Document::initSecurityContext() fails to call securityOrigin().grantLoadLocalResources()

https://bugs.webkit.org/show_bug.cgi?id=68711

Reviewed by Adam Barth.

Source/WebCore:

It currently fails since Document::loader() will return 0 until
Frame::setDocument is called and we are doing this check before it happens.

Delay the check and let the FrameLoader take care of doing grantLoadLocalResources()
on the Document along with other header checks in FrameLoader::didBeginDocument.

* dom/Document.cpp:
(WebCore::Document::initSecurityContext):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::didBeginDocument):

Source/WebKit/qt:

* tests/qwebpage/tst_qwebpage.cpp:
(tst_QWebPage::testStopScheduledPageRefresh): Unmark the expected failure.

Change-Id: Iec4f0106c42af572a1e4a8d352baa9d1a2fc8a1a
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136404 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>

5 files changed, 36 insertions, 13 deletions

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index be4937610..30686ee22 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,21 @@
+2012-12-03  Jocelyn Turcotte  <jocelyn.turcotte@digia.com>
+
+        Document::initSecurityContext() fails to call securityOrigin().grantLoadLocalResources()
+        https://bugs.webkit.org/show_bug.cgi?id=68711
+
+        Reviewed by Adam Barth.
+
+        It currently fails since Document::loader() will return 0 until
+        Frame::setDocument is called and we are doing this check before it happens.
+
+        Delay the check and let the FrameLoader take care of doing grantLoadLocalResources()
+        on the Document along with other header checks in FrameLoader::didBeginDocument.
+
+        * dom/Document.cpp:
+        (WebCore::Document::initSecurityContext):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::didBeginDocument):
+
 2012-11-29  Tommy Widenflycht  <tommyw@google.com>
 
         Speech Recognition API: Update SpeechRecognitionEvent/Result to match the specification
diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
index 756967441..0bb8cc019 100644
--- a/Source/WebCore/dom/Document.cpp
+++ b/Source/WebCore/dom/Document.cpp
@@ -4542,17 +4542,6 @@ void Document::initSecurityContext()
     setSecurityOrigin(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique() : SecurityOrigin::create(m_url));
     setContentSecurityPolicy(ContentSecurityPolicy::create(this));
 
-    if (SecurityPolicy::allowSubstituteDataAccessToLocal()) {
-        // If this document was loaded with substituteData, then the document can
-        // load local resources.  See https://bugs.webkit.org/show_bug.cgi?id=16756
-        // and https://bugs.webkit.org/show_bug.cgi?id=19760 for further
-        // discussion.
-        
-        DocumentLoader* documentLoader = loader();
-        if (documentLoader && documentLoader->substituteData().isValid())
-            securityOrigin()->grantLoadLocalResources();
-    }
-
     if (Settings* settings = this->settings()) {
         if (!settings->webSecurityEnabled()) {
             // Web security is turned off. We should let this document access every other document. This is used primary by testing
diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp
index 0352b1d8c..5716e39d3 100644
--- a/Source/WebCore/loader/FrameLoader.cpp
+++ b/Source/WebCore/loader/FrameLoader.cpp
@@ -676,6 +676,14 @@ void FrameLoader::didBeginDocument(bool dispatch)
             if (!headerContentLanguage.isEmpty())
                 m_frame->document()->setContentLanguage(headerContentLanguage);
         }
+
+        if (SecurityPolicy::allowSubstituteDataAccessToLocal() && m_documentLoader->substituteData().isValid()) {
+            // If this document was loaded with substituteData, then the document can
+            // load local resources. See https://bugs.webkit.org/show_bug.cgi?id=16756
+            // and https://bugs.webkit.org/show_bug.cgi?id=19760 for further
+            // discussion.
+            m_frame->document()->securityOrigin()->grantLoadLocalResources();
+        }
     }
 
     history()->restoreDocumentState();
diff --git a/Source/WebKit/qt/ChangeLog b/Source/WebKit/qt/ChangeLog
index 9c4d5c461..86bb26e3c 100644
--- a/Source/WebKit/qt/ChangeLog
+++ b/Source/WebKit/qt/ChangeLog
@@ -1,3 +1,13 @@
+2012-12-03  Jocelyn Turcotte  <jocelyn.turcotte@digia.com>
+
+        Document::initSecurityContext() fails to call securityOrigin().grantLoadLocalResources()
+        https://bugs.webkit.org/show_bug.cgi?id=68711
+
+        Reviewed by Adam Barth.
+
+        * tests/qwebpage/tst_qwebpage.cpp:
+        (tst_QWebPage::testStopScheduledPageRefresh): Unmark the expected failure.
+
 2012-12-04  Pierre Rossi  <pierre.rossi@digia.com>
 
         [Qt] Yet another unreviewed speculative windows build fix.
diff --git a/Source/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp b/Source/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp
index 9f51f3f01..2853d600a 100644
--- a/Source/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp
+++ b/Source/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp
@@ -2932,10 +2932,8 @@ void tst_QWebPage::testStopScheduledPageRefresh()
                                 "<meta http-equiv=\"refresh\"content=\"0;URL=qrc:///resources/index.html\">"
                                 "</head><body><h1>Page redirects immediately...</h1>"
                                 "</body></html>");
-    QEXPECT_FAIL("", "https://bugs.webkit.org/show_bug.cgi?id=63245", Continue);
     QVERIFY(::waitForSignal(&page1, SIGNAL(loadFinished(bool))));
     QTest::qWait(500);
-    QEXPECT_FAIL("", "https://bugs.webkit.org/show_bug.cgi?id=63245", Continue);
     QCOMPARE(page1.mainFrame()->url(), QUrl(QLatin1String("qrc:///resources/index.html")));
     
     // With QWebPage::StopScheduledPageRefresh