Bug 814050. XMLHttpRequest.withCredentials header should throw on main thread too, in some cases. r=peterv
authorBoris Zbarsky <bzbarsky@mit.edu>
Tue, 27 Nov 2012 15:20:40 -0500
changeset 114265 279541c0d07c68996d99f33984aa0dd0b4249931
parent 114264 d4909612f296d3c804eb698f359a553494dbb0de
child 114266 c3d44fd7dce4c609f1e719848d16acb0e556c050
push id23913
push useremorley@mozilla.com
push dateWed, 28 Nov 2012 17:11:31 +0000
treeherdermozilla-central@17c267a881cf [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerspeterv
bugs814050
milestone20.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 814050. XMLHttpRequest.withCredentials header should throw on main thread too, in some cases. r=peterv
content/base/src/nsXMLHttpRequest.cpp
content/base/src/nsXMLHttpRequest.h
content/base/test/Makefile.in
content/base/test/test_xhr_withCredentials.html
dom/webidl/XMLHttpRequest.webidl
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -3415,35 +3415,35 @@ bool
 nsXMLHttpRequest::WithCredentials()
 {
   return !!(mState & XML_HTTP_REQUEST_AC_WITH_CREDENTIALS);
 }
 
 NS_IMETHODIMP
 nsXMLHttpRequest::SetWithCredentials(bool aWithCredentials)
 {
-  nsresult rv = NS_OK;
+  ErrorResult rv;
   SetWithCredentials(aWithCredentials, rv);
-  return rv;
+  return rv.ErrorCode();
 }
 
 void
-nsXMLHttpRequest::SetWithCredentials(bool aWithCredentials, nsresult& aRv)
+nsXMLHttpRequest::SetWithCredentials(bool aWithCredentials, ErrorResult& aRv)
 {
   // Return error if we're already processing a request
   if (XML_HTTP_REQUEST_SENT & mState) {
     aRv = NS_ERROR_FAILURE;
     return;
   }
 
   // sync request is not allowed setting withCredentials in window context
   if (HasOrHasHadOwner() &&
       !(mState & (XML_HTTP_REQUEST_UNSENT | XML_HTTP_REQUEST_ASYNC))) {
     LogMessage("WithCredentialsSyncXHRWarning", GetOwner());
-    aRv = NS_ERROR_DOM_INVALID_ACCESS_ERR;
+    aRv.Throw(NS_ERROR_DOM_INVALID_ACCESS_ERR);
     return;
   }
 
   if (aWithCredentials) {
     mState |= XML_HTTP_REQUEST_AC_WITH_CREDENTIALS;
   } else {
     mState &= ~XML_HTTP_REQUEST_AC_WITH_CREDENTIALS;
   }
--- a/content/base/src/nsXMLHttpRequest.h
+++ b/content/base/src/nsXMLHttpRequest.h
@@ -257,17 +257,17 @@ public:
                            NS_ConvertUTF16toUTF8(aValue));
   }
   uint32_t Timeout()
   {
     return mTimeoutMilliseconds;
   }
   void SetTimeout(uint32_t aTimeout, ErrorResult& aRv);
   bool WithCredentials();
-  void SetWithCredentials(bool aWithCredentials, nsresult& aRv);
+  void SetWithCredentials(bool aWithCredentials, ErrorResult& aRv);
   nsXMLHttpRequestUpload* Upload();
 
 private:
   class RequestBody
   {
   public:
     RequestBody() : mType(Uninitialized)
     {
--- a/content/base/test/Makefile.in
+++ b/content/base/test/Makefile.in
@@ -593,16 +593,17 @@ MOCHITEST_FILES_B = \
 		file_bug804395.jar \
 		test_bug804395.html \
 		test_bug809003.html \
 		test_textnode_split_in_selection.html \
 		test_textnode_normalize_in_selection.html \
 		test_xhr_send_readystate.html \
 		test_bug813919.html \
 		test_bug814576.html \
+		test_xhr_withCredentials.html \
 		$(NULL)
 
 # OOP tests don't work on Windows (bug 763081) or native-fennec
 # (see Bug 774939)
 ifneq ($(OS_ARCH),WINNT)
 ifndef MOZ_ANDROID_OMTC
 MOCHITEST_FILES_B += \
 		test_messagemanager_assertpermission.html \
new file mode 100644
--- /dev/null
+++ b/content/base/test/test_xhr_withCredentials.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=814050
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 814050</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=814050">Mozilla Bug 814050</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+<script type="application/javascript">
+
+/** Test for Bug 814050 **/
+var xhr = new XMLHttpRequest();
+xhr.open("GET", "", false);
+try {
+  xhr.withCredentials = true;
+  ok(false, "Should throw on withCredentials sets for sync XHR");
+} catch (e) {
+  ok(true, "Should throw on withCredentials sets for sync XHR");
+}
+
+var xhr = new XMLHttpRequest();
+xhr.open("GET", "", true);
+xhr.withCredentials = true;
+ok(true, "Should not throw on withCredentials sets for async XHR");
+
+</script>
+</pre>
+</body>
+</html>
--- a/dom/webidl/XMLHttpRequest.webidl
+++ b/dom/webidl/XMLHttpRequest.webidl
@@ -76,17 +76,17 @@ interface XMLHttpRequest : XMLHttpReques
   void open(DOMString method, DOMString url, optional boolean async = true,
             optional DOMString? user, optional DOMString? password);
   [Throws]
   void setRequestHeader(DOMString header, DOMString value);
 
   [SetterThrows]
   attribute unsigned long timeout;
 
-  [SetterThrows=Workers]
+  [SetterThrows]
   attribute boolean withCredentials;
 
   [Throws=Workers]
   readonly attribute XMLHttpRequestUpload upload;
 
   [Throws]
   void send();
   [Throws]