From ae56187d48cd419465ed47aba6f90015b59310c7 Mon Sep 17 00:00:00 2001 From: Eitan Mosenkis Date: Fri, 4 Dec 2015 00:03:05 +0200 Subject: [PATCH 1/7] Allow XHR to fetch about: and data: URLs. This was intended to fix #8015 but the tests are all still failing as of this commit. --- components/script/cors.rs | 13 ++++++++++--- components/script/dom/xmlhttprequest.rs | 6 ++++-- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/components/script/cors.rs b/components/script/cors.rs index 8be1ec9d6d2..21c3d3b38a7 100644 --- a/components/script/cors.rs +++ b/components/script/cors.rs @@ -64,15 +64,22 @@ impl CORSRequest { destination: Url, mode: RequestMode, method: Method, - headers: Headers) + headers: Headers, + same_origin_data_url_flag: bool) -> Result, ()> { if referer.scheme == destination.scheme && referer.host() == destination.host() && referer.port() == destination.port() { return Ok(None); // Not cross-origin, proceed with a normal fetch } match &*destination.scheme { - // TODO: If the request's same origin data url flag is set (which isn't the case for XHR) - // we can fetch a data URL normally. about:blank can also be fetched by XHR + // As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), about URLs can be fetched + // the same as a basic request. + // TODO: (security-sensitive) restrict the available pages to about:blank and + // about:unicorn (See https://fetch.spec.whatwg.org/#concept-basic-fetch). + "about" => Ok(None), + // As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), data URLs can be fetched + // the same as a basic request if the request's same-origin data-URL flag is set. + "data" if same_origin_data_url_flag => Ok(None), "http" | "https" => { let mut req = CORSRequest::new(referer, destination, mode, method, headers); req.preflight_flag = !is_simple_method(&req.method) || diff --git a/components/script/dom/xmlhttprequest.rs b/components/script/dom/xmlhttprequest.rs index 31833912795..6d3ea932099 100644 --- a/components/script/dom/xmlhttprequest.rs +++ b/components/script/dom/xmlhttprequest.rs @@ -626,7 +626,8 @@ impl XMLHttpRequestMethods for XMLHttpRequest { load_data.url.clone(), mode, load_data.method.clone(), - combined_headers); + combined_headers, + true); match cors_request { Ok(None) => { let mut buf = String::new(); @@ -1301,7 +1302,8 @@ impl XMLHttpRequest { global: GlobalRef) -> ErrorResult { let cors_request = match cors_request { Err(_) => { - // Happens in case of cross-origin non-http URIs + // Happens in case of unsupported cross-origin URI schemes. + // Supported schemes are http, https, data, and about. self.process_partial_response(XHRProgress::Errored( self.generation_id.get(), Error::Network)); return Err(Error::Network); From 9d6d1c66b894d37e902cef094659898c1362f5e8 Mon Sep 17 00:00:00 2001 From: Eitan Mosenkis Date: Tue, 8 Dec 2015 23:05:56 +0200 Subject: [PATCH 2/7] Replace tabs with spaces. --- components/script/cors.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/script/cors.rs b/components/script/cors.rs index 21c3d3b38a7..f60dc3a7c78 100644 --- a/components/script/cors.rs +++ b/components/script/cors.rs @@ -74,8 +74,8 @@ impl CORSRequest { match &*destination.scheme { // As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), about URLs can be fetched // the same as a basic request. - // TODO: (security-sensitive) restrict the available pages to about:blank and - // about:unicorn (See https://fetch.spec.whatwg.org/#concept-basic-fetch). + // TODO: (security-sensitive) restrict the available pages to about:blank and + // about:unicorn (See https://fetch.spec.whatwg.org/#concept-basic-fetch). "about" => Ok(None), // As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), data URLs can be fetched // the same as a basic request if the request's same-origin data-URL flag is set. From e546637d917267f21e8e9d85808d7e2d2abeea6a Mon Sep 17 00:00:00 2001 From: Eitan Mosenkis Date: Tue, 8 Dec 2015 23:49:36 +0200 Subject: [PATCH 3/7] Restrict about to about:blank and data to GET --- components/script/cors.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/components/script/cors.rs b/components/script/cors.rs index f60dc3a7c78..56a5e609427 100644 --- a/components/script/cors.rs +++ b/components/script/cors.rs @@ -74,12 +74,11 @@ impl CORSRequest { match &*destination.scheme { // As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), about URLs can be fetched // the same as a basic request. - // TODO: (security-sensitive) restrict the available pages to about:blank and - // about:unicorn (See https://fetch.spec.whatwg.org/#concept-basic-fetch). - "about" => Ok(None), + "about" if destination.path == Some("blank") => Ok(None), // As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), data URLs can be fetched - // the same as a basic request if the request's same-origin data-URL flag is set. - "data" if same_origin_data_url_flag => Ok(None), + // the same as a basic request if the request's method is GET and the + // same-origin data-URL flag is set. + "data" if same_origin_data_url_flag && method == Method::Get => Ok(None), "http" | "https" => { let mut req = CORSRequest::new(referer, destination, mode, method, headers); req.preflight_flag = !is_simple_method(&req.method) || From 50af352605de6daccd43201156466bce00ba36bf Mon Sep 17 00:00:00 2001 From: Eitan Mosenkis Date: Wed, 9 Dec 2015 00:29:22 +0200 Subject: [PATCH 4/7] Fix compile errors. --- components/script/cors.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/script/cors.rs b/components/script/cors.rs index 56a5e609427..346f1119b25 100644 --- a/components/script/cors.rs +++ b/components/script/cors.rs @@ -74,7 +74,7 @@ impl CORSRequest { match &*destination.scheme { // As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), about URLs can be fetched // the same as a basic request. - "about" if destination.path == Some("blank") => Ok(None), + "about" if destination.path() == Some(&["blank".to_owned()]) => Ok(None), // As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), data URLs can be fetched // the same as a basic request if the request's method is GET and the // same-origin data-URL flag is set. From 7d828a819334f059bda7d14b38694210c7b492e0 Mon Sep 17 00:00:00 2001 From: Eitan Mosenkis Date: Wed, 9 Dec 2015 00:39:32 +0200 Subject: [PATCH 5/7] Replace tab with spaces. --- components/script/cors.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/script/cors.rs b/components/script/cors.rs index 346f1119b25..b9794a3f1fa 100644 --- a/components/script/cors.rs +++ b/components/script/cors.rs @@ -77,7 +77,7 @@ impl CORSRequest { "about" if destination.path() == Some(&["blank".to_owned()]) => Ok(None), // As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), data URLs can be fetched // the same as a basic request if the request's method is GET and the - // same-origin data-URL flag is set. + // same-origin data-URL flag is set. "data" if same_origin_data_url_flag && method == Method::Get => Ok(None), "http" | "https" => { let mut req = CORSRequest::new(referer, destination, mode, method, headers); From 0c69442a37ab0f2370cc075fffdd62bce1521826 Mon Sep 17 00:00:00 2001 From: Dongie Agnir Date: Thu, 10 Mar 2016 16:10:03 -1000 Subject: [PATCH 6/7] Set Content-Type in header --- components/net_traits/lib.rs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/components/net_traits/lib.rs b/components/net_traits/lib.rs index a741bec034c..f32576fcde5 100644 --- a/components/net_traits/lib.rs +++ b/components/net_traits/lib.rs @@ -336,9 +336,18 @@ impl Metadata { /// Extract the parts of a Mime that we care about. pub fn set_content_type(&mut self, content_type: Option<&Mime>) { + match self.headers { + None => self.headers = Some(Headers::new()), + Some(_) => (), + } + match content_type { None => (), Some(mime) => { + if let Some(headers) = self.headers.as_mut() { + headers.set(ContentType(mime.clone())); + } + self.content_type = Some(ContentType(mime.clone())); let &Mime(_, _, ref parameters) = mime; for &(ref k, ref v) in parameters { From 6f2bce779d044ba321b25f4207f052e1b72a18e1 Mon Sep 17 00:00:00 2001 From: Dongie Agnir Date: Thu, 10 Mar 2016 20:59:48 -1000 Subject: [PATCH 7/7] Update expected outcomes for data-uri.htm --- tests/wpt/metadata/XMLHttpRequest/data-uri.htm.ini | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/tests/wpt/metadata/XMLHttpRequest/data-uri.htm.ini b/tests/wpt/metadata/XMLHttpRequest/data-uri.htm.ini index e5366749d28..fff1641f7eb 100644 --- a/tests/wpt/metadata/XMLHttpRequest/data-uri.htm.ini +++ b/tests/wpt/metadata/XMLHttpRequest/data-uri.htm.ini @@ -1,16 +1,5 @@ [data-uri.htm] type: testharness - [XHR method GET with charset text/plain] - expected: FAIL - - [XHR method GET with charset text/plain (base64)] - expected: FAIL - - [XHR method GET with charset text/html] - expected: FAIL - - [XHR method GET with charset image/png] - expected: FAIL [XHR method GET with charset text/html;charset=UTF-8] expected: FAIL