Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(583)

Issue 389053003: Always report access control failure if accessing unsupported URL. (Closed)

Created:
6 years, 5 months ago by sof
Modified:
6 years, 5 months ago
CC:
blink-reviews, gavinp+loader_chromium.org, Nate Chapin
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

Always report access control failure if accessing unsupported URL. For attempted cross-origin requests to unsupported CORS URLs, extend the error reporting to also apply to non-simple requests that would require a preflight. It is also bound to fail. R=abarth@chromium.org,tyoshino@chromium.org BUG=389751 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=178091

Patch Set 1 #

Total comments: 4

Patch Set 2 : Include supported schemes in console error message #

Total comments: 3
Unified diffs Side-by-side diffs Delta from patch set Stats (+169 lines, -17 lines) Patch
M LayoutTests/fast/xmlhttprequest/xmlhttprequest-no-file-access-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/eventsource/eventsource-cors-non-http-expected.txt View 1 1 chunk +4 lines, -4 lines 0 comments Download
M LayoutTests/http/tests/eventsource/workers/eventsource-cors-non-http-expected.txt View 1 1 chunk +4 lines, -4 lines 0 comments Download
A + LayoutTests/http/tests/xmlhttprequest/cross-origin-unsupported-url.html View 1 chunk +1 line, -1 line 0 comments Download
A LayoutTests/http/tests/xmlhttprequest/cross-origin-unsupported-url-expected.txt View 1 1 chunk +33 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-unsupported-url.js View 1 1 chunk +61 lines, -0 lines 0 comments Download
A + LayoutTests/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url.html View 1 chunk +1 line, -1 line 0 comments Download
A LayoutTests/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url-expected.txt View 1 1 chunk +34 lines, -0 lines 0 comments Download
M Source/core/loader/DocumentThreadableLoader.cpp View 1 1 chunk +9 lines, -6 lines 0 comments Download
M Source/platform/weborigin/SchemeRegistry.h View 1 1 chunk +3 lines, -0 lines 3 comments Download
M Source/platform/weborigin/SchemeRegistry.cpp View 1 2 chunks +18 lines, -0 lines 0 comments Download

Messages

Total messages: 11 (0 generated)
sof
Please take a look.
6 years, 5 months ago (2014-07-13 14:32:35 UTC) #1
abarth-chromium
LGTM, but with one suggestion for improvment. https://codereview.chromium.org/389053003/diff/1/Source/core/loader/DocumentThreadableLoader.cpp File Source/core/loader/DocumentThreadableLoader.cpp (right): https://codereview.chromium.org/389053003/diff/1/Source/core/loader/DocumentThreadableLoader.cpp#newcode118 Source/core/loader/DocumentThreadableLoader.cpp:118: m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, ...
6 years, 5 months ago (2014-07-14 00:59:46 UTC) #2
tyoshino (SeeGerritForStatus)
https://codereview.chromium.org/389053003/diff/1/LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-unsupported-url.js File LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-unsupported-url.js (right): https://codereview.chromium.org/389053003/diff/1/LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-unsupported-url.js#newcode57 LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-unsupported-url.js:57: issueRequest(tests[0]); setting content-type when withContentType is true at L56 ...
6 years, 5 months ago (2014-07-14 03:55:16 UTC) #3
sof
https://codereview.chromium.org/389053003/diff/1/LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-unsupported-url.js File LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-unsupported-url.js (right): https://codereview.chromium.org/389053003/diff/1/LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-unsupported-url.js#newcode57 LayoutTests/http/tests/xmlhttprequest/resources/cross-origin-unsupported-url.js:57: issueRequest(tests[0]); On 2014/07/14 03:55:16, tyoshino wrote: > setting content-type ...
6 years, 5 months ago (2014-07-14 07:03:26 UTC) #4
tyoshino (SeeGerritForStatus)
lgtm https://codereview.chromium.org/389053003/diff/20001/Source/platform/weborigin/SchemeRegistry.h File Source/platform/weborigin/SchemeRegistry.h (right): https://codereview.chromium.org/389053003/diff/20001/Source/platform/weborigin/SchemeRegistry.h#newcode82 Source/platform/weborigin/SchemeRegistry.h:82: static String listOfCORSEnabledURLSchemes(); [optional] start with a verb? ...
6 years, 5 months ago (2014-07-14 07:14:02 UTC) #5
sof
https://codereview.chromium.org/389053003/diff/20001/Source/platform/weborigin/SchemeRegistry.h File Source/platform/weborigin/SchemeRegistry.h (right): https://codereview.chromium.org/389053003/diff/20001/Source/platform/weborigin/SchemeRegistry.h#newcode82 Source/platform/weborigin/SchemeRegistry.h:82: static String listOfCORSEnabledURLSchemes(); On 2014/07/14 07:14:01, tyoshino wrote: > ...
6 years, 5 months ago (2014-07-14 08:20:41 UTC) #6
abarth-chromium
https://codereview.chromium.org/389053003/diff/20001/Source/platform/weborigin/SchemeRegistry.h File Source/platform/weborigin/SchemeRegistry.h (right): https://codereview.chromium.org/389053003/diff/20001/Source/platform/weborigin/SchemeRegistry.h#newcode82 Source/platform/weborigin/SchemeRegistry.h:82: static String listOfCORSEnabledURLSchemes(); Using a noun phrase is fine. ...
6 years, 5 months ago (2014-07-14 16:51:51 UTC) #7
sof
Thanks both for the reviews :)
6 years, 5 months ago (2014-07-14 17:48:06 UTC) #8
sof
The CQ bit was checked by sigbjornf@opera.com
6 years, 5 months ago (2014-07-14 17:48:09 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/sigbjornf@opera.com/389053003/20001
6 years, 5 months ago (2014-07-14 17:48:25 UTC) #10
commit-bot: I haz the power
6 years, 5 months ago (2014-07-14 18:49:37 UTC) #11
Message was sent while issue was closed.
Change committed as 178091

Powered by Google App Engine
This is Rietveld 408576698