| Summary: | module's default cross-origin value should be "anonymous" | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Yusuke Suzuki <ysuzuki> | ||||||||||||||
| Component: | New Bugs | Assignee: | Yusuke Suzuki <ysuzuki> | ||||||||||||||
| Status: | RESOLVED FIXED | ||||||||||||||||
| Severity: | Normal | CC: | cdumez, commit-queue, domfarolino, esprehn+autocc, ews-watchlist, gyuyoung.kim, jaffathecake, japhet, kangil.han, ptoomey3, sam, webkit-bug-importer, webkitbugzilla, youennf | ||||||||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||||||||
| Version: | WebKit Nightly Build | ||||||||||||||||
| Hardware: | Unspecified | ||||||||||||||||
| OS: | Unspecified | ||||||||||||||||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=210434 | ||||||||||||||||
| Bug Depends on: | 210441 | ||||||||||||||||
| Bug Blocks: | |||||||||||||||||
| Attachments: |
|
||||||||||||||||
|
Description
Yusuke Suzuki
2020-04-10 01:22:29 PDT
Created attachment 396064 [details]
Patch
Created attachment 396228 [details]
Patch
Created attachment 396233 [details]
Patch
Comment on attachment 396233 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=396233&action=review > Source/WebCore/ChangeLog:10 > + The original spec was using "omit" crossorigin for modules when crossorigin is not set / empty. > + However, the spec is changed to sending requests with "same-origin" credentials mode by default. > + We should follow it. Given the way "same-origin" is specified is as "anonymous", I think clarifying that in the change log would help make things clearer. > Source/WebCore/ChangeLog:17 > + * dom/ScriptElement.cpp: > + (WebCore::ScriptElement::requestModuleScript): > + * dom/ScriptElementCachedScriptFetcher.cpp: > + (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript const): > + * html/parser/HTMLResourcePreloader.cpp: > + (WebCore::PreloadRequest::resourceRequest): Its unfortunate this is in three places. Any ideas about how we could refactor to have a single place implementing this part of the spec? Comment on attachment 396233 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=396233&action=review Thanks! >> Source/WebCore/ChangeLog:10 >> + We should follow it. > > Given the way "same-origin" is specified is as "anonymous", I think clarifying that in the change log would help make things clearer. Fixed. >> Source/WebCore/ChangeLog:17 >> + (WebCore::PreloadRequest::resourceRequest): > > Its unfortunate this is in three places. Any ideas about how we could refactor to have a single place implementing this part of the spec? Sounds nice, I'll put this string as ScriptElementCachedScriptFetcher::defaultCrossOriginModeForModule to share. Created attachment 396245 [details]
Patch
Created attachment 396246 [details]
Patch
Committed r260003: <https://trac.webkit.org/changeset/260003> *** Bug 171550 has been marked as a duplicate of this bug. *** Re-opened since this is blocked by bug 210441 Created attachment 396316 [details]
Patch
Comment on attachment 396316 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=396316&action=review > Source/WebCore/ChangeLog:12 > + C++ part is not changed. Just rewrite tests with cookie instead of basic-authentication since basic-authentication-based tests hit some existing crashes in WK2-Debug bots. Thanks Sam! I'll land it once I checked that EWS is green. Bots are green. Landing. Committed r260038: <https://trac.webkit.org/changeset/260038> *** Bug 206811 has been marked as a duplicate of this bug. *** *** Bug 171566 has been marked as a duplicate of this bug. *** *** Bug 189888 has been marked as a duplicate of this bug. *** |