Reviewed by Alexey Proskuryakov.

aproskuryakov · aproskuryakov · commit bcadca504094 · 2010-04-28T21:42:18.000Z
Added a check to make sure that resources from a different https origin are not cached. https://bugs.webkit.org/show_bug.cgi?id=33456 Test: http/tests/appcache/different-https-origin-resource-main.html * loader/appcache/ManifestParser.cpp: (WebCore::parseManifest): Canonical link: https://commits.webkit.org/49702@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@58433 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2010-04-28  Abhishek Arya  <inferno@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Test that a resource from a different https origin is not cached.
+        https://bugs.webkit.org/show_bug.cgi?id=33456
+
+        * http/tests/appcache/different-https-origin-resource-main-expected.txt: Added.
+        * http/tests/appcache/different-https-origin-resource-main.html: Added.
+        * http/tests/appcache/resources/different-https-origin-resource.html: Added.
+        * http/tests/appcache/resources/different-https-origin-resource.manifest: Added.
+
 2010-04-28  Evan Martin  <evan@chromium.org>
 
         Reviewed by Adam Roben.
diff --git a/LayoutTests/http/tests/appcache/different-https-origin-resource-main-expected.txt b/LayoutTests/http/tests/appcache/different-https-origin-resource-main-expected.txt
@@ -0,0 +1,4 @@
+Test that a resource from a different https origin is not cached.
+
+PASS
+
diff --git a/LayoutTests/http/tests/appcache/different-https-origin-resource-main.html b/LayoutTests/http/tests/appcache/different-https-origin-resource-main.html
@@ -0,0 +1,19 @@
+<html>
+<body>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.waitUntilDone();
+    layoutTestController.dumpAsText();
+}
+
+window.addEventListener("message", function(e) {
+    document.getElementById("result").innerHTML = e.data; 
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}, false);
+</script>
+<p>Test that a resource from a different https origin is not cached.</p>
+<div id=result></div>
+<iframe src="https://127.0.0.1:8443/appcache/resources/different-https-origin-resource.html"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/appcache/resources/different-https-origin-resource.html b/LayoutTests/http/tests/appcache/resources/different-https-origin-resource.html
@@ -0,0 +1,29 @@
+<html manifest="https://127.0.0.1:8443/appcache/resources/different-https-origin-resource.manifest">
+<script>
+var hadError = false;
+var result;
+
+function finish()
+{
+    if (!hadError)
+        result = "PASS";
+    parent.postMessage(result, '*');
+}
+function fail()
+{
+    result = "FAIL: Different https origin resource is getting downloaded to cache.";
+    hadError = true;
+}
+function error()
+{
+    result = "ERROR";
+    hadError = true;
+    finish();
+}
+
+applicationCache.onprogress = function() { fail(); }
+applicationCache.onnoupdate = function() { finish(); }
+applicationCache.oncached = function() { finish(); }
+applicationCache.onerror = function() { error(); }
+</script>
+</html>
diff --git a/LayoutTests/http/tests/appcache/resources/different-https-origin-resource.manifest b/LayoutTests/http/tests/appcache/resources/different-https-origin-resource.manifest
@@ -0,0 +1,3 @@
+CACHE MANIFEST
+CACHE:
+https://localhost:8443/appcache/resources/simple.txt
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-04-28  Abhishek Arya  <inferno@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Added a check to make sure that resources from a different https origin are not cached.
+        https://bugs.webkit.org/show_bug.cgi?id=33456
+
+        Test: http/tests/appcache/different-https-origin-resource-main.html
+
+        * loader/appcache/ManifestParser.cpp:
+        (WebCore::parseManifest):
+
 2010-04-28  Sam Weinig  <sam@webkit.org>
 
         Reviewed by Mark Rowe.
diff --git a/WebCore/loader/appcache/ManifestParser.cpp b/WebCore/loader/appcache/ManifestParser.cpp
@@ -127,6 +127,9 @@ bool parseManifest(const KURL& manifestURL, const char* data, int length, Manife
             if (!equalIgnoringCase(url.protocol(), manifestURL.protocol()))
                 continue;
             
+            if (mode == Explicit && manifestURL.protocolIs("https") && !protocolHostAndPortAreEqual(manifestURL, url))
+                continue;
+            
             if (mode == Explicit)
                 manifest.explicitURLs.add(url.string());
             else

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +Test that a resource from a different https origin is not cached.
++
 +PASS
++
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+CACHE MANIFEST`
	`2`	`+CACHE:`
	`3`	`+https://localhost:8443/appcache/resources/simple.txt`