Title: [265697] branches/safari-610.1-branch
- Revision
- 265697
- Author
- [email protected]
- Date
- 2020-08-14 12:48:42 -0700 (Fri, 14 Aug 2020)
Log Message
Cherry-pick r265573. rdar://problem/67083969
Fail preconnect requests to deprecated TLS instead of allowing application to show warning
https://bugs.webkit.org/show_bug.cgi?id=215424
<rdar://problem/66784116>
Patch by Alex Christensen <[email protected]> on 2020-08-12
Reviewed by Geoffrey Garen.
Source/WebKit:
Preconnecting is just a suggestion, so if the content really wants to load something from the deprecated TLS server,
we will see the warning when the load actually happens.
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
Tools:
* TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:
(TestWebKitAPI::TEST):
(TestWebKitAPI::webViewWithNavigationDelegate):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@265573 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-610.1-branch/Source/WebKit/ChangeLog (265696 => 265697)
--- branches/safari-610.1-branch/Source/WebKit/ChangeLog 2020-08-14 19:48:39 UTC (rev 265696)
+++ branches/safari-610.1-branch/Source/WebKit/ChangeLog 2020-08-14 19:48:42 UTC (rev 265697)
@@ -1,5 +1,46 @@
2020-08-14 Alan Coon <[email protected]>
+ Cherry-pick r265573. rdar://problem/67083969
+
+ Fail preconnect requests to deprecated TLS instead of allowing application to show warning
+ https://bugs.webkit.org/show_bug.cgi?id=215424
+ <rdar://problem/66784116>
+
+ Patch by Alex Christensen <[email protected]> on 2020-08-12
+ Reviewed by Geoffrey Garen.
+
+ Source/WebKit:
+
+ Preconnecting is just a suggestion, so if the content really wants to load something from the deprecated TLS server,
+ we will see the warning when the load actually happens.
+
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
+
+ Tools:
+
+ * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:
+ (TestWebKitAPI::TEST):
+ (TestWebKitAPI::webViewWithNavigationDelegate):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@265573 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-08-12 Alex Christensen <[email protected]>
+
+ Fail preconnect requests to deprecated TLS instead of allowing application to show warning
+ https://bugs.webkit.org/show_bug.cgi?id=215424
+ <rdar://problem/66784116>
+
+ Reviewed by Geoffrey Garen.
+
+ Preconnecting is just a suggestion, so if the content really wants to load something from the deprecated TLS server,
+ we will see the warning when the load actually happens.
+
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
+
+2020-08-14 Alan Coon <[email protected]>
+
Cherry-pick r265560. rdar://problem/67084214
WebPageProxy::registerEditCommand should be robust against invalid undo step identifiers
Modified: branches/safari-610.1-branch/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (265696 => 265697)
--- branches/safari-610.1-branch/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2020-08-14 19:48:39 UTC (rev 265696)
+++ branches/safari-610.1-branch/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2020-08-14 19:48:42 UTC (rev 265697)
@@ -674,6 +674,9 @@
}
ALLOW_DEPRECATED_DECLARATIONS_END
+ if (negotiatedLegacyTLS == NegotiatedLegacyTLS::Yes && task._preconnect)
+ return completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
+
// Handle server trust evaluation at platform-level if requested, for performance reasons and to use ATS defaults.
if (sessionCocoa->fastServerTrustEvaluationEnabled() && negotiatedLegacyTLS == NegotiatedLegacyTLS::No) {
auto* networkDataTask = [self existingTask:task];
Modified: branches/safari-610.1-branch/Tools/ChangeLog (265696 => 265697)
--- branches/safari-610.1-branch/Tools/ChangeLog 2020-08-14 19:48:39 UTC (rev 265696)
+++ branches/safari-610.1-branch/Tools/ChangeLog 2020-08-14 19:48:42 UTC (rev 265697)
@@ -1,5 +1,44 @@
2020-08-14 Alan Coon <[email protected]>
+ Cherry-pick r265573. rdar://problem/67083969
+
+ Fail preconnect requests to deprecated TLS instead of allowing application to show warning
+ https://bugs.webkit.org/show_bug.cgi?id=215424
+ <rdar://problem/66784116>
+
+ Patch by Alex Christensen <[email protected]> on 2020-08-12
+ Reviewed by Geoffrey Garen.
+
+ Source/WebKit:
+
+ Preconnecting is just a suggestion, so if the content really wants to load something from the deprecated TLS server,
+ we will see the warning when the load actually happens.
+
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
+
+ Tools:
+
+ * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:
+ (TestWebKitAPI::TEST):
+ (TestWebKitAPI::webViewWithNavigationDelegate):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@265573 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-08-12 Alex Christensen <[email protected]>
+
+ Fail preconnect requests to deprecated TLS instead of allowing application to show warning
+ https://bugs.webkit.org/show_bug.cgi?id=215424
+ <rdar://problem/66784116>
+
+ Reviewed by Geoffrey Garen.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:
+ (TestWebKitAPI::TEST):
+ (TestWebKitAPI::webViewWithNavigationDelegate):
+
+2020-08-14 Alan Coon <[email protected]>
+
Cherry-pick r265510. rdar://problem/67084518
Deferred WKUserScripts are exponentially injected on preloaded pages with frames.
Modified: branches/safari-610.1-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm (265696 => 265697)
--- branches/safari-610.1-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm 2020-08-14 19:48:39 UTC (rev 265696)
+++ branches/safari-610.1-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm 2020-08-14 19:48:42 UTC (rev 265697)
@@ -242,6 +242,27 @@
}
}
+TEST(TLSVersion, Preconnect)
+{
+ bool connectionAttempted = false;
+ TCPServer server(TCPServer::Protocol::HTTPS, [&](SSL *ssl) {
+ EXPECT_FALSE(ssl);
+ connectionAttempted = true;
+ }, tls1_1);
+
+ auto webView = adoptNS([WKWebView new]);
+ [webView loadHTMLString:makeString("<head><link rel='preconnect' href=''></link></head>") baseURL:nil];
+
+ auto delegate = adoptNS([TestNavigationDelegate new]);
+ [webView setNavigationDelegate:delegate.get()];
+ [delegate setDidReceiveAuthenticationChallenge:^(WKWebView *, NSURLAuthenticationChallenge *challenge, void (^callback)(NSURLSessionAuthChallengeDisposition, NSURLCredential *)) {
+ EXPECT_TRUE(false);
+ callback(NSURLSessionAuthChallengeUseCredential, nil);
+ }];
+
+ TestWebKitAPI::Util::run(&connectionAttempted);
+}
+
#endif // HAVE(TLS_VERSION_DURING_CHALLENGE)
#if HAVE(NETWORK_FRAMEWORK) && HAVE(TLS_PROTOCOL_VERSION_T)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
