[Webkit-unassigned] [Bug 119857] New: Two XHR tests related to cross-origin requests fall victim to port blocking
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 15 12:22:22 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119857
Summary: Two XHR tests related to cross-origin requests fall
victim to port blocking
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Tools / Tests
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: beidson at apple.com
CC: ap at webkit.org
Two XHR tests related to cross-origin requests fall victim to port blocking.
http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-sync.html and http/tests/xmlhttprequest/simple-cross-origin-denied-events-sync.html both try a cross-origin access to a resource at port :7
The purpose of the access is to test cross-origin denial to "a port that will likely refuse the connection." Unfortunately, because of how early port blocking occurs, that request doesn't even undergo cross-origin evaluation.
While working on my patch in https://bugs.webkit.org/show_bug.cgi?id=119493 I noticed this.
When the network process is used, port blocking doesn't happen preemptively like this, so we *do* perform a cross-origin check as the test originally intended. This changes the output of the test.
I'm not sure if the preemptive port blocking is right, or the lack of it is right, or if both are "correct".
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list