nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/Source/WebCore/dom/ScriptElementCachedScriptFe...

46 lines
2.1 KiB
C++
Raw Permalink Normal View History

Implement dynamic-import for WebCore https://bugs.webkit.org/show_bug.cgi?id=166926 Reviewed by Ryosuke Niwa. Source/WebCore: This patch introduces browser side dynamic-import implementation. The dynamic-import is new ES feature which is now stage 3. The JSC shell already implements it. The dynamic-import allows us to kick module loading in a dynamic manner. For example, you can write, await module = import(`${HOST}/hello.js`); The dynamic `import` operator (this is not a function) returns a promise with module namespace object if the module loading succeeds. Otherwise, it returns a rejected promise. And importantly, this feature allows us to kick module loading from classic script. Previously, module loading can be only used from <script type="module"> tag. And all the module loading is done statically. * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: * bindings/js/CachedModuleScriptLoader.cpp: (WebCore::CachedModuleScriptLoader::load): * bindings/js/CachedScriptFetcher.cpp: (WebCore::CachedScriptFetcher::create): (WebCore::CachedScriptFetcher::requestModuleScript): requestModuleScript function is used only when loading a new module script. So, LoadableClassicScript should use requestScriptWithCache to load itself. We pass String() for cross origin mode for null cross origin attribute as specified. (WebCore::CachedScriptFetcher::requestScriptWithCache): * bindings/js/CachedScriptFetcher.h: (WebCore::CachedScriptFetcher::CachedScriptFetcher): * bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::moduleLoaderImportModule): * bindings/js/JSDOMWindowBase.h: * bindings/js/JSLazyEventListener.cpp: (WebCore::JSLazyEventListener::initializeJSFunction): * bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeScript): * bindings/js/ScriptModuleLoader.cpp: (WebCore::resolveModuleSpecifier): Extract the part of resolving module specifier to a static function to use it in ScriptModuleLoader::resolve and ScriptModuleLoader::importModule. (WebCore::ScriptModuleLoader::resolve): (WebCore::rejectPromise): (WebCore::ScriptModuleLoader::importModule): New hook moduleLoaderImportModule is implemented. This hook is called when `import` operator is used. This hook is responsible to 1. resolve the module name to obtain module specifier. (like, resolve the relative URL to get absolute URL.) 2. kick module loading with the resolved specifier. When resolving the module name, the referrer information is needed. For example, "./script.js" will be resolved to "http://example.com/script.js" if the referrer module specifier is "http://example.com/". If `import("./script.js")` is executed in the classic script src="http://example.com/test.js", it starts loading "http://example.com/script.js". So the information of the caller of `import` operator is necessary here. This appropriate referrer is propagated by SourceOrigin. * bindings/js/ScriptModuleLoader.h: * dom/InlineClassicScript.h: * dom/LoadableClassicScript.cpp: (WebCore::LoadableClassicScript::load): * dom/LoadableClassicScript.h: * dom/LoadableModuleScript.h: * dom/LoadableScript.h: (WebCore::LoadableScript::LoadableScript): (WebCore::LoadableScript::isClassicScript): Deleted. (WebCore::LoadableScript::isModuleScript): Deleted. * dom/ScriptElement.h: * dom/ScriptElementCachedScriptFetcher.cpp: Copied from Source/WebCore/dom/InlineClassicScript.h. (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript): This requestModuleScript will be used when the script tag (or modules imported from the script tag) uses `import` operator. In classic scripts, `crossorigin` mode always becomes "omit" while module scripts propagate the original `crossorigin` value. * dom/ScriptElementCachedScriptFetcher.h: Copied from Source/WebCore/bindings/js/CachedScriptFetcher.h. (WebCore::ScriptElementCachedScriptFetcher::crossOriginMode): (WebCore::ScriptElementCachedScriptFetcher::ScriptElementCachedScriptFetcher): LayoutTests: * http/tests/misc/import-absolute-url-expected.txt: Added. * http/tests/misc/import-absolute-url.html: Added. * http/tests/security/contentSecurityPolicy/1.1/import-scriptnonce-expected.txt: Added. * http/tests/security/contentSecurityPolicy/1.1/import-scriptnonce.html: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed1.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed2.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed3.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed4.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed5.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed6.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked1.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked2.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked3.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked4.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked5.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked6.js: Added. * http/tests/security/import-module-crossorigin-loads-error-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-error-src-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-error-src.html: Added. * http/tests/security/import-module-crossorigin-loads-error.html: Added. * http/tests/security/import-module-crossorigin-loads-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-src-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-src.html: Added. * http/tests/security/import-module-crossorigin-loads.html: Added. * http/tests/security/import-script-crossorigin-loads-error-expected.txt: Added. * http/tests/security/import-script-crossorigin-loads-error.html: Added. * http/tests/security/import-script-crossorigin-loads-omit-expected.txt: Added. * http/tests/security/import-script-crossorigin-loads-omit.html: Added. * http/tests/security/resources/cors-deny.php: Added. * http/tests/security/resources/import-module-crossorigin-loads-error-src.js: Added. (import.string_appeared_here.then): * http/tests/security/resources/import-module-crossorigin-loads-src.js: Added. (import.string_appeared_here.then): * js/dom/modules/import-execution-order-expected.txt: Added. * js/dom/modules/import-execution-order.html: Copied from LayoutTests/js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html. * js/dom/modules/import-from-handler-expected.txt: Added. * js/dom/modules/import-from-handler.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-javascript-url-expected.txt: Added. * js/dom/modules/import-from-javascript-url.html: Copied from LayoutTests/js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html. * js/dom/modules/import-from-loaded-classic-expected.txt: Added. * js/dom/modules/import-from-loaded-classic.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-loaded-module-expected.txt: Added. * js/dom/modules/import-from-loaded-module.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-module-expected.txt: Added. * js/dom/modules/import-from-module.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-incorrect-relative-specifier-expected.txt: Added. * js/dom/modules/import-incorrect-relative-specifier.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-simple-expected.txt: Added. * js/dom/modules/import-simple.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/module-document-write-src.html: * js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html: * js/dom/modules/module-execution-order-mixed-with-classic-scripts.html: * js/dom/modules/module-execution-order-mixed.html: * js/dom/modules/module-inline-dynamic.html: * js/dom/modules/module-inline-simple.html: * js/dom/modules/module-load-event-with-src.html: * js/dom/modules/module-load-same-module-from-different-entry-point-dynamic.html: * js/dom/modules/module-load-same-module-from-different-entry-point-in-src.html: * js/dom/modules/module-load-same-module-from-different-entry-point.html: * js/dom/modules/module-not-found-error-event-with-src-and-import.html: * js/dom/modules/module-src-current-script.html: * js/dom/modules/module-src-dynamic.html: * js/dom/modules/module-src-simple.html: * js/dom/modules/module-type-case-insensitive.html: * js/dom/modules/module-will-fire-beforeload.html: * js/dom/modules/nomodule-dynamic-classic-src.html: * js/dom/modules/nomodule-has-no-effect-on-module-inline.html: * js/dom/modules/nomodule-has-no-effect-on-module-src.html: * js/dom/modules/nomodule-prevents-execution-classic-script-src.html: * js/dom/modules/nomodule-reflect.html: * js/dom/modules/resources/error-classic-script.js: Renamed from LayoutTests/js/dom/modules/script-tests/error-classic-script.js. * js/dom/modules/resources/import-from-loaded-classic-finish.js: Added. * js/dom/modules/resources/import-from-loaded-classic.js: Added. * js/dom/modules/resources/import-from-loaded-module-finish.js: Added. * js/dom/modules/resources/import-from-loaded-module.js: Added. * js/dom/modules/resources/module-document-write-src.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-document-write-src.js. * js/dom/modules/resources/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror-throw.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror-throw.js. * js/dom/modules/resources/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.js. * js/dom/modules/resources/module-execution-order-mixed-2.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-2.js. * js/dom/modules/resources/module-execution-order-mixed-cappuccino.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-cappuccino.js. * js/dom/modules/resources/module-execution-order-mixed-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-cocoa.js. * js/dom/modules/resources/module-execution-order-mixed-matcha.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-matcha.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-2.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-2.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-cappuccino.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-cappuccino.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-cocoa.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-matcha.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-matcha.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts.js. * js/dom/modules/resources/module-execution-order-mixed.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed.js. * js/dom/modules/resources/module-inline-dynamic.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-inline-dynamic.js. * js/dom/modules/resources/module-inline-simple.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-inline-simple.js. * js/dom/modules/resources/module-load-event-with-src.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-load-event-with-src.js. * js/dom/modules/resources/module-load-same-module-from-different-entry-point.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-load-same-module-from-different-entry-point.js. * js/dom/modules/resources/module-not-found-error-event-with-src-and-import.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-not-found-error-event-with-src-and-import.js. * js/dom/modules/resources/module-src-current-script.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-current-script.js. * js/dom/modules/resources/module-src-dynamic-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-dynamic-cocoa.js. * js/dom/modules/resources/module-src-dynamic.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-dynamic.js. * js/dom/modules/resources/module-src-simple-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-simple-cocoa.js. * js/dom/modules/resources/module-src-simple.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-simple.js. * js/dom/modules/resources/module-will-fire-beforeload.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-will-fire-beforeload.js. Canonical link: https://commits.webkit.org/184534@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@211280 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2017-01-27 10:49:23 +00:00
/*
* Copyright (C) 2017 Yusuke Suzuki <utatane.tea@gmail.com>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "ScriptElementCachedScriptFetcher.h"
#include "Element.h"
#include "ScriptElement.h"
namespace WebCore {
module's default cross-origin value should be "anonymous" https://bugs.webkit.org/show_bug.cgi?id=210326 Reviewed by Sam Weinig. Source/WebCore: Tests: http/tests/security/cookie-module-import-propagate.html http/tests/security/cookie-module-import.html http/tests/security/cookie-module-propagate.html http/tests/security/cookie-module.html The original spec was using "omit" crossorigin for modules when crossorigin is not set / empty. However, the spec is changed to sending requests with "same-origin" credentials ("anonymous" crossorigin mode) by default. We should follow it. * dom/ScriptElement.cpp: (WebCore::ScriptElement::requestModuleScript): * dom/ScriptElementCachedScriptFetcher.cpp: (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript const): * dom/ScriptElementCachedScriptFetcher.h: * html/parser/HTMLResourcePreloader.cpp: (WebCore::PreloadRequest::resourceRequest): * loader/cache/CachedScript.cpp: (WebCore::CachedScript::script): While this is not directly related to this patch, added new tests found that we are returning null StringView if the resource is zero byte. This totally works, but JSC::Parser has assertion that this is non-null StringView. For zero byte CachedScript resource, we should return non-null empty StringView instead. LayoutTests: * http/tests/security/cookie-module-expected.txt: Added. * http/tests/security/cookie-module-import-expected.txt: Added. * http/tests/security/cookie-module-import-propagate-expected.txt: Added. * http/tests/security/cookie-module-import-propagate.html: Added. * http/tests/security/cookie-module-import.html: Added. * http/tests/security/cookie-module-propagate-expected.txt: Added. * http/tests/security/cookie-module-propagate.html: Added. * http/tests/security/cookie-module.html: Added. * http/tests/security/resources/cookie-protected-script.php: Added. * http/tests/security/resources/module-nest-import.php: Added. Canonical link: https://commits.webkit.org/223339@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260038 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-04-13 20:59:07 +00:00
const ASCIILiteral ScriptElementCachedScriptFetcher::defaultCrossOriginModeForModule { "anonymous"_s };
Set integrity fetch options for loading scripts and CSS https://bugs.webkit.org/show_bug.cgi?id=182077 Patch by Youenn Fablet <youenn@apple.com> on 2018-01-25 Reviewed by Chris Dumez. LayoutTests/imported/w3c: * web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt: * web-platform-tests/service-workers/service-worker/fetch-request-resources.https.html: Source/WebCore: Covered by updated test. Set integrity fetch option in script and CSS loading. * bindings/js/CachedModuleScriptLoader.cpp: (WebCore::CachedModuleScriptLoader::load): * bindings/js/CachedScriptFetcher.cpp: (WebCore::CachedScriptFetcher::requestModuleScript const): (WebCore::CachedScriptFetcher::requestScriptWithCache const): * bindings/js/CachedScriptFetcher.h: * dom/LoadableClassicScript.cpp: (WebCore::LoadableClassicScript::load): * dom/ScriptElementCachedScriptFetcher.cpp: (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript const): * dom/ScriptElementCachedScriptFetcher.h: * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::process): Canonical link: https://commits.webkit.org/197946@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227612 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-01-25 18:02:23 +00:00
CachedResourceHandle<CachedScript> ScriptElementCachedScriptFetcher::requestModuleScript(Document& document, const URL& sourceURL, String&& integrity) const
Implement dynamic-import for WebCore https://bugs.webkit.org/show_bug.cgi?id=166926 Reviewed by Ryosuke Niwa. Source/WebCore: This patch introduces browser side dynamic-import implementation. The dynamic-import is new ES feature which is now stage 3. The JSC shell already implements it. The dynamic-import allows us to kick module loading in a dynamic manner. For example, you can write, await module = import(`${HOST}/hello.js`); The dynamic `import` operator (this is not a function) returns a promise with module namespace object if the module loading succeeds. Otherwise, it returns a rejected promise. And importantly, this feature allows us to kick module loading from classic script. Previously, module loading can be only used from <script type="module"> tag. And all the module loading is done statically. * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: * bindings/js/CachedModuleScriptLoader.cpp: (WebCore::CachedModuleScriptLoader::load): * bindings/js/CachedScriptFetcher.cpp: (WebCore::CachedScriptFetcher::create): (WebCore::CachedScriptFetcher::requestModuleScript): requestModuleScript function is used only when loading a new module script. So, LoadableClassicScript should use requestScriptWithCache to load itself. We pass String() for cross origin mode for null cross origin attribute as specified. (WebCore::CachedScriptFetcher::requestScriptWithCache): * bindings/js/CachedScriptFetcher.h: (WebCore::CachedScriptFetcher::CachedScriptFetcher): * bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::moduleLoaderImportModule): * bindings/js/JSDOMWindowBase.h: * bindings/js/JSLazyEventListener.cpp: (WebCore::JSLazyEventListener::initializeJSFunction): * bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeScript): * bindings/js/ScriptModuleLoader.cpp: (WebCore::resolveModuleSpecifier): Extract the part of resolving module specifier to a static function to use it in ScriptModuleLoader::resolve and ScriptModuleLoader::importModule. (WebCore::ScriptModuleLoader::resolve): (WebCore::rejectPromise): (WebCore::ScriptModuleLoader::importModule): New hook moduleLoaderImportModule is implemented. This hook is called when `import` operator is used. This hook is responsible to 1. resolve the module name to obtain module specifier. (like, resolve the relative URL to get absolute URL.) 2. kick module loading with the resolved specifier. When resolving the module name, the referrer information is needed. For example, "./script.js" will be resolved to "http://example.com/script.js" if the referrer module specifier is "http://example.com/". If `import("./script.js")` is executed in the classic script src="http://example.com/test.js", it starts loading "http://example.com/script.js". So the information of the caller of `import` operator is necessary here. This appropriate referrer is propagated by SourceOrigin. * bindings/js/ScriptModuleLoader.h: * dom/InlineClassicScript.h: * dom/LoadableClassicScript.cpp: (WebCore::LoadableClassicScript::load): * dom/LoadableClassicScript.h: * dom/LoadableModuleScript.h: * dom/LoadableScript.h: (WebCore::LoadableScript::LoadableScript): (WebCore::LoadableScript::isClassicScript): Deleted. (WebCore::LoadableScript::isModuleScript): Deleted. * dom/ScriptElement.h: * dom/ScriptElementCachedScriptFetcher.cpp: Copied from Source/WebCore/dom/InlineClassicScript.h. (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript): This requestModuleScript will be used when the script tag (or modules imported from the script tag) uses `import` operator. In classic scripts, `crossorigin` mode always becomes "omit" while module scripts propagate the original `crossorigin` value. * dom/ScriptElementCachedScriptFetcher.h: Copied from Source/WebCore/bindings/js/CachedScriptFetcher.h. (WebCore::ScriptElementCachedScriptFetcher::crossOriginMode): (WebCore::ScriptElementCachedScriptFetcher::ScriptElementCachedScriptFetcher): LayoutTests: * http/tests/misc/import-absolute-url-expected.txt: Added. * http/tests/misc/import-absolute-url.html: Added. * http/tests/security/contentSecurityPolicy/1.1/import-scriptnonce-expected.txt: Added. * http/tests/security/contentSecurityPolicy/1.1/import-scriptnonce.html: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed1.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed2.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed3.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed4.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed5.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed6.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked1.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked2.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked3.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked4.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked5.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked6.js: Added. * http/tests/security/import-module-crossorigin-loads-error-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-error-src-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-error-src.html: Added. * http/tests/security/import-module-crossorigin-loads-error.html: Added. * http/tests/security/import-module-crossorigin-loads-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-src-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-src.html: Added. * http/tests/security/import-module-crossorigin-loads.html: Added. * http/tests/security/import-script-crossorigin-loads-error-expected.txt: Added. * http/tests/security/import-script-crossorigin-loads-error.html: Added. * http/tests/security/import-script-crossorigin-loads-omit-expected.txt: Added. * http/tests/security/import-script-crossorigin-loads-omit.html: Added. * http/tests/security/resources/cors-deny.php: Added. * http/tests/security/resources/import-module-crossorigin-loads-error-src.js: Added. (import.string_appeared_here.then): * http/tests/security/resources/import-module-crossorigin-loads-src.js: Added. (import.string_appeared_here.then): * js/dom/modules/import-execution-order-expected.txt: Added. * js/dom/modules/import-execution-order.html: Copied from LayoutTests/js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html. * js/dom/modules/import-from-handler-expected.txt: Added. * js/dom/modules/import-from-handler.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-javascript-url-expected.txt: Added. * js/dom/modules/import-from-javascript-url.html: Copied from LayoutTests/js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html. * js/dom/modules/import-from-loaded-classic-expected.txt: Added. * js/dom/modules/import-from-loaded-classic.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-loaded-module-expected.txt: Added. * js/dom/modules/import-from-loaded-module.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-module-expected.txt: Added. * js/dom/modules/import-from-module.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-incorrect-relative-specifier-expected.txt: Added. * js/dom/modules/import-incorrect-relative-specifier.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-simple-expected.txt: Added. * js/dom/modules/import-simple.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/module-document-write-src.html: * js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html: * js/dom/modules/module-execution-order-mixed-with-classic-scripts.html: * js/dom/modules/module-execution-order-mixed.html: * js/dom/modules/module-inline-dynamic.html: * js/dom/modules/module-inline-simple.html: * js/dom/modules/module-load-event-with-src.html: * js/dom/modules/module-load-same-module-from-different-entry-point-dynamic.html: * js/dom/modules/module-load-same-module-from-different-entry-point-in-src.html: * js/dom/modules/module-load-same-module-from-different-entry-point.html: * js/dom/modules/module-not-found-error-event-with-src-and-import.html: * js/dom/modules/module-src-current-script.html: * js/dom/modules/module-src-dynamic.html: * js/dom/modules/module-src-simple.html: * js/dom/modules/module-type-case-insensitive.html: * js/dom/modules/module-will-fire-beforeload.html: * js/dom/modules/nomodule-dynamic-classic-src.html: * js/dom/modules/nomodule-has-no-effect-on-module-inline.html: * js/dom/modules/nomodule-has-no-effect-on-module-src.html: * js/dom/modules/nomodule-prevents-execution-classic-script-src.html: * js/dom/modules/nomodule-reflect.html: * js/dom/modules/resources/error-classic-script.js: Renamed from LayoutTests/js/dom/modules/script-tests/error-classic-script.js. * js/dom/modules/resources/import-from-loaded-classic-finish.js: Added. * js/dom/modules/resources/import-from-loaded-classic.js: Added. * js/dom/modules/resources/import-from-loaded-module-finish.js: Added. * js/dom/modules/resources/import-from-loaded-module.js: Added. * js/dom/modules/resources/module-document-write-src.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-document-write-src.js. * js/dom/modules/resources/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror-throw.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror-throw.js. * js/dom/modules/resources/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.js. * js/dom/modules/resources/module-execution-order-mixed-2.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-2.js. * js/dom/modules/resources/module-execution-order-mixed-cappuccino.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-cappuccino.js. * js/dom/modules/resources/module-execution-order-mixed-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-cocoa.js. * js/dom/modules/resources/module-execution-order-mixed-matcha.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-matcha.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-2.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-2.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-cappuccino.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-cappuccino.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-cocoa.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-matcha.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-matcha.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts.js. * js/dom/modules/resources/module-execution-order-mixed.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed.js. * js/dom/modules/resources/module-inline-dynamic.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-inline-dynamic.js. * js/dom/modules/resources/module-inline-simple.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-inline-simple.js. * js/dom/modules/resources/module-load-event-with-src.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-load-event-with-src.js. * js/dom/modules/resources/module-load-same-module-from-different-entry-point.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-load-same-module-from-different-entry-point.js. * js/dom/modules/resources/module-not-found-error-event-with-src-and-import.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-not-found-error-event-with-src-and-import.js. * js/dom/modules/resources/module-src-current-script.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-current-script.js. * js/dom/modules/resources/module-src-dynamic-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-dynamic-cocoa.js. * js/dom/modules/resources/module-src-dynamic.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-dynamic.js. * js/dom/modules/resources/module-src-simple-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-simple-cocoa.js. * js/dom/modules/resources/module-src-simple.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-simple.js. * js/dom/modules/resources/module-will-fire-beforeload.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-will-fire-beforeload.js. Canonical link: https://commits.webkit.org/184534@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@211280 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2017-01-27 10:49:23 +00:00
{
module's default cross-origin value should be "anonymous" https://bugs.webkit.org/show_bug.cgi?id=210326 Reviewed by Sam Weinig. Source/WebCore: Tests: http/tests/security/cookie-module-import-propagate.html http/tests/security/cookie-module-import.html http/tests/security/cookie-module-propagate.html http/tests/security/cookie-module.html The original spec was using "omit" crossorigin for modules when crossorigin is not set / empty. However, the spec is changed to sending requests with "same-origin" credentials ("anonymous" crossorigin mode) by default. We should follow it. * dom/ScriptElement.cpp: (WebCore::ScriptElement::requestModuleScript): * dom/ScriptElementCachedScriptFetcher.cpp: (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript const): * dom/ScriptElementCachedScriptFetcher.h: * html/parser/HTMLResourcePreloader.cpp: (WebCore::PreloadRequest::resourceRequest): * loader/cache/CachedScript.cpp: (WebCore::CachedScript::script): While this is not directly related to this patch, added new tests found that we are returning null StringView if the resource is zero byte. This totally works, but JSC::Parser has assertion that this is non-null StringView. For zero byte CachedScript resource, we should return non-null empty StringView instead. LayoutTests: * http/tests/security/cookie-module-expected.txt: Added. * http/tests/security/cookie-module-import-expected.txt: Added. * http/tests/security/cookie-module-import-propagate-expected.txt: Added. * http/tests/security/cookie-module-import-propagate.html: Added. * http/tests/security/cookie-module-import.html: Added. * http/tests/security/cookie-module-propagate-expected.txt: Added. * http/tests/security/cookie-module-propagate.html: Added. * http/tests/security/cookie-module.html: Added. * http/tests/security/resources/cookie-protected-script.php: Added. * http/tests/security/resources/module-nest-import.php: Added. Canonical link: https://commits.webkit.org/223339@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260038 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-04-13 20:59:07 +00:00
// https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes
// If the fetcher is not module script, credential mode is always "same-origin" ("anonymous").
// This code is for dynamic module import (`import` operator).
Implement dynamic-import for WebCore https://bugs.webkit.org/show_bug.cgi?id=166926 Reviewed by Ryosuke Niwa. Source/WebCore: This patch introduces browser side dynamic-import implementation. The dynamic-import is new ES feature which is now stage 3. The JSC shell already implements it. The dynamic-import allows us to kick module loading in a dynamic manner. For example, you can write, await module = import(`${HOST}/hello.js`); The dynamic `import` operator (this is not a function) returns a promise with module namespace object if the module loading succeeds. Otherwise, it returns a rejected promise. And importantly, this feature allows us to kick module loading from classic script. Previously, module loading can be only used from <script type="module"> tag. And all the module loading is done statically. * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: * bindings/js/CachedModuleScriptLoader.cpp: (WebCore::CachedModuleScriptLoader::load): * bindings/js/CachedScriptFetcher.cpp: (WebCore::CachedScriptFetcher::create): (WebCore::CachedScriptFetcher::requestModuleScript): requestModuleScript function is used only when loading a new module script. So, LoadableClassicScript should use requestScriptWithCache to load itself. We pass String() for cross origin mode for null cross origin attribute as specified. (WebCore::CachedScriptFetcher::requestScriptWithCache): * bindings/js/CachedScriptFetcher.h: (WebCore::CachedScriptFetcher::CachedScriptFetcher): * bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::moduleLoaderImportModule): * bindings/js/JSDOMWindowBase.h: * bindings/js/JSLazyEventListener.cpp: (WebCore::JSLazyEventListener::initializeJSFunction): * bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeScript): * bindings/js/ScriptModuleLoader.cpp: (WebCore::resolveModuleSpecifier): Extract the part of resolving module specifier to a static function to use it in ScriptModuleLoader::resolve and ScriptModuleLoader::importModule. (WebCore::ScriptModuleLoader::resolve): (WebCore::rejectPromise): (WebCore::ScriptModuleLoader::importModule): New hook moduleLoaderImportModule is implemented. This hook is called when `import` operator is used. This hook is responsible to 1. resolve the module name to obtain module specifier. (like, resolve the relative URL to get absolute URL.) 2. kick module loading with the resolved specifier. When resolving the module name, the referrer information is needed. For example, "./script.js" will be resolved to "http://example.com/script.js" if the referrer module specifier is "http://example.com/". If `import("./script.js")` is executed in the classic script src="http://example.com/test.js", it starts loading "http://example.com/script.js". So the information of the caller of `import` operator is necessary here. This appropriate referrer is propagated by SourceOrigin. * bindings/js/ScriptModuleLoader.h: * dom/InlineClassicScript.h: * dom/LoadableClassicScript.cpp: (WebCore::LoadableClassicScript::load): * dom/LoadableClassicScript.h: * dom/LoadableModuleScript.h: * dom/LoadableScript.h: (WebCore::LoadableScript::LoadableScript): (WebCore::LoadableScript::isClassicScript): Deleted. (WebCore::LoadableScript::isModuleScript): Deleted. * dom/ScriptElement.h: * dom/ScriptElementCachedScriptFetcher.cpp: Copied from Source/WebCore/dom/InlineClassicScript.h. (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript): This requestModuleScript will be used when the script tag (or modules imported from the script tag) uses `import` operator. In classic scripts, `crossorigin` mode always becomes "omit" while module scripts propagate the original `crossorigin` value. * dom/ScriptElementCachedScriptFetcher.h: Copied from Source/WebCore/bindings/js/CachedScriptFetcher.h. (WebCore::ScriptElementCachedScriptFetcher::crossOriginMode): (WebCore::ScriptElementCachedScriptFetcher::ScriptElementCachedScriptFetcher): LayoutTests: * http/tests/misc/import-absolute-url-expected.txt: Added. * http/tests/misc/import-absolute-url.html: Added. * http/tests/security/contentSecurityPolicy/1.1/import-scriptnonce-expected.txt: Added. * http/tests/security/contentSecurityPolicy/1.1/import-scriptnonce.html: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed1.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed2.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed3.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed4.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed5.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed6.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked1.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked2.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked3.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked4.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked5.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked6.js: Added. * http/tests/security/import-module-crossorigin-loads-error-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-error-src-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-error-src.html: Added. * http/tests/security/import-module-crossorigin-loads-error.html: Added. * http/tests/security/import-module-crossorigin-loads-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-src-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-src.html: Added. * http/tests/security/import-module-crossorigin-loads.html: Added. * http/tests/security/import-script-crossorigin-loads-error-expected.txt: Added. * http/tests/security/import-script-crossorigin-loads-error.html: Added. * http/tests/security/import-script-crossorigin-loads-omit-expected.txt: Added. * http/tests/security/import-script-crossorigin-loads-omit.html: Added. * http/tests/security/resources/cors-deny.php: Added. * http/tests/security/resources/import-module-crossorigin-loads-error-src.js: Added. (import.string_appeared_here.then): * http/tests/security/resources/import-module-crossorigin-loads-src.js: Added. (import.string_appeared_here.then): * js/dom/modules/import-execution-order-expected.txt: Added. * js/dom/modules/import-execution-order.html: Copied from LayoutTests/js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html. * js/dom/modules/import-from-handler-expected.txt: Added. * js/dom/modules/import-from-handler.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-javascript-url-expected.txt: Added. * js/dom/modules/import-from-javascript-url.html: Copied from LayoutTests/js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html. * js/dom/modules/import-from-loaded-classic-expected.txt: Added. * js/dom/modules/import-from-loaded-classic.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-loaded-module-expected.txt: Added. * js/dom/modules/import-from-loaded-module.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-module-expected.txt: Added. * js/dom/modules/import-from-module.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-incorrect-relative-specifier-expected.txt: Added. * js/dom/modules/import-incorrect-relative-specifier.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-simple-expected.txt: Added. * js/dom/modules/import-simple.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/module-document-write-src.html: * js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html: * js/dom/modules/module-execution-order-mixed-with-classic-scripts.html: * js/dom/modules/module-execution-order-mixed.html: * js/dom/modules/module-inline-dynamic.html: * js/dom/modules/module-inline-simple.html: * js/dom/modules/module-load-event-with-src.html: * js/dom/modules/module-load-same-module-from-different-entry-point-dynamic.html: * js/dom/modules/module-load-same-module-from-different-entry-point-in-src.html: * js/dom/modules/module-load-same-module-from-different-entry-point.html: * js/dom/modules/module-not-found-error-event-with-src-and-import.html: * js/dom/modules/module-src-current-script.html: * js/dom/modules/module-src-dynamic.html: * js/dom/modules/module-src-simple.html: * js/dom/modules/module-type-case-insensitive.html: * js/dom/modules/module-will-fire-beforeload.html: * js/dom/modules/nomodule-dynamic-classic-src.html: * js/dom/modules/nomodule-has-no-effect-on-module-inline.html: * js/dom/modules/nomodule-has-no-effect-on-module-src.html: * js/dom/modules/nomodule-prevents-execution-classic-script-src.html: * js/dom/modules/nomodule-reflect.html: * js/dom/modules/resources/error-classic-script.js: Renamed from LayoutTests/js/dom/modules/script-tests/error-classic-script.js. * js/dom/modules/resources/import-from-loaded-classic-finish.js: Added. * js/dom/modules/resources/import-from-loaded-classic.js: Added. * js/dom/modules/resources/import-from-loaded-module-finish.js: Added. * js/dom/modules/resources/import-from-loaded-module.js: Added. * js/dom/modules/resources/module-document-write-src.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-document-write-src.js. * js/dom/modules/resources/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror-throw.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror-throw.js. * js/dom/modules/resources/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.js. * js/dom/modules/resources/module-execution-order-mixed-2.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-2.js. * js/dom/modules/resources/module-execution-order-mixed-cappuccino.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-cappuccino.js. * js/dom/modules/resources/module-execution-order-mixed-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-cocoa.js. * js/dom/modules/resources/module-execution-order-mixed-matcha.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-matcha.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-2.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-2.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-cappuccino.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-cappuccino.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-cocoa.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-matcha.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-matcha.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts.js. * js/dom/modules/resources/module-execution-order-mixed.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed.js. * js/dom/modules/resources/module-inline-dynamic.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-inline-dynamic.js. * js/dom/modules/resources/module-inline-simple.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-inline-simple.js. * js/dom/modules/resources/module-load-event-with-src.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-load-event-with-src.js. * js/dom/modules/resources/module-load-same-module-from-different-entry-point.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-load-same-module-from-different-entry-point.js. * js/dom/modules/resources/module-not-found-error-event-with-src-and-import.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-not-found-error-event-with-src-and-import.js. * js/dom/modules/resources/module-src-current-script.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-current-script.js. * js/dom/modules/resources/module-src-dynamic-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-dynamic-cocoa.js. * js/dom/modules/resources/module-src-dynamic.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-dynamic.js. * js/dom/modules/resources/module-src-simple-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-simple-cocoa.js. * js/dom/modules/resources/module-src-simple.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-simple.js. * js/dom/modules/resources/module-will-fire-beforeload.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-will-fire-beforeload.js. Canonical link: https://commits.webkit.org/184534@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@211280 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2017-01-27 10:49:23 +00:00
module's default cross-origin value should be "anonymous" https://bugs.webkit.org/show_bug.cgi?id=210326 Reviewed by Sam Weinig. Source/WebCore: Tests: http/tests/security/cookie-module-import-propagate.html http/tests/security/cookie-module-import.html http/tests/security/cookie-module-propagate.html http/tests/security/cookie-module.html The original spec was using "omit" crossorigin for modules when crossorigin is not set / empty. However, the spec is changed to sending requests with "same-origin" credentials ("anonymous" crossorigin mode) by default. We should follow it. * dom/ScriptElement.cpp: (WebCore::ScriptElement::requestModuleScript): * dom/ScriptElementCachedScriptFetcher.cpp: (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript const): * dom/ScriptElementCachedScriptFetcher.h: * html/parser/HTMLResourcePreloader.cpp: (WebCore::PreloadRequest::resourceRequest): * loader/cache/CachedScript.cpp: (WebCore::CachedScript::script): While this is not directly related to this patch, added new tests found that we are returning null StringView if the resource is zero byte. This totally works, but JSC::Parser has assertion that this is non-null StringView. For zero byte CachedScript resource, we should return non-null empty StringView instead. LayoutTests: * http/tests/security/cookie-module-expected.txt: Added. * http/tests/security/cookie-module-import-expected.txt: Added. * http/tests/security/cookie-module-import-propagate-expected.txt: Added. * http/tests/security/cookie-module-import-propagate.html: Added. * http/tests/security/cookie-module-import.html: Added. * http/tests/security/cookie-module-propagate-expected.txt: Added. * http/tests/security/cookie-module-propagate.html: Added. * http/tests/security/cookie-module.html: Added. * http/tests/security/resources/cookie-protected-script.php: Added. * http/tests/security/resources/module-nest-import.php: Added. Canonical link: https://commits.webkit.org/223339@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260038 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-04-13 20:59:07 +00:00
return requestScriptWithCache(document, sourceURL, isClassicScript() ? defaultCrossOriginModeForModule : m_crossOriginMode, WTFMove(integrity), { });
Implement dynamic-import for WebCore https://bugs.webkit.org/show_bug.cgi?id=166926 Reviewed by Ryosuke Niwa. Source/WebCore: This patch introduces browser side dynamic-import implementation. The dynamic-import is new ES feature which is now stage 3. The JSC shell already implements it. The dynamic-import allows us to kick module loading in a dynamic manner. For example, you can write, await module = import(`${HOST}/hello.js`); The dynamic `import` operator (this is not a function) returns a promise with module namespace object if the module loading succeeds. Otherwise, it returns a rejected promise. And importantly, this feature allows us to kick module loading from classic script. Previously, module loading can be only used from <script type="module"> tag. And all the module loading is done statically. * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: * bindings/js/CachedModuleScriptLoader.cpp: (WebCore::CachedModuleScriptLoader::load): * bindings/js/CachedScriptFetcher.cpp: (WebCore::CachedScriptFetcher::create): (WebCore::CachedScriptFetcher::requestModuleScript): requestModuleScript function is used only when loading a new module script. So, LoadableClassicScript should use requestScriptWithCache to load itself. We pass String() for cross origin mode for null cross origin attribute as specified. (WebCore::CachedScriptFetcher::requestScriptWithCache): * bindings/js/CachedScriptFetcher.h: (WebCore::CachedScriptFetcher::CachedScriptFetcher): * bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::moduleLoaderImportModule): * bindings/js/JSDOMWindowBase.h: * bindings/js/JSLazyEventListener.cpp: (WebCore::JSLazyEventListener::initializeJSFunction): * bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeScript): * bindings/js/ScriptModuleLoader.cpp: (WebCore::resolveModuleSpecifier): Extract the part of resolving module specifier to a static function to use it in ScriptModuleLoader::resolve and ScriptModuleLoader::importModule. (WebCore::ScriptModuleLoader::resolve): (WebCore::rejectPromise): (WebCore::ScriptModuleLoader::importModule): New hook moduleLoaderImportModule is implemented. This hook is called when `import` operator is used. This hook is responsible to 1. resolve the module name to obtain module specifier. (like, resolve the relative URL to get absolute URL.) 2. kick module loading with the resolved specifier. When resolving the module name, the referrer information is needed. For example, "./script.js" will be resolved to "http://example.com/script.js" if the referrer module specifier is "http://example.com/". If `import("./script.js")` is executed in the classic script src="http://example.com/test.js", it starts loading "http://example.com/script.js". So the information of the caller of `import` operator is necessary here. This appropriate referrer is propagated by SourceOrigin. * bindings/js/ScriptModuleLoader.h: * dom/InlineClassicScript.h: * dom/LoadableClassicScript.cpp: (WebCore::LoadableClassicScript::load): * dom/LoadableClassicScript.h: * dom/LoadableModuleScript.h: * dom/LoadableScript.h: (WebCore::LoadableScript::LoadableScript): (WebCore::LoadableScript::isClassicScript): Deleted. (WebCore::LoadableScript::isModuleScript): Deleted. * dom/ScriptElement.h: * dom/ScriptElementCachedScriptFetcher.cpp: Copied from Source/WebCore/dom/InlineClassicScript.h. (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript): This requestModuleScript will be used when the script tag (or modules imported from the script tag) uses `import` operator. In classic scripts, `crossorigin` mode always becomes "omit" while module scripts propagate the original `crossorigin` value. * dom/ScriptElementCachedScriptFetcher.h: Copied from Source/WebCore/bindings/js/CachedScriptFetcher.h. (WebCore::ScriptElementCachedScriptFetcher::crossOriginMode): (WebCore::ScriptElementCachedScriptFetcher::ScriptElementCachedScriptFetcher): LayoutTests: * http/tests/misc/import-absolute-url-expected.txt: Added. * http/tests/misc/import-absolute-url.html: Added. * http/tests/security/contentSecurityPolicy/1.1/import-scriptnonce-expected.txt: Added. * http/tests/security/contentSecurityPolicy/1.1/import-scriptnonce.html: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed1.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed2.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed3.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed4.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed5.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-allowed6.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked1.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked2.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked3.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked4.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked5.js: Added. * http/tests/security/contentSecurityPolicy/1.1/resources/import-scriptnonce-blocked6.js: Added. * http/tests/security/import-module-crossorigin-loads-error-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-error-src-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-error-src.html: Added. * http/tests/security/import-module-crossorigin-loads-error.html: Added. * http/tests/security/import-module-crossorigin-loads-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-src-expected.txt: Added. * http/tests/security/import-module-crossorigin-loads-src.html: Added. * http/tests/security/import-module-crossorigin-loads.html: Added. * http/tests/security/import-script-crossorigin-loads-error-expected.txt: Added. * http/tests/security/import-script-crossorigin-loads-error.html: Added. * http/tests/security/import-script-crossorigin-loads-omit-expected.txt: Added. * http/tests/security/import-script-crossorigin-loads-omit.html: Added. * http/tests/security/resources/cors-deny.php: Added. * http/tests/security/resources/import-module-crossorigin-loads-error-src.js: Added. (import.string_appeared_here.then): * http/tests/security/resources/import-module-crossorigin-loads-src.js: Added. (import.string_appeared_here.then): * js/dom/modules/import-execution-order-expected.txt: Added. * js/dom/modules/import-execution-order.html: Copied from LayoutTests/js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html. * js/dom/modules/import-from-handler-expected.txt: Added. * js/dom/modules/import-from-handler.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-javascript-url-expected.txt: Added. * js/dom/modules/import-from-javascript-url.html: Copied from LayoutTests/js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html. * js/dom/modules/import-from-loaded-classic-expected.txt: Added. * js/dom/modules/import-from-loaded-classic.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-loaded-module-expected.txt: Added. * js/dom/modules/import-from-loaded-module.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-from-module-expected.txt: Added. * js/dom/modules/import-from-module.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-incorrect-relative-specifier-expected.txt: Added. * js/dom/modules/import-incorrect-relative-specifier.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/import-simple-expected.txt: Added. * js/dom/modules/import-simple.html: Copied from LayoutTests/js/dom/modules/module-src-simple.html. * js/dom/modules/module-document-write-src.html: * js/dom/modules/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.html: * js/dom/modules/module-execution-order-mixed-with-classic-scripts.html: * js/dom/modules/module-execution-order-mixed.html: * js/dom/modules/module-inline-dynamic.html: * js/dom/modules/module-inline-simple.html: * js/dom/modules/module-load-event-with-src.html: * js/dom/modules/module-load-same-module-from-different-entry-point-dynamic.html: * js/dom/modules/module-load-same-module-from-different-entry-point-in-src.html: * js/dom/modules/module-load-same-module-from-different-entry-point.html: * js/dom/modules/module-not-found-error-event-with-src-and-import.html: * js/dom/modules/module-src-current-script.html: * js/dom/modules/module-src-dynamic.html: * js/dom/modules/module-src-simple.html: * js/dom/modules/module-type-case-insensitive.html: * js/dom/modules/module-will-fire-beforeload.html: * js/dom/modules/nomodule-dynamic-classic-src.html: * js/dom/modules/nomodule-has-no-effect-on-module-inline.html: * js/dom/modules/nomodule-has-no-effect-on-module-src.html: * js/dom/modules/nomodule-prevents-execution-classic-script-src.html: * js/dom/modules/nomodule-reflect.html: * js/dom/modules/resources/error-classic-script.js: Renamed from LayoutTests/js/dom/modules/script-tests/error-classic-script.js. * js/dom/modules/resources/import-from-loaded-classic-finish.js: Added. * js/dom/modules/resources/import-from-loaded-classic.js: Added. * js/dom/modules/resources/import-from-loaded-module-finish.js: Added. * js/dom/modules/resources/import-from-loaded-module.js: Added. * js/dom/modules/resources/module-document-write-src.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-document-write-src.js. * js/dom/modules/resources/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror-throw.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror-throw.js. * js/dom/modules/resources/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-error-inside-dependent-module-should-be-propagated-to-onerror.js. * js/dom/modules/resources/module-execution-order-mixed-2.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-2.js. * js/dom/modules/resources/module-execution-order-mixed-cappuccino.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-cappuccino.js. * js/dom/modules/resources/module-execution-order-mixed-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-cocoa.js. * js/dom/modules/resources/module-execution-order-mixed-matcha.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-matcha.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-2.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-2.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-cappuccino.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-cappuccino.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-cocoa.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts-matcha.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts-matcha.js. * js/dom/modules/resources/module-execution-order-mixed-with-classic-scripts.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed-with-classic-scripts.js. * js/dom/modules/resources/module-execution-order-mixed.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-execution-order-mixed.js. * js/dom/modules/resources/module-inline-dynamic.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-inline-dynamic.js. * js/dom/modules/resources/module-inline-simple.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-inline-simple.js. * js/dom/modules/resources/module-load-event-with-src.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-load-event-with-src.js. * js/dom/modules/resources/module-load-same-module-from-different-entry-point.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-load-same-module-from-different-entry-point.js. * js/dom/modules/resources/module-not-found-error-event-with-src-and-import.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-not-found-error-event-with-src-and-import.js. * js/dom/modules/resources/module-src-current-script.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-current-script.js. * js/dom/modules/resources/module-src-dynamic-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-dynamic-cocoa.js. * js/dom/modules/resources/module-src-dynamic.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-dynamic.js. * js/dom/modules/resources/module-src-simple-cocoa.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-simple-cocoa.js. * js/dom/modules/resources/module-src-simple.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-src-simple.js. * js/dom/modules/resources/module-will-fire-beforeload.js: Renamed from LayoutTests/js/dom/modules/script-tests/module-will-fire-beforeload.js. Canonical link: https://commits.webkit.org/184534@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@211280 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2017-01-27 10:49:23 +00:00
}
}