RESOLVED FIXED 175386
[Beacon][NetworkSession] Support CORS-preflighting on redirects 
https://bugs.webkit.org/show_bug.cgi?id=175386
Summary [Beacon][NetworkSession] Support CORS-preflighting on redirects
Chris Dumez
Reported 2017-08-09 08:50:22 PDT
We should support with CORS-preflighting on redirects.
Attachments
WIP Patch (3.14 KB, patch)
2017-08-09 09:55 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (11.59 KB, patch)
2017-08-09 10:55 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (25.47 KB, patch)
2017-08-09 13:39 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (25.46 KB, patch)
2017-08-09 13:41 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (31.65 KB, patch)
2017-08-09 14:33 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2017-08-09 08:50:54 PDT
<rdar://problem/33801370>
Chris Dumez
Comment 2 2017-08-09 09:55:52 PDT
Created attachment 317714 [details] WIP Patch
Chris Dumez
Comment 3 2017-08-09 10:55:59 PDT
Created attachment 317721 [details] Patch
Chris Dumez
Comment 4 2017-08-09 13:39:54 PDT
Created attachment 317733 [details] Patch
Chris Dumez
Comment 5 2017-08-09 13:41:14 PDT
Created attachment 317734 [details] Patch
youenn fablet
Comment 6 2017-08-09 14:08:39 PDT
Comment on attachment 317734 [details] Patch The only question is whether this is fine to do so without going through CSP or content blocker. Given this is a replacement over synchronous XHR, and that shipping this might allow us to remove synchronous XHR, this looks like an improvement to me. View in context: https://bugs.webkit.org/attachment.cgi?id=317734&action=review > Source/WebKit/NetworkProcess/PingLoad.cpp:46 > + , m_sameOriginRequest(securityOrigin().canRequest(m_parameters.request.url())) m_isSameOriginRequest might be a better name. > Source/WebKit/NetworkProcess/PingLoad.cpp:61 > + m_redirectHandler({ }); Why do we need to do that? > Source/WebKit/NetworkProcess/PingLoad.cpp:75 > + loadParameters.request = request; Aren't we creating two ResourceRequest, while we should only create one? > Source/WebKit/NetworkProcess/PingLoad.cpp:76 > + m_task = NetworkDataTask::create(*networkSession, *this, loadParameters); And we are not moving loadParameters, which probably means that NetworkDataTask is creating its own copy of ResourceRequest. Some refactoring might be useful there? > Source/WebKit/NetworkProcess/PingLoad.cpp:102 > + // Use a unique for subsequent loads if needed. Use a unique origin? > Source/WebKit/NetworkProcess/PingLoad.cpp:106 > + m_origin = SecurityOrigin::createUnique(); You could add a check so as to not create a new origin if m_origin is not unique. > LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-failure.html:21 > + response.text().then(body => { You can just do "return response.json()" here. > LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-failure.html:25 > + }), 1000); Cannot we use the new polling mechanism that landed in the other patch? > LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-failure.html:40 > + result = JSON.parse(json); No need for JSON.parse if using json() above. > LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-from-crossorigin-to-sameorigin.html:25 > + }), 1000); Ditto, or put in common some code of these two tests/merge them into one.
Chris Dumez
Comment 7 2017-08-09 14:29:18 PDT
Comment on attachment 317734 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=317734&action=review >> Source/WebKit/NetworkProcess/PingLoad.cpp:61 >> + m_redirectHandler({ }); > > Why do we need to do that? Yes, otherwise it can causes leaks. Andreas had to do the same in NetworkLoad recently. See Bug 175179. >> Source/WebKit/NetworkProcess/PingLoad.cpp:76 >> + m_task = NetworkDataTask::create(*networkSession, *this, loadParameters); > > And we are not moving loadParameters, which probably means that NetworkDataTask is creating its own copy of ResourceRequest. > Some refactoring might be useful there? I'll move loadParameters in. >> Source/WebKit/NetworkProcess/PingLoad.cpp:102 >> + // Use a unique for subsequent loads if needed. > > Use a unique origin? Ok. >> Source/WebKit/NetworkProcess/PingLoad.cpp:106 >> + m_origin = SecurityOrigin::createUnique(); > > You could add a check so as to not create a new origin if m_origin is not unique. Ok. >> LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-failure.html:21 >> + response.text().then(body => { > > You can just do "return response.json()" here. Ok. >> LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-failure.html:25 >> + }), 1000); > > Cannot we use the new polling mechanism that landed in the other patch? Tests using it are currently flaky so I don't want to use it until I understand why those tests are flaky. >> LayoutTests/http/wpt/beacon/cors/cors-preflight-redirect-failure.html:40 >> + result = JSON.parse(json); > > No need for JSON.parse if using json() above. Ok.
Chris Dumez
Comment 8 2017-08-09 14:33:13 PDT
Created attachment 317743 [details] Patch
WebKit Commit Bot
Comment 9 2017-08-09 16:24:02 PDT
Comment on attachment 317743 [details] Patch Clearing flags on attachment: 317743 Committed r220497: <http://trac.webkit.org/changeset/220497>
WebKit Commit Bot
Comment 10 2017-08-09 16:24:03 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.