<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />

<title>[208046] trunk</title>

</head>

<body>

<style type="text/css"><!--

#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }

#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }

#msg dt:after { content:':';}

#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }

#msg dl a { font-weight: bold}

#msg dl a:link    { color:#fc3; }

#msg dl a:active  { color:#ff0; }

#msg dl a:visited { color:#cc6; }

h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }

#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }

#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }

#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }

#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }

#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }

#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }

#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }

#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }

#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }

#logmsg pre { background: #eee; padding: 1em; }

#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}

#logmsg dl { margin: 0; }

#logmsg dt { font-weight: bold; }

#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }

#logmsg dd:before { content:'\00bb';}

#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }

#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }

#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }

#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }

#logmsg table th.Corner { text-align: left; }

#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }

#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }

#patch { width: 100%; }

#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}

#patch .propset h4, #patch .binary h4 {margin:0;}

#patch pre {padding:0;line-height:1.2em;margin:0;}

#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}

#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}

#patch span {display:block;padding:0 10px;}

#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}

#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}

#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}

#patch .lines, .info {color:#888;background:#fff;}

--></style>

<div id="msg">

<dl class="meta">

<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/208046">208046</a></dd>

<dt>Author</dt> <dd>commit-queue@webkit.org</dd>

<dt>Date</dt> <dd>2016-10-28 06:59:20 -0700 (Fri, 28 Oct 2016)</dd>

</dl>

<h3>Log Message</h3>

<pre>[Fetch] Ensure redirection count is no more than 20 in case of cross origin requests

https://bugs.webkit.org/show_bug.cgi?id=164117

Patch by Youenn Fablet &lt;youenn@apple.com&gt; on 2016-10-28

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Adding new tests.

Split redirect.py in two different scripts.

redirect.py is to be used when simple redirections are needed.

redirect-count.py is to be used when the number of redirections is tested.

redirect.py no longer needs the count parameter.

This explains rebasing of the existing tests.

* web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt:

* web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt:

* web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt:

* web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt:

* web-platform-tests/fetch/api/redirect/redirect-count-cross-origin-expected.txt: Added.

* web-platform-tests/fetch/api/redirect/redirect-count-cross-origin-worker-expected.txt: Added.

* web-platform-tests/fetch/api/redirect/redirect-count-cross-origin-worker.html: Added.

* web-platform-tests/fetch/api/redirect/redirect-count-cross-origin.html: Added.

* web-platform-tests/fetch/api/redirect/redirect-count-cross-origin.js: Added.

(redirectCount):

* web-platform-tests/fetch/api/redirect/redirect-count-expected.txt:

* web-platform-tests/fetch/api/redirect/redirect-count-worker-expected.txt:

* web-platform-tests/fetch/api/redirect/redirect-count.js:

(redirectCount):

* web-platform-tests/fetch/api/request/request-cache-only-if-cached-expected.txt:

* web-platform-tests/fetch/api/resources/redirect-count.py: Copied from LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/redirect.py.

(main):

* web-platform-tests/fetch/api/resources/redirect.py:

(main):

Source/WebCore:

Tests: imported/w3c/web-platform-tests/fetch/api/redirect/redirect-count-cross-origin-worker.html

       imported/w3c/web-platform-tests/fetch/api/redirect/redirect-count-cross-origin.html

Introducing a ResourceLoaderOptions that defines the maximum redirection count.

By default, it is set to 20 as per fetch specification.

This option is used by SubresourceLoader to cancel load if its redirection count is above that maximum.

DocumentThreadableLoader stopping redirections to make preflight if needed, it now uses the maxRedirectCount loader option to ensure

that the total number of redirections is 20.

* loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::redirectReceived):

* loader/ResourceLoaderOptions.h:

* loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::willSendRequestInternal):

* loader/SubresourceLoader.h:</pre>

<h3>Modified Paths</h3>

<ul>

<li><a href="#trunkLayoutTestsimportedw3cChangeLog">trunk/LayoutTests/imported/w3c/ChangeLog</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapibasicmodesameoriginexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapibasicmodesameoriginworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectcredentialsexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectcredentialsworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapiredirectredirectcountexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-count-expected.txt</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapiredirectredirectcountworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-count-worker-expected.txt</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapiredirectredirectcountjs">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-count.js</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapirequestrequestcacheonlyifcachedexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/request/request-cache-only-if-cached-expected.txt</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapiresourcesredirectpy">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/redirect.py</a></li>

<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>

<li><a href="#trunkSourceWebCoreloaderDocumentThreadableLoadercpp">trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp</a></li>

<li><a href="#trunkSourceWebCoreloaderResourceLoaderOptionsh">trunk/Source/WebCore/loader/ResourceLoaderOptions.h</a></li>

<li><a href="#trunkSourceWebCoreloaderSubresourceLoadercpp">trunk/Source/WebCore/loader/SubresourceLoader.cpp</a></li>

<li><a href="#trunkSourceWebCoreloaderSubresourceLoaderh">trunk/Source/WebCore/loader/SubresourceLoader.h</a></li>

</ul>

<h3>Added Paths</h3>

<ul>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapiredirectredirectcountcrossoriginexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-count-cross-origin-expected.txt</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapiredirectredirectcountcrossoriginworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-count-cross-origin-worker-expected.txt</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapiredirectredirectcountcrossoriginworkerhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-count-cross-origin-worker.html</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapiredirectredirectcountcrossoriginhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-count-cross-origin.html</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapiredirectredirectcountcrossoriginjs">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-count-cross-origin.js</a></li>

<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsfetchapiresourcesredirectcountpy">trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/redirect-count.py</a></li>

</ul>

</div>

<div id="patch">

<h3>Diff</h3>

<a id="trunkLayoutTestsimportedw3cChangeLog"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/ChangeLog (208045 => 208046)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/imported/w3c/ChangeLog        2016-10-28 12:36:33 UTC (rev 208045)

+++ trunk/LayoutTests/imported/w3c/ChangeLog        2016-10-28 13:59:20 UTC (rev 208046)

</span><span class="lines">@@ -1,3 +1,38 @@

</span><ins>+2016-10-28  Youenn Fablet  &lt;youenn@apple.com&gt;

+

+        [Fetch] Ensure redirection count is no more than 20 in case of cross origin requests

+        https://bugs.webkit.org/show_bug.cgi?id=164117

+

+        Reviewed by Sam Weinig.

+

+        Adding new tests.

+        Split redirect.py in two different scripts.

+        redirect.py is to be used when simple redirections are needed.

+        redirect-count.py is to be used when the number of redirections is tested.

+

+        redirect.py no longer needs the count parameter.

+        This explains rebasing of the existing tests.

+

+        * web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt:

+        * web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt:

+        * web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt:

+        * web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker-expected.txt:

+        * web-platform-tests/fetch/api/redirect/redirect-count-cross-origin-expected.txt: Added.

+        * web-platform-tests/fetch/api/redirect/redirect-count-cross-origin-worker-expected.txt: Added.

+        * web-platform-tests/fetch/api/redirect/redirect-count-cross-origin-worker.html: Added.

+        * web-platform-tests/fetch/api/redirect/redirect-count-cross-origin.html: Added.

+        * web-platform-tests/fetch/api/redirect/redirect-count-cross-origin.js: Added.

+        (redirectCount):

+        * web-platform-tests/fetch/api/redirect/redirect-count-expected.txt:

+        * web-platform-tests/fetch/api/redirect/redirect-count-worker-expected.txt:

+        * web-platform-tests/fetch/api/redirect/redirect-count.js:

+        (redirectCount):

+        * web-platform-tests/fetch/api/request/request-cache-only-if-cached-expected.txt:

+        * web-platform-tests/fetch/api/resources/redirect-count.py: Copied from LayoutTests/imported/w3c/web-platform-tests/fetch/api/resources/redirect.py.

+        (main):

+        * web-platform-tests/fetch/api/resources/redirect.py:

+        (main):

+

</ins><span class="cx"> 2016-10-27  Youenn Fablet  &lt;youenn@apple.com&gt;

</span><span class="cx"> 

</span><span class="cx">         [Fetch API] Fetch ReadableStream should only clone the second branch

</span></span></pre></div>

<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapibasicmodesameoriginexpectedtxt"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt (208045 => 208046)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt        2016-10-28 12:36:33 UTC (rev 208045)

+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt        2016-10-28 13:59:20 UTC (rev 208046)

</span><span class="lines">@@ -1,6 +1,6 @@

<del>-CONSOLE MESSAGE: Unsafe attempt to load URL https://localhost:9443/fetch/api/resources/top.txt?location=https%3A%2F%2Flocalhost%3A9443%2Ffetch%2Fapi%2Fresources%2Ftop.txt&amp;count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin.html. Domains, protocols and ports must match.

</del><ins>+CONSOLE MESSAGE: Unsafe attempt to load URL https://localhost:9443/fetch/api/resources/top.txt?location=https%3A%2F%2Flocalhost%3A9443%2Ffetch%2Fapi%2Fresources%2Ftop.txt from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin.html. Domains, protocols and ports must match.

</ins><span class="cx"> 

<del>-CONSOLE MESSAGE: Unsafe attempt to load URL http://127.0.0.1:8800/fetch/api/resources/top.txt?location=http%3A%2F%2F127.0.0.1%3A8800%2Ffetch%2Fapi%2Fresources%2Ftop.txt&amp;count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin.html. Domains, protocols and ports must match.

</del><ins>+CONSOLE MESSAGE: Unsafe attempt to load URL http://127.0.0.1:8800/fetch/api/resources/top.txt?location=http%3A%2F%2F127.0.0.1%3A8800%2Ffetch%2Fapi%2Fresources%2Ftop.txt from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin.html. Domains, protocols and ports must match.

</ins><span class="cx"> 

</span><span class="cx"> 

</span><span class="cx"> PASS Fetch ../resources/top.txt with same-origin mode 

</span></span></pre></div>

<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapibasicmodesameoriginworkerexpectedtxt"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt (208045 => 208046)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt        2016-10-28 12:36:33 UTC (rev 208045)

+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt        2016-10-28 13:59:20 UTC (rev 208046)

</span><span class="lines">@@ -1,6 +1,6 @@

<del>-CONSOLE MESSAGE: Unsafe attempt to load URL https://localhost:9443/fetch/api/resources/top.txt?location=https%3A%2F%2Flocalhost%3A9443%2Ffetch%2Fapi%2Fresources%2Ftop.txt&amp;count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin-worker.html. Domains, protocols and ports must match.

</del><ins>+CONSOLE MESSAGE: Unsafe attempt to load URL https://localhost:9443/fetch/api/resources/top.txt?location=https%3A%2F%2Flocalhost%3A9443%2Ffetch%2Fapi%2Fresources%2Ftop.txt from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin-worker.html. Domains, protocols and ports must match.

</ins><span class="cx"> 

<del>-CONSOLE MESSAGE: Unsafe attempt to load URL http://127.0.0.1:8800/fetch/api/resources/top.txt?location=http%3A%2F%2F127.0.0.1%3A8800%2Ffetch%2Fapi%2Fresources%2Ftop.txt&amp;count=1 from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin-worker.html. Domains, protocols and ports must match.

</del><ins>+CONSOLE MESSAGE: Unsafe attempt to load URL http://127.0.0.1:8800/fetch/api/resources/top.txt?location=http%3A%2F%2F127.0.0.1%3A8800%2Ffetch%2Fapi%2Fresources%2Ftop.txt from frame with URL http://localhost:8800/fetch/api/basic/mode-same-origin-worker.html. Domains, protocols and ports must match.

</ins><span class="cx"> 

</span><span class="cx"> 

</span><span class="cx"> PASS Fetch ../resources/top.txt with same-origin mode 

</span></span></pre></div>

<a id="trunkLayoutTestsimportedw3cwebplatformtestsfetchapicorscorsredirectcredentialsexpectedtxt"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt (208045 => 208046)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt        2016-10-28 12:36:33 UTC (rev 208045)

+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-expected.txt        2016-10-28 13:59:20 UTC (rev 208046)

</span><span class="lines">@@ -1,63 +1,63 @@