Diff
Modified: trunk/Source/WebKit/ChangeLog (260294 => 260295)
--- trunk/Source/WebKit/ChangeLog 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/ChangeLog 2020-04-17 22:55:10 UTC (rev 260295)
@@ -1,3 +1,54 @@
+2020-04-17 Brady Eidson <[email protected]>
+
+ Pass sandbox extensions for back/forward list navigations after the policy is decided at process-swap time.
+ <rdar://problem/59535167> and https://bugs.webkit.org/show_bug.cgi?id=210623
+
+ Reviewed by Geoff Garen.
+
+ Covered by almost all existing tests, and a new API test.
+
+ Instead of granting a sandbox extension when updating the back/forward cursor for a pending
+ back/forward list traversal, do so after the client decides the policy.
+ (Which is also along with a process swap in interesting cases)
+
+ * Shared/PolicyDecision.h:
+ (WebKit::PolicyDecision::encode const):
+ (WebKit::PolicyDecision::decode):
+
+ * Shared/WebPageCreationParameters.h:
+
+ * UIProcess/API/APINavigation.cpp:
+ (API::Navigation::Navigation):
+ * UIProcess/API/APINavigation.h:
+ (API::Navigation::create):
+ (API::Navigation::reloadItem const):
+
+ * UIProcess/ProvisionalPageProxy.cpp:
+ (WebKit::ProvisionalPageProxy::backForwardGoToItem):
+ * UIProcess/ProvisionalPageProxy.h:
+
+ * UIProcess/WebNavigationState.cpp:
+ (WebKit::WebNavigationState::createReloadNavigation):
+ * UIProcess/WebNavigationState.h:
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::launchProcessForReload):
+ (WebKit::WebPageProxy::reload):
+ (WebKit::WebPageProxy::receivedNavigationPolicyDecision):
+ (WebKit::WebPageProxy::receivedPolicyDecision):
+ * UIProcess/WebPageProxy.h:
+ (WebKit::WebPageProxy::receivedPolicyDecision):
+ * UIProcess/WebPageProxy.messages.in:
+
+ * WebProcess/WebPage/WebBackForwardListProxy.cpp:
+ (WebKit::WebBackForwardListProxy::goToItem):
+
+ * WebProcess/WebPage/WebFrame.cpp:
+ (WebKit::WebFrame::didReceivePolicyDecision):
+
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::SandboxExtensionTracker::didStartProvisionalLoad):
+
2020-04-17 David Kilzer <[email protected]>
REGRESSION (r234105): [iOS] WKColorButton leaks a UIColor
Modified: trunk/Source/WebKit/Shared/PolicyDecision.h (260294 => 260295)
--- trunk/Source/WebKit/Shared/PolicyDecision.h 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/Shared/PolicyDecision.h 2020-04-17 22:55:10 UTC (rev 260295)
@@ -27,6 +27,7 @@
#include "DownloadID.h"
#include "NavigatingToAppBoundDomain.h"
+#include "SandboxExtension.h"
#include "WebsitePoliciesData.h"
#include <wtf/Forward.h>
@@ -42,6 +43,7 @@
uint64_t navigationID { 0 };
DownloadID downloadID { 0 };
Optional<WebsitePoliciesData> websitePoliciesData { WTF::nullopt };
+ Optional<SandboxExtension::Handle> sandboxExtensionHandle { WTF::nullopt };
template<class Encoder>
void encode(Encoder& encoder) const
@@ -53,6 +55,7 @@
encoder << navigationID;
encoder << downloadID;
encoder << websitePoliciesData;
+ encoder << sandboxExtensionHandle;
}
template<class Decoder>
@@ -93,7 +96,12 @@
if (!decodedWebsitePoliciesData)
return WTF::nullopt;
- return {{ WTFMove(*decodedIdentifier), WTFMove(*decodedIsNavigatingToAppBoundDomain), WTFMove(*decodedHasNavigatedAwayFromAppBoundDomain), WTFMove(*decodedPolicyAction), WTFMove(*decodedNavigationID), WTFMove(*decodedDownloadID), WTFMove(*decodedWebsitePoliciesData) }};
+ Optional<Optional<SandboxExtension::Handle>> sandboxExtensionHandle;
+ decoder >> sandboxExtensionHandle;
+ if (!sandboxExtensionHandle)
+ return WTF::nullopt;
+
+ return {{ WTFMove(*decodedIdentifier), WTFMove(*decodedIsNavigatingToAppBoundDomain), WTFMove(*decodedHasNavigatedAwayFromAppBoundDomain), WTFMove(*decodedPolicyAction), WTFMove(*decodedNavigationID), WTFMove(*decodedDownloadID), WTFMove(*decodedWebsitePoliciesData), WTFMove(*sandboxExtensionHandle)}};
}
};
Modified: trunk/Source/WebKit/Shared/WebPageCreationParameters.h (260294 => 260295)
--- trunk/Source/WebKit/Shared/WebPageCreationParameters.h 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/Shared/WebPageCreationParameters.h 2020-04-17 22:55:10 UTC (rev 260295)
@@ -27,6 +27,7 @@
#include "DrawingAreaInfo.h"
#include "LayerTreeContext.h"
+#include "SandboxExtension.h"
#include "SessionState.h"
#include "UserContentControllerParameters.h"
#include "WebCoreArgumentCoders.h"
Modified: trunk/Source/WebKit/UIProcess/API/APINavigation.cpp (260294 => 260295)
--- trunk/Source/WebKit/UIProcess/API/APINavigation.cpp 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/UIProcess/API/APINavigation.cpp 2020-04-17 22:55:10 UTC (rev 260295)
@@ -40,6 +40,12 @@
{
}
+Navigation::Navigation(WebNavigationState& state, WebBackForwardListItem* currentAndTargetItem)
+ : m_navigationID(state.generateNavigationID())
+ , m_reloadItem(currentAndTargetItem)
+{
+}
+
Navigation::Navigation(WebNavigationState& state, WebCore::ResourceRequest&& request, WebBackForwardListItem* fromItem)
: m_navigationID(state.generateNavigationID())
, m_originalRequest(WTFMove(request))
Modified: trunk/Source/WebKit/UIProcess/API/APINavigation.h (260294 => 260295)
--- trunk/Source/WebKit/UIProcess/API/APINavigation.h 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/UIProcess/API/APINavigation.h 2020-04-17 22:55:10 UTC (rev 260295)
@@ -70,9 +70,9 @@
class Navigation : public ObjectImpl<Object::Type::Navigation> {
WTF_MAKE_NONCOPYABLE(Navigation);
public:
- static Ref<Navigation> create(WebKit::WebNavigationState& state)
+ static Ref<Navigation> create(WebKit::WebNavigationState& state, WebKit::WebBackForwardListItem* currentAndTargetItem)
{
- return adoptRef(*new Navigation(state));
+ return adoptRef(*new Navigation(state, currentAndTargetItem));
}
static Ref<Navigation> create(WebKit::WebNavigationState& state, WebKit::WebBackForwardListItem& targetItem, WebKit::WebBackForwardListItem* fromItem, WebCore::FrameLoadType backForwardFrameLoadType)
@@ -104,6 +104,7 @@
WebKit::WebBackForwardListItem* targetItem() const { return m_targetItem.get(); }
WebKit::WebBackForwardListItem* fromItem() const { return m_fromItem.get(); }
Optional<WebCore::FrameLoadType> backForwardFrameLoadType() const { return m_backForwardFrameLoadType; }
+ WebKit::WebBackForwardListItem* reloadItem() const { return m_reloadItem.get(); }
void appendRedirectionURL(const WTF::URL&);
Vector<WTF::URL> takeRedirectChain() { return WTFMove(m_redirectChain); }
@@ -161,6 +162,7 @@
private:
explicit Navigation(WebKit::WebNavigationState&);
+ Navigation(WebKit::WebNavigationState&, WebKit::WebBackForwardListItem*);
Navigation(WebKit::WebNavigationState&, WebCore::ResourceRequest&&, WebKit::WebBackForwardListItem* fromItem);
Navigation(WebKit::WebNavigationState&, WebKit::WebBackForwardListItem& targetItem, WebKit::WebBackForwardListItem* fromItem, WebCore::FrameLoadType);
Navigation(WebKit::WebNavigationState&, std::unique_ptr<SubstituteData>&&);
@@ -173,6 +175,7 @@
RefPtr<WebKit::WebBackForwardListItem> m_targetItem;
RefPtr<WebKit::WebBackForwardListItem> m_fromItem;
+ RefPtr<WebKit::WebBackForwardListItem> m_reloadItem;
Optional<WebCore::FrameLoadType> m_backForwardFrameLoadType;
std::unique_ptr<SubstituteData> m_substituteData;
WebKit::NavigationActionData m_lastNavigationAction;
Modified: trunk/Source/WebKit/UIProcess/ProvisionalPageProxy.cpp (260294 => 260295)
--- trunk/Source/WebKit/UIProcess/ProvisionalPageProxy.cpp 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/UIProcess/ProvisionalPageProxy.cpp 2020-04-17 22:55:10 UTC (rev 260295)
@@ -346,7 +346,7 @@
m_page.startURLSchemeTaskShared(m_process.copyRef(), m_webPageID, WTFMove(parameters));
}
-void ProvisionalPageProxy::backForwardGoToItem(const WebCore::BackForwardItemIdentifier& identifier, CompletionHandler<void(SandboxExtension::Handle&&, const WebBackForwardListCounts&)>&& completionHandler)
+void ProvisionalPageProxy::backForwardGoToItem(const WebCore::BackForwardItemIdentifier& identifier, CompletionHandler<void(const WebBackForwardListCounts&)>&& completionHandler)
{
m_page.backForwardGoToItemShared(m_process.copyRef(), identifier, WTFMove(completionHandler));
}
Modified: trunk/Source/WebKit/UIProcess/ProvisionalPageProxy.h (260294 => 260295)
--- trunk/Source/WebKit/UIProcess/ProvisionalPageProxy.h 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/UIProcess/ProvisionalPageProxy.h 2020-04-17 22:55:10 UTC (rev 260295)
@@ -126,7 +126,7 @@
void didCommitLoadForFrame(WebCore::FrameIdentifier, FrameInfoData&&, WebCore::ResourceRequest&&, uint64_t navigationID, const String& mimeType, bool frameHasCustomContentProvider, uint32_t frameLoadType, const WebCore::CertificateInfo&, bool usedLegacyTLS, bool containsPluginDocument, Optional<WebCore::HasInsecureContent> forcedHasInsecureContent, const UserData&);
void didFailProvisionalLoadForFrame(WebCore::FrameIdentifier, FrameInfoData&&, WebCore::ResourceRequest&&, uint64_t navigationID, const String& provisionalURL, const WebCore::ResourceError&, WebCore::WillContinueLoading, const UserData&);
void startURLSchemeTask(URLSchemeTaskParameters&&);
- void backForwardGoToItem(const WebCore::BackForwardItemIdentifier&, CompletionHandler<void(SandboxExtension::Handle&&, const WebBackForwardListCounts&)>&&);
+ void backForwardGoToItem(const WebCore::BackForwardItemIdentifier&, CompletionHandler<void(const WebBackForwardListCounts&)>&&);
void decidePolicyForNavigationActionSync(WebCore::FrameIdentifier, bool isMainFrame, FrameInfoData&&, WebCore::PolicyCheckIdentifier, uint64_t navigationID, NavigationActionData&&, FrameInfoData&& originatingFrameInfo,
Optional<WebPageProxyIdentifier> originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&&, IPC::FormDataReference&& requestBody,
WebCore::ResourceResponse&& redirectResponse, const UserData&, Messages::WebPageProxy::DecidePolicyForNavigationActionSyncDelayedReply&&);
Modified: trunk/Source/WebKit/UIProcess/WebNavigationState.cpp (260294 => 260295)
--- trunk/Source/WebKit/UIProcess/WebNavigationState.cpp 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/UIProcess/WebNavigationState.cpp 2020-04-17 22:55:10 UTC (rev 260295)
@@ -59,9 +59,9 @@
return navigation;
}
-Ref<API::Navigation> WebNavigationState::createReloadNavigation()
+Ref<API::Navigation> WebNavigationState::createReloadNavigation(WebBackForwardListItem* currentAndTargetItem)
{
- auto navigation = API::Navigation::create(*this);
+ auto navigation = API::Navigation::create(*this, currentAndTargetItem);
m_navigations.set(navigation->navigationID(), navigation.ptr());
Modified: trunk/Source/WebKit/UIProcess/WebNavigationState.h (260294 => 260295)
--- trunk/Source/WebKit/UIProcess/WebNavigationState.h 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/UIProcess/WebNavigationState.h 2020-04-17 22:55:10 UTC (rev 260295)
@@ -52,7 +52,7 @@
Ref<API::Navigation> createBackForwardNavigation(WebBackForwardListItem& targetItem, WebBackForwardListItem* currentItem, WebCore::FrameLoadType);
Ref<API::Navigation> createLoadRequestNavigation(WebCore::ResourceRequest&&, WebBackForwardListItem* currentItem);
- Ref<API::Navigation> createReloadNavigation();
+ Ref<API::Navigation> createReloadNavigation(WebBackForwardListItem* currentAndTargetItem);
Ref<API::Navigation> createLoadDataNavigation(std::unique_ptr<API::SubstituteData>&&);
bool hasNavigation(uint64_t navigationID) const { return m_navigations.contains(navigationID); }
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (260294 => 260295)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-04-17 22:55:10 UTC (rev 260295)
@@ -1003,7 +1003,7 @@
return nullptr;
}
- auto navigation = m_navigationState->createReloadNavigation();
+ auto navigation = m_navigationState->createReloadNavigation(m_backForwardList->currentItem());
String url = ""
if (!url.isEmpty()) {
@@ -1577,7 +1577,7 @@
if (!hasRunningProcess())
return launchProcessForReload();
- auto navigation = m_navigationState->createReloadNavigation();
+ auto navigation = m_navigationState->createReloadNavigation(m_backForwardList->currentItem());
if (!url.isEmpty()) {
auto transaction = m_pageLoadState.transaction();
@@ -3223,6 +3223,7 @@
} else
RELEASE_LOG_IF_ALLOWED(ProcessSwapping, "decidePolicyForNavigationAction: keep using process %i for navigation, reason: %" PUBLIC_LOG_STRING, processIdentifier(), reason.utf8().data());
+ Optional<SandboxExtension::Handle> optionalHandle;
if (shouldProcessSwap) {
// Make sure the process to be used for the navigation does not get shutDown now due to destroying SuspendedPageProxy or ProvisionalPageProxy objects.
auto preventNavigationProcessShutdown = processForNavigation->makeScopePreventingShutdown();
@@ -3234,13 +3235,23 @@
suspendedPage = nullptr;
continueNavigationInNewProcess(navigation, WTFMove(suspendedPage), WTFMove(processForNavigation), processSwapRequestedByClient, std::exchange(policies, nullptr));
+ } else {
+ auto item = navigation->reloadItem() ? navigation->reloadItem() : navigation->targetItem();
+ if (policyAction == PolicyAction::Use && item) {
+ auto fullURL = URL { URL(), item->url() };
+ if (fullURL.protocolIs("file"_s)) {
+ SandboxExtension::Handle sandboxExtensionHandle;
+ maybeInitializeSandboxExtensionHandle(processForNavigation.get(), fullURL, item->resourceDirectoryURL(), sandboxExtensionHandle);
+ optionalHandle = WTFMove(sandboxExtensionHandle);
+ }
+ }
}
- receivedPolicyDecision(policyAction, navigation.ptr(), shouldProcessSwap ? nullptr : WTFMove(policies), WTFMove(sender), shouldProcessSwap ? WillContinueLoadInNewProcess::Yes : WillContinueLoadInNewProcess::No);
+ receivedPolicyDecision(policyAction, navigation.ptr(), shouldProcessSwap ? nullptr : WTFMove(policies), WTFMove(sender), WTFMove(optionalHandle), shouldProcessSwap ? WillContinueLoadInNewProcess::Yes : WillContinueLoadInNewProcess::No);
});
}
-void WebPageProxy::receivedPolicyDecision(PolicyAction action, API::Navigation* navigation, RefPtr<API::WebsitePolicies>&& websitePolicies, Ref<PolicyDecisionSender>&& sender, WillContinueLoadInNewProcess willContinueLoadInNewProcess)
+void WebPageProxy::receivedPolicyDecision(PolicyAction action, API::Navigation* navigation, RefPtr<API::WebsitePolicies>&& websitePolicies, Ref<PolicyDecisionSender>&& sender, Optional<SandboxExtension::Handle> sandboxExtensionHandle, WillContinueLoadInNewProcess willContinueLoadInNewProcess)
{
if (!hasRunningProcess()) {
sender->send(PolicyDecision { sender->identifier(), isNavigatingToAppBoundDomain(), hasNavigatedAwayFromAppBoundDomain(), PolicyAction::Ignore, 0, DownloadID(), WTF::nullopt });
@@ -3270,7 +3281,7 @@
if (websitePolicies)
websitePoliciesData = websitePolicies->data();
- sender->send(PolicyDecision { sender->identifier(), isNavigatingToAppBoundDomain(), hasNavigatedAwayFromAppBoundDomain(), action, navigation ? navigation->navigationID() : 0, downloadID, WTFMove(websitePoliciesData) });
+ sender->send(PolicyDecision { sender->identifier(), isNavigatingToAppBoundDomain(), hasNavigatedAwayFromAppBoundDomain(), action, navigation ? navigation->navigationID() : 0, downloadID, WTFMove(websitePoliciesData), WTFMove(sandboxExtensionHandle) });
}
void WebPageProxy::commitProvisionalPage(FrameIdentifier frameID, FrameInfoData&& frameInfo, ResourceRequest&& request, uint64_t navigationID, const String& mimeType, bool frameHasCustomContentProvider, uint32_t frameLoadType, const WebCore::CertificateInfo& certificateInfo, bool usedLegacyTLS, bool containsPluginDocument, Optional<WebCore::HasInsecureContent> forcedHasInsecureContent, const UserData& userData)
@@ -6205,29 +6216,27 @@
m_backForwardList->addItem(WTFMove(item));
}
-void WebPageProxy::backForwardGoToItem(const BackForwardItemIdentifier& itemID, CompletionHandler<void(SandboxExtension::Handle&&, const WebBackForwardListCounts&)>&& completionHandler)
+void WebPageProxy::backForwardGoToItem(const BackForwardItemIdentifier& itemID, CompletionHandler<void(const WebBackForwardListCounts&)>&& completionHandler)
{
// On process swap, we tell the previous process to ignore the load, which causes it so restore its current back forward item to its previous
// value. Since the load is really going on in a new provisional process, we want to ignore such requests from the committed process.
// Any real new load in the committed process would have cleared m_provisionalPage.
if (m_provisionalPage)
- return completionHandler({ }, m_backForwardList->counts());
+ return completionHandler(m_backForwardList->counts());
backForwardGoToItemShared(m_process.copyRef(), itemID, WTFMove(completionHandler));
}
-void WebPageProxy::backForwardGoToItemShared(Ref<WebProcessProxy>&& process, const BackForwardItemIdentifier& itemID, CompletionHandler<void(SandboxExtension::Handle&&, const WebBackForwardListCounts&)>&& completionHandler)
+void WebPageProxy::backForwardGoToItemShared(Ref<WebProcessProxy>&& process, const BackForwardItemIdentifier& itemID, CompletionHandler<void(const WebBackForwardListCounts&)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_process, !WebKit::isInspectorPage(*this), completionHandler({ }, m_backForwardList->counts()));
+ MESSAGE_CHECK_COMPLETION(m_process, !WebKit::isInspectorPage(*this), completionHandler(m_backForwardList->counts()));
auto* item = m_backForwardList->itemForID(itemID);
if (!item)
- return completionHandler({ }, m_backForwardList->counts());
+ return completionHandler(m_backForwardList->counts());
- SandboxExtension::Handle sandboxExtensionHandle;
- maybeInitializeSandboxExtensionHandle(process, URL(URL(), item->url()), item->resourceDirectoryURL(), sandboxExtensionHandle);
m_backForwardList->goToItem(*item);
- completionHandler(WTFMove(sandboxExtensionHandle), m_backForwardList->counts());
+ completionHandler(m_backForwardList->counts());
}
void WebPageProxy::backForwardItemAtIndex(int32_t index, CompletionHandler<void(Optional<BackForwardItemIdentifier>&&)>&& completionHandler)
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.h (260294 => 260295)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.h 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.h 2020-04-17 22:55:10 UTC (rev 260295)
@@ -1133,7 +1133,7 @@
class PolicyDecisionSender;
enum class WillContinueLoadInNewProcess : bool { No, Yes };
- void receivedPolicyDecision(WebCore::PolicyAction, API::Navigation*, RefPtr<API::WebsitePolicies>&&, Ref<PolicyDecisionSender>&&, WillContinueLoadInNewProcess = WillContinueLoadInNewProcess::No);
+ void receivedPolicyDecision(WebCore::PolicyAction, API::Navigation*, RefPtr<API::WebsitePolicies>&&, Ref<PolicyDecisionSender>&&, Optional<SandboxExtension::Handle> = { }, WillContinueLoadInNewProcess = WillContinueLoadInNewProcess::No);
void receivedNavigationPolicyDecision(WebCore::PolicyAction, API::Navigation*, ProcessSwapRequestedByClient, WebFrameProxy&, RefPtr<API::WebsitePolicies>&&, Ref<PolicyDecisionSender>&&);
void backForwardRemovedItem(const WebCore::BackForwardItemIdentifier&);
@@ -1639,7 +1639,7 @@
void startURLSchemeTaskShared(Ref<WebProcessProxy>&&, WebCore::PageIdentifier, URLSchemeTaskParameters&&);
void loadDataWithNavigationShared(Ref<WebProcessProxy>&&, WebCore::PageIdentifier, API::Navigation&, const IPC::DataReference&, const String& MIMEType, const String& encoding, const String& baseURL, API::Object* userData, WebCore::ShouldTreatAsContinuingLoad, Optional<NavigatingToAppBoundDomain>, NavigatedAwayFromAppBoundDomain, Optional<WebsitePoliciesData>&& = WTF::nullopt, WebCore::ShouldOpenExternalURLsPolicy = WebCore::ShouldOpenExternalURLsPolicy::ShouldNotAllow);
void loadRequestWithNavigationShared(Ref<WebProcessProxy>&&, WebCore::PageIdentifier, API::Navigation&, WebCore::ResourceRequest&&, WebCore::ShouldOpenExternalURLsPolicy, API::Object* userData, WebCore::ShouldTreatAsContinuingLoad, Optional<NavigatingToAppBoundDomain>, NavigatedAwayFromAppBoundDomain, Optional<WebsitePoliciesData>&& = WTF::nullopt);
- void backForwardGoToItemShared(Ref<WebProcessProxy>&&, const WebCore::BackForwardItemIdentifier&, CompletionHandler<void(SandboxExtension::Handle&&, const WebBackForwardListCounts&)>&&);
+ void backForwardGoToItemShared(Ref<WebProcessProxy>&&, const WebCore::BackForwardItemIdentifier&, CompletionHandler<void(const WebBackForwardListCounts&)>&&);
void decidePolicyForNavigationActionSyncShared(Ref<WebProcessProxy>&&, WebCore::FrameIdentifier, bool isMainFrame, FrameInfoData&&, WebCore::PolicyCheckIdentifier, uint64_t navigationID, NavigationActionData&&, FrameInfoData&& originatingFrameInfo, Optional<WebPageProxyIdentifier> originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&&, IPC::FormDataReference&& requestBody, WebCore::ResourceResponse&& redirectResponse, const UserData&, Messages::WebPageProxy::DecidePolicyForNavigationActionSyncDelayedReply&&);
#if USE(QUICK_LOOK)
void requestPasswordForQuickLookDocumentInMainFrameShared(const String& fileName, CompletionHandler<void(const String&)>&&);
@@ -1967,7 +1967,7 @@
// Back/Forward list management
void backForwardAddItem(BackForwardListItemState&&);
- void backForwardGoToItem(const WebCore::BackForwardItemIdentifier&, CompletionHandler<void(SandboxExtension::Handle&&, const WebBackForwardListCounts&)>&&);
+ void backForwardGoToItem(const WebCore::BackForwardItemIdentifier&, CompletionHandler<void(const WebBackForwardListCounts&)>&&);
void backForwardItemAtIndex(int32_t index, CompletionHandler<void(Optional<WebCore::BackForwardItemIdentifier>&&)>&&);
void backForwardListCounts(Messages::WebPageProxy::BackForwardListCountsDelayedReply&&);
void backForwardClear();
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in (260294 => 260295)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in 2020-04-17 22:55:10 UTC (rev 260295)
@@ -221,7 +221,7 @@
# BackForward messages
BackForwardAddItem(struct WebKit::BackForwardListItemState itemState)
- BackForwardGoToItem(struct WebCore::BackForwardItemIdentifier itemID) -> (WebKit::SandboxExtension::Handle sandboxExtensionHandle, struct WebKit::WebBackForwardListCounts counts) Synchronous
+ BackForwardGoToItem(struct WebCore::BackForwardItemIdentifier itemID) -> (struct WebKit::WebBackForwardListCounts counts) Synchronous
BackForwardItemAtIndex(int32_t itemIndex) -> (Optional<WebCore::BackForwardItemIdentifier> itemID) Synchronous
BackForwardListCounts() -> (struct WebKit::WebBackForwardListCounts counts) Synchronous
BackForwardClear()
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebBackForwardListProxy.cpp (260294 => 260295)
--- trunk/Source/WebKit/WebProcess/WebPage/WebBackForwardListProxy.cpp 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebBackForwardListProxy.cpp 2020-04-17 22:55:10 UTC (rev 260295)
@@ -107,11 +107,9 @@
if (!m_page)
return;
- SandboxExtension::Handle sandboxExtensionHandle;
WebBackForwardListCounts backForwardListCounts;
- m_page->sendSync(Messages::WebPageProxy::BackForwardGoToItem(item.identifier()), Messages::WebPageProxy::BackForwardGoToItem::Reply(sandboxExtensionHandle, backForwardListCounts));
+ m_page->sendSync(Messages::WebPageProxy::BackForwardGoToItem(item.identifier()), Messages::WebPageProxy::BackForwardGoToItem::Reply(backForwardListCounts));
m_cachedBackForwardListCounts = backForwardListCounts;
- m_page->sandboxExtensionTracker().beginLoad(&m_page->mainWebFrame(), WTFMove(sandboxExtensionHandle));
}
RefPtr<HistoryItem> WebBackForwardListProxy::itemAtIndex(int itemIndex)
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebFrame.cpp (260294 => 260295)
--- trunk/Source/WebKit/WebProcess/WebPage/WebFrame.cpp 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebFrame.cpp 2020-04-17 22:55:10 UTC (rev 260295)
@@ -272,6 +272,11 @@
documentLoader->setNavigationID(policyDecision.navigationID);
}
+ if (policyDecision.policyAction == PolicyAction::Use && policyDecision.sandboxExtensionHandle) {
+ if (auto* page = this->page())
+ page->sandboxExtensionTracker().beginLoad(&page->mainWebFrame(), WTFMove(*(policyDecision.sandboxExtensionHandle)));
+ }
+
function(policyDecision.policyAction, policyDecision.identifier);
}
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (260294 => 260295)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2020-04-17 22:55:10 UTC (rev 260295)
@@ -4653,8 +4653,6 @@
if (!m_provisionalSandboxExtension)
return;
- ASSERT(!m_provisionalSandboxExtension || frame->coreFrame()->loader().provisionalDocumentLoader()->url().isLocalFile());
-
m_provisionalSandboxExtension->consume();
}
Modified: trunk/Tools/ChangeLog (260294 => 260295)
--- trunk/Tools/ChangeLog 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Tools/ChangeLog 2020-04-17 22:55:10 UTC (rev 260295)
@@ -1,3 +1,12 @@
+2020-04-17 Brady Eidson <[email protected]>
+
+ Pass sandbox extensions for back/forward list navigations after the policy is decided at process-swap time.
+ <rdar://problem/59535167> and https://bugs.webkit.org/show_bug.cgi?id=210623
+
+ Reviewed by Geoff Garen.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
+
2020-04-17 Brent Fulgham <[email protected]>
Unreviewed build fix after r260269.
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm (260294 => 260295)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm 2020-04-17 22:45:29 UTC (rev 260294)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm 2020-04-17 22:55:10 UTC (rev 260295)
@@ -6681,3 +6681,88 @@
EXPECT_WK_STREQ(webView.get()._resourceDirectoryURL.path, file.URLByDeletingLastPathComponent.path);
}
+
+#if PLATFORM(MAC)
+
+static const char* pageThatOpensBytes = R"PSONRESOURCE(
+<script>
+window._onload_ = function() {
+ window.open("pson://www.webkit.org/window.html", "_blank");
+}
+</script>
+)PSONRESOURCE";
+
+static const char* openedPage = "Hello World";
+
+TEST(ProcessSwap, SameSiteWindowWithOpenerNavigateToFile)
+{
+ auto processPoolConfiguration = psonProcessPoolConfiguration();
+ processPoolConfiguration.get().processSwapsOnWindowOpenWithOpener = YES;
+ auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]);
+
+ auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ [webViewConfiguration setProcessPool:processPool.get()];
+ auto handler = adoptNS([[PSONScheme alloc] init]);
+ [handler addMappingFromURLString:@"pson://www.webkit.org/main.html" toData:pageThatOpensBytes];
+ [handler addMappingFromURLString:@"pson://www.webkit.org/window.html" toData:openedPage];
+ [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"];
+
+ auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]);
+ auto navigationDelegate = adoptNS([[PSONNavigationDelegate alloc] init]);
+ [webView setNavigationDelegate:navigationDelegate.get()];
+ auto uiDelegate = adoptNS([[PSONUIDelegate alloc] initWithNavigationDelegate:navigationDelegate.get()]);
+ [webView setUIDelegate:uiDelegate.get()];
+
+ numberOfDecidePolicyCalls = 0;
+ NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.webkit.org/main.html"]];
+ [webView loadRequest:request];
+
+ TestWebKitAPI::Util::run(&done);
+ done = false;
+
+ TestWebKitAPI::Util::run(&didCreateWebView);
+ didCreateWebView = false;
+
+ TestWebKitAPI::Util::run(&done);
+ done = false;
+
+ EXPECT_EQ(2, numberOfDecidePolicyCalls);
+
+ auto pid1 = [webView _webProcessIdentifier];
+ EXPECT_TRUE(!!pid1);
+ auto pid2 = [createdWebView _webProcessIdentifier];
+ EXPECT_TRUE(!!pid2);
+
+ EXPECT_EQ(pid1, pid2);
+
+ NSURL *url = "" mainBundle] URLForResource:@"blinking-div" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+ EXPECT_TRUE([url.scheme isEqualToString:@"file"]);
+
+ [createdWebView loadRequest:[NSURLRequest requestWithURL:url]];
+
+ TestWebKitAPI::Util::run(&done);
+ done = false;
+
+ EXPECT_EQ(3, numberOfDecidePolicyCalls);
+ auto pid3 = [createdWebView _webProcessIdentifier];
+ EXPECT_TRUE(!!pid3);
+ EXPECT_NE(pid2, pid3);
+
+ [createdWebView goBack];
+ TestWebKitAPI::Util::run(&done);
+ done = false;
+
+ EXPECT_EQ(4, numberOfDecidePolicyCalls);
+ auto pid4 = [createdWebView _webProcessIdentifier];
+ EXPECT_NE(pid3, pid4);
+
+ [createdWebView goForward];
+ TestWebKitAPI::Util::run(&done);
+ done = false;
+
+ EXPECT_EQ(5, numberOfDecidePolicyCalls);
+ auto pid5 = [createdWebView _webProcessIdentifier];
+ EXPECT_NE(pid4, pid5);
+}
+
+#endif // PLATFORM(MAC)
