Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issue 146853003: Correctly handle CORS access checks over cache-validating responses. (Closed)

Created:
6 years, 10 months ago by sof
Modified:
6 years, 10 months ago
CC:
blink-reviews, Nate Chapin, gavinp+loader_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Visibility:
Public.

Description

Correctly handle CORS access checks over cache-validating responses. If a CORS-enabled load of a resource is also done conditionally, the response may be a 304 (Not Modified.) That 304 response is not required (nor expected) to have any CORS headers included, so arrange for the required CORS access control check to be performed over the cached resource having been (successfully) validated. R= BUG=339058 TEST=http/tests/security/script-crossorigin-fails-cross-origin-conditional Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=166188

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+52 lines, -2 lines) Patch
A LayoutTests/http/tests/security/resources/conditional-cors.php View 1 chunk +10 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/resources/iframe-crossorigin-script.html View 1 chunk +2 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/script-crossorigin-loads-cross-origin-conditional.html View 1 chunk +27 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/script-crossorigin-loads-cross-origin-conditional-expected.txt View 1 chunk +4 lines, -0 lines 0 comments Download
M Source/core/fetch/ResourceLoader.cpp View 1 chunk +9 lines, -2 lines 0 comments Download

Messages

Total messages: 14 (0 generated)
sof
When you get a chance next, please take a look. My bad - I previously ...
6 years, 10 months ago (2014-01-30 12:06:12 UTC) #1
Nate Chapin
lgtm
6 years, 10 months ago (2014-01-30 18:40:53 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/sigbjornf@opera.com/146853003/1
6 years, 10 months ago (2014-01-30 18:41:06 UTC) #3
commit-bot: I haz the power
Retried try job too often on linux_blink for step(s) webkit_tests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=linux_blink&number=10030
6 years, 10 months ago (2014-01-30 23:00:34 UTC) #4
commit-bot: I haz the power
CQ bit was unchecked on CL. Ignoring.
6 years, 10 months ago (2014-01-30 23:00:41 UTC) #5
commit-bot: I haz the power
CQ bit was unchecked on CL. Ignoring.
6 years, 10 months ago (2014-01-30 23:00:43 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/sigbjornf@opera.com/146853003/1
6 years, 10 months ago (2014-01-30 23:02:21 UTC) #7
commit-bot: I haz the power
Retried try job too often on linux_blink for step(s) webkit_tests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=linux_blink&number=10078
6 years, 10 months ago (2014-01-31 01:52:42 UTC) #8
commit-bot: I haz the power
CQ bit was unchecked on CL. Ignoring.
6 years, 10 months ago (2014-01-31 01:52:43 UTC) #9
commit-bot: I haz the power
CQ bit was unchecked on CL. Ignoring.
6 years, 10 months ago (2014-01-31 01:52:44 UTC) #10
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/sigbjornf@opera.com/146853003/1
6 years, 10 months ago (2014-01-31 04:56:52 UTC) #11
commit-bot: I haz the power
Change committed as 166188
6 years, 10 months ago (2014-01-31 06:41:30 UTC) #12
commit-bot: I haz the power
CQ bit was unchecked on CL. Ignoring.
6 years, 10 months ago (2014-01-31 06:41:32 UTC) #13
commit-bot: I haz the power
6 years, 10 months ago (2014-01-31 06:41:52 UTC) #14
Message was sent while issue was closed.
CQ bit was unchecked on CL. Ignoring.

Powered by Google App Engine
This is Rietveld 408576698