Diff
Modified: trunk/Source/WebCore/ChangeLog (265524 => 265525)
--- trunk/Source/WebCore/ChangeLog 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebCore/ChangeLog 2020-08-11 22:20:16 UTC (rev 265525)
@@ -1,3 +1,23 @@
+2020-08-11 Brady Eidson <beid...@apple.com>
+
+ Add a "use stored credentials" setting to WKWebView.
+ <rdar://problem/63308019> and https://bugs.webkit.org/show_bug.cgi?id=215388
+
+ Reviewed by Geoff Garen.
+
+ Covered by Preconnect API tests.
+
+ This setting is to allow apps to explicitly deny using the credential storage
+ for network operations. (e.g. to make sure the Keychain UI doesn't pop up
+ for an offscreen load)
+
+ * loader/ResourceLoader.cpp:
+ (WebCore::ResourceLoader::shouldUseCredentialStorage):
+
+ * page/Page.h:
+ (WebCore::Page::setCanUseCredentialStorage):
+ (WebCore::Page::canUseCredentialStorage const):
+
2020-08-11 Commit Queue <commit-qu...@webkit.org>
Unreviewed, reverting r265502.
Modified: trunk/Source/WebCore/loader/ResourceLoader.cpp (265524 => 265525)
--- trunk/Source/WebCore/loader/ResourceLoader.cpp 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebCore/loader/ResourceLoader.cpp 2020-08-11 22:20:16 UTC (rev 265525)
@@ -741,6 +741,11 @@
if (m_options.storedCredentialsPolicy != StoredCredentialsPolicy::Use)
return false;
+ if (auto* page = m_frame->page()) {
+ if (!page->canUseCredentialStorage())
+ return false;
+ }
+
Ref<ResourceLoader> protectedThis(*this);
return frameLoader()->client().shouldUseCredentialStorage(documentLoader(), identifier());
}
Modified: trunk/Source/WebCore/page/Page.h (265524 => 265525)
--- trunk/Source/WebCore/page/Page.h 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebCore/page/Page.h 2020-08-11 22:20:16 UTC (rev 265525)
@@ -657,6 +657,9 @@
void setHasResourceLoadClient(bool has) { m_hasResourceLoadClient = has; }
bool hasResourceLoadClient() const { return m_hasResourceLoadClient; }
+ void setCanUseCredentialStorage(bool canUse) { m_canUseCredentialStorage = canUse; }
+ bool canUseCredentialStorage() const { return m_canUseCredentialStorage; }
+
#if ENABLE(MEDIA_SESSION)
WEBCORE_EXPORT void handleMediaEvent(MediaEventType);
WEBCORE_EXPORT void setVolumeOfMediaElement(double, uint64_t);
@@ -1067,6 +1070,7 @@
bool m_shouldFireEvents { true };
bool m_loadsSubresources { true };
bool m_loadsFromNetwork { true };
+ bool m_canUseCredentialStorage { true };
ShouldRelaxThirdPartyCookieBlocking m_shouldRelaxThirdPartyCookieBlocking { ShouldRelaxThirdPartyCookieBlocking::No };
bool m_hasBeenNotifiedToInjectUserScripts { false };
};
Modified: trunk/Source/WebKit/ChangeLog (265524 => 265525)
--- trunk/Source/WebKit/ChangeLog 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/ChangeLog 2020-08-11 22:20:16 UTC (rev 265525)
@@ -1,3 +1,39 @@
+2020-08-11 Brady Eidson <beid...@apple.com>
+
+ Add a "use stored credentials" setting to WKWebView.
+ <rdar://problem/63308019> and https://bugs.webkit.org/show_bug.cgi?id=215388
+
+ Reviewed by Geoff Garen.
+
+ * NetworkProcess/NetworkProcess.cpp:
+ (WebKit::NetworkProcess::preconnectTo):
+
+ * Shared/WebPageCreationParameters.cpp:
+ (WebKit::WebPageCreationParameters::encode const):
+ (WebKit::WebPageCreationParameters::decode):
+ * Shared/WebPageCreationParameters.h:
+
+ * UIProcess/API/Cocoa/WKWebView.mm:
+ (-[WKWebView _canUseCredentialStorage]):
+ (-[WKWebView _setCanUseCredentialStorage:]):
+ * UIProcess/API/Cocoa/WKWebViewPrivate.h:
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::preconnectTo):
+ (WebKit::WebPageProxy::setCanUseCredentialStorage):
+ (WebKit::WebPageProxy::creationParameters):
+ * UIProcess/WebPageProxy.h:
+ (WebKit::WebPageProxy::canUseCredentialStorage):
+
+ * WebProcess/Network/WebLoaderStrategy.cpp:
+ (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
+
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::m_limitsNavigationsToAppBoundDomains):
+ (WebKit::WebPage::setCanUseCredentialStorage):
+ * WebProcess/WebPage/WebPage.h:
+ * WebProcess/WebPage/WebPage.messages.in:
+
2020-08-11 Per Arne Vollan <pvol...@apple.com>
[macOS] Deny access to directory for compiled WebKit sandboxes
Modified: trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp (265524 => 265525)
--- trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp 2020-08-11 22:20:16 UTC (rev 265525)
@@ -1415,6 +1415,8 @@
void NetworkProcess::preconnectTo(PAL::SessionID sessionID, WebPageProxyIdentifier webPageProxyID, WebCore::PageIdentifier webPageID, const URL& url, const String& userAgent, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, Optional<NavigatingToAppBoundDomain> isNavigatingToAppBoundDomain)
{
+ LOG(Network, "(NetworkProcess) Preconnecting to URL %s (storedCredentialsPolicy %i)", url.string().utf8().data(), (int)storedCredentialsPolicy);
+
#if ENABLE(SERVER_PRECONNECT)
#if ENABLE(LEGACY_CUSTOM_PROTOCOL_MANAGER)
if (supplement<LegacyCustomProtocolManager>()->supportsScheme(url.protocol().toString()))
Modified: trunk/Source/WebKit/Shared/WebPageCreationParameters.cpp (265524 => 265525)
--- trunk/Source/WebKit/Shared/WebPageCreationParameters.cpp 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/Shared/WebPageCreationParameters.cpp 2020-08-11 22:20:16 UTC (rev 265525)
@@ -157,6 +157,7 @@
encoder << needsInAppBrowserPrivacyQuirks;
encoder << limitsNavigationsToAppBoundDomains;
encoder << shouldRelaxThirdPartyCookieBlocking;
+ encoder << canUseCredentialStorage;
#if PLATFORM(GTK)
encoder << themeName;
@@ -503,7 +504,10 @@
if (!decoder.decode(parameters.shouldRelaxThirdPartyCookieBlocking))
return WTF::nullopt;
-
+
+ if (!decoder.decode(parameters.canUseCredentialStorage))
+ return WTF::nullopt;
+
#if PLATFORM(GTK)
if (!decoder.decode(parameters.themeName))
return WTF::nullopt;
Modified: trunk/Source/WebKit/Shared/WebPageCreationParameters.h (265524 => 265525)
--- trunk/Source/WebKit/Shared/WebPageCreationParameters.h 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/Shared/WebPageCreationParameters.h 2020-08-11 22:20:16 UTC (rev 265525)
@@ -229,6 +229,8 @@
bool shouldEnableVP9Decoder { false };
bool needsInAppBrowserPrivacyQuirks { false };
bool limitsNavigationsToAppBoundDomains { false };
+ bool canUseCredentialStorage { true };
+
WebCore::ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking { WebCore::ShouldRelaxThirdPartyCookieBlocking::No };
#if PLATFORM(GTK)
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm (265524 => 265525)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm 2020-08-11 22:20:16 UTC (rev 265525)
@@ -2674,6 +2674,16 @@
_page->preconnectTo(url);
}
+- (BOOL)_canUseCredentialStorage
+{
+ return _page->canUseCredentialStorage();
+}
+
+- (void)_setCanUseCredentialStorage:(BOOL)canUseCredentialStorage
+{
+ _page->setCanUseCredentialStorage(canUseCredentialStorage);
+}
+
- (id <_WKInputDelegate>)_inputDelegate
{
return _inputDelegate.getAutoreleased();
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h (265524 => 265525)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h 2020-08-11 22:20:16 UTC (rev 265525)
@@ -352,6 +352,8 @@
- (void)_preconnectToServer:(NSURL *)serverURL WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+@property (nonatomic, setter=_setCanUseCredentialStorage:) BOOL _canUseCredentialStorage WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+
@end
#if TARGET_OS_IPHONE
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (265524 => 265525)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-08-11 22:20:16 UTC (rev 265525)
@@ -4402,9 +4402,16 @@
if (!m_websiteDataStore->configuration().allowsServerPreconnect())
return;
- m_process->processPool().ensureNetworkProcess().preconnectTo(sessionID(), identifier(), webPageID(), url, userAgent(), WebCore::StoredCredentialsPolicy::Use, m_isNavigatingToAppBoundDomain);
+ auto storedCredentialsPolicy = m_canUseCredentialStorage ? WebCore::StoredCredentialsPolicy::Use : WebCore::StoredCredentialsPolicy::DoNotUse;
+ m_process->processPool().ensureNetworkProcess().preconnectTo(sessionID(), identifier(), webPageID(), url, userAgent(), storedCredentialsPolicy, m_isNavigatingToAppBoundDomain);
}
+void WebPageProxy::setCanUseCredentialStorage(bool canUseCredentialStorage)
+{
+ m_canUseCredentialStorage = canUseCredentialStorage;
+ send(Messages::WebPage::SetCanUseCredentialStorage(canUseCredentialStorage));
+}
+
void WebPageProxy::didDestroyNavigation(uint64_t navigationID)
{
PageClientProtector protector(pageClient());
@@ -7865,6 +7872,7 @@
parameters.shouldCaptureDisplayInUIProcess = m_process->processPool().configuration().shouldCaptureDisplayInUIProcess();
parameters.limitsNavigationsToAppBoundDomains = m_limitsNavigationsToAppBoundDomains;
parameters.shouldRelaxThirdPartyCookieBlocking = m_configuration->shouldRelaxThirdPartyCookieBlocking();
+ parameters.canUseCredentialStorage = m_canUseCredentialStorage;
#if PLATFORM(GTK)
parameters.themeName = pageClient().themeName();
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.h (265524 => 265525)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.h 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.h 2020-08-11 22:20:16 UTC (rev 265525)
@@ -1793,6 +1793,9 @@
void preconnectTo(const URL&);
+ bool canUseCredentialStorage() { return m_canUseCredentialStorage; }
+ void setCanUseCredentialStorage(bool);
+
private:
WebPageProxy(PageClient&, WebProcessProxy&, Ref<API::PageConfiguration>&&);
void platformInitialize();
@@ -2850,6 +2853,7 @@
bool m_userScriptsNotified { false };
bool m_limitsNavigationsToAppBoundDomains { false };
bool m_hasExecutedAppBoundBehaviorBeforeNavigation { false };
+ bool m_canUseCredentialStorage { true };
};
} // namespace WebKit
Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (265524 => 265525)
--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp 2020-08-11 22:20:16 UTC (rev 265525)
@@ -290,12 +290,12 @@
ResourceLoadIdentifier identifier = resourceLoader.identifier();
ASSERT(identifier);
- LOG(NetworkScheduling, "(WebProcess) WebLoaderStrategy::scheduleLoad, url '%s' will be scheduled with the NetworkProcess with priority %d", resourceLoader.url().string().latin1().data(), static_cast<int>(resourceLoader.request().priority()));
-
ContentSniffingPolicy contentSniffingPolicy = resourceLoader.shouldSniffContent() ? ContentSniffingPolicy::SniffContent : ContentSniffingPolicy::DoNotSniffContent;
ContentEncodingSniffingPolicy contentEncodingSniffingPolicy = resourceLoader.shouldSniffContentEncoding() ? ContentEncodingSniffingPolicy::Sniff : ContentEncodingSniffingPolicy::DoNotSniff;
StoredCredentialsPolicy storedCredentialsPolicy = resourceLoader.shouldUseCredentialStorage() ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
+ LOG(NetworkScheduling, "(WebProcess) WebLoaderStrategy::scheduleLoad, url '%s' will be scheduled with the NetworkProcess with priority %d, storedCredentialsPolicy %i", resourceLoader.url().string().latin1().data(), static_cast<int>(resourceLoader.request().priority()), (int)storedCredentialsPolicy);
+
auto* frame = resourceLoader.frame();
NetworkResourceLoadParameters loadParameters;
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (265524 => 265525)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2020-08-11 22:20:16 UTC (rev 265525)
@@ -780,6 +780,8 @@
if (parameters.shouldEnableVP9Decoder)
WebProcess::singleton().enableVP9Decoder();
+ m_page->setCanUseCredentialStorage(parameters.canUseCredentialStorage);
+
updateThrottleState();
}
@@ -1229,6 +1231,12 @@
m_page->setHasResourceLoadClient(has);
}
+void WebPage::setCanUseCredentialStorage(bool has)
+{
+ if (m_page)
+ m_page->setCanUseCredentialStorage(has);
+}
+
void WebPage::setTracksRepaints(bool trackRepaints)
{
if (FrameView* view = mainFrameView())
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.h (265524 => 265525)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.h 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.h 2020-08-11 22:20:16 UTC (rev 265525)
@@ -1646,6 +1646,7 @@
void platformDidSelectAll();
void setHasResourceLoadClient(bool);
+ void setCanUseCredentialStorage(bool);
#if ENABLE(CONTEXT_MENUS)
void didSelectItemFromActiveContextMenu(const WebContextMenuItemData&);
@@ -2136,6 +2137,8 @@
bool m_limitsNavigationsToAppBoundDomains { false };
bool m_navigationHasOccured { false };
+ bool m_canUseCredentialStorage { true };
+
Vector<String> m_corsDisablingPatterns;
};
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in (265524 => 265525)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in 2020-08-11 22:20:16 UTC (rev 265525)
@@ -609,4 +609,5 @@
SetNeedsDOMWindowResizeEvent()
SetHasResourceLoadClient(bool has)
+ SetCanUseCredentialStorage(bool canUse)
}
Modified: trunk/Tools/ChangeLog (265524 => 265525)
--- trunk/Tools/ChangeLog 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Tools/ChangeLog 2020-08-11 22:20:16 UTC (rev 265525)
@@ -1,3 +1,13 @@
+2020-08-11 Brady Eidson <beid...@apple.com>
+
+ Add a "use stored credentials" setting to WKWebView.
+ <rdar://problem/63308019> and https://bugs.webkit.org/show_bug.cgi?id=215388
+
+ Reviewed by Geoff Garen.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/Preconnect.mm:
+ (TestWebKitAPI::TEST):
+
2020-08-11 Kenneth Russell <k...@chromium.org>
Update contributors.json with reinstated reviewer status
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Preconnect.mm (265524 => 265525)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Preconnect.mm 2020-08-11 22:08:00 UTC (rev 265524)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Preconnect.mm 2020-08-11 22:20:16 UTC (rev 265525)
@@ -53,9 +53,11 @@
TEST(Preconnect, HTTP)
{
+ size_t connectionCount = 0;
bool connected = false;
bool requested = false;
HTTPServer server([&] (Connection connection) {
+ ++connectionCount;
connected = true;
connection.receiveHTTPRequest([&](Vector<char>&&) {
requested = true;
@@ -68,8 +70,40 @@
EXPECT_FALSE(requested);
[webView loadRequest:server.request()];
Util::run(&requested);
+
+ EXPECT_EQ(connectionCount, 1u);
}
+TEST(Preconnect, ConnectionCount)
+{
+ size_t connectionCount = 0;
+ bool anyConnections = false;
+ bool requested = false;
+ HTTPServer server([&] (Connection connection) {
+ ++connectionCount;
+ anyConnections = true;
+ connection.receiveHTTPRequest([&](Vector<char>&&) {
+ requested = true;
+ });
+ });
+ auto webView = adoptNS([WKWebView new]);
+
+ // The preconnect to the server will use the default setting of "use the credential store",
+ // and therefore use the credential-store-blessed NSURLSession.
+ [webView _preconnectToServer:server.request().URL];
+ Util::run(&anyConnections);
+ Util::spinRunLoop(10);
+ EXPECT_FALSE(requested);
+
+ // Then this request will *not* use the credential store, therefore using a different NSURLSession
+ // that doesn't know about the above preconnect, triggering a second connection to the server.
+ webView.get()._canUseCredentialStorage = NO;
+ [webView loadRequest:server.request()];
+ Util::run(&requested);
+
+ EXPECT_EQ(connectionCount, 2u);
+}
+
// Mojave CFNetwork _preconnect SPI seems to have a bug causing this to time out.
// That's no problem, because this is a test for SPI only to be used on later OS versions.
#if !PLATFORM(MAC) || __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500
