[webkit-reviews] review granted: [Bug 207102] Fix behavior of pings regarding Origin header : [Attachment 391639] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 2 06:31:43 PST 2020
youenn fablet <youennf at gmail.com> has granted Rob Buis <rbuis at igalia.com>'s
request for review:
Bug 207102: Fix behavior of pings regarding Origin header
https://bugs.webkit.org/show_bug.cgi?id=207102
Attachment 391639: Patch
https://bugs.webkit.org/attachment.cgi?id=391639&action=review
--- Comment #7 from youenn fablet <youennf at gmail.com> ---
Comment on attachment 391639
--> https://bugs.webkit.org/attachment.cgi?id=391639
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=391639&action=review
> Source/WebCore/loader/PingLoader.cpp:138
> + FrameLoader::addHTTPOriginIfNeeded(request,
SecurityPolicy::generateOriginHeader(document.referrerPolicy(), request.url(),
sourceOrigin.toString()));
It might be nice to only create the origin value when we need to set the
header.
How about adding something like
FrameLoader::addHTTPOriginIfNeeded(ResourceRequest&, ReferrerPolicy, const
SecurityOrigin&)
or
FrameLoader::addHTTPOriginIfNeeded(ResourceRequest&, const Document&)
> Source/WebCore/page/SecurityPolicy.cpp:134
> +String SecurityPolicy::generateOriginHeader(ReferrerPolicy referrerPolicy,
const URL& url, const String& origin)
It seems passing a SecurityOrigin would be better in the
StrictOrigin/StrictOriginWhenCrossOrigin/SameOrigin cases.
> Source/WebCore/page/SecurityPolicy.cpp:138
> + return "null";
"null"-> "null"_s here and below.
> Source/WebCore/page/SecurityPolicy.cpp:149
> + default:
Can we enumerate all enum values instead of having default?
More information about the webkit-reviews
mailing list