Bug 1260515. Start allowing sync XHR with credentials in window scopes again, since no one except for us bothered to implement the spec. r=smaug

2016-05-04 20:41:32 -04:00 · 2016-05-04 20:41:32 -04:00 · 6205a2679f
--- a/dom/base/nsXMLHttpRequest.cpp
+++ b/dom/base/nsXMLHttpRequest.cpp
@ -1508,15 +1508,11 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
    return rv;
  }

-  // sync request is not allowed using withCredential or responseType
+  // sync request is not allowed to use responseType or timeout
  // in window context
  if (!async && HasOrHasHadOwner() &&
-      (mState & XML_HTTP_REQUEST_AC_WITH_CREDENTIALS ||
-       mTimeoutMilliseconds ||
+      (mTimeoutMilliseconds ||
       mResponseType != XML_HTTP_RESPONSE_TYPE_DEFAULT)) {
-    if (mState & XML_HTTP_REQUEST_AC_WITH_CREDENTIALS) {
-      LogMessage("WithCredentialsSyncXHRWarning", GetOwner());
-    }
    if (mTimeoutMilliseconds) {
      LogMessage("TimeoutSyncXHRWarning", GetOwner());
    }
@ -3205,14 +3201,6 @@ nsXMLHttpRequest::SetWithCredentials(bool aWithCredentials, ErrorResult& aRv)
    return;
  }

-  // sync request is not allowed setting withCredentials in window context
-  if (HasOrHasHadOwner() &&
-      !(mState & (XML_HTTP_REQUEST_UNSENT | XML_HTTP_REQUEST_ASYNC))) {
-    LogMessage("WithCredentialsSyncXHRWarning", GetOwner());
-    aRv.Throw(NS_ERROR_DOM_INVALID_ACCESS_ERR);
-    return;
-  }
-
  if (aWithCredentials) {
    mState |= XML_HTTP_REQUEST_AC_WITH_CREDENTIALS;
  } else {
--- a/dom/base/test/test_xhr_withCredentials.html
+++ b/dom/base/test/test_xhr_withCredentials.html
@ -18,15 +18,11 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=814050
 <pre id="test">
 <script type="application/javascript">

-/** Test for Bug 814050 **/
+/** Test for Bug 814050, but modified now that the spec has changed **/
 var xhr = new XMLHttpRequest();
 xhr.open("GET", "", false);
-try {
-  xhr.withCredentials = true;
-  ok(false, "Should throw on withCredentials sets for sync XHR");
-} catch (e) {
-  ok(true, "Should throw on withCredentials sets for sync XHR");
-}
+xhr.withCredentials = true;
+ok(true, "Should not throw on withCredentials sets for sync XHR");

 var xhr = new XMLHttpRequest();
 xhr.open("GET", "", true);
--- a/dom/locales/en-US/chrome/dom/dom.properties
+++ b/dom/locales/en-US/chrome/dom/dom.properties
@ -79,7 +79,6 @@ FocusedWindowedPluginWhileFullscreen=Exited fullscreen because windowed plugin w
 HTMLSyncXHRWarning=HTML parsing in XMLHttpRequest is not supported in the synchronous mode.
 InvalidRedirectChannelWarning=Unable to redirect to %S because the channel doesn’t implement nsIWritablePropertyBag2.
 ResponseTypeSyncXHRWarning=Use of XMLHttpRequest’s responseType attribute is no longer supported in the synchronous mode in window context.
-WithCredentialsSyncXHRWarning=Use of XMLHttpRequest’s withCredentials attribute is no longer supported in the synchronous mode in window context.
 TimeoutSyncXHRWarning=Use of XMLHttpRequest’s timeout attribute is not supported in the synchronous mode in window context.
 JSONCharsetWarning=An attempt was made to declare a non-UTF-8 encoding for JSON retrieved using XMLHttpRequest. Only UTF-8 is supported for decoding JSON.
 # LOCALIZATION NOTE: Do not translate AudioBufferSourceNode
--- a/testing/web-platform/tests/XMLHttpRequest/XMLHttpRequest-withCredentials.js
+++ b/testing/web-platform/tests/XMLHttpRequest/XMLHttpRequest-withCredentials.js
@ -16,15 +16,8 @@ function test_withCredentials(worker) {
  test(function() {
    var client = new XMLHttpRequest()
    client.open("GET", "resources/delay.py?ms=1000", false)
-    if (worker) {
-      client.withCredentials = true
-      assert_true(client.withCredentials, "set in OPEN state")
-    } else {
-      assert_throws("InvalidAccessError", function() {
-        client.withCredentials = true
-      })
-      assert_false(client.withCredentials, "set in OPEN state")
-    }
+    client.withCredentials = true
+    assert_true(client.withCredentials, "set in OPEN state")
  }, "setting on synchronous XHR")

  async_test(function() {
--- a/testing/web-platform/tests/cors/credentials-flag.htm
+++ b/testing/web-platform/tests/cors/credentials-flag.htm
@ -20,8 +20,8 @@ var url = CROSSDOMAIN + 'resources/cors-cookie.py?ident='
 test(function () {
    var client = new XMLHttpRequest()
    client.open('GET', CROSSDOMAIN, false)
-    assert_throws(null, function() { client.withCredentials = true; }, 'setting withCredentials')
-}, 'Setting withCredentials on a sync XHR object should throw')
+    client.withCredentials = true;
+}, 'Setting withCredentials on a sync XHR object should not throw')

 async_test(function () {
    var id = new Date().getTime() + '_1',