[webkit-reviews] review granted: [Bug 162819] Improve error message for Access-Control-Allow-Origin violation due to misconfigured server : [Attachment 310532] Patch and layout test
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 18 13:37:22 PDT 2017
Joseph Pecoraro <joepeck at webkit.org> has granted Daniel Bates
<dbates at webkit.org>'s request for review:
Bug 162819: Improve error message for Access-Control-Allow-Origin violation due
to misconfigured server
https://bugs.webkit.org/show_bug.cgi?id=162819
Attachment 310532: Patch and layout test
https://bugs.webkit.org/attachment.cgi?id=310532&action=review
--- Comment #4 from Joseph Pecoraro <joepeck at webkit.org> ---
Comment on attachment 310532
--> https://bugs.webkit.org/attachment.cgi?id=310532
Patch and layout test
View in context: https://bugs.webkit.org/attachment.cgi?id=310532&action=review
r=me
Looks like we will have to mark the WPT tests as failures?
imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins.html
imported/w3c/web-platform-tests/fetch/api/cors/cors-multiple-origins-worker.htm
l
> Source/WebCore/loader/CrossOriginAccessControl.cpp:161
> errorDescription = "Cannot use wildcard in
Access-Control-Allow-Origin when credentials flag is true.";
> + else if (accessControlOriginString.find(',') != notFound)
> + errorDescription = "Access-Control-Allow-Origin cannot contain
more than one origin.";
You can ASCIILiteral(...) these strings.
>
LayoutTests/http/tests/xmlhttprequest/resources/origin-exact-matching-iframe.ht
ml:48
> +//shouldFail(pageOrigin + "\0"); // Doesn't fail in chromium-linux. See
http://wkbug.com/88688 and http://wkbug.com/88139
Do we pass this? Seems like this was only an issue in chromium-linux, we should
be able to enable this test.
>
LayoutTests/http/tests/xmlhttprequest/resources/origin-exact-matching-iframe.ht
ml:49
> +shouldFail((pageOrigin).toUpperCase());
Nit: You can drop the parenthesis around pageOrigin now that it is not an
expression.
>
LayoutTests/http/tests/xmlhttprequest/resources/origin-exact-matching-iframe.ht
ml:71
> +shouldFail(pageOrigin + ", *");
How about adding cases starting with or ending with a comma:
shouldFail(",");
shouldFail(","+pageOrigin);
shouldFail(pageOrigin+",");
More information about the webkit-reviews
mailing list