Bug 1502599: XHR should allow just "GET" method for blob URLs, r=smaug

2018-10-30 22:07:32 +01:00 · 2018-10-30 22:07:32 +01:00 · 263f4c6e8b
--- a/dom/workers/test/mochitest.ini
+++ b/dom/workers/test/mochitest.ini
@ -196,6 +196,7 @@ scheme=https
 [test_subworkers_suspended.html]
 skip-if = toolkit == 'android' #bug 1366501
 [test_bug1317725.html]
+support-files = test_bug1317725.js
 [test_sharedworker_event_listener_leaks.html]
 skip-if = (bits == 64 && os == 'linux' && asan && !debug) # Disabled on Linux64 opt asan, bug 1493563
 [test_fileReaderSync_when_closing.html]
--- a/dom/workers/test/test_bug1317725.html
+++ b/dom/workers/test/test_bug1317725.html
@ -13,17 +13,6 @@

 <input type="file" id="file" />

-<script type="text/js-worker" id="worker-src">
-onmessage = function(e) {
-  var data = new FormData();
-  data.append('Filedata', e.data.slice(0, 127), encodeURI(e.data.name));
-  var xhr = new XMLHttpRequest();
-  xhr.open('POST', location.href, false);
-  xhr.send(data);
-  postMessage("No crash \\o/");
-}
-</script>
-
 <script class="testbody" type="text/javascript">

 SimpleTest.waitForExplicitFinish();
@ -35,9 +24,7 @@ function onOpened(message) {
  var input = document.getElementById('file');
  SpecialPowers.wrap(input).mozSetFileArray([message.data]);

-  var blob = new Blob([ document.getElementById("worker-src").textContent ],
-                      { type: "text/javascript" });
-  var worker = new Worker(URL.createObjectURL(blob));
+  var worker = new Worker("test_bug1317725.js");
  worker.onerror = function(e) {
    ok(false, "We should not see any error.");
    SimpleTest.finish();
--- a/dom/workers/test/test_bug1317725.js
+++ b/dom/workers/test/test_bug1317725.js
@ -0,0 +1,8 @@
+onmessage = function(e) {
+  var data = new FormData();
+  data.append('Filedata', e.data.slice(0, 127), encodeURI(e.data.name));
+  var xhr = new XMLHttpRequest();
+  xhr.open('POST', location.href, false);
+  xhr.send(data);
+  postMessage("No crash \\o/");
+}
--- a/dom/xhr/XMLHttpRequestMainThread.cpp
+++ b/dom/xhr/XMLHttpRequestMainThread.cpp
@ -2883,6 +2883,12 @@ XMLHttpRequestMainThread::SendInternal(const BodyExtractorBase* aBody,
    return MaybeSilentSendFailure(NS_ERROR_DOM_NETWORK_ERR);
  }

+  // non-GET requests aren't allowed for blob.
+  if (IsBlobURI(mRequestURL) && !mRequestMethod.EqualsLiteral("GET")) {
+    mFlagSend = true; // so CloseRequestWithError sets us to DONE.
+    return MaybeSilentSendFailure(NS_ERROR_DOM_NETWORK_ERR);
+  }
+
  // XXX We should probably send a warning to the JS console
  //     if there are no event listeners set and we are doing
  //     an asynchronous call.
--- a/dom/xhr/XMLHttpRequestWorker.cpp
+++ b/dom/xhr/XMLHttpRequestWorker.cpp
@ -1298,13 +1298,6 @@ EventRunnable::WorkerRun(JSContext* aCx, WorkerPrivate* aWorkerPrivate)
  XMLHttpRequestWorker* xhr = mProxy->mXMLHttpRequestPrivate;
  xhr->UpdateState(*state.get(), mUseCachedArrayBufferResponse);

-  if (mType.EqualsASCII(sEventStrings[STRING_readystatechange])) {
-    if (mReadyState == 4 && !mUploadEvent && !mProxy->mSeenLoadStart) {
-      // We've already dispatched premature abort events.
-      return true;
-    }
-  }
-
  if (mUploadEvent && !xhr->GetUploadObjectNoCreate()) {
    return true;
  }
--- a/testing/web-platform/meta/FileAPI/url/sandboxed-iframe.html.ini
+++ b/testing/web-platform/meta/FileAPI/url/sandboxed-iframe.html.ini
@ -12,24 +12,6 @@
  [Appending a query string should cause XHR to fail]
    expected: FAIL

-  [XHR with method "HEAD" should fail]
-    expected: FAIL
-
-  [XHR with method "POST" should fail]
-    expected: FAIL
-
-  [XHR with method "DELETE" should fail]
-    expected: FAIL
-
-  [XHR with method "OPTIONS" should fail]
-    expected: FAIL
-
-  [XHR with method "PUT" should fail]
-    expected: FAIL
-
-  [XHR with method "CUSTOM" should fail]
-    expected: FAIL
-
  [Only exact matches should revoke URLs, using fetch]
    expected: FAIL

--- a/testing/web-platform/meta/FileAPI/url/url-with-xhr.any.js.ini
+++ b/testing/web-platform/meta/FileAPI/url/url-with-xhr.any.js.ini
@ -5,24 +5,6 @@
  [Appending a query string should cause XHR to fail]
    expected: FAIL

-  [XHR with method "HEAD" should fail]
-    expected: FAIL
-
-  [XHR with method "POST" should fail]
-    expected: FAIL
-
-  [XHR with method "DELETE" should fail]
-    expected: FAIL
-
-  [XHR with method "OPTIONS" should fail]
-    expected: FAIL
-
-  [XHR with method "PUT" should fail]
-    expected: FAIL
-
-  [XHR with method "CUSTOM" should fail]
-    expected: FAIL
-

 [url-with-xhr.any.html]
  [Only exact matches should revoke URLs, using XHR]
@ -31,21 +13,3 @@
  [Appending a query string should cause XHR to fail]
    expected: FAIL

-  [XHR with method "HEAD" should fail]
-    expected: FAIL
-
-  [XHR with method "POST" should fail]
-    expected: FAIL
-
-  [XHR with method "DELETE" should fail]
-    expected: FAIL
-
-  [XHR with method "OPTIONS" should fail]
-    expected: FAIL
-
-  [XHR with method "PUT" should fail]
-    expected: FAIL
-
-  [XHR with method "CUSTOM" should fail]
-    expected: FAIL
-