<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[206010] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/206010">206010</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2016-09-16 00:41:49 -0700 (Fri, 16 Sep 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Link loader should use FetchOptions::mode according its crossOrigin attribute
https://bugs.webkit.org/show_bug.cgi?id=161859
Patch by Youenn Fablet <youenn@apple.com> on 2016-09-16
Reviewed by Sam Weinig.
Source/WebCore:
Tests: http/tests/security/cached-cross-origin-preloaded-css-stylesheet.html
http/tests/security/cached-cross-origin-preloading-css-stylesheet.html
Setting fetch mode according crossorigin attribute for link preload elements.
This allows calling onerror callback for CORS failures, which was not the case before the patch.
Making cached CSS stylesheet reusable accross origins and fetch modes.
* loader/LinkLoader.cpp:
(WebCore::LinkLoader::preloadIfNeeded): Using CachedResourceRequest::setAsPotentiallyCrossOrigin to set fetch mode.
* loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::sheetText): clean-up.
(WebCore::CachedCSSStyleSheet::setBodyDataFrom): Implementing data init for cached css stylesheets.
* loader/cache/CachedCSSStyleSheet.h:
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Activating update support for stylesheets.
(WebCore::CachedResourceLoader::requestResource): Fixing for matching cached resources that need being reloaded due to different origin/fetch mode.
LayoutTests:
* http/tests/security/cached-cross-origin-preloaded-css-stylesheet-expected.txt: Added.
* http/tests/security/cached-cross-origin-preloaded-css-stylesheet.html: Added.
* http/tests/security/cached-cross-origin-preloading-css-stylesheet-expected.txt: Added.
* http/tests/security/cached-cross-origin-preloading-css-stylesheet.html: Added.
* http/tests/security/resources/allow-if-origin.php: Adding support for allowing credentials and setting contentType.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcesallowiforiginphp">trunk/LayoutTests/http/tests/security/resources/allow-if-origin.php</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreloaderLinkLoadercpp">trunk/Source/WebCore/loader/LinkLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedCSSStyleSheetcpp">trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedCSSStyleSheeth">trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.h</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedResourceLoadercpp">trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecuritycachedcrossoriginpreloadedcssstylesheetexpectedtxt">trunk/LayoutTests/http/tests/security/cached-cross-origin-preloaded-css-stylesheet-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycachedcrossoriginpreloadedcssstylesheethtml">trunk/LayoutTests/http/tests/security/cached-cross-origin-preloaded-css-stylesheet.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycachedcrossoriginpreloadingcssstylesheetexpectedtxt">trunk/LayoutTests/http/tests/security/cached-cross-origin-preloading-css-stylesheet-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycachedcrossoriginpreloadingcssstylesheethtml">trunk/LayoutTests/http/tests/security/cached-cross-origin-preloading-css-stylesheet.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (206009 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-09-16 07:33:44 UTC (rev 206009)
+++ trunk/LayoutTests/ChangeLog 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -1,5 +1,18 @@
</span><span class="cx"> 2016-09-16 Youenn Fablet <youenn@apple.com>
</span><span class="cx">
</span><ins>+ Link loader should use FetchOptions::mode according its crossOrigin attribute
+ https://bugs.webkit.org/show_bug.cgi?id=161859
+
+ Reviewed by Sam Weinig.
+
+ * http/tests/security/cached-cross-origin-preloaded-css-stylesheet-expected.txt: Added.
+ * http/tests/security/cached-cross-origin-preloaded-css-stylesheet.html: Added.
+ * http/tests/security/cached-cross-origin-preloading-css-stylesheet-expected.txt: Added.
+ * http/tests/security/cached-cross-origin-preloading-css-stylesheet.html: Added.
+ * http/tests/security/resources/allow-if-origin.php: Adding support for allowing credentials and setting contentType.
+
+2016-09-16 Youenn Fablet <youenn@apple.com>
+
</ins><span class="cx"> [Fetch API] Referrer and Origin header should not be considered as safe request headers
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=161902
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycachedcrossoriginpreloadedcssstylesheetexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cached-cross-origin-preloaded-css-stylesheet-expected.txt (0 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cached-cross-origin-preloaded-css-stylesheet-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cached-cross-origin-preloaded-css-stylesheet-expected.txt 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+
+PASS: did not load http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss1.css&contentType=text/css&allowCredentials (cors mode)
+PASS: loaded successfuly http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss2.css&contentType=text/css&allowCredentials (cors mode)
+PASS: loaded successfuly http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss1.css&contentType=text/css&allowCredentials (no-cors mode)
+PASS: loaded successfuly http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss1.css&contentType=text/css&allowCredentials (cors mode)
+PASS: loaded successfuly http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss2.css&contentType=text/css&allowCredentials (no-cors mode)
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycachedcrossoriginpreloadedcssstylesheethtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cached-cross-origin-preloaded-css-stylesheet.html (0 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cached-cross-origin-preloaded-css-stylesheet.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cached-cross-origin-preloaded-css-stylesheet.html 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -0,0 +1,81 @@
</span><ins>+<!DOCTYPE html>
+<script>
+if (window.internals)
+ internals.setLinkPreloadSupport(true);
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+function errorPreload(e)
+{
+ console.log("unexpected preload result " + e);
+ preloaded();
+}
+var numPreloads = 0;
+function preloaded()
+{
+ if (++numPreloads == 4)
+ doTests();
+}
+</script>
+<link rel=preload onload="preloaded()" onerror="errorPreload(1)" as=style href="http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss1.css&contentType=text/css&allowCredentials">
+<link rel=preload onload="preloaded()" onerror="errorPreload(2)" as=style href="http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss1.css&contentType=text/css&allowCredentials">
+<link rel=preload onload="preloaded()" onerror="errorPreload(3)" as=style crossorigin=use-credentials href="http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss2.css&contentType=text/css&allowCredentials">
+<link rel=preload onerror="preloaded()" onload="errorPreload(4)" as=style crossorigin=use-credentials href="http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss2.css&contentType=text/css&allowCredentials">
+<div id ="log"></div>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+var maxResults = 5;
+var results = [];
+
+function checkDone()
+{
+ if (results.length !== maxResults)
+ return;
+ var log = "";
+ results.sort();
+ for (value of results)
+ log += "<br>" + value;
+ document.getElementById('log').innerHTML = log;
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+function logOnLoad(url, isCORS, expectSuccess)
+{
+ results.push((expectSuccess ? "PASS: " : "FAIL: ") + "loaded successfuly " + url + (isCORS ? " (cors mode)" : " (no-cors mode)"));
+ checkDone();
+}
+
+function logOnError(url, isCORS, expectSuccess)
+{
+ results.push((!expectSuccess ? "PASS: " : "FAIL: ") + "did not load " + url + (isCORS ? " (cors mode)" : " (no-cors mode)"));
+ checkDone();
+}
+
+function createLinkElement(url, isCORS, expectSuccess)
+{
+ link = document.createElement('link');
+ link.href = url;
+ link.rel = "stylesheet";
+ link.type = "text/css";
+ if (isCORS)
+ link.crossOrigin = "use-credentials";
+ link.onload = () => { logOnLoad(url, isCORS, expectSuccess); };
+ link.onerror = () => { logOnError(url, isCORS, expectSuccess); };
+ return link;
+}
+
+function doTests()
+{
+ document.body.appendChild(createLinkElement("http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss1.css&contentType=text/css&allowCredentials", true, false));
+ document.body.appendChild(createLinkElement("http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss1.css&contentType=text/css&allowCredentials", false, true));
+ document.body.appendChild(createLinkElement("http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss1.css&contentType=text/css&allowCredentials", true, true));
+ document.body.appendChild(createLinkElement("http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss2.css&contentType=text/css&allowCredentials", true, true));
+ document.body.appendChild(createLinkElement("http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss2.css&contentType=text/css&allowCredentials", false, true));
+}
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycachedcrossoriginpreloadingcssstylesheetexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cached-cross-origin-preloading-css-stylesheet-expected.txt (0 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cached-cross-origin-preloading-css-stylesheet-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cached-cross-origin-preloading-css-stylesheet-expected.txt 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+
+PASS: did not load http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss1.css&contentType=text/css&allowCredentials (cors mode)
+PASS: loaded successfuly http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss2.css&contentType=text/css&allowCredentials (cors mode)
+PASS: loaded successfuly http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss1.css&contentType=text/css&allowCredentials (no-cors mode)
+PASS: loaded successfuly http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss1.css&contentType=text/css&allowCredentials (cors mode)
+PASS: loaded successfuly http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss2.css&contentType=text/css&allowCredentials (no-cors mode)
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycachedcrossoriginpreloadingcssstylesheethtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/cached-cross-origin-preloading-css-stylesheet.html (0 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cached-cross-origin-preloading-css-stylesheet.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cached-cross-origin-preloading-css-stylesheet.html 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -0,0 +1,75 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.internals)
+ internals.setLinkPreloadSupport(true);
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+function errorPreload(e)
+{
+ console.log("unexpected loading result for preload " + e);
+}
+</script>
+<link rel=preload onerror="errorPreload(1)" as=style href="http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss1.css&contentType=text/css&allowCredentials">
+<link rel=preload onerror="errorPreload(2)" as=style href="http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss1.css&contentType=text/css&allowCredentials">
+<link rel=preload onerror="errorPreload(3)" as=style crossorigin="with-credentials" href="http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss2.css&contentType=text/css&allowCredentials"><link rel=preload onload="errorPreload(4)" as=style crossorigin="with-credentials" href="http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss2.css&contentType=text/css&allowCredentials">
+<link rel=preload onload="errorPreload(4)" as=style crossorigin="with-credentials" href="http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss2.css&contentType=text/css&allowCredentials">
+<div id="log"></div>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+var maxResults = 5;
+var results = [];
+
+function checkDone()
+{
+ if (results.length !== maxResults)
+ return;
+ var log = "";
+ results.sort();
+ for (value of results)
+ log += "<br>" + value;
+ document.getElementById('log').innerHTML = log;
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+function logOnLoad(url, isCORS, expectSuccess)
+{
+ results.push((expectSuccess ? "PASS: " : "FAIL: ") + "loaded successfuly " + url + (isCORS ? " (cors mode)" : " (no-cors mode)"));
+ checkDone();
+}
+
+function logOnError(url, isCORS, expectSuccess)
+{
+ results.push((!expectSuccess ? "PASS: " : "FAIL: ") + "did not load " + url + (isCORS ? " (cors mode)" : " (no-cors mode)"));
+ checkDone();
+}
+
+function createLinkElement(url, isCORS, expectSuccess)
+{
+ link = document.createElement('link');
+ link.href = url;
+ link.rel = "stylesheet";
+ link.type = "text/css";
+ if (isCORS)
+ link.crossOrigin = "with-credentials";
+ link.onload = () => { logOnLoad(url, isCORS, expectSuccess); };
+ link.onerror = () => { logOnError(url, isCORS, expectSuccess); };
+ return link;
+}
+
+document.body.appendChild(createLinkElement("http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss1.css&contentType=text/css&allowCredentials", true, false));
+document.body.appendChild(createLinkElement("http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss1.css&contentType=text/css&allowCredentials", false, true));
+document.body.appendChild(createLinkElement("http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss1.css&contentType=text/css&allowCredentials", true, true));
+document.body.appendChild(createLinkElement("http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=xorigincss2.css&contentType=text/css&allowCredentials", true, true));
+document.body.appendChild(createLinkElement("http://localhost:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8080&name=xorigincss2.css&contentType=text/css&allowCredentials", false, true));
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcesallowiforiginphp"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/resources/allow-if-origin.php (206009 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/resources/allow-if-origin.php 2016-09-16 07:33:44 UTC (rev 206009)
+++ trunk/LayoutTests/http/tests/security/resources/allow-if-origin.php 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -12,6 +12,10 @@
</span><span class="cx"> header("Vary: Origin");
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+$allowCredentials = $_GET['allowCredentials'];
+if (isset($allowCredentials))
+ header("Access-Control-Allow-Credentials: true");
+
</ins><span class="cx"> $allowCache = $_GET['allowCache'];
</span><span class="cx"> if (isset($allowCache))
</span><span class="cx"> header("Cache-Control: max-age=100");
</span><span class="lines">@@ -22,7 +26,12 @@
</span><span class="cx">
</span><span class="cx"> $fp = fopen($name, 'rb');
</span><span class="cx">
</span><del>-header("Content-Type: image/png");
</del><ins>+$contentType = $_GET['contentType'];
+if (!isset($contentType))
+ $contentType = 'image/png';
+
+header("Content-Type: " . $contentType);
+
</ins><span class="cx"> header("Content-Length: " . filesize($name));
</span><span class="cx">
</span><span class="cx"> fpassthru($fp);
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (206009 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-09-16 07:33:44 UTC (rev 206009)
+++ trunk/Source/WebCore/ChangeLog 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -1,5 +1,30 @@
</span><span class="cx"> 2016-09-16 Youenn Fablet <youenn@apple.com>
</span><span class="cx">
</span><ins>+ Link loader should use FetchOptions::mode according its crossOrigin attribute
+ https://bugs.webkit.org/show_bug.cgi?id=161859
+
+ Reviewed by Sam Weinig.
+
+ Tests: http/tests/security/cached-cross-origin-preloaded-css-stylesheet.html
+ http/tests/security/cached-cross-origin-preloading-css-stylesheet.html
+
+ Setting fetch mode according crossorigin attribute for link preload elements.
+ This allows calling onerror callback for CORS failures, which was not the case before the patch.
+
+ Making cached CSS stylesheet reusable accross origins and fetch modes.
+
+ * loader/LinkLoader.cpp:
+ (WebCore::LinkLoader::preloadIfNeeded): Using CachedResourceRequest::setAsPotentiallyCrossOrigin to set fetch mode.
+ * loader/cache/CachedCSSStyleSheet.cpp:
+ (WebCore::CachedCSSStyleSheet::sheetText): clean-up.
+ (WebCore::CachedCSSStyleSheet::setBodyDataFrom): Implementing data init for cached css stylesheets.
+ * loader/cache/CachedCSSStyleSheet.h:
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Activating update support for stylesheets.
+ (WebCore::CachedResourceLoader::requestResource): Fixing for matching cached resources that need being reloaded due to different origin/fetch mode.
+
+2016-09-16 Youenn Fablet <youenn@apple.com>
+
</ins><span class="cx"> [Fetch API] Referrer and Origin header should not be considered as safe request headers
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=161902
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderLinkLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/LinkLoader.cpp (206009 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/LinkLoader.cpp 2016-09-16 07:33:44 UTC (rev 206009)
+++ trunk/Source/WebCore/loader/LinkLoader.cpp 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -161,11 +161,7 @@
</span><span class="cx"> CachedResourceRequest linkRequest(resourceRequest, CachedResource::defaultPriorityForResourceType(type.value()));
</span><span class="cx"> linkRequest.setInitiator("link");
</span><span class="cx">
</span><del>- if (!crossOriginMode.isNull()) {
- ASSERT(document.securityOrigin());
- StoredCredentials allowCredentials = equalLettersIgnoringASCIICase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
- updateRequestForAccessControl(linkRequest.mutableResourceRequest(), *document.securityOrigin(), allowCredentials);
- }
</del><ins>+ linkRequest.setAsPotentiallyCrossOrigin(crossOriginMode, document);
</ins><span class="cx"> linkRequest.setForPreload(true);
</span><span class="cx"> CachedResourceHandle<CachedResource> cachedLinkResource = document.cachedResourceLoader().preload(type.value(), linkRequest, emptyString(), CachedResourceLoader::ExplicitPreload);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedCSSStyleSheetcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp (206009 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp 2016-09-16 07:33:44 UTC (rev 206009)
+++ trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -76,19 +76,29 @@
</span><span class="cx"> {
</span><span class="cx"> return m_decoder->encoding().name();
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> const String CachedCSSStyleSheet::sheetText(MIMETypeCheck mimeTypeCheck, bool* hasValidMIMEType) const
</span><del>-{
</del><ins>+{
</ins><span class="cx"> if (!m_data || m_data->isEmpty() || !canUseSheet(mimeTypeCheck, hasValidMIMEType))
</span><span class="cx"> return String();
</span><del>-
</del><ins>+
</ins><span class="cx"> if (!m_decodedSheetText.isNull())
</span><span class="cx"> return m_decodedSheetText;
</span><del>-
</del><ins>+
</ins><span class="cx"> // Don't cache the decoded text, regenerating is cheap and it can use quite a bit of memory
</span><span class="cx"> return m_decoder->decodeAndFlush(m_data->data(), m_data->size());
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void CachedCSSStyleSheet::setBodyDataFrom(const CachedResource& resource)
+{
+ ASSERT(resource.type() == type());
+ const CachedCSSStyleSheet& sheet = static_cast<const CachedCSSStyleSheet&>(resource);
+
+ m_decoder = sheet.m_decoder;
+ m_decodedSheetText = sheet.m_decodedSheetText;
+ m_parsedStyleSheetCache = sheet.m_parsedStyleSheetCache;
+}
+
</ins><span class="cx"> void CachedCSSStyleSheet::finishLoading(SharedBuffer* data)
</span><span class="cx"> {
</span><span class="cx"> m_data = data;
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedCSSStyleSheeth"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.h (206009 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.h 2016-09-16 07:33:44 UTC (rev 206009)
+++ trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.h 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -48,18 +48,20 @@
</span><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> bool canUseSheet(MIMETypeCheck, bool* hasValidMIMEType) const;
</span><del>- bool mayTryReplaceEncodedData() const override { return true; }
</del><ins>+ bool mayTryReplaceEncodedData() const final { return true; }
</ins><span class="cx">
</span><del>- void didAddClient(CachedResourceClient*) override;
</del><ins>+ void didAddClient(CachedResourceClient*) final;
</ins><span class="cx">
</span><del>- void setEncoding(const String&) override;
- String encoding() const override;
- const TextResourceDecoder* textResourceDecoder() const override { return m_decoder.get(); }
- void finishLoading(SharedBuffer*) override;
- void destroyDecodedData() override;
</del><ins>+ void setEncoding(const String&) final;
+ String encoding() const final;
+ const TextResourceDecoder* textResourceDecoder() const final { return m_decoder.get(); }
+ void finishLoading(SharedBuffer*) final;
+ void destroyDecodedData() final;
</ins><span class="cx">
</span><ins>+ void setBodyDataFrom(const CachedResource&) final;
+
</ins><span class="cx"> protected:
</span><del>- void checkNotify() override;
</del><ins>+ void checkNotify() final;
</ins><span class="cx">
</span><span class="cx"> RefPtr<TextResourceDecoder> m_decoder;
</span><span class="cx"> String m_decodedSheetText;
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedResourceLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (206009 => 206010)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-09-16 07:33:44 UTC (rev 206009)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-09-16 07:41:49 UTC (rev 206010)
</span><span class="lines">@@ -546,7 +546,7 @@
</span><span class="cx"> CachedResource& resource = *resourceHandle;
</span><span class="cx">
</span><span class="cx"> // FIXME: We should progressively extend this to other reusable resources
</span><del>- if (resource.type() != CachedResource::Type::ImageResource && resource.type() != CachedResource::Type::Script && resource.type() != CachedResource::Type::TextTrackResource)
</del><ins>+ if (resource.type() != CachedResource::Type::ImageResource && resource.type() != CachedResource::Type::Script && resource.type() != CachedResource::Type::TextTrackResource && resource.type() != CachedResource::Type::CSSStyleSheet)
</ins><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> bool shouldUpdate = resource.options().mode != request.options().mode || request.resourceRequest().httpOrigin() != resource.resourceRequest().httpOrigin();
</span></span></pre>
</div>
</div>
</body>
</html>