[webkit-reviews] review granted: [Bug 178565] XMLHttpRequest should not treat file URLs as same origin : [Attachment 324854] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 25 13:16:58 PDT 2017


Ryosuke Niwa <rniwa at webkit.org> has granted Brent Fulgham
<bfulgham at webkit.org>'s request for review:
Bug 178565: XMLHttpRequest should not treat file URLs as same origin
https://bugs.webkit.org/show_bug.cgi?id=178565

Attachment 324854: Patch

https://bugs.webkit.org/attachment.cgi?id=324854&action=review




--- Comment #52 from Ryosuke Niwa <rniwa at webkit.org> ---
Comment on attachment 324854
  --> https://bugs.webkit.org/attachment.cgi?id=324854
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=324854&action=review

> Source/WebCore/page/SecurityOrigin.cpp:336
> +    if (request.url().protocolIsBlob()) {
> +	   if (auto blobOrigin = getCachedOrigin(request.url()))

request.url().protocolIsBlob() is already checked in getCachedOrigin.
We can just call getCachedOrigin. It's such a misleading name though...

>
LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-file-re
al.html:19
> +	   xhr.open("GET", "", false);
> +	   xhr.send("");

Please add a test case for blob URL.


More information about the webkit-reviews mailing list