[Webkit-unassigned] [Bug 32521] [Qt] LayoutTests/http/tests/xmlhttprequest/access-control-basic-denied-preflight-cache.html fails in manual test

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 22 12:14:58 PST 2009 

https://bugs.webkit.org/show_bug.cgi?id=32521





--- Comment #15 from Robert Hogan <robert at roberthogan.net>  2009-12-22 12:14:57 PST ---
(In reply to comment #14)
> (From update of attachment 45348 [details])
> GET is a "simple" method as far as cross-origin XMLHttpRequest is concerned, so
> its behavior is different from what we'd get with FOO.
> 
> This just looks like a QNetworkReplyHandler bug to me - all HTTP method names
> are equally valid.

Mmm, then I think this test is not testing what it thinks it's testing. Judging
by the title I think it's expecting to reach:

        if
(CrossOriginPreflightResultCache::shared().canSkipPreflight(document->securityOrigin()->toString(),
request.url(), m_options.allowCredentials, request.httpMethod(),
request.httpHeaderFields()))
            preflightSuccess();
        else
            makeCrossOriginAccessRequestWithPreflight(request);

in the DocumentThreadableLoader constructor and call
makeCrossOriginAccessRequestWithPreflight(request);

However the request is marked as m_sameOriginRequest because
allowUniversalAccessFromFileURLs() is set to true in WebKit by default - as a
result it is creating the request in:

    if (m_sameOriginRequest || m_options.crossOriginRequestPolicy ==
AllowCrossOriginRequests) {
        loadRequest(request, DoSecurityCheck);
        return;
    }

in the DocumentThreadableLoader constructor instead.

So the test needs to set UniversalAccessFromFileUrls to false in order to work
as intended. However, even this won't work without a patch because calling
layoutTestController.setUniversalAccessFromFileUrls() gets called after the
securityOrigin() of the document has been initialized, so the new value doesn't
get used for the test. This requires a patch to SecurityOrigin.cpp to provide a
method for the DRT to revoke universal access immediately the setting is
updated.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list