx"> loader/stateobjects/pushstate-size.html [ Slow ]
</span></span></pre></div>
<a id="trunkLayoutTestshttptestseventsourceeventsourcecorsbasicexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/eventsource/eventsource-cors-basic-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/eventsource/eventsource-cors-basic-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/eventsource/eventsource-cors-basic-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,4 +1,6 @@
</span><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx"> CONSOLE MESSAGE: EventSource cannot load http://localhost:8000/eventsource/resources/es-cors-basic.php?count=1. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</span><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx"> CONSOLE MESSAGE: EventSource cannot load http://localhost:8000/eventsource/resources/es-cors-basic.php?count=2. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</span><span class="cx"> Test that basic EventSource cross-origin requests fail until they are allowed by the Access-Control-Allow-Origin header. Should print a series of PASS messages followed by DONE.
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestseventsourceeventsourcecorswithcredentialsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/eventsource/eventsource-cors-with-credentials-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/eventsource/eventsource-cors-with-credentials-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/eventsource/eventsource-cors-with-credentials-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,5 +1,8 @@
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: EventSource cannot load http://localhost:8000/eventsource/resources/es-cors-credentials.php?count=1. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: EventSource cannot load http://localhost:8000/eventsource/resources/es-cors-credentials.php?count=2. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><ins>+CONSOLE MESSAGE: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
</ins><span class="cx"> CONSOLE MESSAGE: EventSource cannot load http://localhost:8000/eventsource/resources/es-cors-credentials.php?count=3. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
</span><span class="cx"> Test that EventSource cross-origin requests with credentials fail until the correct CORS headers are sent. Should print a series of PASS messages followed by DONE.
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsfetchfetchingsameresourcewithdiffferentoptionsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/fetch/fetching-same-resource-with-diffferent-options-expected.txt (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/fetch/fetching-same-resource-with-diffferent-options-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/fetch/fetching-same-resource-with-diffferent-options-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+
+PASS Ensure cors checks work when loading in parallel the same resource with different modes
+PASS Ensure cors checks work when loading successively the same resource with different modes
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestsfetchfetchingsameresourcewithdiffferentoptionshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/fetch/fetching-same-resource-with-diffferent-options.html (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/fetch/fetching-same-resource-with-diffferent-options.html (rev 0)
+++ trunk/LayoutTests/http/tests/fetch/fetching-same-resource-with-diffferent-options.html 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,69 @@
</span><ins>+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetching the same resource with different options</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <script>
+promise_test(function(t) {
+ var url1 = "http://localhost:8000/resources/download-json-with-delay.php?iteration=2&delay=100&cors=true&allowCache=true&test=1";
+ var url2 = "http://localhost:8000/resources/download-json-with-delay.php?iteration=2&delay=100&cors=true&allowCache=true&test=2";
+ return Promise.all([
+ fetch(url1, {"mode": "no-cors"}).then((response) => {
+ assert_equals(response.type, "opaque");
+ }),
+ fetch(url1, {"mode": "cors"}).then((response) => {
+ assert_equals(response.type, "cors");
+ return response.arrayBuffer().then((arrayBuffer) => {
+ assert_true(arrayBuffer.byteLength > 0);
+ });
+ }),
+ promise_rejects(t, new TypeError(), fetch(url1, {"mode": "cors", "credentials": "include"})),
+ promise_rejects(t, new TypeError(), fetch(url2, {"mode": "cors", "credentials": "include"})),
+ fetch(url2, {"mode": "cors"}).then((response) => {
+ assert_equals(response.type, "cors");
+ return response.arrayBuffer().then((arrayBuffer) => {
+ assert_true(arrayBuffer.byteLength > 0);
+ });
+ }),
+ fetch(url2, {"mode": "no-cors"}).then((response) => {
+ assert_equals(response.type, "opaque");
+ })
+ ]);
+}, 'Ensure cors checks work when loading in parallel the same resource with different modes');
+
+promise_test(function(t) {
+ var url3 = "http://localhost:8000/resources/download-json-with-delay.php?iteration=2&delay=100&cors=true&allowCache=true&test=3";
+ var url4 = "http://localhost:8000/resources/download-json-with-delay.php?iteration=2&delay=100&cors=true&allowCache=true&test=4";
+ return fetch(url3, {"mode": "cors"}).then((response) => {
+ assert_equals(response.type, "cors");
+ return response.arrayBuffer().then((arrayBuffer) => {
+ assert_true(arrayBuffer.byteLength > 0);
+ });
+ }).then(() => {
+ return fetch(url3, {"mode": "no-cors"}).then((response) => {
+ assert_equals(response.type, "opaque");
+ });
+ }).then(() => {
+ return promise_rejects(t, new TypeError(), fetch(url3, {"mode": "cors", "credentials": "include"}));
+ }).then(() => {
+ return promise_rejects(t, new TypeError(), fetch(url4, {"mode": "cors", "credentials": "include"}));
+ }).then(() => {
+ return fetch(url4, {"mode": "no-cors"}).then((response) => {
+ assert_equals(response.type, "opaque");
+ });
+ }).then(() => {
+ return fetch(url4, {"mode": "cors"}).then((response) => {
+ assert_equals(response.type, "cors");
+ return response.arrayBuffer().then((arrayBuffer) => {
+ assert_true(arrayBuffer.byteLength > 0);
+ });
+ });
+ });
+}, 'Ensure cors checks work when loading successively the same resource with different modes');
+ </script>
+ </body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestsloadingcrossoriginXHRwillLoadRequestexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/loading/cross-origin-XHR-willLoadRequest-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/loading/cross-origin-XHR-willLoadRequest-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/loading/cross-origin-XHR-willLoadRequest-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> main frame - didFinishDocumentLoadForFrame
</span><span class="cx"> main frame - didHandleOnloadEventsForFrame
</span><span class="cx"> main frame - didFinishLoadForFrame
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/loading/resources/foo.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/loading/resources/foo.txt due to access control checks.
</ins><span class="cx"> The console message above should report failure to load foo.txt due to cross-origin access, not a network error.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsresourcesdownloadjsonwithdelayphp"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/resources/download-json-with-delay.php (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/resources/download-json-with-delay.php 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/resources/download-json-with-delay.php 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,9 +1,18 @@
</span><span class="cx"> <?php
</span><span class="cx"> header("Expires: Thu, 01 Dec 2003 16:00:00 GMT");
</span><del>-header("Cache-Control: no-cache, no-store, must-revalidate");
-header("Pragma: no-cache");
-header("Content-Type: application/x-no-buffering-please");
</del><span class="cx">
</span><ins>+if ($_GET['allowCache']) {
+ header("Content-Type: application/json");
+} else {
+ header("Content-Type: application/x-no-buffering-please");
+ header("Cache-Control: no-cache, no-store, must-revalidate");
+ header("Pragma: no-cache");
+}
+
+if ($_GET['cors']) {
+ header("Access-Control-Allow-Origin: *");
+}
+
</ins><span class="cx"> $iteration = $_GET['iteration'];
</span><span class="cx"> $delay = $_GET['delay'];
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsresourcesredirectphp"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/resources/redirect.php (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/resources/redirect.php 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/resources/redirect.php 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,16 +1,22 @@
</span><span class="cx"> <?php
</span><del>- function addCacheControl() {
- # Workaround for https://bugs.webkit.org/show_bug.cgi?id=77538
- # Caching redirects results in flakiness in tests that dump loader delegates.
- header("Cache-Control: no-store");
</del><ins>+ function addCacheControl($allowCache) {
+ if ($allowCache)
+ header("Cache-Control: public, max-age=86400");
+ else {
+ # Workaround for https://bugs.webkit.org/show_bug.cgi?id=77538
+ # Caching redirects results in flakiness in tests that dump loader delegates.
+ header("Cache-Control: no-store");
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> $url = $_GET['url'];
</span><span class="cx">
</span><ins>+ $allowCache = isset($_GET['allowCache']);
+
</ins><span class="cx"> if (isset($_GET['refresh'])) {
</span><span class="cx"> header("HTTP/1.1 200");
</span><span class="cx"> header("Refresh: " . $_GET['refresh'] . "; url=$url");
</span><del>- addCacheControl();
</del><ins>+ addCacheControl($allowCache);
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -22,5 +28,5 @@
</span><span class="cx"> } else
</span><span class="cx"> header("HTTP/1.1 " . $_GET['code']);
</span><span class="cx"> header("Location: $url");
</span><del>- addCacheControl();
</del><ins>+ addCacheControl($allowCache);
</ins><span class="cx"> ?>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincachedresourceexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-expected.txt (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,19 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+Tests source origin difference for cached resources.
+
+Trying to load sequentially the same image from various origins.
+All images should load.
+
+Test 1 PASS: Loaded image http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache from localhost:8000 (crossOrigin=anonymous)
+Test 2 PASS: Loaded image http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache from localhost:8080 (crossOrigin=anonymous)
+Test 3 PASS: Loaded image http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8000 (crossOrigin=anonymous)
+Test 4 PASS: Did not load image http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8080 (crossOrigin=anonymous)
+Test 5 PASS: Loaded image http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache from localhost:8000
+Test 6 PASS: Loaded image http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache from localhost:8000 (crossOrigin=anonymous)
+Test 7 PASS: Loaded image http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8080
+Test 8 PASS: Did not load image http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8080 (crossOrigin=anonymous)
+
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincachedresourceparallelexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-parallel-expected.txt (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-parallel-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-parallel-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,19 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+Tests source origin difference for cached resources.
+
+Trying to load sequentially the same image from various origins.
+All images should load.
+
+Test 1 PASS: Loaded image http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache from localhost:8000 (crossOrigin=anonymous)
+Test 2 PASS: Loaded image http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache from localhost:8080 (crossOrigin=anonymous)
+Test 3 PASS: Loaded image http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8000 (crossOrigin=anonymous)
+Test 4 PASS: Did not load image http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8080 (crossOrigin=anonymous)
+Test 5 PASS: Loaded image http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache from localhost:8000
+Test 6 PASS: Loaded image http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache from localhost:8000 (crossOrigin=anonymous)
+Test 7 PASS: Loaded image http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8080
+Test 8 PASS: Did not load image http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000 from localhost:8080 (crossOrigin=anonymous)
+
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincachedresourceparallelhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,67 @@
</span><ins>+<html>
+<body>
+<p>Tests source origin difference for cached resources.</p
+<p>Trying to load sequentially the same image from various origins.</p>
+<p>All images should load.</p>
+<div id="console"></div>
+<div>
+ <iframe id="iframe1"></iframe>
+ <iframe id="iframe2"></iframe>
+ <iframe id="iframe3"></iframe>
+ <iframe id="iframe4"></iframe>
+</div>
+<div>
+ <iframe id="iframe5"></iframe>
+ <iframe id="iframe6"></iframe>
+ <iframe id="iframe7"></iframe>
+ <iframe id="iframe8"></iframe>
+</div>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+var counter = 0;
+var messages = [];
+window.addEventListener("message", function(event) {
+ messages.push(event.data);
+ if (messages.length == 8) {
+ messages.sort();
+ messages.forEach((message) => {
+ document.getElementById('console').innerHTML += message + "<br/>";
+ })
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+});
+
+var iframeURL8000 = "http://localhost:8000/security/resources/cross-origin-cached-resource-iframe.html";
+var iframeURL8080 = "http://localhost:8080/security/resources/cross-origin-cached-resource-iframe.html";
+
+var allowAllImage1 = "http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache";
+var allow8000Image1 = "http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000";
+
+var allowAllImage2 = "http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache";
+var allow8000Image2 = "http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000";
+
+document.getElementById('iframe1').src = iframeURL8000 + "#" +
+ encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass:true, crossOrigin: "anonymous", id: 1}));
+document.getElementById('iframe2').src = iframeURL8080 + "#" +
+ encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass: true, crossOrigin: "anonymous", id: 2}));
+document.getElementById('iframe3').src = iframeURL8000 + "#" +
+ encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: true, crossOrigin: "anonymous", id: 3}));
+document.getElementById('iframe4').src = iframeURL8080 + "#" +
+ encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: false, crossOrigin: "anonymous", id: 4}));
+
+document.getElementById('iframe5').src = iframeURL8000 + "#" +
+ encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, id: 5}));
+document.getElementById('iframe6').src = iframeURL8000 + "#" +
+ encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, crossOrigin: "anonymous", id: 6}));
+document.getElementById('iframe7').src = iframeURL8080 + "#" +
+ encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:true, id: 7}));
+document.getElementById('iframe8').src = iframeURL8080 + "#" +
+ encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:false, crossOrigin: "anonymous", id: 8}));
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossorigincachedresourcehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cross-origin-cached-resource.html (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-origin-cached-resource.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-cached-resource.html 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,78 @@
</span><ins>+<html>
+<body>
+<p>Tests source origin difference for cached resources.</p
+<p>Trying to load sequentially the same image from various origins.</p>
+<p>All images should load.</p>
+<div id="console"></div>
+<div>
+ <iframe id="iframe1"></iframe>
+ <iframe id="iframe2"></iframe>
+ <iframe id="iframe3"></iframe>
+ <iframe id="iframe4"></iframe>
+</div>
+<div>
+ <iframe id="iframe5"></iframe>
+ <iframe id="iframe6"></iframe>
+ <iframe id="iframe7"></iframe>
+ <iframe id="iframe8"></iframe>
+</div>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+window.addEventListener("message", function(event) {
+ document.getElementById('console').innerHTML += event.data + "<br/>";
+ loadNextFrame();
+});
+
+var iframeURL8000 = "http://localhost:8000/security/resources/cross-origin-cached-resource-iframe.html";
+var iframeURL8080 = "http://localhost:8080/security/resources/cross-origin-cached-resource-iframe.html";
+
+var allowAllImage1 = "http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache";
+var allow8000Image1 = "http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000";
+
+var allowAllImage2 = "http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache";
+var allow8000Image2 = "http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000";
+
+var counter = 0;
+function loadNextFrame()
+{
+ counter++;
+ // Four first tests try to load an image with a given origin and then the same image (in cache) with a different origin.
+ if (counter == 1)
+ document.getElementById('iframe1').src = iframeURL8000 + "#" +
+ encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass:true, crossOrigin: "anonymous", id: 1}));
+ else if (counter == 2)
+ document.getElementById('iframe2').src = iframeURL8080 + "#" +
+ encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass: true, crossOrigin: "anonymous", id: 2}));
+ else if (counter == 3)
+ document.getElementById('iframe3').src = iframeURL8000 + "#" +
+ encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: true, crossOrigin: "anonymous", id: 3}));
+ // Fourth image load should fail since requesting image from localhost:8080 while only allowed from localhost:8000.
+ else if (counter == 4)
+ document.getElementById('iframe4').src = iframeURL8080 + "#" +
+ encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: false, crossOrigin: "anonymous", id: 4}));
+
+ // Four next tests try to load a cross-origin image without cors and then with cors.
+ else if (counter == 5)
+ document.getElementById('iframe5').src = iframeURL8000 + "#" +
+ encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, id: 5}));
+ else if (counter == 6)
+ document.getElementById('iframe6').src = iframeURL8000 + "#" +
+ encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, crossOrigin: "anonymous", id: 6}));
+ else if (counter == 7)
+ document.getElementById('iframe7').src = iframeURL8080 + "#" +
+ encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:true, id: 7}));
+ else if (counter == 8)
+ document.getElementById('iframe8').src = iframeURL8080 + "#" +
+ encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:false, crossOrigin: "anonymous", id: 8}));
+ else if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+loadNextFrame();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityimgwithfailedcorscheckfailstoloadexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
</span><span class="cx"> ALERT: PASS: The error event was called.
</span><span class="cx"> This test passes if the image below does not load.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityloadimageafterredirection2expectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/load-image-after-redirection-2-expected.txt (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/load-image-after-redirection-2-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/load-image-after-redirection-2-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,7 @@
</span><ins>+CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8000/security/resources/allow-if-origin.php denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+
+
+PASS Loading an image in no-cors mode after a CORS invalid redirection is ok
+PASS Loading an image in cors mode after a CORS invalid redirection is stopped
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityloadimageafterredirection2html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/load-image-after-redirection-2.html (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/load-image-after-redirection-2.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/load-image-after-redirection-2.html 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,33 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<title>Testing redirection with images fetched with cors mode</title>
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<img id="image1" style="visibility:hidden"></img>
+<img id="image2" crossorigin="use-credentials" style="visibility:hidden"></img>
+<script type="text/javascript">
+var imageURLAfterCORSInvalidRedirection = "http://localhost:8000/resources/redirect.php?url=http://127.0.0.1:8000/security/resources/allow-if-origin.php&allowCache";
+promise_test((test) => {
+ return new Promise((resolve, reject) => {
+ var image = document.getElementById("image1");
+ image.onload = resolve;
+ image.onerror = () => { reject("image loading failed unexpectedly"); };
+ image.src = imageURLAfterCORSInvalidRedirection;
+ });
+}, "Loading an image in no-cors mode after a CORS invalid redirection is ok");
+
+promise_test((test) => {
+ return new Promise((resolve, reject) => {
+ var image = document.getElementById("image2");
+ image.onerror = resolve;
+ image.onload = () => { reject("image loading succeeded unexpectedly"); };
+ image.src = imageURLAfterCORSInvalidRedirection;
+ });
+}, "Loading an image in cors mode after a CORS invalid redirection is stopped");
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcesabeallowstarphp"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/resources/abe-allow-star.php (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/resources/abe-allow-star.php 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/security/resources/abe-allow-star.php 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,6 +1,10 @@
</span><span class="cx"> <?php
</span><span class="cx"> header("Access-Control-Allow-Origin: *");
</span><span class="cx">
</span><ins>+$allowCache = $_GET['allowCache'];
+if (isset($allowCache))
+ header("Cache-Control: max-age=100");
+
</ins><span class="cx"> $name = 'abe.png';
</span><span class="cx"> $fp = fopen($name, 'rb');
</span><span class="cx"> header("Content-Type: image/png");
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcesallowiforiginphp"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/resources/allow-if-origin.php (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/resources/allow-if-origin.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/allow-if-origin.php 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,30 @@
</span><ins>+<?php
+
+$delay = $_GET['delay'];
+if (isset($delay))
+ usleep($delay);
+
+$origin = $_GET['origin'];
+if (isset($origin))
+ header("Access-Control-Allow-Origin: " . $origin);
+else if ($_SERVER["HTTP_ORIGIN"]) {
+ header("Access-Control-Allow-Origin: " . $_SERVER["HTTP_ORIGIN"]);
+ header("Vary: Origin");
+}
+
+$allowCache = $_GET['allowCache'];
+if (isset($allowCache))
+ header("Cache-Control: max-age=100");
+
+$name = $_GET['name'];
+if (!isset($name))
+ $name = 'abe.png';
+
+$fp = fopen($name, 'rb');
+
+header("Content-Type: image/png");
+header("Content-Length: " . filesize($name));
+
+fpassthru($fp);
+exit;
+?>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcescrossorigincachedresourceiframehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/resources/cross-origin-cached-resource-iframe.html (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/resources/cross-origin-cached-resource-iframe.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/cross-origin-cached-resource-iframe.html 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,27 @@
</span><ins>+<html>
+<body>
+
+<img id="img" onload="logStatus(true)" onerror="logStatus(false)"/>
+<script>
+var test = JSON.parse(decodeURIComponent(location.hash.substring(1)));
+
+function logStatus(status)
+{
+ var msg = "Test " + test.id;
+ msg += test.shouldPass == status ? " PASS: " : " FAIL: ";
+
+ msg += status ? "Loaded" : "Did not load";
+ msg += " image " + img.src + " from " + location.host;
+ if (test.crossOrigin)
+ msg += " (crossOrigin=" + test.crossOrigin + ")";
+
+ parent.postMessage(msg, "*");
+}
+
+var image = document.getElementById('img');
+if (test.crossOrigin !== undefined)
+ image.crossOrigin = test.crossOrigin;
+image.src = test.url;
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcesrgbalphapng"></a>
<div class="binary"><h4>Added: trunk/LayoutTests/http/tests/security/resources/rgbalpha.png</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Index: trunk/LayoutTests/http/tests/security/resources/rgbalpha.png
</span><span class="cx">===================================================================
</span><del>--- trunk/LayoutTests/http/tests/security/resources/rgbalpha.png 2016-09-06 09:48:18 UTC (rev 205472)
</del><ins>+++ trunk/LayoutTests/http/tests/security/resources/rgbalpha.png 2016-09-06 11:06:52 UTC (rev 205473)
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/resources/rgbalpha.png
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<ins>+image/png
</ins><span class="cx">\ No newline at end of property
</span><a id="trunkLayoutTestshttptestssecurityshapeoutsideandcachedresourcesexpectedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/shape-outside-and-cached-resources-expected.html (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/shape-outside-and-cached-resources-expected.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/shape-outside-and-cached-resources-expected.html 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,21 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+ <title>Testing loading a CSS shape outside with resource cache</title>
+ <style></style>
+</head>
+<body>
+<script>
+function add_style() {
+ var sheet = window.document.styleSheets[0];
+ sheet.insertRule("#image-with-shape {-webkit-shape-outside: url('/security/resources/allow-if-origin.php?name=rgbalpha.png');-webkit-shape-image-threshold: 0.4;float: left;}", sheet.cssRules.length);
+}
+</script>
+Test is passing if the two following text lines are not vertically aligned, the second one being closer to the red region of the image.
+<p style="width: 300px">
+ <img id="image-with-shape" onload="add_style()" src='http://localhost:8000/security/resources/allow-if-origin.php?name=rgbalpha.png'></img>
+ This is a test!<br>
+ This is a real test!<br>
+</p>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityshapeoutsideandcachedresourceshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/shape-outside-and-cached-resources.html (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/shape-outside-and-cached-resources.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/shape-outside-and-cached-resources.html 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,21 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+ <title>Testing loading a CSS shape outside with resource cache</title>
+ <style></style>
+</head>
+<body>
+<script>
+function add_style() {
+ var sheet = window.document.styleSheets[0];
+ sheet.insertRule("#image-with-shape {-webkit-shape-outside: url('http://localhost:8000/security/resources/allow-if-origin.php?name=rgbalpha.png&addVary');-webkit-shape-image-threshold: 0.4;float: left;}", sheet.cssRules.length);
+}
+</script>
+Test is passing if the two following text lines are not vertically aligned, the second one being closer to the red region of the image.
+<p style="width: 300px">
+ <img id="image-with-shape" onload="add_style()" src='http://localhost:8000/security/resources/allow-if-origin.php?name=rgbalpha.png&addVary'></img>
+ This is a test!<br>
+ This is a real test!<br>
+</p>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityvideopostercrossorigincrashexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,2 +1,3 @@
</span><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
</span><span class="cx"> >>>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityvideopostercrossorigincrash2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
</span><span class="cx"> Test passes if it doesn't crash.
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestaccesscontrolandredirectsasyncsameoriginexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,5 +1,7 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-no-credentials.cgi. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
</del><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi due to access control checks.
+CONSOLE MESSAGE: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-no-credentials.cgi due to access control checks.
</ins><span class="cx"> Tests that asynchronous XMLHttpRequests handle redirects according to the CORS standard.
</span><span class="cx">
</span><span class="cx"> Testing ../resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi without credentials
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestaccesscontrolrepeatedfailedpreflightcrashexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,7 +1,13 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks.
</ins><span class="cx"> PASS
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestcrossoriginnoauthorizationexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> CONSOLE MESSAGE: line 56: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-origin-no-authorization.php. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-origin-no-authorization.php. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
</del><ins>+CONSOLE MESSAGE: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-origin-no-authorization.php due to access control checks.
</ins><span class="cx"> Start
</span><span class="cx"> Trying different ways to access a password protected resource from another origin. The UA already has login and password for this protection space.
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestcrossoriginnocredentialpromptexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-credential-prompt-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-credential-prompt-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-credential-prompt-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,2 +1,3 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/basic-auth/basic-auth.php?uid=41531. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/basic-auth/basic-auth.php?uid=41531 due to access control checks.
</ins><span class="cx"> There should be no authentication prompt displayed, since this is a cross-origin request. In automatic mode, the test relies on logging of authentication sheets.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestcrosssitedeniedresponseexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/cross-site-denied-response-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/cross-site-denied-response-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/cross-site-denied-response-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,4 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
</ins><span class="cx"> PASS
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestonerroreventexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/onerror-event-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/onerror-event-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/onerror-event-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,4 +1,5 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-denied.cgi due to access control checks.
</ins><span class="cx"> This test that the error event is fired for XMLHttpRequests
</span><span class="cx">
</span><span class="cx"> PASS: error event fired.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestoriginwhitelistinghttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> CONSOLE MESSAGE: line 20: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/get.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/get.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/get.txt due to access control checks.
</ins><span class="cx"> Tests that origin whitelisting for https does not match http URLs.
</span><span class="cx">
</span><span class="cx"> Testing: http://localhost:8000/xmlhttprequest/resources/get.txt (sync)
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestoriginwhitelistingipaddresseswithsubdomainsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> CONSOLE MESSAGE: line 16: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/get.txt. Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/get.txt. Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/get.txt due to access control checks.
</ins><span class="cx"> Specifying that an IP address should match subdomains doesn't make sense. This test verifies that it doesn't do anything.
</span><span class="cx">
</span><span class="cx"> Testing: http://127.0.0.1:8000/xmlhttprequest/resources/get.txt (sync)
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestpostblobcontenttypeasyncexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/post-blob-content-type-async-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/post-blob-content-type-async-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/post-blob-content-type-async-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,4 +1,5 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-allow-lists.php. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-allow-lists.php due to access control checks.
</ins><span class="cx"> Test verifies that content MIME type is set correctly when Blob is sent using XMLHttpRequest asynchronously.
</span><span class="cx">
</span><span class="cx"> On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestredirectcrossorigin2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-2-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-2-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-2-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,4 +1,5 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
</ins><span class="cx"> Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
</span><span class="cx">
</span><span class="cx"> PASS
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestredirectcrossoriginexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,4 +1,5 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
</ins><span class="cx"> Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
</span><span class="cx">
</span><span class="cx"> PASS
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestsimplecrossorigindeniedeventsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,4 +1,5 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
</ins><span class="cx"> Test that a simple cross-origin request to a server that responds (but does not permit cross-origin requests) is indistinguishable from one that does not exist. Should say PASS:
</span><span class="cx">
</span><span class="cx"> PASS
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestsimplecrossoriginprogresseventsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-progress-events-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-progress-events-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-progress-events-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-site-progress-events.cgi due to access control checks.
</ins><span class="cx"> CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-site-progress-events.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-site-progress-events.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><span class="cx"> Test that upload progress events are not dispatched for simple cross-origin requests (i.e. if the listener is set after calling send(), and there are no other reasons to make a preflight request).
</span><span class="cx">
</span><span class="cx"> Test 1: The URL is allowed for cross-origin requests
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsxmlhttprequestxmlhttprequestunsaferedirectexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,4 +1,5 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks.
</ins><span class="cx"> This tests that unsafe redirects won't be allowed when making an XMLHttpRequest.
</span><span class="cx"> Sync XHR started.
</span><span class="cx"> readyState change 1
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/ChangeLog (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/ChangeLog 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,25 @@
</span><ins>+2016-09-06 Youenn Fablet <youenn@apple.com>
+
+ CachedResourceLoader is not taking into account fetch options to use or not cached resources
+ https://bugs.webkit.org/show_bug.cgi?id=161389
+
+ Reviewed by Darin Adler.
+
+ Updated as new console log messages appear now that cors checks are done at SubresourceLoader level.
+
+ * web-platform-tests/XMLHttpRequest/security-consideration.sub-expected.txt:
+ * web-platform-tests/fetch/api/cors/cors-basic-expected.txt:
+ * web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt:
+ * web-platform-tests/fetch/api/cors/cors-basic.js: Fixing a typo in the test making the test always passing, since the fetch promise was not taken into account.
+ * web-platform-tests/fetch/api/cors/cors-multiple-origins-expected.txt:
+ * web-platform-tests/fetch/api/cors/cors-multiple-origins-worker-expected.txt:
+ * web-platform-tests/fetch/api/cors/cors-origin-expected.txt:
+ * web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt:
+ * web-platform-tests/fetch/api/cors/cors-origin.js:
+ (corsOrigin): Fixing a typo in the test making the tests always passing, since the fetch promise was not taken into account.
+ * web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt:
+ * web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt:
+
</ins><span class="cx"> 2016-09-05 Commit Queue <commit-queue@webkit.org>
</span><span class="cx">
</span><span class="cx"> Unreviewed, rolling out r205450.
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsXMLHttpRequestsecurityconsiderationsubexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/security-consideration.sub-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/security-consideration.sub-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/security-consideration.sub-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,4 +1,5 @@
</span><del>-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8801/XMLHttpRequest/resources/img.jpg. Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</del><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8801/XMLHttpRequest/resources/img.jpg due to access control checks.
</ins><span class="cx">
</span><span class="cx"> FAIL ProgressEvent: security consideration assert_unreached: MUST NOT dispatch progress event. Reached unreachable code
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsbasicexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,8 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx">
</span><span class="cx"> PASS Same domain different port [no-cors mode]
</span><span class="cx"> PASS Same domain different port [server forbid CORS]
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsbasicworkerexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,8 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx">
</span><span class="cx"> PASS Same domain different port [no-cors mode]
</span><span class="cx"> PASS Same domain different port [server forbid CORS]
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsbasicjs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic.js (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic.js 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic.js 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -20,9 +20,7 @@
</span><span class="cx"> }, desc + " [no-cors mode]");
</span><span class="cx">
</span><span class="cx"> promise_test(function(test) {
</span><del>- var testedPromise = fetch(url + RESOURCES_DIR + "top.txt", {"mode": "cors"} ).then(function(resp) {
- return promise_rejects(test, new TypeError(), testedPromise);
- });
</del><ins>+ return promise_rejects(test, new TypeError(), fetch(url + RESOURCES_DIR + "top.txt", {"mode": "cors"}));
</ins><span class="cx"> }, desc + " [server forbid CORS]");
</span><span class="cx">
</span><span class="cx"> promise_test(function(test) {
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsmultipleoriginsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx">
</span><span class="cx"> PASS 3 origins allowed, match the 3rd (http://localhost:8800)
</span><span class="cx"> PASS 3 origins allowed, match the 3rd ("*")
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsmultipleoriginsworkerexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-worker-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-worker-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-worker-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx">
</span><span class="cx"> PASS 3 origins allowed, match the 3rd (http://localhost:8800)
</span><span class="cx"> PASS 3 origins allowed, match the 3rd ("*")
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsoriginexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,11 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx">
</span><span class="cx"> PASS Cross domain different subdomain [origin OK]
</span><span class="cx"> PASS Cross domain different subdomain [origin KO]
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsoriginworkerexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,11 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx">
</span><span class="cx"> PASS Cross domain different subdomain [origin OK]
</span><span class="cx"> PASS Cross domain different subdomain [origin KO]
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsoriginjs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin.js (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin.js 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin.js 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -16,7 +16,7 @@
</span><span class="cx"> var requestInit = {"mode": "cors", "method": method};
</span><span class="cx">
</span><span class="cx"> promise_test(function(test) {
</span><del>- fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token).then(function(resp) {
</del><ins>+ return fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token).then(function(resp) {
</ins><span class="cx"> assert_equals(resp.status, 200, "Clean stash response's status is 200");
</span><span class="cx"> if (shouldPass) {
</span><span class="cx"> return fetch(url + urlParameters, requestInit).then(function(resp) {
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectcredentialsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,6 @@
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2F%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="lines">@@ -7,6 +10,9 @@
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2F%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="lines">@@ -16,6 +22,9 @@
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2F%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="lines">@@ -25,6 +34,9 @@
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2F%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="lines">@@ -34,6 +46,9 @@
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=308&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=308&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=308&location=http%3A%2F%2F%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectcredentialsworkerexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,6 @@
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2F%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="lines">@@ -7,6 +10,9 @@
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=301&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2F%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="lines">@@ -16,6 +22,9 @@
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=302&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2F%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="lines">@@ -25,6 +34,9 @@
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=303&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2F%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="lines">@@ -34,6 +46,9 @@
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2Fuser%3A%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8800/fetch/api/resources/preflight.py?redirect_status=307&location=http%3A%2F%2F%3Apassword%40127.0.0.1%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><ins>+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
+CONSOLE MESSAGE: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</ins><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=308&location=http%3A%2F%2Fuser%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=308&location=http%3A%2F%2Fuser%3A%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span><span class="cx"> CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/fetch/api/resources/preflight.py?redirect_status=308&location=http%3A%2F%2F%3Apassword%40localhost%3A8800%2Ffetch%2Fapi%2Fcors%2F..%2Fresources%2Fpreflight.py&count=1 denied by Cross-Origin Resource Sharing policy: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
</span></span></pre></div>
<a id="trunkLayoutTestsplatformiossimulatorwk2importedw3cwebplatformtestsfetchapicorscorsbasicexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,6 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx">
</span><span class="cx"> PASS Same domain different port [no-cors mode]
</span><span class="cx"> PASS Same domain different port [server forbid CORS]
</span></span></pre></div>
<a id="trunkLayoutTestsplatformiossimulatorwk2importedw3cwebplatformtestsfetchapicorscorsbasicworkerexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,6 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx">
</span><span class="cx"> PASS Same domain different port [no-cors mode]
</span><span class="cx"> PASS Same domain different port [server forbid CORS]
</span></span></pre></div>
<a id="trunkLayoutTestsplatformiossimulatorwk2importedw3cwebplatformtestsfetchapicorscorsoriginexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,25 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+
+PASS Cross domain different subdomain [origin OK]
+PASS Cross domain different subdomain [origin KO]
+PASS Same domain different port [origin OK]
+PASS Same domain different port [origin KO]
+PASS Cross domain different port [origin OK]
+PASS Cross domain different port [origin KO]
+FAIL Cross domain different protocol [origin OK] promise_test: Unhandled rejection with value: object "TypeError: Type error"
+PASS Cross domain different protocol [origin KO]
+FAIL Same domain different protocol different port [origin OK] promise_test: Unhandled rejection with value: object "TypeError: Type error"
+PASS Same domain different protocol different port [origin KO]
+PASS Cross domain [POST] [origin OK]
+PASS Cross domain [POST] [origin KO]
+PASS Cross domain [HEAD] [origin OK]
+PASS Cross domain [HEAD] [origin KO]
+PASS CORS preflight [PUT] [origin OK]
+PASS CORS preflight [PUT] [origin KO]
+PASS Allowed origin: "" [origin KO]
+
</ins></span></pre></div>
<a id="trunkLayoutTestsplatformiossimulatorwk2importedw3cwebplatformtestsfetchapicorscorsoriginworkerexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/ios-simulator-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,25 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+
+PASS Cross domain different subdomain [origin OK]
+PASS Cross domain different subdomain [origin KO]
+PASS Same domain different port [origin OK]
+PASS Same domain different port [origin KO]
+PASS Cross domain different port [origin OK]
+PASS Cross domain different port [origin KO]
+FAIL Cross domain different protocol [origin OK] promise_test: Unhandled rejection with value: object "TypeError: Type error"
+PASS Cross domain different protocol [origin KO]
+FAIL Same domain different protocol different port [origin OK] promise_test: Unhandled rejection with value: object "TypeError: Type error"
+PASS Same domain different protocol different port [origin KO]
+PASS Cross domain [POST] [origin OK]
+PASS Cross domain [POST] [origin KO]
+PASS Cross domain [HEAD] [origin OK]
+PASS Cross domain [HEAD] [origin KO]
+PASS CORS preflight [PUT] [origin OK]
+PASS CORS preflight [PUT] [origin KO]
+PASS Allowed origin: "" [origin KO]
+
</ins></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestsfetchapicorscorsbasicexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,6 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx">
</span><span class="cx"> PASS Same domain different port [no-cors mode]
</span><span class="cx"> PASS Same domain different port [server forbid CORS]
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestsfetchapicorscorsbasicworkerexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-basic-worker-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,6 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
</ins><span class="cx">
</span><span class="cx"> PASS Same domain different port [no-cors mode]
</span><span class="cx"> PASS Same domain different port [server forbid CORS]
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestsfetchapicorscorsoriginexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,25 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+
+PASS Cross domain different subdomain [origin OK]
+PASS Cross domain different subdomain [origin KO]
+PASS Same domain different port [origin OK]
+PASS Same domain different port [origin KO]
+PASS Cross domain different port [origin OK]
+PASS Cross domain different port [origin KO]
+FAIL Cross domain different protocol [origin OK] promise_test: Unhandled rejection with value: object "TypeError: Type error"
+PASS Cross domain different protocol [origin KO]
+FAIL Same domain different protocol different port [origin OK] promise_test: Unhandled rejection with value: object "TypeError: Type error"
+PASS Same domain different protocol different port [origin KO]
+PASS Cross domain [POST] [origin OK]
+PASS Cross domain [POST] [origin KO]
+PASS Cross domain [HEAD] [origin OK]
+PASS Cross domain [HEAD] [origin KO]
+PASS CORS preflight [PUT] [origin OK]
+PASS CORS preflight [PUT] [origin KO]
+PASS Allowed origin: "" [origin KO]
+
</ins></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestsfetchapicorscorsoriginworkerexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt (0 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/fetch/api/cors/cors-origin-worker-expected.txt 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -0,0 +1,25 @@
</span><ins>+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+
+PASS Cross domain different subdomain [origin OK]
+PASS Cross domain different subdomain [origin KO]
+PASS Same domain different port [origin OK]
+PASS Same domain different port [origin KO]
+PASS Cross domain different port [origin OK]
+PASS Cross domain different port [origin KO]
+FAIL Cross domain different protocol [origin OK] promise_test: Unhandled rejection with value: object "TypeError: Type error"
+PASS Cross domain different protocol [origin KO]
+FAIL Same domain different protocol different port [origin OK] promise_test: Unhandled rejection with value: object "TypeError: Type error"
+PASS Same domain different protocol different port [origin KO]
+PASS Cross domain [POST] [origin OK]
+PASS Cross domain [POST] [origin KO]
+PASS Cross domain [HEAD] [origin OK]
+PASS Cross domain [HEAD] [origin KO]
+PASS CORS preflight [PUT] [origin OK]
+PASS CORS preflight [PUT] [origin KO]
+PASS Allowed origin: "" [origin KO]
+
</ins></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/ChangeLog 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -1,3 +1,78 @@
</span><ins>+2016-09-06 Youenn Fablet <youenn@apple.com>
+
+ CachedResourceLoader is not taking into account fetch options to use or not cached resources
+ https://bugs.webkit.org/show_bug.cgi?id=161389
+
+ Reviewed by Darin Adler.
+
+ Tests: http/tests/fetch/fetching-same-resource-with-diffferent-options.html
+ http/tests/security/cross-origin-cached-resource-parallel.html
+ http/tests/security/cross-origin-cached-resource.html
+ http/tests/security/load-image-after-redirection-2.html
+ http/tests/security/shape-outside-and-cached-resources.html
+
+ Adding CORS checks for the response in case of CORS fetch mode, in SubresourceLoader.
+ Removing the CORS checks in Image and DocumentThreadableLoader.
+
+ The direction of this patch is to make CachedResource origin-specific/fetch mode specific.
+
+ This will remove the need for CachedResource clients to do CORS checks when receiving the notifyFinished call.
+ This will also make the computation of whether a resource is clean or not much easier since the CachedResource knowd its origin and its response tainting.
+
+ Removing the CORS checks at ImageLoader creates the risk of using some cached resources loaded from previously no-cors mode without doing the actual CORS check.
+ Note that the risk was already there in case of a resource loaded through redirections.
+ Reusing a cached resource for a load with different options also leads to bad computation of the resource tainting.
+
+ As a first step, improvements are done but only for CachedImage resources.
+
+ This patch limits the direct reuse of cached resources as follow:
+ - If the request and existing resources have different origins.
+ - If the fetch mode is different between request and existing resource.
+
+ In those cases, a new CachedResource is created with the correct options and origin.
+ The data and response of the CachedResource found in the cache are copied efficiently in the new CachedResource, if the matching CachedResource finished loading (CachedImage specific).
+
+ If the matching CachedResource is still loading, we trigger a reload (with caching=false to not disturb the being loaded resource).
+ This should be made more efficient at some point, especially if the matching CachedResource already has its response set.
+
+ This triggers a change of behavior: previously, the CORS checks were done by the ImageLoader when the resource was finished loading.
+ The CORS checks were controlled by the crossOrigin attribute, which may be set or unset between the load start and the load end.
+
+ Now the crossOrigin attribute is checked at load start. If it is set, the CORS checks will happen even if the attribute is unset before the end of the load.
+ This is more consistent as the actual request was built with CORS enabled.
+
+ * loader/CrossOriginPreflightChecker.cpp:
+ (WebCore::CrossOriginPreflightChecker::startPreflight): Setting correctly the preflight options as per fetch spec.
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::didReceiveResponse): Removing CORS check.
+ (WebCore::DocumentThreadableLoader::loadRequest): Adding CORS check in sync mode.
+ * loader/ImageLoader.cpp:
+ (WebCore::ImageLoader::updateFromElement):
+ (WebCore::ImageLoader::notifyFinished):
+ * loader/SubresourceLoader.cpp:
+ (WebCore::SubresourceLoader::didReceiveResponse): Adding CORS checks to the response
+ (WebCore::SubresourceLoader::checkResponseCrossOriginAccessControl): Helper routine to do CORS checks
+ * loader/SubresourceLoader.h:
+ * loader/cache/CachedImage.cpp:
+ (WebCore::CachedImage::cloneData): Responsible to set image content from another CachedImage.
+ * loader/cache/CachedImage.h:
+ * loader/cache/CachedResource.cpp:
+ (WebCore::CachedResource::computeOrigin): Helper routine to set the origin and whether the resource is cross-origin or not.
+ (WebCore::CachedResource::load): Using computeOrigin.
+ (WebCore::CachedResource::loadFrom): Loading from a CachedResource from the same type and which finished loading.
+ * loader/cache/CachedResource.h:
+ (WebCore::CachedResource::cloneData):
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Helper routine responsible to adapt the CachedResource
+ that can be reused to the origin and options of a new request.
+ (WebCore::CachedResourceLoader::requestResource): Calling updateCachedResourceWithCurrentRequest before actually returning the resource.
+ (WebCore::CachedResourceLoader::determineRevalidationPolicy): Space clean-up.
+ * loader/cache/CachedResourceLoader.h:
+ * loader/cache/CachedResourceRequest.h:
+ (WebCore::CachedResourceRequest::setCachingPolicy):
+ * style/StylePendingResources.cpp:
+ (WebCore::Style::loadPendingImage): Allowing data URLs for ShapeOutside data.
+
</ins><span class="cx"> 2016-09-05 Darin Adler <darin@apple.com>
</span><span class="cx">
</span><span class="cx"> More bindings improvements, particularly things not needed for JavaScript bindings
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderCrossOriginPreflightCheckercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -100,8 +100,8 @@
</span><span class="cx">
</span><span class="cx"> void CrossOriginPreflightChecker::startPreflight()
</span><span class="cx"> {
</span><del>- ResourceLoaderOptions options = static_cast<FetchOptions>(m_loader.options());
- options.credentials = FetchOptions::Credentials::Omit;
</del><ins>+ ResourceLoaderOptions options;
+ options.referrerPolicy = m_loader.options().referrerPolicy;
</ins><span class="cx"> options.redirect = FetchOptions::Redirect::Manual;
</span><span class="cx">
</span><span class="cx"> CachedResourceRequest preflightRequest(createAccessControlPreflightRequest(m_request, m_loader.securityOrigin()), options);
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderDocumentThreadableLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -276,14 +276,6 @@
</span><span class="cx"> {
</span><span class="cx"> ASSERT(m_client);
</span><span class="cx">
</span><del>- String accessControlErrorDescription;
- if (!m_sameOriginRequest && m_options.mode == FetchOptions::Mode::Cors) {
- if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
- m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription, ResourceError::Type::AccessControl));
- return;
- }
- }
-
</del><span class="cx"> ASSERT(response.type() != ResourceResponse::Type::Error);
</span><span class="cx"> if (response.type() == ResourceResponse::Type::Default) {
</span><span class="cx"> m_client->didReceiveResponse(identifier, ResourceResponse::filterResponse(response, tainting));
</span><span class="lines">@@ -430,8 +422,19 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ResourceResponse::Tainting tainting = ResourceResponse::Tainting::Basic;
</span><del>- if (!m_sameOriginRequest)
- tainting = m_options.mode == FetchOptions::Mode::Cors ? ResourceResponse::Tainting::Cors : ResourceResponse::Tainting::Opaque;
</del><ins>+ if (!m_sameOriginRequest) {
+ if (m_options.mode == FetchOptions::Mode::NoCors)
+ tainting = ResourceResponse::Tainting::Opaque;
+ else {
+ ASSERT(m_options.mode == FetchOptions::Mode::Cors);
+ tainting = ResourceResponse::Tainting::Cors;
+ String accessControlErrorDescription;
+ if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
+ m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription, ResourceError::Type::AccessControl));
+ return;
+ }
+ }
+ }
</ins><span class="cx"> didReceiveResponse(identifier, response, tainting);
</span><span class="cx">
</span><span class="cx"> if (data)
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderImageLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/ImageLoader.cpp (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/ImageLoader.cpp 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/ImageLoader.cpp 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -210,7 +210,7 @@
</span><span class="cx"> m_hasPendingErrorEvent = true;
</span><span class="cx"> errorEventSender().dispatchEventSoon(*this);
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> CachedImage* oldImage = m_image.get();
</span><span class="cx"> if (newImage != oldImage) {
</span><span class="cx"> if (m_hasPendingBeforeLoadEvent) {
</span><span class="lines">@@ -282,7 +282,7 @@
</span><span class="cx"> if (!m_hasPendingLoadEvent)
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- if (element().hasAttributeWithoutSynchronization(HTMLNames::crossoriginAttr) && !resource->passesSameOriginPolicyCheck(*element().document().securityOrigin())) {
</del><ins>+ if (resource->resourceError().isAccessControl()) {
</ins><span class="cx"> clearImageWithoutConsideringPendingLoadEvent();
</span><span class="cx">
</span><span class="cx"> m_hasPendingErrorEvent = true;
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderSubresourceLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/SubresourceLoader.cpp (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/SubresourceLoader.cpp 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/SubresourceLoader.cpp 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -277,6 +277,14 @@
</span><span class="cx"> m_frame->page()->diagnosticLoggingClient().logDiagnosticMessageWithResult(DiagnosticLoggingKeys::cachedResourceRevalidationKey(), emptyString(), DiagnosticLoggingResultFail, ShouldSample::Yes);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ String errorDescription;
+ if (!checkResponseCrossOriginAccessControl(response, errorDescription)) {
+ if (m_frame && m_frame->document())
+ m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, errorDescription);
+ cancel(ResourceError(String(), 0, request().url(), errorDescription, ResourceError::Type::AccessControl));
+ return;
+ }
+
</ins><span class="cx"> m_resource->responseReceived(response);
</span><span class="cx"> if (reachedTerminalState())
</span><span class="cx"> return;
</span><span class="lines">@@ -403,6 +411,15 @@
</span><span class="cx"> frame->page()->diagnosticLoggingClient().logDiagnosticMessageWithValue(DiagnosticLoggingKeys::resourceKey(), DiagnosticLoggingKeys::loadedKey(), resourceType, ShouldSample::Yes);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool SubresourceLoader::checkResponseCrossOriginAccessControl(const ResourceResponse& response, String& errorDescription)
+{
+ if (!m_resource->isCrossOrigin() || options().mode != FetchOptions::Mode::Cors)
+ return true;
+
+ ASSERT(m_origin);
+ return passesAccessControlCheck(response, options().allowCredentials, *m_origin, errorDescription);
+}
+
</ins><span class="cx"> bool SubresourceLoader::checkRedirectionCrossOriginAccessControl(const ResourceRequest& previousRequest, const ResourceResponse& redirectResponse, ResourceRequest& newRequest, String& errorMessage)
</span><span class="cx"> {
</span><span class="cx"> bool crossOriginFlag = m_resource->isCrossOrigin();
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderSubresourceLoaderh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/SubresourceLoader.h (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/SubresourceLoader.h 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/SubresourceLoader.h 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -92,6 +92,7 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> bool checkForHTTPStatusCodeError();
</span><ins>+ bool checkResponseCrossOriginAccessControl(const ResourceResponse&, String&);
</ins><span class="cx"> bool checkRedirectionCrossOriginAccessControl(const ResourceRequest& previousRequest, const ResourceResponse&, ResourceRequest& newRequest, String&);
</span><span class="cx">
</span><span class="cx"> void didReceiveDataOrBuffer(const char*, int, RefPtr<SharedBuffer>&&, long long encodedDataLength, DataPayloadType);
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedImagecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedImage.cpp (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedImage.cpp 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/cache/CachedImage.cpp 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -114,6 +114,18 @@
</span><span class="cx"> setLoading(false);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void CachedImage::setBodyDataFrom(const CachedResource& resource)
+{
+ ASSERT(resource.type() == type());
+ const CachedImage& image = static_cast<const CachedImage&>(resource);
+
+ setLoading(false);
+ m_image = image.m_image;
+
+ if (m_image && is<SVGImage>(*m_image))
+ m_svgImageCache = std::make_unique<SVGImageCache>(&downcast<SVGImage>(*m_image));
+}
+
</ins><span class="cx"> void CachedImage::didAddClient(CachedResourceClient* client)
</span><span class="cx"> {
</span><span class="cx"> if (m_data && !m_image && !errorOccurred()) {
</span><span class="lines">@@ -120,7 +132,7 @@
</span><span class="cx"> createImage();
</span><span class="cx"> m_image->setData(m_data.copyRef(), true);
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> ASSERT(client->resourceClientType() == CachedImageClient::expectedType());
</span><span class="cx"> if (m_image && !m_image->isNull())
</span><span class="cx"> static_cast<CachedImageClient*>(client)->imageChanged(this);
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedImageh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedImage.h (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedImage.h 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/cache/CachedImage.h 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -91,6 +91,10 @@
</span><span class="cx"> private:
</span><span class="cx"> void clear();
</span><span class="cx">
</span><ins>+ CachedImage(CachedImage&, const ResourceRequest&, SessionID);
+
+ void setBodyDataFrom(const CachedResource&) final;
+
</ins><span class="cx"> void createImage();
</span><span class="cx"> void clearImage();
</span><span class="cx"> // If not null, changeRect is the changed part of the image.
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedResourcecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResource.cpp (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResource.cpp 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/cache/CachedResource.cpp 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -236,11 +236,29 @@
</span><span class="cx"> frameLoader.addExtraFieldsToSubresourceRequest(request);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void CachedResource::addAdditionalRequestHeaders(CachedResourceLoader& cachedResourceLoader)
</del><ins>+void CachedResource::addAdditionalRequestHeaders(CachedResourceLoader& loader)
</ins><span class="cx"> {
</span><del>- addAdditionalRequestHeadersToRequest(m_resourceRequest, cachedResourceLoader, *this);
</del><ins>+ addAdditionalRequestHeadersToRequest(m_resourceRequest, loader, *this);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+void CachedResource::computeOrigin(CachedResourceLoader& loader)
+{
+ if (type() == MainResource)
+ return;
+
+ ASSERT(loader.document());
+ if (m_resourceRequest.hasHTTPOrigin())
+ m_origin = SecurityOrigin::createFromString(m_resourceRequest.httpOrigin());
+ else
+ m_origin = loader.document()->securityOrigin();
+ ASSERT(m_origin);
+
+ if (!(m_resourceRequest.url().protocolIsData() && m_options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set) && !m_origin->canRequest(m_resourceRequest.url()))
+ setCrossOrigin();
+
+ addAdditionalRequestHeaders(loader);
+}
+
</ins><span class="cx"> void CachedResource::load(CachedResourceLoader& cachedResourceLoader, const ResourceLoaderOptions& options)
</span><span class="cx"> {
</span><span class="cx"> if (!cachedResourceLoader.frame()) {
</span><span class="lines">@@ -300,19 +318,8 @@
</span><span class="cx"> #endif
</span><span class="cx"> m_resourceRequest.setPriority(loadPriority());
</span><span class="cx">
</span><del>- if (type() != MainResource) {
- if (m_resourceRequest.hasHTTPOrigin())
- m_origin = SecurityOrigin::createFromString(m_resourceRequest.httpOrigin());
- else
- m_origin = cachedResourceLoader.document()->securityOrigin();
- ASSERT(m_origin);
</del><ins>+ computeOrigin(cachedResourceLoader);
</ins><span class="cx">
</span><del>- if (!(m_resourceRequest.url().protocolIsData() && options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set) && m_origin && !m_origin->canRequest(m_resourceRequest.url()))
- setCrossOrigin();
-
- addAdditionalRequestHeaders(cachedResourceLoader);
- }
-
</del><span class="cx"> // FIXME: It's unfortunate that the cache layer and below get to know anything about fragment identifiers.
</span><span class="cx"> // We should look into removing the expectation of that knowledge from the platform network stacks.
</span><span class="cx"> ResourceRequest request(m_resourceRequest);
</span><span class="lines">@@ -332,6 +339,27 @@
</span><span class="cx"> m_status = Pending;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void CachedResource::loadFrom(const CachedResource& resource, const ResourceLoaderOptions& options, CachedResourceLoader& cachedResourceLoader)
+{
+ ASSERT(url() == resource.url());
+ ASSERT(type() == resource.type());
+ ASSERT(resource.status() == Status::Cached);
+
+ m_options = options;
+ computeOrigin(cachedResourceLoader);
+
+ if (isCrossOrigin() && options.mode == FetchOptions::Mode::Cors) {
+ ASSERT(m_origin);
+ String errorMessage;
+ if (!WebCore::passesAccessControlCheck(resource.response(), m_options.allowCredentials, *m_origin, errorMessage)) {
+ setResourceError(ResourceError(String(), 0, url(), errorMessage, ResourceError::Type::AccessControl));
+ return;
+ }
+ }
+
+ setBodyDataFrom(resource);
+}
+
</ins><span class="cx"> void CachedResource::checkNotify()
</span><span class="cx"> {
</span><span class="cx"> if (isLoading() || stillNeedsLoad())
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedResourceh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResource.h (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResource.h 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/cache/CachedResource.h 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -209,6 +209,8 @@
</span><span class="cx"> bool isClean() const;
</span><span class="cx"> ResourceResponse::Tainting responseTainting() const { return m_responseTainting; }
</span><span class="cx">
</span><ins>+ void loadFrom(const CachedResource&, const ResourceLoaderOptions&, CachedResourceLoader&);
+
</ins><span class="cx"> SecurityOrigin* origin() const { return m_origin.get(); }
</span><span class="cx">
</span><span class="cx"> bool canDelete() const { return !hasClients() && !m_loader && !m_preloadCount && !m_handleCount && !m_resourceToRevalidate && !m_proxyResource; }
</span><span class="lines">@@ -305,10 +307,12 @@
</span><span class="cx">
</span><span class="cx"> virtual void checkNotify();
</span><span class="cx"> virtual bool mayTryReplaceEncodedData() const { return false; }
</span><ins>+ virtual void setBodyDataFrom(const CachedResource&) { }
</ins><span class="cx">
</span><span class="cx"> std::chrono::microseconds freshnessLifetime(const ResourceResponse&) const;
</span><span class="cx">
</span><span class="cx"> void addAdditionalRequestHeaders(CachedResourceLoader&);
</span><ins>+ void computeOrigin(CachedResourceLoader&);
</ins><span class="cx"> void failBeforeStarting();
</span><span class="cx">
</span><span class="cx"> HashMap<CachedResourceClient*, std::unique_ptr<Callback>> m_clientsAwaitingCallback;
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedResourceLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -539,6 +539,34 @@
</span><span class="cx"> return !newRequest.isNull();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool CachedResourceLoader::updateCachedResourceWithCurrentRequest(CachedResourceRequest& request, CachedResourceHandle<CachedResource>& resourceHandle)
+{
+ ASSERT(resourceHandle);
+
+ CachedResource& resource = *resourceHandle;
+
+ // FIXME: We should progressively extend this to other reusable resources
+ if (resource.type() != CachedResource::Type::ImageResource)
+ return false;
+
+ bool shouldUpdate = resource.options().mode != request.options().mode || request.resourceRequest().httpOrigin() != resource.resourceRequest().httpOrigin();
+
+ if (!shouldUpdate)
+ return false;
+
+ // FIXME: For being loaded requests, we currently do not use the same resource, as this may induce errors in the resource response tainting.
+ // We should find a way to improve this.
+ if (resource.status() != CachedResource::Cached) {
+ request.setCachingPolicy(CachingPolicy::DisallowCaching);
+ resourceHandle = loadResource(resource.type(), request);
+ return true;
+ }
+
+ resourceHandle = createResource(resource.type(), request.mutableResourceRequest(), request.charset(), sessionID());
+ resourceHandle->loadFrom(resource, request.options(), *this);
+ return true;
+}
+
</ins><span class="cx"> static inline void logMemoryCacheResourceRequest(Frame* frame, const String& description, const String& value = String())
</span><span class="cx"> {
</span><span class="cx"> if (!frame || !frame->page())
</span><span class="lines">@@ -635,19 +663,21 @@
</span><span class="cx"> resource = revalidateResource(request, resource.get());
</span><span class="cx"> break;
</span><span class="cx"> case Use:
</span><del>- if (!shouldContinueAfterNotifyingLoadedFromMemoryCache(request, resource.get()))
- return nullptr;
- logMemoryCacheResourceRequest(frame(), DiagnosticLoggingKeys::inMemoryCacheKey(), DiagnosticLoggingKeys::usedKey());
- memoryCache.resourceAccessed(*resource);
</del><ins>+ if (!updateCachedResourceWithCurrentRequest(request, resource)) {
+ if (!shouldContinueAfterNotifyingLoadedFromMemoryCache(request, resource.get()))
+ return nullptr;
+ logMemoryCacheResourceRequest(frame(), DiagnosticLoggingKeys::inMemoryCacheKey(), DiagnosticLoggingKeys::usedKey());
+ memoryCache.resourceAccessed(*resource);
</ins><span class="cx"> #if ENABLE(WEB_TIMING)
</span><del>- if (document() && RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled()) {
- // FIXME (161170): The networkLoadTiming shouldn't be stored on the ResourceResponse.
- resource->response().networkLoadTiming().reset();
- loadTiming.setResponseEnd(monotonicallyIncreasingTime());
- m_resourceTimingInfo.storeResourceTimingInitiatorInformation(resource, request, frame());
- m_resourceTimingInfo.addResourceTiming(resource.get(), *document(), loadTiming);
</del><ins>+ if (document() && RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled()) {
+ // FIXME (161170): The networkLoadTiming shouldn't be stored on the ResourceResponse.
+ resource->response().networkLoadTiming().reset();
+ loadTiming.setResponseEnd(monotonicallyIncreasingTime());
+ m_resourceTimingInfo.storeResourceTimingInitiatorInformation(resource, request, frame());
+ m_resourceTimingInfo.addResourceTiming(resource.get(), *document(), loadTiming);
+ }
+#endif
</ins><span class="cx"> }
</span><del>-#endif
</del><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -800,11 +830,11 @@
</span><span class="cx"> // in CachedImage::load.
</span><span class="cx"> if (cachedResourceRequest.defer() == CachedResourceRequest::DeferredByClient)
</span><span class="cx"> return Reload;
</span><del>-
</del><ins>+
</ins><span class="cx"> // Don't reload resources while pasting.
</span><span class="cx"> if (m_allowStaleResources)
</span><span class="cx"> return Use;
</span><del>-
</del><ins>+
</ins><span class="cx"> // Always use preloads.
</span><span class="cx"> if (existingResource->isPreloaded())
</span><span class="cx"> return Use;
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedResourceLoaderh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.h (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -155,7 +155,8 @@
</span><span class="cx">
</span><span class="cx"> enum RevalidationPolicy { Use, Revalidate, Reload, Load };
</span><span class="cx"> RevalidationPolicy determineRevalidationPolicy(CachedResource::Type, CachedResourceRequest&, CachedResource* existingResource) const;
</span><del>-
</del><ins>+
+ bool updateCachedResourceWithCurrentRequest(CachedResourceRequest&, CachedResourceHandle<CachedResource>&);
</ins><span class="cx"> bool shouldContinueAfterNotifyingLoadedFromMemoryCache(const CachedResourceRequest&, CachedResource*);
</span><span class="cx"> bool checkInsecureContent(CachedResource::Type, const URL&) const;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedResourceRequesth"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.h (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.h 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.h 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -61,6 +61,7 @@
</span><span class="cx"> void setInitiator(const AtomicString& name);
</span><span class="cx"> const AtomicString& initiatorName() const;
</span><span class="cx"> bool allowsCaching() const { return m_options.cachingPolicy == CachingPolicy::AllowCaching; }
</span><ins>+ void setCachingPolicy(CachingPolicy policy) { m_options.cachingPolicy = policy; }
</ins><span class="cx">
</span><span class="cx"> void setAsPotentiallyCrossOrigin(const String&, Document&);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorestyleStylePendingResourcescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/style/StylePendingResources.cpp (205472 => 205473)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/style/StylePendingResources.cpp 2016-09-06 09:48:18 UTC (rev 205472)
+++ trunk/Source/WebCore/style/StylePendingResources.cpp 2016-09-06 11:06:52 UTC (rev 205473)
</span><span class="lines">@@ -54,6 +54,7 @@
</span><span class="cx"> if (loadPolicy == LoadPolicy::ShapeOutside) {
</span><span class="cx"> options.mode = FetchOptions::Mode::Cors;
</span><span class="cx"> options.allowCredentials = DoNotAllowStoredCredentials;
</span><ins>+ options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> const_cast<StyleImage&>(*styleImage).load(document.cachedResourceLoader(), options);
</span></span></pre>
</div>
</div>
</body>
</html>