Diff
Modified: trunk/LayoutTests/ChangeLog (231653 => 231654)
--- trunk/LayoutTests/ChangeLog 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/LayoutTests/ChangeLog 2018-05-10 20:42:01 UTC (rev 231654)
@@ -1,3 +1,15 @@
+2018-05-10 Chris Dumez <[email protected]>
+
+ 'Cross-Origin-Options header implementation follow-up
+ https://bugs.webkit.org/show_bug.cgi?id=185520
+
+ Reviewed by Ryosuke Niwa.
+
+ Extend layout testing to cover mixed case, multiple values and no value.
+
+ * http/wpt/cross-origin-options/cross-origin-options-header-expected.txt:
+ * http/wpt/cross-origin-options/cross-origin-options-header.html:
+
2018-05-10 Ross Kirsling <[email protected]>
[WinCairo] Unreviewed gardening.
Modified: trunk/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header-expected.txt (231653 => 231654)
--- trunk/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header-expected.txt 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header-expected.txt 2018-05-10 20:42:01 UTC (rev 231654)
@@ -2,6 +2,9 @@
PASS Cross-origin iframe with 'Cross-Origin-Options: deny' HTTP header
PASS Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header
+PASS Cross-origin iframe with 'Cross-Origin-Options: alLoW-postMessAgE' HTTP header (mixed case)
+PASS Cross-origin iframe with 'Cross-Origin-Options: deny,allow' HTTP header (multiple values is invalid)
+PASS Cross-origin iframe with 'Cross-Origin-Options:' HTTP header (empty value)
PASS Cross-origin iframe with 'Cross-Origin-Options: allow' HTTP header
PASS Cross-origin iframe with 'Cross-Origin-Options: invalid' HTTP header
PASS Same-origin iframe with 'Cross-Origin-Options: deny' HTTP header
Modified: trunk/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html (231653 => 231654)
--- trunk/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html 2018-05-10 20:42:01 UTC (rev 231654)
@@ -48,6 +48,32 @@
}, "Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header");
promise_test(function(test) {
+ return withIframe("serve-cross-origin-options-header.py?value=alLoW-postMessAgE", true /* isCrossOrigin */).then((f) => {
+ testCrossOriginOption(f.contentWindow, "allow-postmessage", true /* isCrossOrigin */);
+ });
+}, "Cross-origin iframe with 'Cross-Origin-Options: alLoW-postMessAgE' HTTP header (mixed case)");
+
+promise_test(function(test) {
+ return withIframe("serve-cross-origin-options-header.py?value=deny,allow", true /* isCrossOrigin */).then((f) => {
+ const w = f.contentWindow;
+ // Invalid input: should be treated as "allow".
+ testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
+
+ checkIframePropertyValues(w);
+ });
+}, "Cross-origin iframe with 'Cross-Origin-Options: deny,allow' HTTP header (multiple values is invalid)");
+
+promise_test(function(test) {
+ return withIframe("serve-cross-origin-options-header.py?value=", true /* isCrossOrigin */).then((f) => {
+ const w = f.contentWindow;
+ // Empty value: should be treated as "allow".
+ testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
+
+ checkIframePropertyValues(w);
+ });
+}, "Cross-origin iframe with 'Cross-Origin-Options:' HTTP header (empty value)");
+
+promise_test(function(test) {
return withIframe("serve-cross-origin-options-header.py?value=allow", true /* isCrossOrigin */).then((f) => {
const w = f.contentWindow;
testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
Modified: trunk/Source/WebCore/ChangeLog (231653 => 231654)
--- trunk/Source/WebCore/ChangeLog 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebCore/ChangeLog 2018-05-10 20:42:01 UTC (rev 231654)
@@ -1,3 +1,36 @@
+2018-05-10 Chris Dumez <[email protected]>
+
+ 'Cross-Origin-Options header implementation follow-up
+ https://bugs.webkit.org/show_bug.cgi?id=185520
+
+ Reviewed by Ryosuke Niwa.
+
+ * dom/Document.cpp:
+ * dom/Document.h:
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::didBeginDocument):
+ Using isNull() check is sufficient here as the header parsing
+ function will do the right thing when passed the empty string.
+ Also set the options directly on the window instead of the
+ document. The window is guaranteed to have been constructed
+ by then because didBeginDocument() is called DocumentWriter::begin()
+ which calls Document::createDOMWindow() or Document::takeDOMWindowFrom().
+
+ * page/AbstractDOMWindow.cpp:
+ (WebCore::AbstractDOMWindow::AbstractDOMWindow):
+ * page/AbstractDOMWindow.h:
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::DOMWindow):
+ (WebCore::DOMWindow::didSecureTransitionTo):
+ * page/RemoteDOMWindow.cpp:
+ (WebCore::RemoteDOMWindow::RemoteDOMWindow):
+ * page/RemoteDOMWindow.h:
+ CrossOriginOptions are now stored only on the Window, not the Document.
+
+ * platform/network/HTTPParsers.cpp:
+ (WebCore::parseCrossOriginOptionsHeader):
+ Drop strippedHeader local variable as it is not strictly needed.
+
2018-05-10 Tim Horton <[email protected]>
Fix the build after r231393
Modified: trunk/Source/WebCore/dom/Document.cpp (231653 => 231654)
--- trunk/Source/WebCore/dom/Document.cpp 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebCore/dom/Document.cpp 2018-05-10 20:42:01 UTC (rev 231654)
@@ -517,7 +517,6 @@
, m_didAssociateFormControlsTimer(*this, &Document::didAssociateFormControlsTimerFired)
, m_cookieCacheExpiryTimer(*this, &Document::invalidateDOMCookieCache)
, m_socketProvider(page() ? &page()->socketProvider() : nullptr)
- , m_crossOriginOptions { CrossOriginOptions::Allow }
, m_isSynthesized(constructionFlags & Synthesized)
, m_isNonRenderedPlaceholder(constructionFlags & NonRenderedPlaceholder)
, m_orientationNotifier(currentOrientation(frame))
@@ -7807,11 +7806,4 @@
return page->chrome().client().signedPublicKeyAndChallengeString(keySizeIndex, challengeString, url);
}
-void Document::setCrossOriginOptions(CrossOriginOptions value)
-{
- m_crossOriginOptions = value;
- if (auto* window = domWindow())
- window->setCrossOriginOptions(value);
-}
-
} // namespace WebCore
Modified: trunk/Source/WebCore/dom/Document.h (231653 => 231654)
--- trunk/Source/WebCore/dom/Document.h 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebCore/dom/Document.h 2018-05-10 20:42:01 UTC (rev 231654)
@@ -194,7 +194,6 @@
template<typename> class ExceptionOr;
enum CollectionType;
-enum class CrossOriginOptions;
enum class ShouldOpenExternalURLsPolicy;
enum class RouteSharingPolicy;
@@ -1431,9 +1430,6 @@
String signedPublicKeyAndChallengeString(unsigned keySizeIndex, const String& challengeString, const URL&);
- CrossOriginOptions crossOriginOptions() const { return m_crossOriginOptions; }
- void setCrossOriginOptions(CrossOriginOptions value);
-
protected:
enum ConstructionFlags { Synthesized = 1, NonRenderedPlaceholder = 1 << 1 };
Document(Frame*, const URL&, unsigned = DefaultDocumentClass, unsigned constructionFlags = 0);
@@ -1819,8 +1815,6 @@
unsigned m_writeRecursionDepth { 0 };
- CrossOriginOptions m_crossOriginOptions;
-
InheritedBool m_designMode { inherit };
MediaProducer::MediaStateFlags m_mediaState { MediaProducer::IsNotPlaying };
bool m_userHasInteractedWithMediaElement { false };
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (231653 => 231654)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2018-05-10 20:42:01 UTC (rev 231654)
@@ -745,8 +745,10 @@
if (m_frame.settings().crossOriginOptionsSupportEnabled()) {
String crossOriginOptionsHeader = m_documentLoader->response().httpHeaderField(HTTPHeaderName::CrossOriginOptions);
- if (!crossOriginOptionsHeader.isEmpty())
- m_frame.document()->setCrossOriginOptions(parseCrossOriginOptionsHeader(crossOriginOptionsHeader));
+ if (!crossOriginOptionsHeader.isNull()) {
+ ASSERT(m_frame.window());
+ m_frame.window()->setCrossOriginOptions(parseCrossOriginOptionsHeader(crossOriginOptionsHeader));
+ }
}
}
Modified: trunk/Source/WebCore/page/AbstractDOMWindow.cpp (231653 => 231654)
--- trunk/Source/WebCore/page/AbstractDOMWindow.cpp 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebCore/page/AbstractDOMWindow.cpp 2018-05-10 20:42:01 UTC (rev 231654)
@@ -26,6 +26,7 @@
#include "config.h"
#include "AbstractDOMWindow.h"
+#include "HTTPParsers.h"
#include <wtf/NeverDestroyed.h>
namespace WebCore {
@@ -37,9 +38,9 @@
return map;
}
-AbstractDOMWindow::AbstractDOMWindow(GlobalWindowIdentifier&& identifier, CrossOriginOptions crossOriginOptions)
+AbstractDOMWindow::AbstractDOMWindow(GlobalWindowIdentifier&& identifier)
: m_identifier(WTFMove(identifier))
- , m_crossOriginOptions(crossOriginOptions)
+ , m_crossOriginOptions(CrossOriginOptions::Allow)
{
ASSERT(!allWindows().contains(identifier));
allWindows().add(identifier, this);
Modified: trunk/Source/WebCore/page/AbstractDOMWindow.h (231653 => 231654)
--- trunk/Source/WebCore/page/AbstractDOMWindow.h 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebCore/page/AbstractDOMWindow.h 2018-05-10 20:42:01 UTC (rev 231654)
@@ -58,7 +58,7 @@
void setCrossOriginOptions(CrossOriginOptions value) { m_crossOriginOptions = value; }
protected:
- AbstractDOMWindow(GlobalWindowIdentifier&&, CrossOriginOptions);
+ explicit AbstractDOMWindow(GlobalWindowIdentifier&&);
EventTargetInterface eventTargetInterface() const final { return DOMWindowEventTargetInterfaceType; }
void refEventTarget() final { ref(); }
Modified: trunk/Source/WebCore/page/DOMWindow.cpp (231653 => 231654)
--- trunk/Source/WebCore/page/DOMWindow.cpp 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebCore/page/DOMWindow.cpp 2018-05-10 20:42:01 UTC (rev 231654)
@@ -63,6 +63,7 @@
#include "FrameLoaderClient.h"
#include "FrameTree.h"
#include "FrameView.h"
+#include "HTTPParsers.h"
#include "History.h"
#include "InspectorInstrumentation.h"
#include "JSDOMWindowBase.h"
@@ -402,7 +403,7 @@
}
DOMWindow::DOMWindow(Document& document)
- : AbstractDOMWindow(GlobalWindowIdentifier { Process::identifier(), generateObjectIdentifier<WindowIdentifierType>() }, document.crossOriginOptions())
+ : AbstractDOMWindow(GlobalWindowIdentifier { Process::identifier(), generateObjectIdentifier<WindowIdentifierType>() })
, ContextDestructionObserver(&document)
, FrameDestructionObserver(document.frame())
{
@@ -413,7 +414,6 @@
void DOMWindow::didSecureTransitionTo(Document& document)
{
observeContext(&document);
- setCrossOriginOptions(document.crossOriginOptions());
}
DOMWindow::~DOMWindow()
Modified: trunk/Source/WebCore/page/RemoteDOMWindow.cpp (231653 => 231654)
--- trunk/Source/WebCore/page/RemoteDOMWindow.cpp 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebCore/page/RemoteDOMWindow.cpp 2018-05-10 20:42:01 UTC (rev 231654)
@@ -32,8 +32,8 @@
namespace WebCore {
-RemoteDOMWindow::RemoteDOMWindow(Ref<RemoteFrame>&& frame, GlobalWindowIdentifier&& identifier, CrossOriginOptions crossOriginOptions)
- : AbstractDOMWindow(WTFMove(identifier), crossOriginOptions)
+RemoteDOMWindow::RemoteDOMWindow(Ref<RemoteFrame>&& frame, GlobalWindowIdentifier&& identifier)
+ : AbstractDOMWindow(WTFMove(identifier))
, m_frame(WTFMove(frame))
{
m_frame->setWindow(this);
Modified: trunk/Source/WebCore/page/RemoteDOMWindow.h (231653 => 231654)
--- trunk/Source/WebCore/page/RemoteDOMWindow.h 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebCore/page/RemoteDOMWindow.h 2018-05-10 20:42:01 UTC (rev 231654)
@@ -44,9 +44,9 @@
class RemoteDOMWindow final : public AbstractDOMWindow {
public:
- static Ref<RemoteDOMWindow> create(Ref<RemoteFrame>&& frame, GlobalWindowIdentifier&& identifier, CrossOriginOptions crossOriginOptions)
+ static Ref<RemoteDOMWindow> create(Ref<RemoteFrame>&& frame, GlobalWindowIdentifier&& identifier)
{
- return adoptRef(*new RemoteDOMWindow(WTFMove(frame), WTFMove(identifier), crossOriginOptions));
+ return adoptRef(*new RemoteDOMWindow(WTFMove(frame), WTFMove(identifier)));
}
~RemoteDOMWindow() final;
@@ -68,7 +68,7 @@
void postMessage(JSC::ExecState&, DOMWindow& incumbentWindow, JSC::JSValue message, const String& targetOrigin, Vector<JSC::Strong<JSC::JSObject>>&&);
private:
- WEBCORE_EXPORT RemoteDOMWindow(Ref<RemoteFrame>&&, GlobalWindowIdentifier&&, CrossOriginOptions);
+ WEBCORE_EXPORT RemoteDOMWindow(Ref<RemoteFrame>&&, GlobalWindowIdentifier&&);
bool isRemoteDOMWindow() const final { return true; }
bool isLocalDOMWindow() const final { return false; }
Modified: trunk/Source/WebCore/platform/network/HTTPParsers.cpp (231653 => 231654)
--- trunk/Source/WebCore/platform/network/HTTPParsers.cpp 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebCore/platform/network/HTTPParsers.cpp 2018-05-10 20:42:01 UTC (rev 231654)
@@ -915,14 +915,14 @@
CrossOriginOptions parseCrossOriginOptionsHeader(StringView header)
{
- auto strippedHeader = stripLeadingAndTrailingHTTPSpaces(header);
- if (strippedHeader.isEmpty())
+ header = stripLeadingAndTrailingHTTPSpaces(header);
+ if (header.isEmpty())
return CrossOriginOptions::Allow;
- if (equalLettersIgnoringASCIICase(strippedHeader, "deny"))
+ if (equalLettersIgnoringASCIICase(header, "deny"))
return CrossOriginOptions::Deny;
- if (equalLettersIgnoringASCIICase(strippedHeader, "allow-postmessage"))
+ if (equalLettersIgnoringASCIICase(header, "allow-postmessage"))
return CrossOriginOptions::AllowPostMessage;
return CrossOriginOptions::Allow;
Modified: trunk/Source/WebKit/ChangeLog (231653 => 231654)
--- trunk/Source/WebKit/ChangeLog 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebKit/ChangeLog 2018-05-10 20:42:01 UTC (rev 231654)
@@ -1,3 +1,13 @@
+2018-05-10 Chris Dumez <[email protected]>
+
+ 'Cross-Origin-Options header implementation follow-up
+ https://bugs.webkit.org/show_bug.cgi?id=185520
+
+ Reviewed by Ryosuke Niwa.
+
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::frameBecameRemote):
+
2018-05-10 Per Arne Vollan <[email protected]>
Drop-down Control borders missing.
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (231653 => 231654)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2018-05-10 19:38:05 UTC (rev 231653)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2018-05-10 20:42:01 UTC (rev 231654)
@@ -5911,8 +5911,8 @@
return;
auto remoteFrame = RemoteFrame::create(WTFMove(remoteFrameIdentifier));
- auto remoteWindow = RemoteDOMWindow::create(remoteFrame.copyRef(), WTFMove(remoteWindowIdentifier), previousWindow->crossOriginOptions());
- UNUSED_PARAM(remoteWindow);
+ auto remoteWindow = RemoteDOMWindow::create(remoteFrame.copyRef(), WTFMove(remoteWindowIdentifier));
+ remoteWindow->setCrossOriginOptions(previousWindow->crossOriginOptions());
remoteFrame->setOpener(frame->coreFrame()->loader().opener());
