Title: [295324] branches/safari-613-branch/Source/WebCore
- Revision
- 295324
- Author
- alanc...@apple.com
- Date
- 2022-06-06 19:30:53 -0700 (Mon, 06 Jun 2022)
Log Message
Cherry-pick c88d60bba878. rdar://problem/91643534
<link rel=preconnect> always sends credentials to different-origin, ignoring crossorigin=anonymous
https://bugs.webkit.org/show_bug.cgi?id=239119
<rdar://problem/91643534>
Reviewed by John Wilander.
Update the check as per spec, step 5 of
https://html.spec.whatwg.org/multipage/links.html#link-type-preconnect
This is difficult to test as preconnect can only expose TLS credentials.
* loader/LinkLoader.cpp:
(WebCore::LinkLoader::preconnectIfNeeded):
Canonical link: https://commits.webkit.org/250034@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@293503 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-613-branch/Source/WebCore/ChangeLog (295323 => 295324)
--- branches/safari-613-branch/Source/WebCore/ChangeLog 2022-06-07 02:30:49 UTC (rev 295323)
+++ branches/safari-613-branch/Source/WebCore/ChangeLog 2022-06-07 02:30:53 UTC (rev 295324)
@@ -1,3 +1,19 @@
+2022-04-27 Youenn Fablet <you...@apple.com>
+
+ <link rel=preconnect> always sends credentials to different-origin, ignoring crossorigin=anonymous
+ https://bugs.webkit.org/show_bug.cgi?id=239119
+ <rdar://problem/91643534>
+
+ Reviewed by John Wilander.
+
+ Update the check as per spec, step 5 of
+ https://html.spec.whatwg.org/multipage/links.html#link-type-preconnect
+
+ This is difficult to test as preconnect can only expose TLS credentials.
+
+ * loader/LinkLoader.cpp:
+ (WebCore::LinkLoader::preconnectIfNeeded):
+
2022-05-06 Patrick Griffis <pgrif...@igalia.com>
CSP: Fix script-src-elem policies in workers
Modified: branches/safari-613-branch/Source/WebCore/loader/LinkLoader.cpp (295323 => 295324)
--- branches/safari-613-branch/Source/WebCore/loader/LinkLoader.cpp 2022-06-07 02:30:49 UTC (rev 295323)
+++ branches/safari-613-branch/Source/WebCore/loader/LinkLoader.cpp 2022-06-07 02:30:53 UTC (rev 295324)
@@ -214,7 +214,7 @@
return;
ASSERT(document.settings().linkPreconnectEnabled());
StoredCredentialsPolicy storageCredentialsPolicy = StoredCredentialsPolicy::Use;
- if (equalIgnoringASCIICase(params.crossOrigin, "anonymous") && document.securityOrigin().isSameOriginDomain(SecurityOrigin::create(href)))
+ if (equalIgnoringASCIICase(params.crossOrigin, "anonymous") && !document.securityOrigin().isSameOriginDomain(SecurityOrigin::create(href)))
storageCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
ASSERT(document.frame()->loader().networkingContext());
platformStrategies()->loaderStrategy()->preconnectTo(document.frame()->loader(), href, storageCredentialsPolicy, LoaderStrategy::ShouldPreconnectAsFirstParty::No, [weakDocument = WeakPtr { document }, href](ResourceError error) {
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
