RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-22 17:25:07 +00:00
Code Issues Activity Actions

LibWeb: Update workarounds for fetching CORS cross-origin responses

Browse source 
Now that the processResponseConsumeBody algorithm receives the internal
response body of the fetched object, we do not need to go out of our way
to read its body from outside of fetch.

However, several elements do still need to manually inspect the internal
response for other data, such as response headers and status. Note that
HTMLScriptElement already does the new workaround as a proper spec step.
This commit is contained in:
Timothy Flynn 2023-05-26 09:51:53 -04:00 committed by Andreas Kling
parent 6406a561ef
commit 8ff8309202
4 changed files with 65 additions and 164 deletions
Download patch file Download diff file Expand all files Collapse all files

25
Userland/Libraries/LibWeb/HTML/HTMLImageElement.cpp
View file

@ -492,6 +492,10 @@ after_step_6:
Fetch::Infrastructure::FetchAlgorithms::Input fetch_algorithms_input {};
fetch_algorithms_input.process_response = [this, image_request, url_string](JS::NonnullGCPtr<Fetch::Infrastructure::Response> response) {
// FIXME: If the response is CORS cross-origin, we must use its internal response to query any of its data. See:
// https://github.com/whatwg/html/issues/9355
response = response->unsafe_response();
// 25. As soon as possible, jump to the first applicable entry from the following list:
// FIXME: - If the resource type is multipart/x-mixed-replace
@ -500,30 +504,15 @@ after_step_6:
// - The next task that is queued by the networking task source while the image is being fetched must run the following steps:
queue_an_element_task(HTML::Task::Source::Networking, [this, response, image_request, url_string] {
auto process_body = [response, image_request, url_string, this](ByteBuffer data) {
// FIXME: Another instance of the CORS cross-origin response workaround here:
auto response_with_headers = response;
if (response->is_cors_cross_origin()
&& response->header_list()->is_empty()
&& !response->unsafe_response()->header_list()->is_empty()) {
response_with_headers = response->unsafe_response();
}
auto extracted_mime_type = response_with_headers->header_list()->extract_mime_type().release_value_but_fixme_should_propagate_errors();
auto extracted_mime_type = response->header_list()->extract_mime_type().release_value_but_fixme_should_propagate_errors();
auto mime_type = extracted_mime_type.has_value() ? extracted_mime_type.value().essence().bytes_as_string_view() : StringView {};
handle_successful_fetch(url_string, mime_type, image_request, move(data));
};
auto process_body_error = [this](auto) {
handle_failed_fetch();
};
// FIXME: See HTMLLinkElement::default_fetch_and_process_linked_resource for thorough notes on the workaround
// added here for CORS cross-origin responses. The gist is that all cross-origin responses will have a
// null bodyBytes. So we must read the actual body from the unsafe response.
// https://github.com/whatwg/html/issues/9066
if (response->is_cors_cross_origin() && !response->body().has_value() && response->unsafe_response()->body().has_value()) {
auto unsafe_response = static_cast<Fetch::Infrastructure::OpaqueFilteredResponse const&>(*response).internal_response();
unsafe_response->body()->fully_read(realm(), move(process_body), move(process_body_error), JS::NonnullGCPtr { realm().global_object() }).release_value_but_fixme_should_propagate_errors();
} else if (response->body().has_value()) {
response->body().value().fully_read(realm(), move(process_body), move(process_body_error), JS::NonnullGCPtr { realm().global_object() }).release_value_but_fixme_should_propagate_errors();
}
response->body().value().fully_read(realm(), move(process_body), move(process_body_error), JS::NonnullGCPtr { realm().global_object() }).release_value_but_fixme_should_propagate_errors();
});
};