Modified: trunk/Source/WebCore/ChangeLog (223908 => 223909)
--- trunk/Source/WebCore/ChangeLog 2017-10-24 19:07:18 UTC (rev 223908)
+++ trunk/Source/WebCore/ChangeLog 2017-10-24 19:33:20 UTC (rev 223909)
@@ -1,3 +1,39 @@
+2017-10-24 Alex Christensen <[email protected]>
+
+ Apply custom header fields from WebsitePolicies to same-domain requests
+ https://bugs.webkit.org/show_bug.cgi?id=178356
+ <rdar://problem/31073436>
+
+ Reviewed by Brady Eidson.
+
+ Covered by new API tests.
+
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::requestResource):
+ * platform/network/ResourceRequestBase.cpp:
+ (WebCore::ResourceRequestBase::setCachePolicy):
+ (WebCore::ResourceRequestBase::setTimeoutInterval):
+ (WebCore::ResourceRequestBase::setHTTPMethod):
+ (WebCore::ResourceRequestBase::setHTTPHeaderField):
+ (WebCore::ResourceRequestBase::clearHTTPAuthorization):
+ (WebCore::ResourceRequestBase::clearHTTPContentType):
+ (WebCore::ResourceRequestBase::clearHTTPReferrer):
+ (WebCore::ResourceRequestBase::clearHTTPOrigin):
+ (WebCore::ResourceRequestBase::clearHTTPUserAgent):
+ (WebCore::ResourceRequestBase::clearHTTPAccept):
+ (WebCore::ResourceRequestBase::clearHTTPAcceptEncoding):
+ (WebCore::ResourceRequestBase::setResponseContentDispositionEncodingFallbackArray):
+ (WebCore::ResourceRequestBase::setHTTPBody):
+ (WebCore::ResourceRequestBase::setAllowCookies):
+ (WebCore::ResourceRequestBase::setPriority):
+ (WebCore::ResourceRequestBase::addHTTPHeaderFieldIfNotPresent):
+ (WebCore::ResourceRequestBase::addHTTPHeaderField):
+ (WebCore::ResourceRequestBase::setHTTPHeaderFields):
+ If we only update the platform request when headers are added (or other changes) for HTTP requests,
+ then the changes will not affect the NSURLRequest that is sent over IPC or visible to the API.
+ This is necessary for these new tests to work, but it's also of growing importance since our
+ introduction of WKURLSchemeHandler.
+
2017-10-24 Brent Fulgham <[email protected]>
Adopt new secure coding APIs
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (223908 => 223909)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2017-10-24 19:07:18 UTC (rev 223908)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2017-10-24 19:33:20 UTC (rev 223909)
@@ -765,8 +765,23 @@
}
#endif
- // FIXME: Add custom headers to first-party requests.
- // https://bugs.webkit.org/show_bug.cgi?id=177629
+ if (frame() && m_documentLoader && !m_documentLoader->customHeaderFields().isEmpty()) {
+ bool sameOriginRequest = false;
+ auto requestedOrigin = SecurityOrigin::create(url);
+ if (type == CachedResource::Type::MainResource) {
+ if (frame()->isMainFrame())
+ sameOriginRequest = true;
+ else if (auto* topDocument = frame()->mainFrame().document())
+ sameOriginRequest = topDocument->securityOrigin().isSameSchemeHostPort(requestedOrigin.get());
+ } else if (document()) {
+ sameOriginRequest = document()->topDocument().securityOrigin().isSameSchemeHostPort(requestedOrigin.get())
+ && document()->securityOrigin().isSameSchemeHostPort(requestedOrigin.get());
+ }
+ if (sameOriginRequest) {
+ for (auto& field : m_documentLoader->customHeaderFields())
+ request.resourceRequest().addHTTPHeaderField(field.name(), field.value());
+ }
+ }
LoadTiming loadTiming;
loadTiming.markStartTimeAndFetchStart();
Modified: trunk/Source/WebCore/platform/network/ResourceRequestBase.cpp (223908 => 223909)
--- trunk/Source/WebCore/platform/network/ResourceRequestBase.cpp 2017-10-24 19:07:18 UTC (rev 223908)
+++ trunk/Source/WebCore/platform/network/ResourceRequestBase.cpp 2017-10-24 19:33:20 UTC (rev 223909)
@@ -149,8 +149,7 @@
m_cachePolicy = cachePolicy;
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
double ResourceRequestBase::timeoutInterval() const
@@ -169,8 +168,7 @@
m_timeoutInterval = timeoutInterval;
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
const URL& ResourceRequestBase::firstPartyForCookies() const
@@ -208,8 +206,7 @@
m_httpMethod = httpMethod;
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
const HTTPHeaderMap& ResourceRequestBase::httpHeaderFields() const
@@ -239,8 +236,7 @@
m_httpHeaderFields.set(name, value);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
void ResourceRequestBase::setHTTPHeaderField(HTTPHeaderName name, const String& value)
@@ -249,8 +245,7 @@
m_httpHeaderFields.set(name, value);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
void ResourceRequestBase::clearHTTPAuthorization()
@@ -260,8 +255,7 @@
if (!m_httpHeaderFields.remove(HTTPHeaderName::Authorization))
return;
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
String ResourceRequestBase::httpContentType() const
@@ -280,8 +274,7 @@
m_httpHeaderFields.remove(HTTPHeaderName::ContentType);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
String ResourceRequestBase::httpReferrer() const
@@ -305,8 +298,7 @@
m_httpHeaderFields.remove(HTTPHeaderName::Referer);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
String ResourceRequestBase::httpOrigin() const
@@ -330,8 +322,7 @@
m_httpHeaderFields.remove(HTTPHeaderName::Origin);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
bool ResourceRequestBase::hasHTTPHeader(HTTPHeaderName name) const
@@ -355,8 +346,7 @@
m_httpHeaderFields.remove(HTTPHeaderName::UserAgent);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
String ResourceRequestBase::httpAccept() const
@@ -375,8 +365,7 @@
m_httpHeaderFields.remove(HTTPHeaderName::Accept);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
void ResourceRequestBase::clearHTTPAcceptEncoding()
@@ -385,8 +374,7 @@
m_httpHeaderFields.remove(HTTPHeaderName::AcceptEncoding);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
void ResourceRequestBase::setResponseContentDispositionEncodingFallbackArray(const String& encoding1, const String& encoding2, const String& encoding3)
@@ -402,8 +390,7 @@
if (!encoding3.isNull())
m_responseContentDispositionEncodingFallbackArray.uncheckedAppend(encoding3);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
FormData* ResourceRequestBase::httpBody() const
@@ -421,8 +408,7 @@
m_resourceRequestBodyUpdated = true;
- if (url().protocolIsInHTTPFamily())
- m_platformRequestBodyUpdated = false;
+ m_platformRequestBodyUpdated = false;
}
bool ResourceRequestBase::allowCookies() const
@@ -441,8 +427,7 @@
m_allowCookies = allowCookies;
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
ResourceLoadPriority ResourceRequestBase::priority() const
@@ -461,8 +446,7 @@
m_priority = priority;
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
void ResourceRequestBase::addHTTPHeaderFieldIfNotPresent(HTTPHeaderName name, const String& value)
@@ -472,8 +456,7 @@
if (!m_httpHeaderFields.addIfNotPresent(name, value))
return;
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
void ResourceRequestBase::addHTTPHeaderField(HTTPHeaderName name, const String& value)
@@ -482,8 +465,7 @@
m_httpHeaderFields.add(name, value);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
void ResourceRequestBase::addHTTPHeaderField(const String& name, const String& value)
@@ -492,8 +474,7 @@
m_httpHeaderFields.add(name, value);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
bool ResourceRequestBase::hasHTTPHeaderField(HTTPHeaderName headerName) const
@@ -507,8 +488,7 @@
m_httpHeaderFields = WTFMove(headerFields);
- if (url().protocolIsInHTTPFamily())
- m_platformRequestUpdated = false;
+ m_platformRequestUpdated = false;
}
bool equalIgnoringHeaderFields(const ResourceRequestBase& a, const ResourceRequestBase& b)
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsitePolicies.mm (223908 => 223909)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsitePolicies.mm 2017-10-24 19:07:18 UTC (rev 223908)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsitePolicies.mm 2017-10-24 19:33:20 UTC (rev 223909)
@@ -671,13 +671,14 @@
static bool firstTestDone;
static bool secondTestDone;
static bool thirdTestDone;
+static bool fourthTestDone;
static void expectHeaders(id <WKURLSchemeTask> task, bool expected)
{
NSURLRequest *request = task.request;
if (expected) {
- // FIXME: Check that headers are on the request.
- // https://bugs.webkit.org/show_bug.cgi?id=177629
+ EXPECT_STREQ([[request valueForHTTPHeaderField:@"X-key1"] UTF8String], "value1");
+ EXPECT_STREQ([[request valueForHTTPHeaderField:@"X-key2"] UTF8String], "value2");
} else {
EXPECT_TRUE([request valueForHTTPHeaderField:@"X-key1"] == nil);
EXPECT_TRUE([request valueForHTTPHeaderField:@"X-key2"] == nil);
@@ -739,6 +740,13 @@
expectHeaders(urlSchemeTask, true);
respond(urlSchemeTask);
thirdTestDone = true;
+ } else if ([path isEqualToString:@"/createaboutblankiframe"]) {
+ expectHeaders(urlSchemeTask, true);
+ respond(urlSchemeTask, @"<script>start=()=>{var s = document.createElement('script');s.text=\"fetch('test:///requestfromaboutblank')\";document.getElementById('iframeid').contentWindow.document.body.appendChild(s);}</script><body><iframe src='' id=iframeid _onload_='start()'></iframe></body>");
+ } else if ([path isEqualToString:@"/requestfromaboutblank"]) {
+ expectHeaders(urlSchemeTask, true);
+ respond(urlSchemeTask);
+ fourthTestDone = true;
} else
EXPECT_TRUE(false);
}
@@ -764,6 +772,9 @@
[webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"test://toporigin/nestedtop"]]];
TestWebKitAPI::Util::run(&thirdTestDone);
+
+ [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"test:///createaboutblankiframe"]]];
+ TestWebKitAPI::Util::run(&fourthTestDone);
}
