Diff
Modified: trunk/LayoutTests/ChangeLog (203719 => 203720)
--- trunk/LayoutTests/ChangeLog 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/LayoutTests/ChangeLog 2016-07-26 16:23:09 UTC (rev 203720)
@@ -1,3 +1,12 @@
+2016-07-26 Youenn Fablet <[email protected]>
+
+ Remove ClientCredentialPolicy cross-origin option from ResourceLoaderOptions
+ https://bugs.webkit.org/show_bug.cgi?id=159413
+
+ Reviewed by Alex Christensen.
+
+ * platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic-expected.txt: Removed.
+
2016-07-25 Sergio Villar Senin <[email protected]>
[css-grid] repeat() syntax should take a <track-list> argument
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (203719 => 203720)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2016-07-26 16:23:09 UTC (rev 203720)
@@ -1,5 +1,22 @@
2016-07-26 Youenn Fablet <[email protected]>
+ Remove ClientCredentialPolicy cross-origin option from ResourceLoaderOptions
+ https://bugs.webkit.org/show_bug.cgi?id=159413
+
+ Reviewed by Alex Christensen.
+
+ Below test changes as ResourceLoader is now computing whether to request credentials to clients if:
+ - request is authorized to request credentials (DocumentThreadableLoader only allows same-origin to make such thing)
+ - credential policy is Include or Same-Origin and request is same-origin.
+ This test changes as current fetch loader sets the credential mode to Omit, thus disabling credential request.
+
+ To be noted that only fetch API is allowing to disable credentials sending for same-origin request using "Omit"
+ credential mode.
+
+ * web-platform-tests/fetch/api/credentials/authentication-basic-expected.txt: Rebasing test.
+
+2016-07-26 Youenn Fablet <[email protected]>
+
[Fetch API] Response constructor should be able to take a ReadableStream as body
https://bugs.webkit.org/show_bug.cgi?id=159804
Modified: trunk/Source/WebCore/ChangeLog (203719 => 203720)
--- trunk/Source/WebCore/ChangeLog 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/ChangeLog 2016-07-26 16:23:09 UTC (rev 203720)
@@ -1,5 +1,65 @@
2016-07-26 Youenn Fablet <[email protected]>
+ Remove ClientCredentialPolicy cross-origin option from ResourceLoaderOptions
+ https://bugs.webkit.org/show_bug.cgi?id=159413
+
+ Reviewed by Alex Christensen.
+
+ ClientCredentialPolicy had three values (not ask, ask, ask only for same origin).
+ The distinction between allowing cross-origin or same-origin credentials is misleading as it is not supported
+ for synchronous loads and not supported by Network process.
+ It is best replaced by a boolean option (ask or not ask).
+
+ Same-origin ClientCredentialPolicy option was only used by DocumentThreadableLoader for asynchronous loads.
+ Since DocumentThreadableLoader is already computing whether the request is cross-origin, it can also compute
+ whether credentials may be requested or not. In case of cross-origin redirections, credentials are omitted, thus
+ disabling any possibility for requesting credentials for cross-origin resources after redirections.
+
+ Moving ClientCredentialPolicy to ResourceLoaderOptions since it is not used by platform code except for some
+ mac-specific code that is already using ResourceLoaderOptions.
+
+ Covered by existing tests.
+
+ * loader/CrossOriginPreflightChecker.cpp:
+ (WebCore::CrossOriginPreflightChecker::startPreflight): Setting clearly credential mode to Omit credentials.
+ (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::startLoadingMainResource): AskClientForAllCredentials ->
+ ClientCredentialPolicy::MayAskClientForCredentials.
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::loadRequest): Disabling requesting credentials for any cross-origin request.
+ * loader/FrameLoader.h:
+ * loader/MediaResourceLoader.cpp:
+ (WebCore::MediaResourceLoader::requestResource): AskClientForAllCredentials -> ClientCredentialPolicy::MayAskClientForCredentials.
+ * loader/NetscapePlugInStreamLoader.cpp:
+ (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Ditto.
+ * loader/ResourceLoader.cpp:
+ (WebCore::ResourceLoader::isAllowedToAskUserForCredentials): Disabling client credential request if ClientCredentialPolicy is CannotAskClientForCredentials.
+ Otherwise, returns true if fetch credentials mode allows it.
+ * loader/ResourceLoaderOptions.h:
+ (WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
+ (WebCore::ResourceLoaderOptions::clientCredentialPolicy): Deleted.
+ (WebCore::ResourceLoaderOptions::setClientCredentialPolicy): Deleted.
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): AskClientForAllCredentials -> ClientCredentialPolicy::MayAskClientForCredentials.
+ (WebCore::CachedResourceLoader::defaultCachedResourceOptions): AskClientForAllCredentials -> ClientCredentialPolicy::MayAskClientForCredentials.
+ * loader/icon/IconLoader.cpp:
+ (WebCore::IconLoader::startLoading): DoNotAskClientForAnyCredentials -> ClientCredentialPolicy::CannotAskClientForCredentials.
+ * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
+ (WebCore::WebCoreAVCFResourceLoader::startLoading): DoNotAskClientForCrossOriginCredentials -> ClientCredentialPolicy::CannotAskClientForCredentials.
+ This is ok as credentials mode is omit and stored credentials are not allowed.
+ * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
+ (WebCore::WebCoreAVFResourceLoader::startLoading): Ditto.
+ * platform/network/ResourceHandleTypes.h:
+ * xml/XSLTProcessorLibxslt.cpp: DoNotAskClientForCrossOriginCredentials -> ClientCredentialPolicy::MayAskClientForCredentials.
+ This is ok as this is a synchronous load.
+ (WebCore::docLoaderFunc):
+ * xml/parser/XMLDocumentParserLibxml2.cpp:
+ (WebCore::openFunc): DoNotAskClientForCrossOriginCredentials -> ClientCredentialPolicy::MayAskClientForCredentials.
+ This is ok as this is a synchronous load.
+
+2016-07-26 Youenn Fablet <[email protected]>
+
[Fetch API] Response constructor should be able to take a ReadableStream as body
https://bugs.webkit.org/show_bug.cgi?id=159804
Modified: trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp (203719 => 203720)
--- trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -101,7 +101,7 @@
void CrossOriginPreflightChecker::startPreflight()
{
auto options = m_loader.options();
- options.setClientCredentialPolicy(DoNotAskClientForCrossOriginCredentials);
+ options.credentials = FetchOptions::Credentials::Omit;
options.setSecurityCheck(DoSecurityCheck);
// Don't sniff content or send load callbacks for the preflight request.
options.setSendLoadCallbacks(DoNotSendCallbacks);
@@ -130,7 +130,7 @@
ResourceError error;
ResourceResponse response;
RefPtr<SharedBuffer> data;
- unsigned identifier = loader.document().frame()->loader().loadResourceSynchronously(preflightRequest, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, error, response, data);
+ unsigned identifier = loader.document().frame()->loader().loadResourceSynchronously(preflightRequest, DoNotAllowStoredCredentials, ClientCredentialPolicy::CannotAskClientForCredentials, error, response, data);
if (!error.isNull() && response.httpStatusCode() <= 0) {
error.setType(ResourceError::Type::AccessControl);
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (203719 => 203720)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -1510,7 +1510,7 @@
// If this is a reload the cache layer might have made the previous request conditional. DocumentLoader can't handle 304 responses itself.
request.makeUnconditional();
- static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, IncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
+ static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, IncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
CachedResourceRequest cachedResourceRequest(request, mainResourceLoadOptions);
cachedResourceRequest.setInitiator(*this);
m_mainResource = m_cachedResourceLoader->requestMainResource(cachedResourceRequest);
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (203719 => 203720)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -354,7 +354,7 @@
if (m_async) {
ThreadableLoaderOptions options = m_options;
- options.setClientCredentialPolicy(DoNotAskClientForCrossOriginCredentials);
+ options.clientCredentialPolicy = m_sameOriginRequest ? ClientCredentialPolicy::MayAskClientForCredentials : ClientCredentialPolicy::CannotAskClientForCredentials;
// Set to NoCors as CORS checks are done in DocumentThreadableLoader
options.mode = FetchOptions::Mode::NoCors;
@@ -379,7 +379,7 @@
auto& frameLoader = m_document.frame()->loader();
if (!frameLoader.mixedContentChecker().canRunInsecureContent(m_document.securityOrigin(), requestURL))
return;
- identifier = frameLoader.loadResourceSynchronously(request, m_options.allowCredentials(), m_options.clientCredentialPolicy(), error, response, data);
+ identifier = frameLoader.loadResourceSynchronously(request, m_options.allowCredentials(), m_options.clientCredentialPolicy, error, response, data);
}
if (!error.isNull() && response.httpStatusCode() <= 0) {
Modified: trunk/Source/WebCore/loader/FrameLoader.h (203719 => 203720)
--- trunk/Source/WebCore/loader/FrameLoader.h 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/loader/FrameLoader.h 2016-07-26 16:23:09 UTC (rev 203720)
@@ -39,6 +39,7 @@
#include "PageThrottler.h"
#include "ResourceHandleTypes.h"
#include "ResourceLoadNotifier.h"
+#include "ResourceLoaderOptions.h"
#include "ResourceRequestBase.h"
#include "SecurityContext.h"
#include "Timer.h"
Modified: trunk/Source/WebCore/loader/MediaResourceLoader.cpp (203719 => 203720)
--- trunk/Source/WebCore/loader/MediaResourceLoader.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/loader/MediaResourceLoader.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -66,7 +66,7 @@
auto cachingPolicy = options & LoadOption::DisallowCaching ? CachingPolicy::DisallowCaching : CachingPolicy::AllowCaching;
// FIXME: Skip Content Security Policy check if the element that inititated this request is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>.
- CachedResourceRequest cacheRequest(request, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, AllowStoredCredentials, AskClientForAllCredentials, FetchOptions::Credentials::Include, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));
+ CachedResourceRequest cacheRequest(request, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));
cacheRequest.setAsPotentiallyCrossOrigin(m_crossOriginMode, *m_document);
Modified: trunk/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp (203719 => 203720)
--- trunk/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -43,7 +43,7 @@
// FIXME: Skip Content Security Policy check when associated plugin element is in a user agent shadow tree.
// See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
NetscapePlugInStreamLoader::NetscapePlugInStreamLoader(Frame& frame, NetscapePlugInStreamLoaderClient& client)
- : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching))
+ : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching))
, m_client(&client)
{
#if ENABLE(CONTENT_EXTENSIONS)
Modified: trunk/Source/WebCore/loader/ResourceLoader.cpp (203719 => 203720)
--- trunk/Source/WebCore/loader/ResourceLoader.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/loader/ResourceLoader.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -687,7 +687,9 @@
bool ResourceLoader::isAllowedToAskUserForCredentials() const
{
- return m_options.clientCredentialPolicy() == AskClientForAllCredentials || (m_options.clientCredentialPolicy() == DoNotAskClientForCrossOriginCredentials && m_frame->document()->securityOrigin()->canRequest(originalRequest().url()));
+ if (m_options.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials)
+ return false;
+ return m_options.credentials == FetchOptions::Credentials::Include || (m_options.credentials == FetchOptions::Credentials::SameOrigin && m_frame->document()->securityOrigin()->canRequest(originalRequest().url()));
}
void ResourceLoader::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
Modified: trunk/Source/WebCore/loader/ResourceLoaderOptions.h (203719 => 203720)
--- trunk/Source/WebCore/loader/ResourceLoaderOptions.h 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/loader/ResourceLoaderOptions.h 2016-07-26 16:23:09 UTC (rev 203720)
@@ -75,6 +75,11 @@
DisallowCaching
};
+enum class ClientCredentialPolicy {
+ CannotAskClientForCredentials,
+ MayAskClientForCredentials
+};
+
struct ResourceLoaderOptions : public FetchOptions {
ResourceLoaderOptions()
: m_sendLoadCallbacks(DoNotSendCallbacks)
@@ -81,7 +86,6 @@
, m_sniffContent(DoNotSniffContent)
, m_dataBufferingPolicy(BufferData)
, m_allowCredentials(DoNotAllowStoredCredentials)
- , m_clientCredentialPolicy(DoNotAskClientForAnyCredentials)
, m_securityCheck(DoSecurityCheck)
, m_certificateInfoPolicy(DoNotIncludeCertificateInfo)
{
@@ -92,12 +96,12 @@
, m_sniffContent(sniffContent)
, m_dataBufferingPolicy(dataBufferingPolicy)
, m_allowCredentials(allowCredentials)
- , m_clientCredentialPolicy(credentialPolicy)
, m_securityCheck(securityCheck)
, m_certificateInfoPolicy(certificateInfoPolicy)
, m_contentSecurityPolicyImposition(contentSecurityPolicyImposition)
, m_defersLoadingPolicy(defersLoadingPolicy)
, m_cachingPolicy(cachingPolicy)
+ , clientCredentialPolicy(credentialPolicy)
{
this->credentials = credentials;
this->mode = mode;
@@ -111,8 +115,6 @@
void setDataBufferingPolicy(DataBufferingPolicy policy) { m_dataBufferingPolicy = policy; }
StoredCredentials allowCredentials() const { return static_cast<StoredCredentials>(m_allowCredentials); }
void setAllowCredentials(StoredCredentials allow) { m_allowCredentials = allow; }
- ClientCredentialPolicy clientCredentialPolicy() const { return static_cast<ClientCredentialPolicy>(m_clientCredentialPolicy); }
- void setClientCredentialPolicy(ClientCredentialPolicy policy) { m_clientCredentialPolicy = policy; }
SecurityCheckPolicy securityCheck() const { return static_cast<SecurityCheckPolicy>(m_securityCheck); }
void setSecurityCheck(SecurityCheckPolicy check) { m_securityCheck = check; }
CertificateInfoPolicy certificateInfoPolicy() const { return static_cast<CertificateInfoPolicy>(m_certificateInfoPolicy); }
@@ -128,12 +130,13 @@
unsigned m_sniffContent : 1;
unsigned m_dataBufferingPolicy : 1;
unsigned m_allowCredentials : 1; // Whether HTTP credentials and cookies are sent with the request.
- unsigned m_clientCredentialPolicy : 2; // When we should ask the client for credentials (if we allow credentials at all).
unsigned m_securityCheck : 1;
unsigned m_certificateInfoPolicy : 1; // Whether the response should include certificate info.
ContentSecurityPolicyImposition m_contentSecurityPolicyImposition { ContentSecurityPolicyImposition::DoPolicyCheck };
DefersLoadingPolicy m_defersLoadingPolicy { DefersLoadingPolicy::AllowDefersLoading };
CachingPolicy m_cachingPolicy { CachingPolicy::AllowCaching };
+
+ ClientCredentialPolicy clientCredentialPolicy { ClientCredentialPolicy::CannotAskClientForCredentials };
};
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (203719 => 203720)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -241,7 +241,7 @@
memoryCache.add(*userSheet);
// FIXME: loadResource calls setOwningCachedResourceLoader() if the resource couldn't be added to cache. Does this function need to call it, too?
- userSheet->load(*this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching));
+ userSheet->load(*this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching));
return userSheet;
}
@@ -1194,7 +1194,7 @@
const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions()
{
- static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, FetchOptions::Credentials::Include, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
+ static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
return options;
}
Modified: trunk/Source/WebCore/loader/icon/IconLoader.cpp (203719 => 203720)
--- trunk/Source/WebCore/loader/icon/IconLoader.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/loader/icon/IconLoader.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -59,7 +59,7 @@
return;
// ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
- CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, FetchOptions::Credentials::Omit, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching));
+ CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, ClientCredentialPolicy::CannotAskClientForCredentials, FetchOptions::Credentials::Omit, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching));
request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low);
request.setInitiator(cachedResourceRequestInitiators().icon);
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp (203719 => 203720)
--- trunk/Source/WebCore/platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -71,7 +71,7 @@
RetainPtr<CFURLRequestRef> urlRequest = AVCFAssetResourceLoadingRequestGetURLRequest(m_avRequest.get());
// ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
- CachedResourceRequest request(ResourceRequest(urlRequest.get()), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, FetchOptions::Credentials::Omit, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));
+ CachedResourceRequest request(ResourceRequest(urlRequest.get()), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, ClientCredentialPolicy::CannotAskClientForCredentials, FetchOptions::Credentials::Omit, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));
request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low);
CachedResourceLoader* loader = m_parent->player()->cachedResourceLoader();
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm (203719 => 203720)
--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm 2016-07-26 16:23:09 UTC (rev 203720)
@@ -69,7 +69,7 @@
// FIXME: Skip Content Security Policy check if the element that inititated this request
// is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>.
- CachedResourceRequest request(nsRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, FetchOptions::Credentials::Omit, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));
+ CachedResourceRequest request(nsRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, ClientCredentialPolicy::CannotAskClientForCredentials, FetchOptions::Credentials::Omit, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));
request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low);
if (auto* loader = m_parent->player()->cachedResourceLoader())
m_resource = loader->requestMedia(request);
Modified: trunk/Source/WebCore/platform/network/ResourceHandleTypes.h (203719 => 203720)
--- trunk/Source/WebCore/platform/network/ResourceHandleTypes.h 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/platform/network/ResourceHandleTypes.h 2016-07-26 16:23:09 UTC (rev 203720)
@@ -33,12 +33,6 @@
DoNotAllowStoredCredentials
};
-enum ClientCredentialPolicy {
- AskClientForAllCredentials,
- DoNotAskClientForCrossOriginCredentials,
- DoNotAskClientForAnyCredentials
-};
-
} // namespace WebCore
#endif // ResourceHandleTypes_h
Modified: trunk/Source/WebCore/xml/XSLTProcessorLibxslt.cpp (203719 => 203720)
--- trunk/Source/WebCore/xml/XSLTProcessorLibxslt.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/xml/XSLTProcessorLibxslt.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -127,7 +127,7 @@
bool requestAllowed = globalCachedResourceLoader->frame() && globalCachedResourceLoader->document()->securityOrigin()->canRequest(url);
if (requestAllowed) {
- globalCachedResourceLoader->frame()->loader().loadResourceSynchronously(url, AllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, error, response, data);
+ globalCachedResourceLoader->frame()->loader().loadResourceSynchronously(url, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, error, response, data);
if (error.isNull())
requestAllowed = globalCachedResourceLoader->document()->securityOrigin()->canRequest(response.url());
else if (data)
Modified: trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp (203719 => 203720)
--- trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -463,7 +463,7 @@
// FIXME: We should restore the original global error handler as well.
if (cachedResourceLoader->frame())
- cachedResourceLoader->frame()->loader().loadResourceSynchronously(url, AllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, error, response, data);
+ cachedResourceLoader->frame()->loader().loadResourceSynchronously(url, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, error, response, data);
}
// We have to check the URL again after the load to catch redirects.
Modified: trunk/Source/WebKit2/ChangeLog (203719 => 203720)
--- trunk/Source/WebKit2/ChangeLog 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebKit2/ChangeLog 2016-07-26 16:23:09 UTC (rev 203720)
@@ -1,3 +1,27 @@
+2016-07-26 Youenn Fablet <[email protected]>
+
+ Remove ClientCredentialPolicy cross-origin option from ResourceLoaderOptions
+ https://bugs.webkit.org/show_bug.cgi?id=159413
+
+ Reviewed by Alex Christensen.
+
+ Renaming of ClientCredentialPolicy values.
+
+ * NetworkProcess/Downloads/DownloadManager.cpp:
+ (WebKit::DownloadManager::startDownload):
+ * NetworkProcess/NetworkLoad.cpp:
+ (WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
+ (WebKit::NetworkLoad::didReceiveAuthenticationChallenge):
+ * NetworkProcess/NetworkLoadParameters.h:
+ * NetworkProcess/NetworkResourceLoadParameters.cpp:
+ (WebKit::NetworkResourceLoadParameters::NetworkResourceLoadParameters):
+ * NetworkProcess/NetworkResourceLoader.cpp:
+ (WebKit::NetworkResourceLoader::NetworkResourceLoader):
+ * WebProcess/Network/WebLoaderStrategy.cpp:
+ (WebKit::WebLoaderStrategy::scheduleLoad):
+ * WebProcess/Network/WebResourceLoader.cpp:
+ (WebKit::WebResourceLoader::willSendRequest):
+
2016-07-26 Carlos Garcia Campos <[email protected]>
[Threaded Compositor] Crashes and deadlocks in single web process mode
Modified: trunk/Source/WebKit2/NetworkProcess/Downloads/DownloadManager.cpp (203719 => 203720)
--- trunk/Source/WebKit2/NetworkProcess/Downloads/DownloadManager.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebKit2/NetworkProcess/Downloads/DownloadManager.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -53,7 +53,7 @@
NetworkLoadParameters parameters;
parameters.sessionID = sessionID;
parameters.request = request;
- parameters.clientCredentialPolicy = AskClientForAllCredentials;
+ parameters.clientCredentialPolicy = ClientCredentialPolicy::MayAskClientForCredentials;
m_pendingDownloads.add(downloadID, std::make_unique<PendingDownload>(WTFMove(parameters), downloadID, *networkSession));
#else
auto download = std::make_unique<Download>(*this, downloadID, request, suggestedName);
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp (203719 => 203720)
--- trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -218,9 +218,6 @@
void NetworkLoad::didReceiveChallenge(const AuthenticationChallenge& challenge, ChallengeCompletionHandler&& completionHandler)
{
- // NetworkResourceLoader does not know whether the request is cross origin, so Web process computes an applicable credential policy for it.
- ASSERT(m_parameters.clientCredentialPolicy != DoNotAskClientForCrossOriginCredentials);
-
// Handle server trust evaluation at platform-level if requested, for performance reasons.
if (challenge.protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested
&& !NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation()) {
@@ -360,7 +357,7 @@
return;
}
- if (m_parameters.clientCredentialPolicy == DoNotAskClientForAnyCredentials) {
+ if (m_parameters.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials) {
completionHandler(AuthenticationChallengeDisposition::UseCredential, { });
return;
}
@@ -429,10 +426,8 @@
void NetworkLoad::didReceiveAuthenticationChallenge(ResourceHandle* handle, const AuthenticationChallenge& challenge)
{
ASSERT_UNUSED(handle, handle == m_handle);
- // NetworkResourceLoader does not know whether the request is cross origin, so Web process computes an applicable credential policy for it.
- ASSERT(m_parameters.clientCredentialPolicy != DoNotAskClientForCrossOriginCredentials);
- if (m_parameters.clientCredentialPolicy == DoNotAskClientForAnyCredentials) {
+ if (m_parameters.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials) {
challenge.authenticationClient()->receivedRequestToContinueWithoutCredential(challenge);
return;
}
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoadParameters.h (203719 => 203720)
--- trunk/Source/WebKit2/NetworkProcess/NetworkLoadParameters.h 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoadParameters.h 2016-07-26 16:23:09 UTC (rev 203720)
@@ -40,7 +40,7 @@
WebCore::ResourceRequest request;
WebCore::ContentSniffingPolicy contentSniffingPolicy { WebCore::SniffContent };
WebCore::StoredCredentials allowStoredCredentials { WebCore::DoNotAllowStoredCredentials };
- WebCore::ClientCredentialPolicy clientCredentialPolicy { WebCore::DoNotAskClientForAnyCredentials };
+ WebCore::ClientCredentialPolicy clientCredentialPolicy { WebCore::ClientCredentialPolicy::CannotAskClientForCredentials };
bool shouldClearReferrerOnHTTPSToHTTPRedirect { true };
bool defersLoading { false };
bool needsCertificateInfo { false };
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp (203719 => 203720)
--- trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -88,7 +88,7 @@
ASSERT(RunLoop::isMain());
// FIXME: This is necessary because of the existence of EmptyFrameLoaderClient in WebCore.
// Once bug 116233 is resolved, this ASSERT can just be "m_webPageID && m_webFrameID"
- ASSERT((m_parameters.webPageID && m_parameters.webFrameID) || m_parameters.clientCredentialPolicy == DoNotAskClientForAnyCredentials);
+ ASSERT((m_parameters.webPageID && m_parameters.webFrameID) || m_parameters.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials);
if (originalRequest().httpBody()) {
for (const auto& element : originalRequest().httpBody()->elements()) {
Modified: trunk/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.cpp (203719 => 203720)
--- trunk/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -194,13 +194,13 @@
loadParameters.contentSniffingPolicy = contentSniffingPolicy;
loadParameters.allowStoredCredentials = allowStoredCredentials;
// If there is no WebFrame then this resource cannot be authenticated with the client.
- loadParameters.clientCredentialPolicy = (webFrame && webPage && resourceLoader.isAllowedToAskUserForCredentials()) ? AskClientForAllCredentials : DoNotAskClientForAnyCredentials;
+ loadParameters.clientCredentialPolicy = (webFrame && webPage && resourceLoader.isAllowedToAskUserForCredentials()) ? ClientCredentialPolicy::MayAskClientForCredentials : ClientCredentialPolicy::CannotAskClientForCredentials;
loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect;
loadParameters.defersLoading = resourceLoader.defersLoading();
loadParameters.needsCertificateInfo = resourceLoader.shouldIncludeCertificateInfo();
loadParameters.maximumBufferingTime = maximumBufferingTime(resource);
- ASSERT((loadParameters.webPageID && loadParameters.webFrameID) || loadParameters.clientCredentialPolicy == DoNotAskClientForAnyCredentials);
+ ASSERT((loadParameters.webPageID && loadParameters.webFrameID) || loadParameters.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials);
if (!WebProcess::singleton().networkConnection().connection().send(Messages::NetworkConnectionToWebProcess::ScheduleResourceLoad(loadParameters), 0)) {
WEBLOADERSTRATEGY_LOG_ALWAYS_ERROR("WebLoaderStrategy::scheduleLoad: Unable to schedule resource with the NetworkProcess with priority = %d, pageID = %llu, frameID = %llu", static_cast<int>(resourceLoader.request().priority()), static_cast<unsigned long long>(loadParameters.webPageID), static_cast<unsigned long long>(loadParameters.webFrameID));
Modified: trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp (203719 => 203720)
--- trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp 2016-07-26 16:03:01 UTC (rev 203719)
+++ trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp 2016-07-26 16:23:09 UTC (rev 203720)
@@ -84,7 +84,7 @@
if (m_coreLoader->documentLoader()->applicationCacheHost()->maybeLoadFallbackForRedirect(m_coreLoader.get(), proposedRequest, redirectResponse))
return;
- // FIXME: Do we need to update NetworkResourceLoader clientCredentialPolicy in case loader policy is DoNotAskClientForCrossOriginCredentials?
+
m_coreLoader->willSendRequest(WTFMove(proposedRequest), redirectResponse, [protectedThis](ResourceRequest&& request) {
if (!protectedThis->m_coreLoader)
return;
