[webkit-reviews] review granted: [Bug 175386] [Beacon][NetworkSession] Support CORS-preflighting on redirects : [Attachment 317734] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 9 14:08:39 PDT 2017
youenn fablet <youennf at gmail.com> has granted Chris Dumez <cdumez at apple.com>'s
request for review:
Bug 175386: [Beacon][NetworkSession] Support CORS-preflighting on redirects
https://bugs.webkit.org/show_bug.cgi?id=175386
Attachment 317734: Patch
https://bugs.webkit.org/attachment.cgi?id=317734&action=review
--- Comment #6 from youenn fablet <youennf at gmail.com> ---
Comment on attachment 317734
--> https://bugs.webkit.org/attachment.cgi?id=317734
Patch
The only question is whether this is fine to do so without going through CSP or
content blocker.
Given this is a replacement over synchronous XHR, and that shipping this might
allow us to remove synchronous XHR, this looks like an improvement to me.
View in context: https://bugs.webkit.org/attachment.cgi?id=317734&action=review
> Source/WebKit/NetworkProcess/PingLoad.cpp:46
> + ,
m_sameOriginRequest(securityOrigin().canRequest(m_parameters.request.url()))
m_isSameOriginRequest might be a better name.
> Source/WebKit/NetworkProcess/PingLoad.cpp:61
> + m_redirectHandler({ });
Why do we need to do that?
> Source/WebKit/NetworkProcess/PingLoad.cpp:75
> + loadParameters.request = request;
Aren't we creating two ResourceRequest, while we should only create one?
> Source/WebKit/NetworkProcess/PingLoad.cpp:76
> + m_task = NetworkDataTask::create(*networkSession, *this,
loadParameters);
And we are not moving loadParameters, which probably means that NetworkDataTask
is creating its own copy of ResourceRequest.
Some refactoring might be useful there?
> Source/WebKit/NetworkProcess/PingLoad.cpp:102
> + // Use a unique for subsequent loads if needed.
Use a unique origin?
> Source/WebKit/NetworkProcess/PingLoad.cpp:106
> + m_origin = SecurityOrigin::createUnique();
You could add a check so as to not create a new origin if m_origin is not
unique.
> LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-failure.html:21
> + response.text().then(body => {
You can just do "return response.json()" here.
> LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-failure.html:25
> + }), 1000);
Cannot we use the new polling mechanism that landed in the other patch?
> LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-failure.html:40
> + result = JSON.parse(json);
No need for JSON.parse if using json() above.
>
LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sa
meorigin.html:25
> + }), 1000);
Ditto, or put in common some code of these two tests/merge them into one.
More information about the webkit-reviews
mailing list