[webkit-changes] [255129] trunk

Sun, 26 Jan 2020 04:18:26 -0800

Title: [255129] trunk
Revision
255129
Author
[email protected]
Date
2020-01-26 04:17:22 -0800 (Sun, 26 Jan 2020)

Log Message

Improve compatibility with hyperlink auditing spec
https://bugs.webkit.org/show_bug.cgi?id=188852

Patch by Rob Buis <[email protected]> on 2020-01-26
Reviewed by Youenn Fablet.

Source/WebCore:

The hyperlink auditing algorithm indicates the fetch should be done
using no-referrer [1], so remove the code to set the referrer HTTP
header.

Tests: http/tests/navigation/ping-attribute/anchor-cross-origin.html
       http/tests/navigation/ping-attribute/area-cross-origin.html

[1] https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing (Step 3)

* loader/PingLoader.cpp:
(WebCore::PingLoader::sendPing):

LayoutTests:

Update improved test results.

* http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt:
* http/tests/navigation/ping-attribute/area-cross-origin-expected.txt:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (255128 => 255129)


--- trunk/LayoutTests/ChangeLog	2020-01-26 06:33:40 UTC (rev 255128)
+++ trunk/LayoutTests/ChangeLog	2020-01-26 12:17:22 UTC (rev 255129)
@@ -1,3 +1,15 @@
+2020-01-26  Rob Buis  <[email protected]>
+
+        Improve compatibility with hyperlink auditing spec
+        https://bugs.webkit.org/show_bug.cgi?id=188852
+
+        Reviewed by Youenn Fablet.
+
+        Update improved test results.
+
+        * http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt:
+        * http/tests/navigation/ping-attribute/area-cross-origin-expected.txt:
+
 2020-01-25  Darin Adler  <[email protected]>
 
         REGRESSION: [ Mac WK2 ] animations/suspend-resume-animation-events.html is a flaky failure

Modified: trunk/LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt (255128 => 255129)


--- trunk/LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt	2020-01-26 06:33:40 UTC (rev 255128)
+++ trunk/LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt	2020-01-26 12:17:22 UTC (rev 255129)
@@ -3,6 +3,5 @@
 HTTP_HOST: localhost:8000
 HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/anchor-cross-origin.html
 HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
-HTTP_REFERER: http://127.0.0.1:8000/navigation/ping-attribute/anchor-cross-origin.html
 REQUEST_METHOD: POST
 REQUEST_URI: /navigation/resources/save-Ping.php

Modified: trunk/LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-expected.txt (255128 => 255129)


--- trunk/LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-expected.txt	2020-01-26 06:33:40 UTC (rev 255128)
+++ trunk/LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-expected.txt	2020-01-26 12:17:22 UTC (rev 255129)
@@ -3,6 +3,5 @@
 HTTP_HOST: localhost:8000
 HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/area-cross-origin.html
 HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
-HTTP_REFERER: http://127.0.0.1:8000/navigation/ping-attribute/area-cross-origin.html
 REQUEST_METHOD: POST
 REQUEST_URI: /navigation/resources/save-Ping.php

Modified: trunk/Source/WebCore/ChangeLog (255128 => 255129)


--- trunk/Source/WebCore/ChangeLog	2020-01-26 06:33:40 UTC (rev 255128)
+++ trunk/Source/WebCore/ChangeLog	2020-01-26 12:17:22 UTC (rev 255129)
@@ -1,3 +1,22 @@
+2020-01-26  Rob Buis  <[email protected]>
+
+        Improve compatibility with hyperlink auditing spec
+        https://bugs.webkit.org/show_bug.cgi?id=188852
+
+        Reviewed by Youenn Fablet.
+
+        The hyperlink auditing algorithm indicates the fetch should be done
+        using no-referrer [1], so remove the code to set the referrer HTTP
+        header.
+
+        Tests: http/tests/navigation/ping-attribute/anchor-cross-origin.html
+               http/tests/navigation/ping-attribute/area-cross-origin.html
+
+        [1] https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing (Step 3)
+
+        * loader/PingLoader.cpp:
+        (WebCore::PingLoader::sendPing):
+
 2020-01-25  Darin Adler  <[email protected]>
 
         Tighten up some of the drag state machine logic

Modified: trunk/Source/WebCore/loader/PingLoader.cpp (255128 => 255129)


--- trunk/Source/WebCore/loader/PingLoader.cpp	2020-01-26 06:33:40 UTC (rev 255128)
+++ trunk/Source/WebCore/loader/PingLoader.cpp	2020-01-26 12:17:22 UTC (rev 255129)
@@ -139,16 +139,10 @@
     auto& sourceOrigin = document.securityOrigin();
     FrameLoader::addHTTPOriginIfNeeded(request, sourceOrigin.toString());
     request.setHTTPHeaderField(HTTPHeaderName::PingTo, destinationURL);
-    if (!SecurityPolicy::shouldHideReferrer(pingURL, frame.loader().outgoingReferrer())) {
+    if (!SecurityPolicy::shouldHideReferrer(pingURL, frame.loader().outgoingReferrer()))
         request.setHTTPHeaderField(HTTPHeaderName::PingFrom, document.url());
-        if (!sourceOrigin.isSameSchemeHostPort(SecurityOrigin::create(pingURL).get())) {
-            String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), pingURL, frame.loader().outgoingReferrer());
-            if (!referrer.isEmpty())
-                request.setHTTPReferrer(referrer);
-        }
-    }
 
-    startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes, ContentSecurityPolicyImposition::DoPolicyCheck, request.httpReferrer().isEmpty() ? ReferrerPolicy::NoReferrer : ReferrerPolicy::UnsafeUrl);
+    startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes, ContentSecurityPolicyImposition::DoPolicyCheck, ReferrerPolicy::NoReferrer);
 }
 
 void PingLoader::sendViolationReport(Frame& frame, const URL& reportURL, Ref<FormData>&& report, ViolationReportType reportType)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to