Diff
Modified: trunk/Source/WebCore/ChangeLog (230540 => 230541)
--- trunk/Source/WebCore/ChangeLog 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebCore/ChangeLog 2018-04-11 19:05:08 UTC (rev 230541)
@@ -1,3 +1,14 @@
+2018-04-11 Youenn Fablet <you...@apple.com>
+
+ Pass FetchOptions and SecurityOrigin as load parameters from WebProcess to NetworkProcess
+ https://bugs.webkit.org/show_bug.cgi?id=184374
+
+ Reviewed by Chris Dumez.
+
+ Add support for SecurityOrigin encode/decode routines.
+
+ * page/SecurityOrigin.h:
+
2018-04-11 Thibault Saunier <tsaun...@igalia.com>
[GStreamer] Use of playbin3 when USE_PLAYBIN3 environment variable is set
Modified: trunk/Source/WebCore/page/SecurityOrigin.h (230540 => 230541)
--- trunk/Source/WebCore/page/SecurityOrigin.h 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebCore/page/SecurityOrigin.h 2018-04-11 19:05:08 UTC (rev 230541)
@@ -206,6 +206,9 @@
const SecurityOriginData& data() const { return m_data; }
+ template<class Encoder> void encode(Encoder&) const;
+ template<class Decoder> static RefPtr<SecurityOrigin> decode(Decoder&);
+
private:
SecurityOrigin();
explicit SecurityOrigin(const URL&);
@@ -241,4 +244,55 @@
bool originsMatch(const SecurityOrigin&, const SecurityOrigin&);
bool originsMatch(const SecurityOrigin*, const SecurityOrigin*);
+template<class Encoder> inline void SecurityOrigin::encode(Encoder& encoder) const
+{
+ encoder << m_data;
+ encoder << m_domain;
+ encoder << m_filePath;
+ encoder << m_isUnique;
+ encoder << m_universalAccess;
+ encoder << m_domainWasSetInDOM;
+ encoder << m_canLoadLocalResources;
+ encoder.encodeEnum(m_storageBlockingPolicy);
+ encoder << m_enforcesFilePathSeparation;
+ encoder << m_needsStorageAccessFromFileURLsQuirk;
+ encoder << m_isPotentiallyTrustworthy;
+ encoder << m_isLocal;
+}
+
+template<class Decoder> inline RefPtr<SecurityOrigin> SecurityOrigin::decode(Decoder& decoder)
+{
+ std::optional<SecurityOriginData> data;
+ decoder >> data;
+ if (!data)
+ return nullptr;
+
+ auto origin = SecurityOrigin::create(data->protocol, data->host, data->port);
+
+ if (!decoder.decode(origin->m_domain))
+ return nullptr;
+ if (!decoder.decode(origin->m_filePath))
+ return nullptr;
+ if (!decoder.decode(origin->m_isUnique))
+ return nullptr;
+ if (!decoder.decode(origin->m_universalAccess))
+ return nullptr;
+ if (!decoder.decode(origin->m_domainWasSetInDOM))
+ return nullptr;
+ if (!decoder.decode(origin->m_canLoadLocalResources))
+ return nullptr;
+ if (!decoder.decodeEnum(origin->m_storageBlockingPolicy))
+ return nullptr;
+ if (!decoder.decode(origin->m_enforcesFilePathSeparation))
+ return nullptr;
+ if (!decoder.decode(origin->m_needsStorageAccessFromFileURLsQuirk))
+ return nullptr;
+ if (!decoder.decode(origin->m_isPotentiallyTrustworthy))
+ return nullptr;
+ if (!decoder.decode(origin->m_isLocal))
+ return nullptr;
+
+ return WTFMove(origin);
+}
+
} // namespace WebCore
Modified: trunk/Source/WebKit/ChangeLog (230540 => 230541)
--- trunk/Source/WebKit/ChangeLog 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/ChangeLog 2018-04-11 19:05:08 UTC (rev 230541)
@@ -1,3 +1,52 @@
+2018-04-11 Youenn Fablet <you...@apple.com>
+
+ Pass FetchOptions and SecurityOrigin as load parameters from WebProcess to NetworkProcess
+ https://bugs.webkit.org/show_bug.cgi?id=184374
+
+ Reviewed by Chris Dumez.
+
+ Pass full FetchOptions parameters as part of NetworkResourceLoadParameters.
+ This will allow handling redirection mode as well as credentials in case of cross origin redirections.
+ In case of SameOrigin credentials and there is a redirection from same-origin to cross-origin,
+ we will be able to stop using credentials without going to WebProcess.
+
+ To handle properly cross-origin checks, we have to be able to use SecurityOrigin as in WebProcess.
+ We make WebProcess sends Origin Access White list information to NetworkProcess.
+ This allows supporting the white list when doing loading in NetworkProcess.
+ This only works consistently if all WebProcesses share the same whitelist.
+
+ * NetworkProcess/NetworkConnectionToWebProcess.cpp:
+ (WebKit::NetworkConnectionToWebProcess::loadPing):
+ (WebKit::NetworkConnectionToWebProcess::addOriginAccessWhitelistEntry):
+ (WebKit::NetworkConnectionToWebProcess::removeOriginAccessWhitelistEntry):
+ (WebKit::NetworkConnectionToWebProcess::resetOriginAccessWhitelists):
+ * NetworkProcess/NetworkConnectionToWebProcess.h:
+ * NetworkProcess/NetworkConnectionToWebProcess.messages.in:
+ * NetworkProcess/NetworkLoadChecker.cpp:
+ (WebKit::NetworkLoadChecker::NetworkLoadChecker):
+ (WebKit::NetworkLoadChecker::checkRedirection):
+ (WebKit::NetworkLoadChecker::continueCheckingRequest):
+ (WebKit::NetworkLoadChecker::checkCORSRequest):
+ (WebKit::NetworkLoadChecker::checkCORSRedirectedRequest):
+ (WebKit::NetworkLoadChecker::checkCORSRequestWithPreflight):
+ (WebKit::NetworkLoadChecker::doesNotNeedCORSCheck const):
+ * NetworkProcess/NetworkLoadChecker.h:
+ (WebKit::NetworkLoadChecker::create):
+ * NetworkProcess/NetworkResourceLoadParameters.cpp:
+ (WebKit::NetworkResourceLoadParameters::encode const):
+ (WebKit::NetworkResourceLoadParameters::decode):
+ * NetworkProcess/NetworkResourceLoadParameters.h:
+ * NetworkProcess/PingLoad.cpp:
+ (WebKit::PingLoad::PingLoad):
+ (WebKit::PingLoad::willPerformHTTPRedirection):
+ * NetworkProcess/PingLoad.h:
+ * WebProcess/InjectedBundle/InjectedBundle.cpp:
+ (WebKit::InjectedBundle::addOriginAccessWhitelistEntry):
+ (WebKit::InjectedBundle::removeOriginAccessWhitelistEntry):
+ (WebKit::InjectedBundle::resetOriginAccessWhitelists):
+ * WebProcess/Network/WebLoaderStrategy.cpp:
+ (WebKit::WebLoaderStrategy::startPingLoad):
+
2018-04-11 Michael Catanzaro <mcatanz...@igalia.com>
[GTK] WaylandCompositorDisplay leaks its wl_display
Modified: trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp (230540 => 230541)
--- trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp 2018-04-11 19:05:08 UTC (rev 230541)
@@ -55,6 +55,7 @@
#include <WebCore/PlatformCookieJar.h>
#include <WebCore/ResourceLoaderOptions.h>
#include <WebCore/ResourceRequest.h>
+#include <WebCore/SecurityPolicy.h>
#include <pal/SessionID.h>
using namespace WebCore;
@@ -248,7 +249,7 @@
loader->start();
}
-void NetworkConnectionToWebProcess::loadPing(NetworkResourceLoadParameters&& loadParameters, HTTPHeaderMap&& originalRequestHeaders)
+void NetworkConnectionToWebProcess::loadPing(NetworkResourceLoadParameters&& loadParameters)
{
auto completionHandler = [this, protectedThis = makeRef(*this), identifier = loadParameters.identifier] (const ResourceError& error, const ResourceResponse& response) {
didFinishPingLoad(identifier, error, response);
@@ -255,7 +256,7 @@
};
// PingLoad manages its own lifetime, deleting itself when its purpose has been fulfilled.
- new PingLoad(WTFMove(loadParameters), WTFMove(originalRequestHeaders), WTFMove(completionHandler));
+ new PingLoad(WTFMove(loadParameters), WTFMove(completionHandler));
}
void NetworkConnectionToWebProcess::didFinishPingLoad(uint64_t pingLoadIdentifier, const ResourceError& error, const ResourceResponse& response)
@@ -513,4 +514,19 @@
#endif
}
+void NetworkConnectionToWebProcess::addOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains)
+{
+ SecurityPolicy::addOriginAccessWhitelistEntry(SecurityOrigin::createFromString(sourceOrigin).get(), destinationProtocol, destinationHost, allowDestinationSubdomains);
+}
+
+void NetworkConnectionToWebProcess::removeOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains)
+{
+ SecurityPolicy::removeOriginAccessWhitelistEntry(SecurityOrigin::createFromString(sourceOrigin).get(), destinationProtocol, destinationHost, allowDestinationSubdomains);
+}
+
+void NetworkConnectionToWebProcess::resetOriginAccessWhitelists()
+{
+ SecurityPolicy::resetOriginAccessWhitelists();
+}
+
} // namespace WebKit
Modified: trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h (230540 => 230541)
--- trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h 2018-04-11 19:05:08 UTC (rev 230541)
@@ -92,7 +92,7 @@
void scheduleResourceLoad(NetworkResourceLoadParameters&&);
void performSynchronousLoad(NetworkResourceLoadParameters&&, Ref<Messages::NetworkConnectionToWebProcess::PerformSynchronousLoad::DelayedReply>&&);
- void loadPing(NetworkResourceLoadParameters&&, WebCore::HTTPHeaderMap&& originalRequestHeaders);
+ void loadPing(NetworkResourceLoadParameters&&);
void prefetchDNS(const String&);
void preconnectTo(uint64_t preconnectionIdentifier, NetworkLoadParameters&&);
@@ -140,6 +140,10 @@
void removeStorageAccessForFrame(PAL::SessionID, uint64_t frameID, uint64_t pageID);
void removeStorageAccessForAllFramesOnPage(PAL::SessionID, uint64_t pageID);
+ void addOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains);
+ void removeOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains);
+ void resetOriginAccessWhitelists();
+
Ref<IPC::Connection> m_connection;
HashMap<uint64_t, RefPtr<NetworkSocketStream>> m_networkSocketStreams;
Modified: trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in (230540 => 230541)
--- trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in 2018-04-11 19:05:08 UTC (rev 230541)
@@ -24,7 +24,7 @@
ScheduleResourceLoad(WebKit::NetworkResourceLoadParameters resourceLoadParameters)
PerformSynchronousLoad(WebKit::NetworkResourceLoadParameters resourceLoadParameters) -> (WebCore::ResourceError error, WebCore::ResourceResponse response, Vector<char> data) Delayed
- LoadPing(WebKit::NetworkResourceLoadParameters resourceLoadParameters, WebCore::HTTPHeaderMap originalRequestHeaders)
+ LoadPing(WebKit::NetworkResourceLoadParameters resourceLoadParameters)
RemoveLoadIdentifier(uint64_t resourceLoadIdentifier)
SetDefersLoading(uint64_t resourceLoadIdentifier, bool defers)
PrefetchDNS(String hostname)
@@ -60,4 +60,8 @@
RemoveStorageAccessForFrame(PAL::SessionID sessionID, uint64_t frameID, uint64_t pageID);
RemoveStorageAccessForAllFramesOnPage(PAL::SessionID sessionID, uint64_t pageID);
+
+ AddOriginAccessWhitelistEntry(String sourceOrigin, String destinationProtocol, String destinationHost, bool allowDestinationSubdomains);
+ RemoveOriginAccessWhitelistEntry(String sourceOrigin, String destinationProtocol, String destinationHost, bool allowDestinationSubdomains);
+ ResetOriginAccessWhitelists();
}
Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (230540 => 230541)
--- trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp 2018-04-11 19:05:08 UTC (rev 230541)
@@ -41,17 +41,26 @@
using namespace WebCore;
-NetworkLoadChecker::NetworkLoadChecker(WebCore::FetchOptions::Mode mode, bool shouldFollowRedirects, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, PAL::SessionID sessionID, WebCore::HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin)
- : m_mode(mode)
- , m_shouldFollowRedirects(shouldFollowRedirects)
- , m_storedCredentialsPolicy(storedCredentialsPolicy)
+NetworkLoadChecker::NetworkLoadChecker(WebCore::FetchOptions&& options, PAL::SessionID sessionID, WebCore::HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin)
+ : m_options(WTFMove(options))
, m_sessionID(sessionID)
, m_originalRequestHeaders(WTFMove(originalRequestHeaders))
, m_url(WTFMove(url))
, m_origin(WTFMove(sourceOrigin))
{
- if (m_mode == FetchOptions::Mode::Cors || m_mode == FetchOptions::Mode::SameOrigin)
- m_isSameOriginRequest = m_origin->canRequest(m_url);
+ if (m_options.mode == FetchOptions::Mode::Cors || m_options.mode == FetchOptions::Mode::SameOrigin)
+ m_isSameOriginRequest = m_url.protocolIsData() || m_url.protocolIsBlob() || m_origin->canRequest(m_url);
+ switch (options.credentials) {
+ case FetchOptions::Credentials::Include:
+ m_storedCredentialsPolicy = StoredCredentialsPolicy::Use;
+ break;
+ case FetchOptions::Credentials::SameOrigin:
+ m_storedCredentialsPolicy = m_isSameOriginRequest ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
+ break;
+ case FetchOptions::Credentials::Omit:
+ m_storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
+ break;
+ }
}
NetworkLoadChecker::~NetworkLoadChecker() = default;
@@ -77,7 +86,7 @@
m_previousURL = WTFMove(m_url);
m_url = request.url();
- if (!m_shouldFollowRedirects) {
+ if (m_options.redirect != FetchOptions::Redirect::Follow) {
handler(returnError(ASCIILiteral("Load parameters do not allow following redirections")));
return;
}
@@ -105,12 +114,12 @@
return { };
}
- if (m_mode == FetchOptions::Mode::NoCors) {
+ if (m_options.mode == FetchOptions::Mode::NoCors) {
response.setTainting(ResourceResponse::Tainting::Opaque);
return { };
}
- ASSERT(m_mode == FetchOptions::Mode::Cors);
+ ASSERT(m_options.mode == FetchOptions::Mode::Cors);
String errorMessage;
if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage))
@@ -145,7 +154,7 @@
if (auto* contentSecurityPolicy = this->contentSecurityPolicy()) {
if (isRedirected()) {
URL url = ""
- auto type = m_mode == FetchOptions::Mode::Navigate ? ContentSecurityPolicy::InsecureRequestType::Navigation : ContentSecurityPolicy::InsecureRequestType::Load;
+ auto type = m_options.mode == FetchOptions::Mode::Navigate ? ContentSecurityPolicy::InsecureRequestType::Navigation : ContentSecurityPolicy::InsecureRequestType::Load;
contentSecurityPolicy->upgradeInsecureRequestIfNeeded(url, type);
if (url != request.url())
request.setURL(url);
@@ -156,12 +165,15 @@
}
}
+ if (m_options.credentials == FetchOptions::Credentials::SameOrigin)
+ m_storedCredentialsPolicy = (m_isSameOriginRequest && m_origin->canRequest(request.url())) ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
+
if (doesNotNeedCORSCheck(request.url())) {
handler(WTFMove(request));
return;
}
- if (m_mode == FetchOptions::Mode::SameOrigin) {
+ if (m_options.mode == FetchOptions::Mode::SameOrigin) {
handler(returnError(ASCIILiteral("SameOrigin mode does not allow cross origin requests")));
return;
}
@@ -177,7 +189,7 @@
void NetworkLoadChecker::checkCORSRequest(ResourceRequest&& request, ValidationHandler&& handler)
{
- ASSERT(m_mode == FetchOptions::Mode::Cors);
+ ASSERT(m_options.mode == FetchOptions::Mode::Cors);
// Except in case where preflight is needed, loading should be able to continue on its own.
if (m_isSimpleRequest && isSimpleCrossOriginAccessRequest(request.httpMethod(), m_originalRequestHeaders)) {
@@ -190,7 +202,7 @@
void NetworkLoadChecker::checkCORSRedirectedRequest(ResourceRequest&& request, ValidationHandler&& handler)
{
- ASSERT(m_mode == FetchOptions::Mode::Cors);
+ ASSERT(m_options.mode == FetchOptions::Mode::Cors);
ASSERT(isRedirected());
// Force any subsequent request to use these checks.
@@ -215,7 +227,7 @@
void NetworkLoadChecker::checkCORSRequestWithPreflight(ResourceRequest&& request, ValidationHandler&& handler)
{
- ASSERT(m_mode == FetchOptions::Mode::Cors);
+ ASSERT(m_options.mode == FetchOptions::Mode::Cors);
m_isSimpleRequest = false;
// FIXME: We should probably partition preflight result cache by session ID.
@@ -254,7 +266,7 @@
bool NetworkLoadChecker::doesNotNeedCORSCheck(const URL& url) const
{
- if (m_mode == FetchOptions::Mode::NoCors || m_mode == FetchOptions::Mode::Navigate)
+ if (m_options.mode == FetchOptions::Mode::NoCors || m_options.mode == FetchOptions::Mode::Navigate)
return true;
return m_isSameOriginRequest && m_origin->canRequest(url);
Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.h (230540 => 230541)
--- trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.h 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.h 2018-04-11 19:05:08 UTC (rev 230541)
@@ -42,9 +42,9 @@
class NetworkLoadChecker : public RefCounted<NetworkLoadChecker> {
public:
- static Ref<NetworkLoadChecker> create(WebCore::FetchOptions::Mode mode, bool shouldFollowRedirects, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, PAL::SessionID sessionID, WebCore::HTTPHeaderMap&& originalHeaders, WebCore::URL&& url, RefPtr<WebCore::SecurityOrigin>&& sourceOrigin)
+ static Ref<NetworkLoadChecker> create(WebCore::FetchOptions&& options, PAL::SessionID sessionID, WebCore::HTTPHeaderMap&& originalHeaders, WebCore::URL&& url, RefPtr<WebCore::SecurityOrigin>&& sourceOrigin)
{
- return adoptRef(*new NetworkLoadChecker { mode, shouldFollowRedirects, storedCredentialsPolicy, sessionID, WTFMove(originalHeaders), WTFMove(url), WTFMove(sourceOrigin) });
+ return adoptRef(*new NetworkLoadChecker { WTFMove(options), sessionID, WTFMove(originalHeaders), WTFMove(url), WTFMove(sourceOrigin) });
}
~NetworkLoadChecker();
@@ -68,7 +68,7 @@
WebCore::StoredCredentialsPolicy storedCredentialsPolicy() const { return m_storedCredentialsPolicy; }
private:
- NetworkLoadChecker(WebCore::FetchOptions::Mode, bool shouldFollowRedirects, WebCore::StoredCredentialsPolicy, PAL::SessionID, WebCore::HTTPHeaderMap&&, WebCore::URL&&, RefPtr<WebCore::SecurityOrigin>&&);
+ NetworkLoadChecker(WebCore::FetchOptions&&, PAL::SessionID, WebCore::HTTPHeaderMap&&, WebCore::URL&&, RefPtr<WebCore::SecurityOrigin>&&);
WebCore::ContentSecurityPolicy* contentSecurityPolicy() const;
bool isChecking() const { return !!m_corsPreflightChecker; }
@@ -89,8 +89,7 @@
void processContentExtensionRulesForLoad(WebCore::ResourceRequest&&, CompletionHandler<void(WebCore::ResourceRequest&&, const WebCore::ContentExtensions::BlockedStatus&)>&&);
#endif
- WebCore::FetchOptions::Mode m_mode;
- bool m_shouldFollowRedirects;
+ WebCore::FetchOptions m_options;
WebCore::StoredCredentialsPolicy m_storedCredentialsPolicy;
PAL::SessionID m_sessionID;
WebCore::HTTPHeaderMap m_originalRequestHeaders; // Needed for CORS checks.
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp (230540 => 230541)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp 2018-04-11 19:05:08 UTC (rev 230541)
@@ -87,10 +87,10 @@
encoder << static_cast<bool>(sourceOrigin);
if (sourceOrigin)
- encoder << sourceOrigin->data();
- encoder.encodeEnum(mode);
- encoder.encodeEnum(destination);
+ encoder << *sourceOrigin;
+ encoder << options;
encoder << cspResponseHeaders;
+ encoder << originalRequestHeaders;
#if ENABLE(CONTENT_EXTENSIONS)
encoder << mainDocumentURL;
@@ -171,19 +171,21 @@
if (!decoder.decode(hasSourceOrigin))
return false;
if (hasSourceOrigin) {
- std::optional<SecurityOriginData> sourceOriginData;
- decoder >> sourceOriginData;
- if (!sourceOriginData)
+ result.sourceOrigin = SecurityOrigin::decode(decoder);
+ if (!result.sourceOrigin)
return false;
- ASSERT(!sourceOriginData->isEmpty());
- result.sourceOrigin = sourceOriginData->securityOrigin();
}
- if (!decoder.decodeEnum(result.mode))
+
+ std::optional<FetchOptions> options;
+ decoder >> options;
+ if (!options)
return false;
- if (!decoder.decodeEnum(result.destination))
- return false;
+ result.options = *options;
+
if (!decoder.decode(result.cspResponseHeaders))
return false;
+ if (!decoder.decode(result.originalRequestHeaders))
+ return false;
#if ENABLE(CONTENT_EXTENSIONS)
if (!decoder.decode(result.mainDocumentURL))
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h (230540 => 230541)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h 2018-04-11 19:05:08 UTC (rev 230541)
@@ -56,9 +56,9 @@
Seconds maximumBufferingTime;
Vector<String> derivedCachedDataTypesToRetrieve;
RefPtr<WebCore::SecurityOrigin> sourceOrigin;
- WebCore::FetchOptions::Mode mode;
- WebCore::FetchOptions::Destination destination;
+ WebCore::FetchOptions options;
std::optional<WebCore::ContentSecurityPolicyResponseHeaders> cspResponseHeaders;
+ WebCore::HTTPHeaderMap originalRequestHeaders;
bool shouldRestrictHTTPResponseAccess { false };
#if ENABLE(CONTENT_EXTENSIONS)
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (230540 => 230541)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp 2018-04-11 19:05:08 UTC (rev 230541)
@@ -472,7 +472,7 @@
// We reduce filtering when it would otherwise be visible to scripts.
// FIXME: We should use response tainting once computed in Network Process.
bool isSameOrigin = m_parameters.sourceOrigin ? m_parameters.sourceOrigin->canRequest(response.url()) : protocolHostAndPortAreEqual(response.url(), m_parameters.request.url());
- if (isSameOrigin && m_parameters.destination == FetchOptions::Destination::EmptyString)
+ if (isSameOrigin && m_parameters.options.destination == FetchOptions::Destination::EmptyString)
type = ResourceResponse::SanitizationType::RemoveCookies;
}
response.sanitizeHTTPHeaderFields(type);
Modified: trunk/Source/WebKit/NetworkProcess/PingLoad.cpp (230540 => 230541)
--- trunk/Source/WebKit/NetworkProcess/PingLoad.cpp 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/PingLoad.cpp 2018-04-11 19:05:08 UTC (rev 230541)
@@ -38,11 +38,11 @@
using namespace WebCore;
-PingLoad::PingLoad(NetworkResourceLoadParameters&& parameters, HTTPHeaderMap&& originalRequestHeaders, WTF::CompletionHandler<void(const ResourceError&, const ResourceResponse&)>&& completionHandler)
+PingLoad::PingLoad(NetworkResourceLoadParameters&& parameters, WTF::CompletionHandler<void(const ResourceError&, const ResourceResponse&)>&& completionHandler)
: m_parameters(WTFMove(parameters))
, m_completionHandler(WTFMove(completionHandler))
, m_timeoutTimer(*this, &PingLoad::timeoutTimerFired)
- , m_networkLoadChecker(NetworkLoadChecker::create(m_parameters.mode, m_parameters.shouldFollowRedirects, m_parameters.storedCredentialsPolicy, m_parameters.sessionID, WTFMove(originalRequestHeaders), URL { m_parameters.request.url() }, m_parameters.sourceOrigin.copyRef()))
+ , m_networkLoadChecker(NetworkLoadChecker::create(FetchOptions { m_parameters.options}, m_parameters.sessionID, WTFMove(m_parameters.originalRequestHeaders), URL { m_parameters.request.url() }, m_parameters.sourceOrigin.copyRef()))
{
if (m_parameters.cspResponseHeaders)
Modified: trunk/Source/WebKit/NetworkProcess/PingLoad.h (230540 => 230541)
--- trunk/Source/WebKit/NetworkProcess/PingLoad.h 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/PingLoad.h 2018-04-11 19:05:08 UTC (rev 230541)
@@ -44,7 +44,7 @@
class PingLoad final : private NetworkDataTaskClient {
public:
- PingLoad(NetworkResourceLoadParameters&&, WebCore::HTTPHeaderMap&& originalRequestHeaders, WTF::CompletionHandler<void(const WebCore::ResourceError&, const WebCore::ResourceResponse&)>&&);
+ PingLoad(NetworkResourceLoadParameters&&, WTF::CompletionHandler<void(const WebCore::ResourceError&, const WebCore::ResourceResponse&)>&&);
private:
~PingLoad();
Modified: trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp (230540 => 230541)
--- trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp 2018-04-11 19:05:08 UTC (rev 230541)
@@ -29,6 +29,8 @@
#include "APIArray.h"
#include "APIData.h"
#include "InjectedBundleScriptWorld.h"
+#include "NetworkConnectionToWebProcessMessages.h"
+#include "NetworkProcessConnection.h"
#include "NetworkSessionCreationParameters.h"
#include "NotificationPermissionRequestManager.h"
#include "SessionTracker.h"
@@ -375,16 +377,20 @@
void InjectedBundle::addOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains)
{
SecurityPolicy::addOriginAccessWhitelistEntry(SecurityOrigin::createFromString(sourceOrigin).get(), destinationProtocol, destinationHost, allowDestinationSubdomains);
+ WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::AddOriginAccessWhitelistEntry { sourceOrigin, destinationProtocol, destinationHost, allowDestinationSubdomains }, 0);
+
}
void InjectedBundle::removeOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains)
{
SecurityPolicy::removeOriginAccessWhitelistEntry(SecurityOrigin::createFromString(sourceOrigin).get(), destinationProtocol, destinationHost, allowDestinationSubdomains);
+ WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::RemoveOriginAccessWhitelistEntry { sourceOrigin, destinationProtocol, destinationHost, allowDestinationSubdomains }, 0);
}
void InjectedBundle::resetOriginAccessWhitelists()
{
SecurityPolicy::resetOriginAccessWhitelists();
+ WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::ResetOriginAccessWhitelists { }, 0);
}
void InjectedBundle::setAsynchronousSpellCheckingEnabled(WebPageGroupProxy* pageGroup, bool enabled)
Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (230540 => 230541)
--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp 2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp 2018-04-11 19:05:08 UTC (rev 230541)
@@ -273,7 +273,7 @@
loadParameters.needsCertificateInfo = resourceLoader.shouldIncludeCertificateInfo();
loadParameters.maximumBufferingTime = maximumBufferingTime;
loadParameters.derivedCachedDataTypesToRetrieve = resourceLoader.options().derivedCachedDataTypesToRetrieve;
- loadParameters.destination = resourceLoader.options().destination;
+ loadParameters.options = resourceLoader.options();
// FIXME: We should also sanitize redirect response for navigations.
loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() && resourceLoader.options().mode != FetchOptions::Mode::Navigate;
@@ -434,7 +434,7 @@
loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(webFrame ? webFrame->coreFrame() : nullptr);
loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
// FIXME: Use the proper destination once all fetch options are passed.
- loadParameters.destination = FetchOptions::Destination::EmptyString;
+ loadParameters.options.destination = FetchOptions::Destination::EmptyString;
data.shrink(0);
@@ -470,8 +470,8 @@
loadParameters.sourceOrigin = &document->securityOrigin();
loadParameters.sessionID = frame.page() ? frame.page()->sessionID() : PAL::SessionID::defaultSessionID();
loadParameters.storedCredentialsPolicy = options.credentials == FetchOptions::Credentials::Omit ? StoredCredentialsPolicy::DoNotUse : StoredCredentialsPolicy::Use;
- loadParameters.mode = options.mode;
- loadParameters.shouldFollowRedirects = options.redirect == FetchOptions::Redirect::Follow;
+ loadParameters.options = options;
+ loadParameters.originalRequestHeaders = originalRequestHeaders;
loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(&frame);
loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
if (!document->shouldBypassMainWorldContentSecurityPolicy()) {
@@ -492,7 +492,7 @@
if (completionHandler)
m_pingLoadCompletionHandlers.add(loadParameters.identifier, WTFMove(completionHandler));
- WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::LoadPing(WTFMove(loadParameters), originalRequestHeaders), 0);
+ WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::LoadPing { loadParameters }, 0);
}
void WebLoaderStrategy::didFinishPingLoad(uint64_t pingLoadIdentifier, ResourceError&& error, ResourceResponse&& response)
@@ -532,7 +532,7 @@
parameters.shouldPreconnectOnly = PreconnectOnly::Yes;
parameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
// FIXME: Use the proper destination once all fetch options are passed.
- parameters.destination = FetchOptions::Destination::EmptyString;
+ parameters.options.destination = FetchOptions::Destination::EmptyString;
WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::PreconnectTo(preconnectionIdentifier, WTFMove(parameters)), 0);
}