[Model Element] Require CORS for loading model sources and environment maps#45447
Merged
webkit-commit-queue merged 1 commit intoWebKit:mainfrom May 21, 2025
Conversation
achan00
added
the
WebKit Misc.
Collaborator
|
EWS run on previous version of this PR (hash c45724a) Details |
achan00
force-pushed
the
eng/Model-Element-Require-CORS-for-loading-model-sources-and-environment-maps
branch
from
c45724a to
f57ea62
Compare
Collaborator
|
EWS run on previous version of this PR (hash f57ea62) Details |
Contributor
Author
|
Actually, this is not correct yet. I need to look more into this. |
Contributor
|
Yeah, this will hit an assert in |
achan00
force-pushed
the
eng/Model-Element-Require-CORS-for-loading-model-sources-and-environment-maps
branch
from
f57ea62 to
0eb5c74
Compare
Collaborator
|
EWS run on previous version of this PR (hash 0eb5c74) Details |
annevk
approved these changes
May 16, 2025
Contributor
annevk
left a comment
annevk
left a comment
There was a problem hiding this comment.
This looks good to me, but let's wait for Youenn as well to be sure.
youennf
approved these changes
May 16, 2025
Contributor
youennf
left a comment
youennf
left a comment
There was a problem hiding this comment.
LGTM with a test where load would fail.
achan00
force-pushed
the
eng/Model-Element-Require-CORS-for-loading-model-sources-and-environment-maps
branch
from
0eb5c74 to
282b48b
Compare
Collaborator
|
EWS run on previous version of this PR (hash 282b48b) Details |
achan00
force-pushed
the
eng/Model-Element-Require-CORS-for-loading-model-sources-and-environment-maps
branch
from
282b48b to
3aa42ef
Compare
Collaborator
|
EWS run on previous version of this PR (hash 3aa42ef) Details |
webkit-ews-buildbot
added
the
merging-blocked
achan00
added
merge-queue
achan00
force-pushed
the
eng/Model-Element-Require-CORS-for-loading-model-sources-and-environment-maps
branch
from
3aa42ef to
2ec5bbd
Compare
Collaborator
|
EWS run on previous version of this PR (hash 2ec5bbd) Details |
🛠 🧪 jsc-arm64
achan00
force-pushed
the
eng/Model-Element-Require-CORS-for-loading-model-sources-and-environment-maps
branch
from
2ec5bbd to
40d70b3
Compare
Collaborator
|
EWS run on previous version of this PR (hash 40d70b3) Details |
youennf
approved these changes
May 21, 2025
Contributor
youennf
left a comment
youennf
left a comment
There was a problem hiding this comment.
LGTM.
If you have some time, we could add a few additional tests:
- a data URL load from a HTTP origin (should succeed)
- a blob URL load from a HTTP origin (should succeed)
- a file URL load from a file origin (should succeed)
- a file URL load with a crossorigin attribute (whatever value, should fail)
- a HTTP URL load with an empty crossorigin attribute (should be the same as anonymous).
Contributor
There was a problem hiding this comment.
Suggested change
| CachedResourceRequest HTMLModelElement::createResourceRequest(const URL& resourceURL, const FetchOptions::Destination& destination) | |
| CachedResourceRequest HTMLModelElement::createResourceRequest(const URL& resourceURL, FetchOptions::Destination destination) |
Contributor
Author
There was a problem hiding this comment.
I'll add more tests in a separate PR.
Contributor
Author
There was a problem hiding this comment.
Filed: https://bugs.webkit.org/show_bug.cgi?id=293371 (Add more tests around model source loading across different origins)
achan00
force-pushed
the
eng/Model-Element-Require-CORS-for-loading-model-sources-and-environment-maps
branch
from
40d70b3 to
2409c48
Compare
Collaborator
|
EWS run on current version of this PR (hash 2409c48) Details |
…t maps https://bugs.webkit.org/show_bug.cgi?id=293063 rdar://151364606 Reviewed by Youenn Fablet and Anne van Kesteren. Make sure CORS is always enabled with model source and environment map requests, by passing a non-null crossorigin attribute to createPotentialAccessControlRequest(). Also make sure we null out m_model once source is reset. * LayoutTests/TestExpectations: * LayoutTests/http/tests/security/model-element/model-element-crossorigin-allowed-with-all-access-header-expected.txt: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-allowed-with-all-access-header.html: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-allowed-with-header-expected.txt: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-allowed-with-header.html: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-allowed-with-same-origin-expected.txt: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-allowed-with-same-origin.html: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-blocked-with-header-expected.txt: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-blocked-with-header.html: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-blocked-with-use-credentials-and-all-access-header-expected.txt: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-blocked-with-use-credentials-and-all-access-header.html: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-blocked-without-header-expected.txt: Added. * LayoutTests/http/tests/security/model-element/model-element-crossorigin-blocked-without-header.html: Added. * LayoutTests/http/tests/security/resources/cube.usdz: Added. * LayoutTests/http/tests/security/resources/model-access-control.py: Added. * Source/WebCore/Modules/model-element/HTMLModelElement.cpp: (WebCore::HTMLModelElement::setSourceURL): (WebCore::HTMLModelElement::environmentMapRequestResource): Canonical link: https://commits.webkit.org/295219@main
webkit-commit-queue
force-pushed
the
eng/Model-Element-Require-CORS-for-loading-model-sources-and-environment-maps
branch
from
2409c48 to
74ab595
Compare
Collaborator
|
Committed 295219@main (74ab595): https://commits.webkit.org/295219@main Reviewed commits have been landed. Closing PR #45447 and removing active labels. |
webkit-commit-queue
removed
the
merge-queue
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
74ab595
2409c48
🛠 win🧪 wpe-wk2🧪 win-tests🧪 ios-wk2-wpt🧪 api-ios🧪 mac-AS-debug-wk2🧪 gtk-wk2🛠 mac-safer-cpp🛠 watch-sim