source: webkit/trunk/Source/WebCore/loader/CrossOriginAccessControl.h

Last change on this file was 286655, checked in by [email protected], 3 years ago

Safari Bug "no-cache" network error
https://bugs.webkit.org/show_bug.cgi?id=233916

Reviewed by Chris Dumez.

Source/WebCore:

Test: http/wpt/service-workers/cache-control-request.html

Remove Cache-Control header when going the service worker road if it is added by the network code path and not the application.

  • loader/CrossOriginAccessControl.cpp:

(WebCore::httpHeadersToKeepFromCleaning):
(WebCore::cleanHTTPRequestHeadersForAccessControl):

  • loader/CrossOriginAccessControl.h:
  • platform/network/ResourceRequestBase.cpp:

(WebCore::ResourceRequestBase::removeHTTPHeaderField):

  • platform/network/ResourceRequestBase.h:

LayoutTests:

  • http/wpt/service-workers/cache-control-request-expected.txt: Added.
  • http/wpt/service-workers/cache-control-request-worker.js: Added.

(async doTest):

  • http/wpt/service-workers/cache-control-request.html: Added.
  • http/wpt/service-workers/resources/cross-origin-allow.py: Added.

(main):
  • Property svn:eol-style set to native
File size: 4.6 KB
Line 
1/*
2 * Copyright (C) 2008-2020 Apple Inc. All Rights Reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 */
26
27#pragma once
28
29#include "HTTPHeaderNames.h"
30#include "ReferrerPolicy.h"
31#include "StoredCredentialsPolicy.h"
32#include <wtf/Expected.h>
33#include <wtf/Forward.h>
34#include <wtf/OptionSet.h>
35
36namespace PAL {
37class SessionID;
38}
39
40namespace WebCore {
41
42class CachedResourceRequest;
43class Document;
44class HTTPHeaderMap;
45class ResourceError;
46class ResourceRequest;
47class ResourceResponse;
48class SecurityOrigin;
49
50struct ResourceLoaderOptions;
51
52enum class CrossOriginEmbedderPolicyValue : bool;
53
54WEBCORE_EXPORT bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap&);
55bool isOnAccessControlSimpleRequestMethodAllowlist(const String&);
56
57void updateRequestReferrer(ResourceRequest&, ReferrerPolicy, const String&);
58
59WEBCORE_EXPORT void updateRequestForAccessControl(ResourceRequest&, SecurityOrigin&, StoredCredentialsPolicy);
60
61WEBCORE_EXPORT ResourceRequest createAccessControlPreflightRequest(const ResourceRequest&, SecurityOrigin&, const String&);
62enum class SameOriginFlag { No, Yes };
63CachedResourceRequest createPotentialAccessControlRequest(ResourceRequest&&, ResourceLoaderOptions&&, Document&, const String& crossOriginAttribute, SameOriginFlag = SameOriginFlag::No);
64
65enum class HTTPHeadersToKeepFromCleaning : uint8_t {
66 ContentType = 1 << 0,
67 Referer = 1 << 1,
68 Origin = 1 << 2,
69 UserAgent = 1 << 3,
70 AcceptEncoding = 1 << 4,
71 CacheControl = 1 << 5
72};
73
74OptionSet<HTTPHeadersToKeepFromCleaning> httpHeadersToKeepFromCleaning(const HTTPHeaderMap&);
75WEBCORE_EXPORT void cleanHTTPRequestHeadersForAccessControl(ResourceRequest&, OptionSet<HTTPHeadersToKeepFromCleaning>);
76
77class WEBCORE_EXPORT CrossOriginAccessControlCheckDisabler {
78public:
79 static CrossOriginAccessControlCheckDisabler& singleton();
80 virtual ~CrossOriginAccessControlCheckDisabler() = default;
81 void setCrossOriginAccessControlCheckEnabled(bool);
82 virtual bool crossOriginAccessControlCheckEnabled() const;
83private:
84 bool m_accessControlCheckEnabled { true };
85};
86
87WEBCORE_EXPORT Expected<void, String> passesAccessControlCheck(const ResourceResponse&, StoredCredentialsPolicy, const SecurityOrigin&, const CrossOriginAccessControlCheckDisabler*);
88WEBCORE_EXPORT Expected<void, String> validatePreflightResponse(PAL::SessionID, const ResourceRequest&, const ResourceResponse&, StoredCredentialsPolicy, const SecurityOrigin&, const CrossOriginAccessControlCheckDisabler*);
89
90enum class ForNavigation : bool { No, Yes };
91WEBCORE_EXPORT std::optional<ResourceError> validateCrossOriginResourcePolicy(CrossOriginEmbedderPolicyValue, const SecurityOrigin&, const URL&, const ResourceResponse&, ForNavigation);
92std::optional<ResourceError> validateRangeRequestedFlag(const ResourceRequest&, const ResourceResponse&);
93String validateCrossOriginRedirectionURL(const URL&);
94
95} // namespace WebCore
96
97namespace WTF {
98
99template<> struct EnumTraits<WebCore::HTTPHeadersToKeepFromCleaning> {
100 using values = EnumValues<
101 WebCore::HTTPHeadersToKeepFromCleaning,
102 WebCore::HTTPHeadersToKeepFromCleaning::ContentType,
103 WebCore::HTTPHeadersToKeepFromCleaning::Referer,
104 WebCore::HTTPHeadersToKeepFromCleaning::Origin,
105 WebCore::HTTPHeadersToKeepFromCleaning::UserAgent,
106 WebCore::HTTPHeadersToKeepFromCleaning::AcceptEncoding,
107 WebCore::HTTPHeadersToKeepFromCleaning::CacheControl
108 >;
109};
110
111} // namespace WTF
Note: See TracBrowser for help on using the repository browser.