[webkit-changes] [231597] trunk

[dbates]

Title: [231597] trunk

Revision

231597

Author

dba...@webkit.org

Date

2018-05-09 14:48:38 -0700 (Wed, 09 May 2018)

Log Message

REGRESSION (r231479): http/tests/appcache/x-frame-options-prevents-framing.php is timing out
https://bugs.webkit.org/show_bug.cgi?id=185443
<rdar://problem/40100660>

Reviewed by Andy Estes.

Source/WebCore:

Following r231479 when using WebKit2 and Restricted HTTP Response Access is enabled (enabled in
WebKitTestRunner) we only check the CSP frame-ancestors directive and X-Frame-Options in
NetworkProcess. We need to check these security requirements in WebContent process whenever
we are performing a substitute data load, such as for app cache, as these loads do not go
through NetworkProcess.

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived):

LayoutTests:

Unskip test now that it no longer times out.

* platform/wk2/TestExpectations:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/platform/wk2/TestExpectations
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/DocumentLoader.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (231596 => 231597)

--- trunk/LayoutTests/ChangeLog	2018-05-09 21:30:18 UTC (rev 231596)
+++ trunk/LayoutTests/ChangeLog	2018-05-09 21:48:38 UTC (rev 231597)
@@ -1,3 +1,15 @@
+2018-05-09  Daniel Bates  <daba...@apple.com>
+
+        REGRESSION (r231479): http/tests/appcache/x-frame-options-prevents-framing.php is timing out
+        https://bugs.webkit.org/show_bug.cgi?id=185443
+        <rdar://problem/40100660>
+
+        Reviewed by Andy Estes.
+
+        Unskip test now that it no longer times out.
+
+        * platform/wk2/TestExpectations:
+
 2018-05-09  Justin Fan  <justin_...@apple.com>
 
         Added Khronos conformance test for ASTC compressed texture support.

Modified: trunk/LayoutTests/platform/wk2/TestExpectations (231596 => 231597)

--- trunk/LayoutTests/platform/wk2/TestExpectations	2018-05-09 21:30:18 UTC (rev 231596)
+++ trunk/LayoutTests/platform/wk2/TestExpectations	2018-05-09 21:48:38 UTC (rev 231597)
@@ -45,8 +45,6 @@
 webkit.org/b/156612 http/tests/security/contentSecurityPolicy/embed-redirect-blocked3.html [ Failure ]
 webkit.org/b/156612 http/tests/security/contentSecurityPolicy/object-redirect-blocked3.html [ Failure ]
 
-webkit.org/b/185443 http/tests/appcache/x-frame-options-prevents-framing.php [ Skip ]
-
 # AX tests that require hit testing do not work in WK2.
 webkit.org/b/71298 accessibility/loading-iframe-updates-axtree.html
 

Modified: trunk/Source/WebCore/ChangeLog (231596 => 231597)

--- trunk/Source/WebCore/ChangeLog	2018-05-09 21:30:18 UTC (rev 231596)
+++ trunk/Source/WebCore/ChangeLog	2018-05-09 21:48:38 UTC (rev 231597)
@@ -1,3 +1,20 @@
+2018-05-09  Daniel Bates  <daba...@apple.com>
+
+        REGRESSION (r231479): http/tests/appcache/x-frame-options-prevents-framing.php is timing out
+        https://bugs.webkit.org/show_bug.cgi?id=185443
+        <rdar://problem/40100660>
+
+        Reviewed by Andy Estes.
+
+        Following r231479 when using WebKit2 and Restricted HTTP Response Access is enabled (enabled in
+        WebKitTestRunner) we only check the CSP frame-ancestors directive and X-Frame-Options in
+        NetworkProcess. We need to check these security requirements in WebContent process whenever
+        we are performing a substitute data load, such as for app cache, as these loads do not go
+        through NetworkProcess.
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::responseReceived):
+
 2018-05-09  Justin Fan  <justin_...@apple.com>
 
         Hooked up ASTC support in WebGL; requires OpenGL ES 3 context to work. 

Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (231596 => 231597)

--- trunk/Source/WebCore/loader/DocumentLoader.cpp	2018-05-09 21:30:18 UTC (rev 231596)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp	2018-05-09 21:48:38 UTC (rev 231597)
@@ -768,7 +768,7 @@
     unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : m_mainResource->identifier();
     ASSERT(identifier);
 
-    if (!m_frame->settings().networkProcessCSPFrameAncestorsCheckingEnabled() || !RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()) {
+    if (m_substituteData.isValid() || !m_frame->settings().networkProcessCSPFrameAncestorsCheckingEnabled() || !RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()) {
         auto url = ""
         ContentSecurityPolicy contentSecurityPolicy(URL { url }, this);
         contentSecurityPolicy.didReceiveHeaders(ContentSecurityPolicyResponseHeaders { response }, m_request.httpReferrer());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes