Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use origin of final HTTP response as document origin #23887

Merged
merged 1 commit into from Jul 30, 2019
Merged

Use origin of final HTTP response as document origin #23887

merged 1 commit into from Jul 30, 2019

Conversation

@jdm
Copy link
Member

jdm commented Jul 29, 2019
edited by SimonSapin

I discovered surprising problems when loading pages from http://joshmatthews.net that load same-origin images and try to use them as webgl textures. Since there's a redirect from joshmatthews.net to www.joshmatthews.net, the images are not considered same-origin in Servo because the document stores the origin for the original request's URL, rather than the origin of the response that is received after processing any redirections.

This change is Reviewable
@highfive
Copy link

highfive commented Jul 29, 2019

Heads up! This PR modifies the following files:
@highfive
Copy link

highfive commented Jul 29, 2019

warning Warning warning

  • These commits modify script code, but no tests are modified. Please consider adding a test!
@asajeffrey
Copy link
Member

asajeffrey commented Jul 29, 2019

This doesn't affect any test results? That's surprising! You can r=me
@jdm
Copy link
Member Author

jdm commented Jul 29, 2019

I made the PR so I could check the test results :)
@bors-servo try=wpt
@bors-servo
Copy link
Contributor

bors-servo commented Jul 29, 2019

Trying commit 5c8080d with merge 5da30fc...
bors-servo added a commit that referenced this pull request Jul 29, 2019
@bors-servo
Auto merge of #23887 - servo:jdm-patch-47, r=<try>
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
5da30fc 
Use origin of final HTTP response as document origin

I discovered surprising problems when loading pages from http://joshmatthews.net that load same-origin images and try to use them as webgl textures. Since there's a redirect from joshmatthews.net to www.joshmatthews.net, the images are not considered same-origin in Servo because the document stores the origin for the original request's URL, rather than the origin of the response that is received after processing any redirections.

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23887)
<!-- Reviewable:end -->
@bors-servo
Copy link
Contributor

bors-servo commented Jul 30, 2019

☀️ Test successful - linux-rel-css, linux-rel-wpt, status-taskcluster
State: approved= try=True
@jdm
Copy link
Member Author

jdm commented Jul 30, 2019

That's kind of unnerving.
@jdm jdm mentioned this pull request Jul 30, 2019
Closed
@jdm jdm force-pushed the jdm-patch-47 branch from 5c8080d to ec077f0 Jul 30, 2019
@asajeffrey
Copy link
Member

asajeffrey commented Jul 30, 2019

Er yes, there are tests for similar-but-not-same-origin forwarding?
@jdm
Use origin of final HTTP response as document origin.
Loading status checks…
bfd9bbe
@jdm jdm force-pushed the jdm-patch-47 branch from ec077f0 to bfd9bbe Jul 30, 2019
@jdm
Copy link
Member Author

jdm commented Jul 30, 2019

I added a test that failed before this change and now passes.
@bors-servo r=asajeffrey
@bors-servo
Copy link
Contributor

bors-servo commented Jul 30, 2019

📌 Commit bfd9bbe has been approved by asajeffrey
@highfive highfive assigned asajeffrey and unassigned ferjm Jul 30, 2019
@bors-servo
Copy link
Contributor

bors-servo commented Jul 30, 2019

Testing commit bfd9bbe with merge 7378424...
bors-servo added a commit that referenced this pull request Jul 30, 2019
@bors-servo
Auto merge of #23887 - servo:jdm-patch-47, r=asajeffrey
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
7378424 
Use origin of final HTTP response as document origin

I discovered surprising problems when loading pages from http://joshmatthews.net that load same-origin images and try to use them as webgl textures. Since there's a redirect from joshmatthews.net to www.joshmatthews.net, the images are not considered same-origin in Servo because the document stores the origin for the original request's URL, rather than the origin of the response that is received after processing any redirections.

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23887)
<!-- Reviewable:end -->
@bors-servo
Copy link
Contributor

bors-servo commented Jul 30, 2019

☀️ Test successful - linux-rel-css, linux-rel-wpt, status-taskcluster
Approved by: asajeffrey
Pushing 7378424 to master...
@bors-servo bors-servo merged commit bfd9bbe into master Jul 30, 2019
3 checks passed
3 checks passed
Taskcluster (pull_request) TaskGroup: success
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
homu Test successful
Details
@gterzian
gterzian reviewed Jul 31, 2019
View changes
tests/wpt/mozilla/tests/mozilla/document_origin_redirect.html
var path = new URL("document_origin_redirect_subpage.html", document.location).pathname;
var CROSS_ORIGIN_URL = new URL(path, get_host_info().HTTP_REMOTE_ORIGIN);
var SAME_ORIGIN_URL = "/common/redirect.py?location=" + CROSS_ORIGIN_URL;
console.log(SAME_ORIGIN_URL);

This comment has been minimized.

Sign in to view
@gterzian

gterzian Jul 31, 2019
edited

Member

Looks like the wpt linter didn't cover this one. #23897
@SimonSapin SimonSapin deleted the jdm-patch-47 branch Sep 30, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gterzian gterzian

Assignees

@asajeffrey asajeffrey

Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

6 participants
@jdm @highfive @asajeffrey @bors-servo @gterzian @ferjm
You can’t perform that action at this time.