Diff
Modified: trunk/LayoutTests/ChangeLog (230364 => 230365)
--- trunk/LayoutTests/ChangeLog 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/LayoutTests/ChangeLog 2018-04-07 03:48:55 UTC (rev 230365)
@@ -1,3 +1,26 @@
+2018-04-06 Youenn Fablet <you...@apple.com>
+
+ Response headers should be filtered when sent from NetworkProcess to WebProcess
+ https://bugs.webkit.org/show_bug.cgi?id=184310
+
+ Reviewed by Ryosuke Niwa.
+
+ Rebased tests for WK2 as Server response header is now filtered out for cross-origin and not fetch/XHR loads.
+
+ * http/wpt/service-workers/header-filtering-worker.js: Added.
+ * http/wpt/service-workers/header-filtering.https-expected.txt: Added.
+ Some tests are failing as navigation loads are not yet filtered and we
+ have no good way yet to detect cross origin loads.
+ * http/wpt/service-workers/header-filtering.https.html: Added.
+ * http/wpt/service-workers/resources/header-filtering-iframe.html: Added.
+ * http/wpt/service-workers/resources/response-full-of-headers.py: Added.
+ * http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt: Added.
+ * http/tests/webarchive/test-preload-resources-expected.txt: Added.
+ * platform/mac-wk1/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt: Added.
+ * platform/mac-wk1/http/tests/webarchive/test-preload-resources-expected.txt: Added.
+ * platform/win/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt: Added.
+ * platform/win/http/tests/webarchive/test-preload-resources-expected.txt: Added.
+
2018-04-06 Ryan Haddad <ryanhad...@apple.com>
Mark fast/loader/submit-form-while-parsing-2.html as flaky.
Added: trunk/LayoutTests/http/wpt/service-workers/header-filtering-worker.js (0 => 230365)
--- trunk/LayoutTests/http/wpt/service-workers/header-filtering-worker.js (rev 0)
+++ trunk/LayoutTests/http/wpt/service-workers/header-filtering-worker.js 2018-04-07 03:48:55 UTC (rev 230365)
@@ -0,0 +1,16 @@
+var source;
+addEventListener("message", (e) => {
+ source = e.source;
+ source.postMessage(e.data ="" "ready?" ? "ready" : "not ready");
+});
+
+addEventListener("fetch", async (e) => {
+ var promise = fetch(e.request);
+ e.respondWith(promise.then((response) => {
+ if (self.internals)
+ source.postMessage(internals.fetchResponseHeaderList(response).sort());
+ else
+ source.postMessage("Test requires internals API to get all response headers");
+ return response;
+ }));
+});
Added: trunk/LayoutTests/http/wpt/service-workers/header-filtering.https-expected.txt (0 => 230365)
--- trunk/LayoutTests/http/wpt/service-workers/header-filtering.https-expected.txt (rev 0)
+++ trunk/LayoutTests/http/wpt/service-workers/header-filtering.https-expected.txt 2018-04-07 03:48:55 UTC (rev 230365)
@@ -0,0 +1,13 @@
+
+
+PASS Setup worker
+PASS Frame controlled by service worker
+PASS Test same-origin fetch
+FAIL Test cors cross-origin fetch assert_array_equals: lengths differ, expected 13 got 15
+FAIL Test no-cors cross-origin fetch assert_array_equals: lengths differ, expected 13 got 15
+PASS Test same-origin script load
+PASS Test no-cors script load
+PASS Test cors script load
+FAIL Test HTML load assert_array_equals: lengths differ, expected 13 got 17
+PASS Clean-up
+
Added: trunk/LayoutTests/http/wpt/service-workers/header-filtering.https.html (0 => 230365)
--- trunk/LayoutTests/http/wpt/service-workers/header-filtering.https.html (rev 0)
+++ trunk/LayoutTests/http/wpt/service-workers/header-filtering.https.html 2018-04-07 03:48:55 UTC (rev 230365)
@@ -0,0 +1,155 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Service Worker Header Filtering</title>
+<script src=""
+<script src=""
+ <script src=""
+</head>
+<body>
+<script>
+var scope = "resources";
+var registration;
+var frame;
+
+var url1 = "/WebKit/service-workers/resources/response-full-of-headers.py";
+var url2 = get_host_info().HTTPS_REMOTE_ORIGIN + url1;
+
+function withFrame(url)
+{
+ return new Promise((resolve) => {
+ const frame = document.createElement('iframe');
+ frame.src = ""
+ frame._onload_ = function() { resolve(frame); };
+ document.body.appendChild(frame);
+ });
+}
+
+async function registerServiceWorker(scope)
+{
+ const registration = await navigator.serviceWorker.register("header-filtering-worker.js", { scope : scope });
+ const activeWorker = registration.active;
+ if (activeWorker)
+ return registration;
+ activeWorker = registration.installing;
+ return new Promise(resolve => {
+ activeWorker.addEventListener('statechange', () => {
+ if (activeWorker.state === "activated")
+ resolve(registration);
+ });
+ });
+}
+
+promise_test(async (test) => {
+ registration = await registerServiceWorker(scope);
+ registration.active.postMessage("ready?");
+ return new Promise((resolve) => {
+ navigator.serviceWorker._onmessage_ = (event) => {
+ assert_equals(event.data, "ready");
+ navigator.serviceWorker._onmessage_ = undefined;
+ resolve();
+ };
+ });
+}, "Setup worker and register the client");
+
+var processMessage;
+promise_test(async (test) => {
+ frame = await withFrame(scope + "/header-filtering-iframe.html");
+ navigator.serviceWorker._onmessage_ = (event) => {
+ processMessage(event.data);
+ };
+}, "Add a frame controlled by service worker");
+
+promise_test(async (test) => {
+ const promise = new Promise((resolve) => {
+ processMessage = (data) => {
+ resolve(data);
+ };
+ });
+ frame.contentWindow.fetch(url1 + "?fetch");
+ assert_array_equals(await promise, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
+ "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy","Server",
+ "SourceMap","Timing-Allow-Origin","X-SourceMap","x-header1","x-header2"]);
+}, "Test same-origin fetch");
+
+promise_test(async (test) => {
+ const data = "" Promise((resolve) => {
+ processMessage = (data) => {
+ resolve(data);
+ };
+ });
+ frame.contentWindow.fetch(url2 + "?fetch-cors", { mode : "cors" });
+ assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
+ "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
+ "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+}, "Test cors cross-origin fetch");
+
+promise_test(async (test) => {
+ const data = "" Promise((resolve) => {
+ processMessage = (data) => {
+ resolve(data);
+ };
+ });
+ frame.contentWindow.fetch(url2 + "?fetch-no-cors", { mode : "no-cors" });
+ assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
+ "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
+ "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+}, "Test no-cors cross-origin fetch");
+
+promise_test(async (test) => {
+ const data = "" Promise((resolve) => {
+ processMessage = (data) => {
+ resolve(data);
+ };
+ });
+ frame.contentWindow.loadScript(url1 + "?script");
+ assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
+ "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
+ "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+}, "Test same-origin script load");
+
+promise_test(async (test) => {
+ const data = "" Promise((resolve) => {
+ processMessage = (data) => {
+ resolve(data);
+ };
+ });
+ frame.contentWindow.loadScript(url2 + "?script-nocors");
+ assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
+ "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
+ "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+}, "Test no-cors script load");
+
+promise_test(async (test) => {
+ const data = "" Promise((resolve) => {
+ processMessage = (data) => {
+ resolve(data);
+ };
+ });
+ frame.contentWindow.loadScript(url2 + "?script-cors", "anonymous");
+ assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
+ "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
+ "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+}, "Test cors script load");
+
+promise_test(async (test) => {
+ const data = "" Promise((resolve) => {
+ processMessage = (data) => {
+ resolve(data);
+ };
+ });
+ let frame = await withFrame(url1 + "?html");
+ assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
+ "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
+ "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+ frame.remove();
+}, "Test HTML load");
+
+promise_test(async (test) => {
+ await registration.unregister();
+ frame.remove();
+}, "Do some clean-up");
+
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/wpt/service-workers/resources/header-filtering-iframe.html (0 => 230365)
--- trunk/LayoutTests/http/wpt/service-workers/resources/header-filtering-iframe.html (rev 0)
+++ trunk/LayoutTests/http/wpt/service-workers/resources/header-filtering-iframe.html 2018-04-07 03:48:55 UTC (rev 230365)
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+function loadScript(url, mode)
+{
+ let script = document.createElement("script");
+ script.src = ""
+ if (mode)
+ script.crossOrigin = mode;
+ document.body.appendChild(script);
+}
+</script>
+</head>
+<body>
+Ready
+</body>
+</html>
Added: trunk/LayoutTests/http/wpt/service-workers/resources/response-full-of-headers.py (0 => 230365)
--- trunk/LayoutTests/http/wpt/service-workers/resources/response-full-of-headers.py (rev 0)
+++ trunk/LayoutTests/http/wpt/service-workers/resources/response-full-of-headers.py 2018-04-07 03:48:55 UTC (rev 230365)
@@ -0,0 +1,18 @@
+def main(request, response):
+ headers = [("Content-type", "text/_javascript_"),
+ ("Set-Cookie", "1"),
+ ("Set-Cookie2", "2"),
+ ("Access-Control-Allow-Origin", "*"),
+ ("Access-Control-Allow-Credentials", "true"),
+ ("Access-Control-Allow-Methods", "GET, POST, HEAD"),
+ ("Timing-Allow-Origin", "*"),
+ ("Referrer-Policy", "whatever"),
+ ("SourceMap", "1"),
+ ("x-sourcemap", "2"),
+ ("Access-Control-Expose-Headers", "x-Header1, content-length"),
+ ("x-header1", "x-value1"),
+ ("x-header2", "x-value2"),
+ ("Content-Length", "13"),
+ ("Cache-Control", "no-store")
+ ]
+ return headers, "document.body"
Modified: trunk/LayoutTests/platform/mac/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt (230364 => 230365)
--- trunk/LayoutTests/platform/mac/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/LayoutTests/platform/mac/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt 2018-04-07 03:48:55 UTC (rev 230365)
@@ -55,8 +55,6 @@
<string>"301925-21-45c7d72d3e780"</string>
<key>Last-Modified</key>
<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
- <key>Server</key>
- <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
</dict>
<key>expectedContentLength</key>
<integer>1</integer>
Modified: trunk/LayoutTests/platform/mac/http/tests/webarchive/test-preload-resources-expected.txt (230364 => 230365)
--- trunk/LayoutTests/platform/mac/http/tests/webarchive/test-preload-resources-expected.txt 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/LayoutTests/platform/mac/http/tests/webarchive/test-preload-resources-expected.txt 2018-04-07 03:48:55 UTC (rev 230365)
@@ -65,8 +65,6 @@
<string>"301925-21-45c7d72d3e780"</string>
<key>Last-Modified</key>
<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
- <key>Server</key>
- <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
</dict>
<key>expectedContentLength</key>
<integer>33</integer>
@@ -102,8 +100,6 @@
<string>"301925-21-45c7d72d3e780"</string>
<key>Last-Modified</key>
<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
- <key>Server</key>
- <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
</dict>
<key>expectedContentLength</key>
<integer>33</integer>
@@ -139,8 +135,6 @@
<string>"301925-21-45c7d72d3e780"</string>
<key>Last-Modified</key>
<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
- <key>Server</key>
- <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
</dict>
<key>expectedContentLength</key>
<integer>33</integer>
@@ -176,8 +170,6 @@
<string>"301925-21-45c7d72d3e780"</string>
<key>Last-Modified</key>
<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
- <key>Server</key>
- <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
</dict>
<key>expectedContentLength</key>
<integer>33</integer>
@@ -213,8 +205,6 @@
<string>"301925-21-45c7d72d3e780"</string>
<key>Last-Modified</key>
<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
- <key>Server</key>
- <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
</dict>
<key>expectedContentLength</key>
<integer>33</integer>
@@ -250,8 +240,6 @@
<string>"301925-21-45c7d72d3e780"</string>
<key>Last-Modified</key>
<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
- <key>Server</key>
- <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
</dict>
<key>expectedContentLength</key>
<integer>33</integer>
@@ -287,8 +275,6 @@
<string>"301925-21-45c7d72d3e780"</string>
<key>Last-Modified</key>
<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
- <key>Server</key>
- <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
</dict>
<key>expectedContentLength</key>
<integer>33</integer>
Copied: trunk/LayoutTests/platform/mac-wk1/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt (from rev 230364, trunk/LayoutTests/platform/mac/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt) (0 => 230365)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt 2018-04-07 03:48:55 UTC (rev 230365)
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>WebMainResource</key>
+ <dict>
+ <key>WebResourceData</key>
+ <string><html><head>
+<script>
+if (window.testRunner)
+ testRunner.dumpDOMAsWebArchive();
+</script>
+<link rel="stylesheet" href="" type="text/css">
+</head>
+<body>
+This HTML links to an external stylesheet from a different security origin.<br>
+Making a webarchive of this page should not crash.
+
+
+</body></html></string>
+ <key>WebResourceFrameName</key>
+ <string></string>
+ <key>WebResourceMIMEType</key>
+ <string>text/html</string>
+ <key>WebResourceTextEncodingName</key>
+ <string>UTF-8</string>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/cross-origin-stylesheet-crash.html</string>
+ </dict>
+ <key>WebSubresources</key>
+ <array>
+ <dict>
+ <key>WebResourceData</key>
+ <string>
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://localhost:8000/webarchive/resources/localhost-stylesheet.css</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>1</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>1</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://localhost:8000/webarchive/resources/localhost-stylesheet.css</string>
+ </dict>
+ </array>
+</dict>
+</plist>
Copied: trunk/LayoutTests/platform/mac-wk1/http/tests/webarchive/test-preload-resources-expected.txt (from rev 230364, trunk/LayoutTests/platform/mac/http/tests/webarchive/test-preload-resources-expected.txt) (0 => 230365)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/webarchive/test-preload-resources-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/webarchive/test-preload-resources-expected.txt 2018-04-07 03:48:55 UTC (rev 230365)
@@ -0,0 +1,303 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>WebMainResource</key>
+ <dict>
+ <key>WebResourceData</key>
+ <string><html><head>
+
+<link rel="stylesheet" type="text/css" href=""
+<link rel="alternate stylesheet" type="text/css" href="" title="green">
+<link rel="alternate stylesheet" type="text/css" href="" title="blue">
+<link rel="alternate stylesheet" type="text/css" href="" title="yellow">
+<link rel="alternate stylesheet" type="text/css" href="" title="pink">
+<link rel="alternate stylesheet" type="text/css" href="" title="purple">
+<link rel="alternate stylesheet" type="text/css" href="" title="gray">
+
+<script>
+if (window.testRunner)
+ testRunner.dumpDOMAsWebArchive();
+</script>
+
+</head><body>
+<div>
+Test for <a href="" 22466:
+REGRESSION (35867): Many resources missing when saving webarchive of webkit.org</a>
+</div>
+<p>Some resources are missing when saving this page as a webarchive.</p>
+
+</body></html></string>
+ <key>WebResourceFrameName</key>
+ <string></string>
+ <key>WebResourceMIMEType</key>
+ <string>text/html</string>
+ <key>WebResourceTextEncodingName</key>
+ <string>UTF-8</string>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/test-preload-resources.html</string>
+ </dict>
+ <key>WebSubresources</key>
+ <array>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?1</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?1</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?2</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?2</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?3</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?3</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?4</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?4</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?5</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?5</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?6</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?6</string>
+ </dict>
+ </array>
+</dict>
+</plist>
Copied: trunk/LayoutTests/platform/win/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt (from rev 230364, trunk/LayoutTests/platform/mac/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt) (0 => 230365)
--- trunk/LayoutTests/platform/win/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/webarchive/cross-origin-stylesheet-crash-expected.txt 2018-04-07 03:48:55 UTC (rev 230365)
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>WebMainResource</key>
+ <dict>
+ <key>WebResourceData</key>
+ <string><html><head>
+<script>
+if (window.testRunner)
+ testRunner.dumpDOMAsWebArchive();
+</script>
+<link rel="stylesheet" href="" type="text/css">
+</head>
+<body>
+This HTML links to an external stylesheet from a different security origin.<br>
+Making a webarchive of this page should not crash.
+
+
+</body></html></string>
+ <key>WebResourceFrameName</key>
+ <string></string>
+ <key>WebResourceMIMEType</key>
+ <string>text/html</string>
+ <key>WebResourceTextEncodingName</key>
+ <string>UTF-8</string>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/cross-origin-stylesheet-crash.html</string>
+ </dict>
+ <key>WebSubresources</key>
+ <array>
+ <dict>
+ <key>WebResourceData</key>
+ <string>
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://localhost:8000/webarchive/resources/localhost-stylesheet.css</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>1</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>1</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://localhost:8000/webarchive/resources/localhost-stylesheet.css</string>
+ </dict>
+ </array>
+</dict>
+</plist>
Copied: trunk/LayoutTests/platform/win/http/tests/webarchive/test-preload-resources-expected.txt (from rev 230364, trunk/LayoutTests/platform/mac/http/tests/webarchive/test-preload-resources-expected.txt) (0 => 230365)
--- trunk/LayoutTests/platform/win/http/tests/webarchive/test-preload-resources-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/webarchive/test-preload-resources-expected.txt 2018-04-07 03:48:55 UTC (rev 230365)
@@ -0,0 +1,303 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>WebMainResource</key>
+ <dict>
+ <key>WebResourceData</key>
+ <string><html><head>
+
+<link rel="stylesheet" type="text/css" href=""
+<link rel="alternate stylesheet" type="text/css" href="" title="green">
+<link rel="alternate stylesheet" type="text/css" href="" title="blue">
+<link rel="alternate stylesheet" type="text/css" href="" title="yellow">
+<link rel="alternate stylesheet" type="text/css" href="" title="pink">
+<link rel="alternate stylesheet" type="text/css" href="" title="purple">
+<link rel="alternate stylesheet" type="text/css" href="" title="gray">
+
+<script>
+if (window.testRunner)
+ testRunner.dumpDOMAsWebArchive();
+</script>
+
+</head><body>
+<div>
+Test for <a href="" 22466:
+REGRESSION (35867): Many resources missing when saving webarchive of webkit.org</a>
+</div>
+<p>Some resources are missing when saving this page as a webarchive.</p>
+
+</body></html></string>
+ <key>WebResourceFrameName</key>
+ <string></string>
+ <key>WebResourceMIMEType</key>
+ <string>text/html</string>
+ <key>WebResourceTextEncodingName</key>
+ <string>UTF-8</string>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/test-preload-resources.html</string>
+ </dict>
+ <key>WebSubresources</key>
+ <array>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?1</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?1</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?2</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?2</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?3</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?3</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?4</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?4</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?5</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?5</string>
+ </dict>
+ <dict>
+ <key>WebResourceData</key>
+ <string>/* test-preload-resources.css */
+</string>
+ <key>WebResourceMIMEType</key>
+ <string>text/css</string>
+ <key>WebResourceResponse</key>
+ <dict>
+ <key>MIMEType</key>
+ <string>text/css</string>
+ <key>URL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?6</string>
+ <key>allHeaderFields</key>
+ <dict>
+ <key>Accept-Ranges</key>
+ <string>bytes</string>
+ <key>Content-Length</key>
+ <string>33</string>
+ <key>Content-Type</key>
+ <string>text/css</string>
+ <key>Date</key>
+ <string>Sun, 16 Nov 2008 17:00:00 GMT</string>
+ <key>Etag</key>
+ <string>"301925-21-45c7d72d3e780"</string>
+ <key>Last-Modified</key>
+ <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+ <key>Server</key>
+ <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
+ </dict>
+ <key>expectedContentLength</key>
+ <integer>33</integer>
+ <key>statusCode</key>
+ <integer>200</integer>
+ </dict>
+ <key>WebResourceURL</key>
+ <string>http://127.0.0.1:8000/webarchive/resources/test-preload-resources.css?6</string>
+ </dict>
+ </array>
+</dict>
+</plist>
Modified: trunk/Source/WebCore/ChangeLog (230364 => 230365)
--- trunk/Source/WebCore/ChangeLog 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebCore/ChangeLog 2018-04-07 03:48:55 UTC (rev 230365)
@@ -1,3 +1,33 @@
+2018-04-06 Youenn Fablet <you...@apple.com>
+
+ Response headers should be filtered when sent from NetworkProcess to WebProcess
+ https://bugs.webkit.org/show_bug.cgi?id=184310
+
+ Reviewed by Ryosuke Niwa.
+
+ Did some refactoring to allow ResourceResponse to use header value parsing routines.
+ We add sanitization levels for regular responses in case responses might be exposed to scripts or not.
+ If not exposed to scripts, additional filtering is done.
+
+ Add internal API to get unfiltered response headers from a fetch response.
+ Test: http/wpt/service-workers/header-filtering.https.html
+
+ * Modules/fetch/FetchResponse.h:
+ * loader/CrossOriginPreflightResultCache.cpp:
+ (WebCore::CrossOriginPreflightResultCacheItem::parse):
+ * platform/network/HTTPParsers.h:
+ (WebCore::addToAccessControlAllowList):
+ (WebCore::parseAccessControlAllowList):
+ * platform/network/ResourceResponseBase.cpp:
+ (WebCore::isSafeToKeepRedirectionResponseHeader):
+ (WebCore::isCrossOriginSafeToKeepResponseHeader):
+ (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFields):
+ * platform/network/ResourceResponseBase.h:
+ * testing/ServiceWorkerInternals.cpp:
+ (WebCore::ServiceWorkerInternals::fetchResponseHeaderList):
+ * testing/ServiceWorkerInternals.h:
+ * testing/ServiceWorkerInternals.idl:
+
2018-04-06 Michael Catanzaro <mcatanz...@igalia.com>
Unreviewed, fix unused parameter warning when credential storage is disabled
Modified: trunk/Source/WebCore/Modules/fetch/FetchResponse.h (230364 => 230365)
--- trunk/Source/WebCore/Modules/fetch/FetchResponse.h 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebCore/Modules/fetch/FetchResponse.h 2018-04-07 03:48:55 UTC (rev 230365)
@@ -109,6 +109,8 @@
const std::optional<ResourceError>& loadingError() const { return m_loadingError; }
+ const HTTPHeaderMap& internalResponseHeaders() const { return m_internalResponse.httpHeaderFields(); }
+
private:
FetchResponse(ScriptExecutionContext&, std::optional<FetchBody>&&, Ref<FetchHeaders>&&, ResourceResponse&&);
Modified: trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp (230364 => 230365)
--- trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp 2018-04-07 03:48:55 UTC (rev 230365)
@@ -52,57 +52,23 @@
return ok;
}
-template<class HashType>
-static void addToAccessControlAllowList(const String& string, unsigned start, unsigned end, HashSet<String, HashType>& set)
-{
- StringImpl* stringImpl = string.impl();
- if (!stringImpl)
- return;
-
- // Skip white space from start.
- while (start <= end && isSpaceOrNewline((*stringImpl)[start]))
- ++start;
-
- // only white space
- if (start > end)
- return;
-
- // Skip white space from end.
- while (end && isSpaceOrNewline((*stringImpl)[end]))
- --end;
-
- set.add(string.substring(start, end - start + 1));
-}
-
-template<class HashType>
-static bool parseAccessControlAllowList(const String& string, HashSet<String, HashType>& set)
-{
- unsigned start = 0;
- size_t end;
- while ((end = string.find(',', start)) != notFound) {
- if (start != end)
- addToAccessControlAllowList(string, start, end - 1, set);
- start = end + 1;
- }
- if (start != string.length())
- addToAccessControlAllowList(string, start, string.length() - 1, set);
-
- return true;
-}
-
bool CrossOriginPreflightResultCacheItem::parse(const ResourceResponse& response, String& errorDescription)
{
m_methods.clear();
- if (!parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowMethods), m_methods)) {
+ auto methods = parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowMethods));
+ if (!methods) {
errorDescription = "Cannot parse Access-Control-Allow-Methods response header field.";
return false;
}
+ m_methods = WTFMove(methods.value());
m_headers.clear();
- if (!parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowHeaders), m_headers)) {
+ auto headers = parseAccessControlAllowList<ASCIICaseInsensitiveHash>(response.httpHeaderField(HTTPHeaderName::AccessControlAllowHeaders));
+ if (!headers) {
errorDescription = "Cannot parse Access-Control-Allow-Headers response header field.";
return false;
}
+ m_headers = WTFMove(headers.value());
Seconds expiryDelta = 0_s;
if (parseAccessControlMaxAge(response.httpHeaderField(HTTPHeaderName::AccessControlMaxAge), expiryDelta)) {
Modified: trunk/Source/WebCore/platform/network/HTTPParsers.h (230364 => 230365)
--- trunk/Source/WebCore/platform/network/HTTPParsers.h 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebCore/platform/network/HTTPParsers.h 2018-04-07 03:48:55 UTC (rev 230365)
@@ -119,4 +119,43 @@
return string.stripLeadingAndTrailingMatchedCharacters(isHTTPSpace);
}
+template<class HashType>
+void addToAccessControlAllowList(const String& string, unsigned start, unsigned end, HashSet<String, HashType>& set)
+{
+ StringImpl* stringImpl = string.impl();
+ if (!stringImpl)
+ return;
+
+ // Skip white space from start.
+ while (start <= end && isSpaceOrNewline((*stringImpl)[start]))
+ ++start;
+
+ // only white space
+ if (start > end)
+ return;
+
+ // Skip white space from end.
+ while (end && isSpaceOrNewline((*stringImpl)[end]))
+ --end;
+
+ set.add(string.substring(start, end - start + 1));
}
+
+template<class HashType = DefaultHash<String>::Hash>
+std::optional<HashSet<String, HashType>> parseAccessControlAllowList(const String& string)
+{
+ HashSet<String, HashType> set;
+ unsigned start = 0;
+ size_t end;
+ while ((end = string.find(',', start)) != notFound) {
+ if (start != end)
+ addToAccessControlAllowList(string, start, end - 1, set);
+ start = end + 1;
+ }
+ if (start != string.length())
+ addToAccessControlAllowList(string, start, string.length() - 1, set);
+
+ return set;
+}
+
+}
Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp (230364 => 230365)
--- trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp 2018-04-07 03:48:55 UTC (rev 230365)
@@ -317,7 +317,7 @@
// FIXME: Should invalidate or update platform response if present.
}
-static bool isSafeToKeepRedirectionHeader(HTTPHeaderName name)
+static bool isSafeRedirectionResponseHeader(HTTPHeaderName name)
{
// WebCore needs to keep location and cache related headers as it does caching.
// We also keep CORS/ReferrerPolicy headers until CORS checks/Referrer computation are done in NetworkProcess.
@@ -330,6 +330,7 @@
|| name == HTTPHeaderName::LastModified
|| name == HTTPHeaderName::Age
|| name == HTTPHeaderName::Pragma
+ || name == HTTPHeaderName::ReferrerPolicy
|| name == HTTPHeaderName::Refresh
|| name == HTTPHeaderName::Vary
|| name == HTTPHeaderName::AccessControlAllowCredentials
@@ -341,16 +342,90 @@
|| name == HTTPHeaderName::TimingAllowOrigin;
}
-void ResourceResponseBase::sanitizeRedirectionHTTPHeaderFields()
+static bool isSafeCrossOriginResponseHeader(HTTPHeaderName name)
{
+ // All known response headers used in WebProcesses.
+ return name == HTTPHeaderName::AcceptRanges
+ || name == HTTPHeaderName::AccessControlAllowCredentials
+ || name == HTTPHeaderName::AccessControlAllowHeaders
+ || name == HTTPHeaderName::AccessControlAllowMethods
+ || name == HTTPHeaderName::AccessControlAllowOrigin
+ || name == HTTPHeaderName::AccessControlExposeHeaders
+ || name == HTTPHeaderName::AccessControlMaxAge
+ || name == HTTPHeaderName::AccessControlRequestHeaders
+ || name == HTTPHeaderName::AccessControlRequestMethod
+ || name == HTTPHeaderName::Age
+ || name == HTTPHeaderName::CacheControl
+ || name == HTTPHeaderName::ContentDisposition
+ || name == HTTPHeaderName::ContentEncoding
+ || name == HTTPHeaderName::ContentLanguage
+ || name == HTTPHeaderName::ContentLength
+ || name == HTTPHeaderName::ContentRange
+ || name == HTTPHeaderName::ContentSecurityPolicy
+ || name == HTTPHeaderName::ContentSecurityPolicyReportOnly
+ || name == HTTPHeaderName::ContentType
+ || name == HTTPHeaderName::Date
+ || name == HTTPHeaderName::ETag
+ || name == HTTPHeaderName::Expires
+ || name == HTTPHeaderName::IcyMetaInt
+ || name == HTTPHeaderName::IcyMetadata
+ || name == HTTPHeaderName::LastEventID
+ || name == HTTPHeaderName::LastModified
+ || name == HTTPHeaderName::Link
+ || name == HTTPHeaderName::Pragma
+ || name == HTTPHeaderName::Range
+ || name == HTTPHeaderName::ReferrerPolicy
+ || name == HTTPHeaderName::Refresh
+ || name == HTTPHeaderName::SourceMap
+ || name == HTTPHeaderName::XSourceMap
+ || name == HTTPHeaderName::TimingAllowOrigin
+ || name == HTTPHeaderName::Trailer
+ || name == HTTPHeaderName::Vary
+ || name == HTTPHeaderName::XContentTypeOptions
+ || name == HTTPHeaderName::XDNSPrefetchControl
+ || name == HTTPHeaderName::XFrameOptions
+ || name == HTTPHeaderName::XWebKitCSP
+ || name == HTTPHeaderName::XWebKitCSPReportOnly
+ || name == HTTPHeaderName::XXSSProtection;
+}
+
+void ResourceResponseBase::sanitizeHTTPHeaderFields(SanitizationType type)
+{
lazyInit(AllFields);
- auto commonHeaders = WTFMove(m_httpHeaderFields.commonHeaders());
- for (auto& header : commonHeaders) {
- if (isSafeToKeepRedirectionHeader(header.key))
- m_httpHeaderFields.add(header.key, WTFMove(header.value));
+ m_httpHeaderFields.commonHeaders().remove(HTTPHeaderName::SetCookie);
+ m_httpHeaderFields.commonHeaders().remove(HTTPHeaderName::SetCookie2);
+
+ switch (type) {
+ case SanitizationType::RemoveCookies:
+ return;
+ case SanitizationType::Redirection: {
+ auto commonHeaders = WTFMove(m_httpHeaderFields.commonHeaders());
+ for (auto& header : commonHeaders) {
+ if (isSafeRedirectionResponseHeader(header.key))
+ m_httpHeaderFields.add(header.key, WTFMove(header.value));
+ }
+ m_httpHeaderFields.uncommonHeaders().clear();
+ return;
}
- m_httpHeaderFields.uncommonHeaders().clear();
+ case SanitizationType::CrossOriginSafe: {
+ HTTPHeaderMap filteredHeaders;
+ for (auto& header : m_httpHeaderFields.commonHeaders()) {
+ if (isSafeCrossOriginResponseHeader(header.key))
+ filteredHeaders.add(header.key, WTFMove(header.value));
+ }
+ if (auto corsSafeHeaderSet = parseAccessControlAllowList(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders))) {
+ for (auto& headerName : *corsSafeHeaderSet) {
+ if (!filteredHeaders.contains(headerName)) {
+ auto value = m_httpHeaderFields.get(headerName);
+ if (!value.isNull())
+ filteredHeaders.add(headerName, value);
+ }
+ }
+ }
+ m_httpHeaderFields = WTFMove(filteredHeaders);
+ }
+ }
}
bool ResourceResponseBase::isHTTP09() const
Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.h (230364 => 230365)
--- trunk/Source/WebCore/platform/network/ResourceResponseBase.h 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.h 2018-04-07 03:48:55 UTC (rev 230365)
@@ -102,8 +102,10 @@
WEBCORE_EXPORT const HTTPHeaderMap& httpHeaderFields() const;
void setHTTPHeaderFields(HTTPHeaderMap&&);
- WEBCORE_EXPORT void sanitizeRedirectionHTTPHeaderFields();
+ enum class SanitizationType { Redirection, RemoveCookies, CrossOriginSafe };
+ WEBCORE_EXPORT void sanitizeHTTPHeaderFields(SanitizationType);
+
String httpHeaderField(const String& name) const;
WEBCORE_EXPORT String httpHeaderField(HTTPHeaderName) const;
WEBCORE_EXPORT void setHTTPHeaderField(const String& name, const String& value);
Modified: trunk/Source/WebCore/testing/ServiceWorkerInternals.cpp (230364 => 230365)
--- trunk/Source/WebCore/testing/ServiceWorkerInternals.cpp 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebCore/testing/ServiceWorkerInternals.cpp 2018-04-07 03:48:55 UTC (rev 230365)
@@ -80,6 +80,15 @@
return fetchResponse;
}
+Vector<String> ServiceWorkerInternals::fetchResponseHeaderList(FetchResponse& response)
+{
+ Vector<String> headerNames;
+ headerNames.reserveInitialCapacity(response.internalResponseHeaders().size());
+ for (auto keyValue : response.internalResponseHeaders())
+ headerNames.uncheckedAppend(keyValue.key);
+ return headerNames;
+}
+
} // namespace WebCore
#endif
Modified: trunk/Source/WebCore/testing/ServiceWorkerInternals.h (230364 => 230365)
--- trunk/Source/WebCore/testing/ServiceWorkerInternals.h 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebCore/testing/ServiceWorkerInternals.h 2018-04-07 03:48:55 UTC (rev 230365)
@@ -47,6 +47,8 @@
Ref<FetchEvent> createBeingDispatchedFetchEvent(ScriptExecutionContext&);
Ref<FetchResponse> createOpaqueWithBlobBodyResponse(ScriptExecutionContext&);
+ Vector<String> fetchResponseHeaderList(FetchResponse&);
+
private:
explicit ServiceWorkerInternals(ServiceWorkerIdentifier);
Modified: trunk/Source/WebCore/testing/ServiceWorkerInternals.idl (230364 => 230365)
--- trunk/Source/WebCore/testing/ServiceWorkerInternals.idl 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebCore/testing/ServiceWorkerInternals.idl 2018-04-07 03:48:55 UTC (rev 230365)
@@ -33,4 +33,6 @@
Promise<Response> waitForFetchEventToFinish(FetchEvent event);
[CallWith=ScriptExecutionContext] FetchEvent createBeingDispatchedFetchEvent();
[CallWith=ScriptExecutionContext] FetchResponse createOpaqueWithBlobBodyResponse();
+
+ sequence<ByteString> fetchResponseHeaderList(FetchResponse response);
};
Modified: trunk/Source/WebKit/ChangeLog (230364 => 230365)
--- trunk/Source/WebKit/ChangeLog 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebKit/ChangeLog 2018-04-07 03:48:55 UTC (rev 230365)
@@ -1,3 +1,32 @@
+2018-04-06 Youenn Fablet <you...@apple.com>
+
+ Response headers should be filtered when sent from NetworkProcess to WebProcess
+ https://bugs.webkit.org/show_bug.cgi?id=184310
+
+ Reviewed by Ryosuke Niwa.
+
+ Pass destination parameter to NetworkResourceLoader.
+ Use new sanitization routine to filter response headers as needed:
+ - Cross-origin routines are filtered by removing any non CORS allowed headers.
+ - Same-origin responses are filtered by removing non used headers, except when filtering would be visible by JS (XHR, fetch).
+ In all cases, Set-Cookie/Set-Cookie2 headers are filtered out.
+
+ * NetworkProcess/NetworkResourceLoadParameters.cpp:
+ (WebKit::NetworkResourceLoadParameters::encode const):
+ (WebKit::NetworkResourceLoadParameters::decode):
+ * NetworkProcess/NetworkResourceLoadParameters.h:
+ * NetworkProcess/NetworkResourceLoader.cpp:
+ (WebKit::NetworkResourceLoader::didReceiveResponse):
+ (WebKit::NetworkResourceLoader::willSendRedirectedRequest):
+ (WebKit::NetworkResourceLoader::sanitizeResponseIfPossible):
+ (WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
+ (WebKit::NetworkResourceLoader::dispatchWillSendRequestForCacheEntry):
+ * NetworkProcess/NetworkResourceLoader.h:
+ * WebProcess/Network/WebLoaderStrategy.cpp:
+ (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
+ * WebProcess/Storage/WebSWContextManagerConnection.cpp:
+ (WebKit::WebSWContextManagerConnection::updatePreferencesStore):
+
2018-04-05 Ryosuke Niwa <rn...@webkit.org>
Make all sync IPCs during ScriptDisallowedScope set DoNotProcessIncomingMessagesWhenWaitingForSyncReply
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp (230364 => 230365)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp 2018-04-07 03:48:55 UTC (rev 230365)
@@ -89,6 +89,7 @@
if (sourceOrigin)
encoder << sourceOrigin->data();
encoder.encodeEnum(mode);
+ encoder.encodeEnum(destination);
encoder << cspResponseHeaders;
#if ENABLE(CONTENT_EXTENSIONS)
@@ -179,6 +180,8 @@
}
if (!decoder.decodeEnum(result.mode))
return false;
+ if (!decoder.decodeEnum(result.destination))
+ return false;
if (!decoder.decode(result.cspResponseHeaders))
return false;
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h (230364 => 230365)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h 2018-04-07 03:48:55 UTC (rev 230365)
@@ -57,6 +57,7 @@
Vector<String> derivedCachedDataTypesToRetrieve;
RefPtr<WebCore::SecurityOrigin> sourceOrigin;
WebCore::FetchOptions::Mode mode;
+ WebCore::FetchOptions::Destination destination;
std::optional<WebCore::ContentSecurityPolicyResponseHeaders> cspResponseHeaders;
bool shouldRestrictHTTPResponseAccess { false };
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (230364 => 230365)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp 2018-04-07 03:48:55 UTC (rev 230365)
@@ -335,10 +335,12 @@
bool shouldWaitContinueDidReceiveResponse = isMainResource();
if (shouldSendDidReceiveResponse) {
+ // FIXME: Sanitize response.
+ auto response = sanitizeResponseIfPossible(ResourceResponse { m_response }, ResourceResponse::SanitizationType::CrossOriginSafe);
if (isSynchronous())
- m_synchronousLoadData->response = m_response;
+ m_synchronousLoadData->response = WTFMove(response);
else
- send(Messages::WebResourceLoader::DidReceiveResponse(m_response, shouldWaitContinueDidReceiveResponse));
+ send(Messages::WebResourceLoader::DidReceiveResponse { response, shouldWaitContinueDidReceiveResponse });
}
// For main resources, the web process is responsible for sending back a NetworkResourceLoader::ContinueDidReceiveResponse message.
@@ -459,13 +461,21 @@
if (canUseCachedRedirect(request))
m_cache->storeRedirect(request, redirectResponse, redirectRequest);
- send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, sanitizeRedirectResponseIfPossible(WTFMove(redirectResponse))));
+ send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, sanitizeResponseIfPossible(WTFMove(redirectResponse), ResourceResponse::SanitizationType::Redirection)));
}
-ResourceResponse NetworkResourceLoader::sanitizeRedirectResponseIfPossible(ResourceResponse&& response)
+ResourceResponse NetworkResourceLoader::sanitizeResponseIfPossible(ResourceResponse&& response, ResourceResponse::SanitizationType type)
{
- if (m_parameters.shouldRestrictHTTPResponseAccess)
- response.sanitizeRedirectionHTTPHeaderFields();
+ if (m_parameters.shouldRestrictHTTPResponseAccess) {
+ if (type == ResourceResponse::SanitizationType::CrossOriginSafe) {
+ // We reduce filtering when it would otherwise be visible to scripts.
+ // FIXME: We should use response tainting once computed in Network Process.
+ bool isSameOrigin = m_parameters.sourceOrigin ? m_parameters.sourceOrigin->canRequest(response.url()) : protocolHostAndPortAreEqual(response.url(), m_parameters.request.url());
+ if (isSameOrigin && m_parameters.destination == FetchOptions::Destination::EmptyString)
+ type = ResourceResponse::SanitizationType::RemoveCookies;
+ }
+ response.sanitizeHTTPHeaderFields(type);
+ }
return WTFMove(response);
}
@@ -568,8 +578,9 @@
void NetworkResourceLoader::didRetrieveCacheEntry(std::unique_ptr<NetworkCache::Entry> entry)
{
+ auto response = sanitizeResponseIfPossible(ResourceResponse { entry->response() }, ResourceResponse::SanitizationType::CrossOriginSafe);
if (isSynchronous()) {
- m_synchronousLoadData->response = entry->response();
+ m_synchronousLoadData->response = WTFMove(response);
sendReplyToSynchronousRequest(*m_synchronousLoadData, entry->buffer());
cleanup();
return;
@@ -576,7 +587,7 @@
}
bool needsContinueDidReceiveResponseMessage = isMainResource();
- send(Messages::WebResourceLoader::DidReceiveResponse(entry->response(), needsContinueDidReceiveResponseMessage));
+ send(Messages::WebResourceLoader::DidReceiveResponse { response, needsContinueDidReceiveResponseMessage });
if (needsContinueDidReceiveResponseMessage)
m_cacheEntryWaitingForContinueDidReceiveResponse = WTFMove(entry);
@@ -672,7 +683,7 @@
LOG(NetworkCache, "(NetworkProcess) Executing cached redirect");
++m_redirectCount;
- send(Messages::WebResourceLoader::WillSendRequest { *entry->redirectRequest(), sanitizeRedirectResponseIfPossible(ResourceResponse { entry->response() }) });
+ send(Messages::WebResourceLoader::WillSendRequest { *entry->redirectRequest(), sanitizeResponseIfPossible(ResourceResponse { entry->response() }, ResourceResponse::SanitizationType::Redirection) });
m_isWaitingContinueWillSendRequestForCachedRedirect = true;
}
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h (230364 => 230365)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h 2018-04-07 03:48:55 UTC (rev 230365)
@@ -32,6 +32,7 @@
#include "NetworkLoadClient.h"
#include "NetworkResourceLoadParameters.h"
#include "ShareableResource.h"
+#include <WebCore/ResourceResponse.h>
#include <WebCore/Timer.h>
namespace WebCore {
@@ -146,7 +147,7 @@
void logCookieInformation() const;
#endif
- WebCore::ResourceResponse sanitizeRedirectResponseIfPossible(WebCore::ResourceResponse&&);
+ WebCore::ResourceResponse sanitizeResponseIfPossible(WebCore::ResourceResponse&&, WebCore::ResourceResponse::SanitizationType);
const NetworkResourceLoadParameters m_parameters;
Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (230364 => 230365)
--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp 2018-04-07 03:48:55 UTC (rev 230365)
@@ -273,6 +273,7 @@
loadParameters.needsCertificateInfo = resourceLoader.shouldIncludeCertificateInfo();
loadParameters.maximumBufferingTime = maximumBufferingTime;
loadParameters.derivedCachedDataTypesToRetrieve = resourceLoader.options().derivedCachedDataTypesToRetrieve;
+ loadParameters.destination = resourceLoader.options().destination;
// FIXME: We should also sanitize redirect response for navigations.
loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() && resourceLoader.options().mode != FetchOptions::Mode::Navigate;
@@ -432,6 +433,8 @@
loadParameters.clientCredentialPolicy = clientCredentialPolicy;
loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(webFrame ? webFrame->coreFrame() : nullptr);
loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
+ // FIXME: Use the proper destination once all fetch options are passed.
+ loadParameters.destination = FetchOptions::Destination::EmptyString;
data.shrink(0);
@@ -528,6 +531,8 @@
parameters.storedCredentialsPolicy = storedCredentialsPolicy;
parameters.shouldPreconnectOnly = PreconnectOnly::Yes;
parameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
+ // FIXME: Use the proper destination once all fetch options are passed.
+ parameters.destination = FetchOptions::Destination::EmptyString;
WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::PreconnectTo(preconnectionIdentifier, WTFMove(parameters)), 0);
}
Modified: trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp (230364 => 230365)
--- trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp 2018-04-07 00:33:00 UTC (rev 230364)
+++ trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp 2018-04-07 03:48:55 UTC (rev 230365)
@@ -128,6 +128,7 @@
RuntimeEnabledFeatures::sharedFeatures().setUserTimingEnabled(store.getBoolValueForKey(WebPreferencesKey::userTimingEnabledKey()));
RuntimeEnabledFeatures::sharedFeatures().setResourceTimingEnabled(store.getBoolValueForKey(WebPreferencesKey::resourceTimingEnabledKey()));
RuntimeEnabledFeatures::sharedFeatures().setFetchAPIKeepAliveEnabled(store.getBoolValueForKey(WebPreferencesKey::fetchAPIKeepAliveEnabledKey()));
+ RuntimeEnabledFeatures::sharedFeatures().setRestrictedHTTPResponseAccess(store.getBoolValueForKey(WebPreferencesKey::restrictedHTTPResponseAccessKey()));
m_storageBlockingPolicy = static_cast<SecurityOrigin::StorageBlockingPolicy>(store.getUInt32ValueForKey(WebPreferencesKey::storageBlockingPolicyKey()));
}