[webkit-changes] [221027] trunk/Source/WebKit

[cdumez]

Title: [221027] trunk/Source/WebKit

Revision

221027

Author

cdu...@apple.com

Date

2017-08-22 11:16:39 -0700 (Tue, 22 Aug 2017)

Log Message

Add sanity check for source origin in WebLoaderStrategy::startPingLoad()
https://bugs.webkit.org/show_bug.cgi?id=175827

Reviewed by Geoffrey Garen.

* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::startPingLoad):

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (221026 => 221027)

--- trunk/Source/WebKit/ChangeLog	2017-08-22 18:12:10 UTC (rev 221026)
+++ trunk/Source/WebKit/ChangeLog	2017-08-22 18:16:39 UTC (rev 221027)
@@ -1,3 +1,13 @@
+2017-08-22  Chris Dumez  <cdu...@apple.com>
+
+        Add sanity check for source origin in WebLoaderStrategy::startPingLoad()
+        https://bugs.webkit.org/show_bug.cgi?id=175827
+
+        Reviewed by Geoffrey Garen.
+
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::WebLoaderStrategy::startPingLoad):
+
 2017-08-22  Alex Christensen  <achristen...@webkit.org>
 
         Add UIDelegatePrivate SPI corresponding to WKPageUIClient.showPage

Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (221026 => 221027)

--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp	2017-08-22 18:12:10 UTC (rev 221026)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp	2017-08-22 18:16:39 UTC (rev 221027)
@@ -425,6 +425,7 @@
     loadParameters.identifier = generatePingLoadIdentifier();
     loadParameters.request = request;
     loadParameters.sourceOrigin = &document->securityOrigin();
+    ASSERT(loadParameters.request.httpHeaderField(HTTPHeaderName::Origin).isNull() || loadParameters.request.httpHeaderField(HTTPHeaderName::Origin) == loadParameters.sourceOrigin->toString());
     loadParameters.sessionID = webPage ? webPage->sessionID() : PAL::SessionID::defaultSessionID();
     loadParameters.allowStoredCredentials = options.credentials == FetchOptions::Credentials::Omit ? DoNotAllowStoredCredentials : AllowStoredCredentials;
     loadParameters.mode = options.mode;
@@ -431,7 +432,7 @@
     loadParameters.shouldFollowRedirects = options.redirect == FetchOptions::Redirect::Follow;
     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = networkingContext->shouldClearReferrerOnHTTPSToHTTPRedirect();
     if (!document->shouldBypassMainWorldContentSecurityPolicy()) {
-        if (auto * contentSecurityPolicy = document->contentSecurityPolicy())
+        if (auto* contentSecurityPolicy = document->contentSecurityPolicy())
             loadParameters.cspResponseHeaders = contentSecurityPolicy->responseHeaders();
     }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes