FetchAPI: Stop treating about URLs as same-origin |
||||||
Issue descriptionAs of https://github.com/whatwg/fetch/commit/72fc2e787be663f5bc39c88665dd3c356abbca0f "about" URLs have stopped being treated as same-origin (https://fetch.spec.whatwg.org/#main-fetch step 5), so I believe in third_party/WebKit/Source/modules/fetch/FetchManager.cpp we can delete the line (currently 600) which performs the `request_->Url().ProtocolIsAbout()` check. I'm happy to submit a patch removing this and modifying the documentation above it. A couple of questions: This file, in the same section says "Note we don't support to call this method with |CORS flag|". I'm curious as to why this is? Implementation hasn't caught up yet? We manage the CORS flag internally in a different way than the spec does? Finally, I noticed in the same area of the spec, we check for request's mode being "navigate" or "websocket", but also in this area in FetchManager.cpp we only perform the check for navigate (request_->Mode() == WebURLRequest::kFetchRequestModeNavigate), as WebURLRequest doesn't have seem to support the websocket mode. Are there plans to implement this? I ask because if I could help at all I'd like to contribute more :)
,
Oct 17 2017
,
Oct 17 2017
As the reporter is mentioning about submitting a patch and modifying the documentation, this seems to be out of TE-scope. Hence, adding label TE-NeedsTriageHelp for further investigation from dev team.
,
Oct 17 2017
Hi thanks for the comment and getting to this issue! Possibly naïve question: what is TE-Scope?
,
Oct 17 2017
Thank you. Yes, patches are welcome. > ... what is TE-Scope? No worry. It means that the team owning the feature needs to investigate this bug. It's me and my team. > This file, in the same section says "Note we don't support to call this method with |CORS flag|". I'm curious as to why this is? Implementation hasn't caught up yet? We manage the CORS flag internally in a different way than the spec does? FetchManager processes fetching for fetch() API calls, but only part of the algorithm. Majority of the fetching algorithm specified in the Fetch Standard is implemented in DocumentThreadableLoader.cpp. > Finally, I noticed in the same area of the spec, we check for request's mode being "navigate" or "websocket", ... The WebSocket part in the Fetch Standard has been introduced very recently. WebSockets are implemented independent from the Fetch Standard. See DOMWebSocket.cpp and net/websockets/websocket_channel.cc.
,
Oct 17 2017
,
Oct 22 2017
Awesome I've submitted a patch. Thanks a ton for the information too, trying to get more familiar with the codebase :) Change: https://chromium-review.googlesource.com/#/c/chromium/src/+/732505
,
Dec 7 2017
,
Dec 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f694beed853dab5bfe06fbde29293677a47e87ad commit f694beed853dab5bfe06fbde29293677a47e87ad Author: Dominic Farolino <domfarolino@gmail.com> Date: Tue Dec 19 07:20:25 2017 Stop treating about URLs as same-origin Add self to AUTHORS R=tyoshino@chromium.org Bug: 775073 Change-Id: Ic09af4a12f7e719537547308c24d513de375afd5 Reviewed-on: https://chromium-review.googlesource.com/732505 Reviewed-by: Takeshi Yoshino <tyoshino@chromium.org> Commit-Queue: Takeshi Yoshino <tyoshino@chromium.org> Cr-Commit-Position: refs/heads/master@{#524963} [modify] https://crrev.com/f694beed853dab5bfe06fbde29293677a47e87ad/AUTHORS [modify] https://crrev.com/f694beed853dab5bfe06fbde29293677a47e87ad/third_party/WebKit/Source/modules/fetch/FetchManager.cpp
,
Jan 25 2018
Marking as fixed! |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ligim...@chromium.org
, Oct 16 2017