[webkit-changes] [272618] trunk

[cdumez]

Title: [272618] trunk

Revision

272618

Author

cdu...@apple.com

Date

2021-02-09 16:15:44 -0800 (Tue, 09 Feb 2021)

Log Message

Rename SecurityOrigin's canAccess() to isSameOriginDomain() to match HTML specification naming
https://bugs.webkit.org/show_bug.cgi?id=221630

Reviewed by Geoffrey Garen.

Rename SecurityOrigin's canAccess() to isSameOriginDomain() to match HTML specification naming:
- https://html.spec.whatwg.org/#same-origin-domain

Source/WebCore:

* bindings/js/JSDOMBindingSecurity.cpp:
(WebCore::canAccessDocument):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::canAccessFromCurrentOrigin):
(WebCore::ScriptController::executeJavaScriptURL):
* dom/Document.cpp:
(WebCore::canAccessAncestor):
(WebCore::Document::supportsPaintTiming const):
(WebCore::Document::domTimerAlignmentInterval const):
(WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
(WebCore::Document::initContentSecurityPolicy):
(WebCore::Document::requestAnimationFrame):
(WebCore::Document::updateIntersectionObservations):
* dom/Element.cpp:
(WebCore::Element::focus):
* dom/SecurityContext.cpp:
(WebCore::SecurityContext::isSecureTransitionTo const):
* dom/UserGestureIndicator.cpp:
(WebCore::UserGestureToken::UserGestureToken):
* html/HTMLFormControlElement.cpp:
(WebCore::shouldAutofocus):
* html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::canLoadURL const):
* loader/DocumentLoader.cpp:
(WebCore::shouldUseActiveServiceWorkerFromParent):
* loader/DocumentWriter.cpp:
(WebCore::canReferToParentFrameEncoding):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::dispatchBeforeUnloadEvent):
* loader/LinkLoader.cpp:
(WebCore::LinkLoader::preconnectIfNeeded):
* loader/ResourceLoadInfo.cpp:
(WebCore::ContentExtensions::ResourceLoadInfo::isThirdParty const):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::alert):
(WebCore::DOMWindow::confirmForBindings):
(WebCore::DOMWindow::prompt):
(WebCore::DOMWindow::isSameSecurityOriginAsMainFrame const):
(WebCore::DOMWindow::crossDomainAccessErrorMessage):
(WebCore::DOMWindow::isInsecureScriptAccess):
* page/FrameView.cpp:
(WebCore::FrameView::safeToPropagateScrollToParent const):
* page/Location.cpp:
(WebCore::Location::reload):
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::isSameOriginDomain const):
(WebCore::SecurityOrigin::canReceiveDragData const):
(WebCore::SecurityOrigin::canAccess const): Deleted.
* page/SecurityOrigin.h:
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::wouldTaintOrigin const):
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
(webKitSrcWouldTaintOrigin):
* platform/network/cocoa/WebCoreNSURLSession.mm:
(-[WebCoreNSURLSession wouldTaintOrigin:]):
* rendering/RenderWidget.cpp:
(WebCore::RenderWidget::paintContents):

Tools:

* TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp:
(TestWebKitAPI::TEST_F):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp
• trunk/Source/WebCore/bindings/js/ScriptController.cpp
• trunk/Source/WebCore/dom/Document.cpp
• trunk/Source/WebCore/dom/Element.cpp
• trunk/Source/WebCore/dom/SecurityContext.cpp
• trunk/Source/WebCore/dom/UserGestureIndicator.cpp
• trunk/Source/WebCore/html/HTMLFormControlElement.cpp
• trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp
• trunk/Source/WebCore/loader/DocumentLoader.cpp
• trunk/Source/WebCore/loader/DocumentWriter.cpp
• trunk/Source/WebCore/loader/FrameLoader.cpp
• trunk/Source/WebCore/loader/LinkLoader.cpp
• trunk/Source/WebCore/loader/ResourceLoadInfo.cpp
• trunk/Source/WebCore/page/DOMWindow.cpp
• trunk/Source/WebCore/page/FrameView.cpp
• trunk/Source/WebCore/page/Location.cpp
• trunk/Source/WebCore/page/SecurityOrigin.cpp
• trunk/Source/WebCore/page/SecurityOrigin.h
• trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
• trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp
• trunk/Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm
• trunk/Source/WebCore/rendering/RenderWidget.cpp
• trunk/Tools/ChangeLog
• trunk/Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (272617 => 272618)

--- trunk/Source/WebCore/ChangeLog	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/ChangeLog	2021-02-10 00:15:44 UTC (rev 272618)
@@ -1,3 +1,71 @@
+2021-02-09  Chris Dumez  <cdu...@apple.com>
+
+        Rename SecurityOrigin's canAccess() to isSameOriginDomain() to match HTML specification naming
+        https://bugs.webkit.org/show_bug.cgi?id=221630
+
+        Reviewed by Geoffrey Garen.
+
+        Rename SecurityOrigin's canAccess() to isSameOriginDomain() to match HTML specification naming:
+        - https://html.spec.whatwg.org/#same-origin-domain
+
+        * bindings/js/JSDOMBindingSecurity.cpp:
+        (WebCore::canAccessDocument):
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::canAccessFromCurrentOrigin):
+        (WebCore::ScriptController::executeJavaScriptURL):
+        * dom/Document.cpp:
+        (WebCore::canAccessAncestor):
+        (WebCore::Document::supportsPaintTiming const):
+        (WebCore::Document::domTimerAlignmentInterval const):
+        (WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
+        (WebCore::Document::initContentSecurityPolicy):
+        (WebCore::Document::requestAnimationFrame):
+        (WebCore::Document::updateIntersectionObservations):
+        * dom/Element.cpp:
+        (WebCore::Element::focus):
+        * dom/SecurityContext.cpp:
+        (WebCore::SecurityContext::isSecureTransitionTo const):
+        * dom/UserGestureIndicator.cpp:
+        (WebCore::UserGestureToken::UserGestureToken):
+        * html/HTMLFormControlElement.cpp:
+        (WebCore::shouldAutofocus):
+        * html/HTMLPlugInImageElement.cpp:
+        (WebCore::HTMLPlugInImageElement::canLoadURL const):
+        * loader/DocumentLoader.cpp:
+        (WebCore::shouldUseActiveServiceWorkerFromParent):
+        * loader/DocumentWriter.cpp:
+        (WebCore::canReferToParentFrameEncoding):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::dispatchBeforeUnloadEvent):
+        * loader/LinkLoader.cpp:
+        (WebCore::LinkLoader::preconnectIfNeeded):
+        * loader/ResourceLoadInfo.cpp:
+        (WebCore::ContentExtensions::ResourceLoadInfo::isThirdParty const):
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::alert):
+        (WebCore::DOMWindow::confirmForBindings):
+        (WebCore::DOMWindow::prompt):
+        (WebCore::DOMWindow::isSameSecurityOriginAsMainFrame const):
+        (WebCore::DOMWindow::crossDomainAccessErrorMessage):
+        (WebCore::DOMWindow::isInsecureScriptAccess):
+        * page/FrameView.cpp:
+        (WebCore::FrameView::safeToPropagateScrollToParent const):
+        * page/Location.cpp:
+        (WebCore::Location::reload):
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::isSameOriginDomain const):
+        (WebCore::SecurityOrigin::canReceiveDragData const):
+        (WebCore::SecurityOrigin::canAccess const): Deleted.
+        * page/SecurityOrigin.h:
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+        (WebCore::MediaPlayerPrivateGStreamer::wouldTaintOrigin const):
+        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
+        (webKitSrcWouldTaintOrigin):
+        * platform/network/cocoa/WebCoreNSURLSession.mm:
+        (-[WebCoreNSURLSession wouldTaintOrigin:]):
+        * rendering/RenderWidget.cpp:
+        (WebCore::RenderWidget::paintContents):
+
 2021-02-09  Devin Rousso  <drou...@apple.com>
 
         [Cocoa] rename `ENGINEERING_BUILD` to `ENABLE_DEVELOPER_MODE` to match other platforms

Modified: trunk/Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp (272617 => 272618)

--- trunk/Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -52,7 +52,7 @@
 
     DOMWindow& active = activeDOMWindow(*lexicalGlobalObject);
 
-    if (active.document()->securityOrigin().canAccess(targetDocument->securityOrigin()))
+    if (active.document()->securityOrigin().isSameOriginDomain(targetDocument->securityOrigin()))
         return true;
 
     switch (reportingOption) {

Modified: trunk/Source/WebCore/bindings/js/ScriptController.cpp (272617 => 272618)

--- trunk/Source/WebCore/bindings/js/ScriptController.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/bindings/js/ScriptController.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -411,7 +411,7 @@
     // If the current lexicalGlobalObject is null we should use the accessing document for the security check.
     if (!lexicalGlobalObject) {
         auto* targetDocument = frame ? frame->document() : nullptr;
-        return targetDocument && accessingDocument.securityOrigin().canAccess(targetDocument->securityOrigin());
+        return targetDocument && accessingDocument.securityOrigin().isSameOriginDomain(targetDocument->securityOrigin());
     }
 
     return BindingSecurity::shouldAllowAccessToFrame(lexicalGlobalObject, frame);
@@ -812,7 +812,7 @@
 {
     ASSERT(url.protocolIsJavaScript());
 
-    if (requesterSecurityOrigin && !requesterSecurityOrigin->canAccess(m_frame.document()->securityOrigin()))
+    if (requesterSecurityOrigin && !requesterSecurityOrigin->isSameOriginDomain(m_frame.document()->securityOrigin()))
         return;
 
     if (!m_frame.page() || !m_frame.document()->contentSecurityPolicy()->allowJavaScriptURLs(m_frame.document()->url().string(), eventHandlerPosition().m_line))

Modified: trunk/Source/WebCore/dom/Document.cpp (272617 => 272618)

--- trunk/Source/WebCore/dom/Document.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/dom/Document.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -494,7 +494,7 @@
             return true;
 
         const SecurityOrigin& ancestorSecurityOrigin = ancestorDocument->securityOrigin();
-        if (activeSecurityOrigin.canAccess(ancestorSecurityOrigin))
+        if (activeSecurityOrigin.isSameOriginDomain(ancestorSecurityOrigin))
             return true;
         
         // Allow file URL descendant navigation even when allowFileAccessFromFileURLs is false.
@@ -3212,7 +3212,7 @@
 
 bool Document::supportsPaintTiming() const
 {
-    return RuntimeEnabledFeatures::sharedFeatures().paintTimingEnabled() && securityOrigin().canAccess(topOrigin());
+    return RuntimeEnabledFeatures::sharedFeatures().paintTimingEnabled() && securityOrigin().isSameOriginDomain(topOrigin());
 }
 
 // https://w3c.github.io/paint-timing/#ref-for-mark-paint-timing
@@ -3330,7 +3330,7 @@
     if (Page* page = this->page())
         alignmentInterval = std::max(alignmentInterval, page->domTimerAlignmentInterval());
 
-    if (!topOrigin().canAccess(securityOrigin()) && !hasHadUserInteraction())
+    if (!topOrigin().isSameOriginDomain(securityOrigin()) && !hasHadUserInteraction())
         alignmentInterval = std::max(alignmentInterval, DOMTimer::nonInteractedCrossOriginFrameAlignmentInterval());
 
     return alignmentInterval;
@@ -3620,7 +3620,7 @@
 
     // Only prevent cross-site navigations.
     auto* targetDocument = targetFrame.document();
-    if (targetDocument && (targetDocument->securityOrigin().canAccess(SecurityOrigin::create(destinationURL)) || areRegistrableDomainsEqual(targetDocument->url(), destinationURL)))
+    if (targetDocument && (targetDocument->securityOrigin().isSameOriginDomain(SecurityOrigin::create(destinationURL)) || areRegistrableDomainsEqual(targetDocument->url(), destinationURL)))
         return false;
 
     return true;
@@ -6178,7 +6178,7 @@
     if (!isPluginDocument())
         return;
     auto* openerFrame = m_frame->loader().opener();
-    bool shouldInhert = parentFrame || (openerFrame && openerFrame->document()->securityOrigin().canAccess(securityOrigin()));
+    bool shouldInhert = parentFrame || (openerFrame && openerFrame->document()->securityOrigin().isSameOriginDomain(securityOrigin()));
     if (!shouldInhert)
         return;
     setContentSecurityPolicy(makeUnique<ContentSecurityPolicy>(URL { m_url }, *this));
@@ -6669,7 +6669,7 @@
         if (!page() || page()->scriptedAnimationsSuspended())
             m_scriptedAnimationController->suspend();
 
-        if (!topOrigin().canAccess(securityOrigin()) && !hasHadUserInteraction())
+        if (!topOrigin().isSameOriginDomain(securityOrigin()) && !hasHadUserInteraction())
             m_scriptedAnimationController->addThrottlingReason(ThrottlingReason::NonInteractedCrossOriginFrame);
     }
 
@@ -7805,7 +7805,7 @@
             ASSERT(index != notFound);
             auto& registration = targetRegistrations[index];
 
-            bool isSameOriginObservation = &target->document() == this || target->document().securityOrigin().canAccess(securityOrigin());
+            bool isSameOriginObservation = &target->document() == this || target->document().securityOrigin().isSameOriginDomain(securityOrigin());
             auto intersectionState = computeIntersectionState(*frameView, *observer, *target, isSameOriginObservation);
 
             float intersectionRatio = 0;

Modified: trunk/Source/WebCore/dom/Element.cpp (272617 => 272618)

--- trunk/Source/WebCore/dom/Element.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/dom/Element.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -3039,7 +3039,7 @@
 
     if (Page* page = document->page()) {
         auto& frame = *document->frame();
-        if (!frame.hasHadUserInteraction() && !frame.isMainFrame() && !document->topDocument().securityOrigin().canAccess(document->securityOrigin()))
+        if (!frame.hasHadUserInteraction() && !frame.isMainFrame() && !document->topDocument().securityOrigin().isSameOriginDomain(document->securityOrigin()))
             return;
 
         // Focus and change event handlers can cause us to lose our last ref.

Modified: trunk/Source/WebCore/dom/SecurityContext.cpp (272617 => 272618)

--- trunk/Source/WebCore/dom/SecurityContext.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/dom/SecurityContext.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -66,7 +66,7 @@
     if (!haveInitializedSecurityOrigin())
         return true;
 
-    return securityOriginPolicy()->origin().canAccess(SecurityOrigin::create(url).get());
+    return securityOriginPolicy()->origin().isSameOriginDomain(SecurityOrigin::create(url).get());
 }
 
 void SecurityContext::enforceSandboxFlags(SandboxFlags mask)

Modified: trunk/Source/WebCore/dom/UserGestureIndicator.cpp (272617 => 272618)

--- trunk/Source/WebCore/dom/UserGestureIndicator.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/dom/UserGestureIndicator.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -67,7 +67,7 @@
     auto& documentOrigin = document->securityOrigin();
     for (auto* frame = &documentFrame->tree().top(); frame; frame = frame->tree().traverseNext()) {
         auto* frameDocument = frame->document();
-        if (frameDocument && documentOrigin.canAccess(frameDocument->securityOrigin()))
+        if (frameDocument && documentOrigin.isSameOriginDomain(frameDocument->securityOrigin()))
             m_documentsImpactedByUserGesture.add(*frameDocument);
     }
 }

Modified: trunk/Source/WebCore/html/HTMLFormControlElement.cpp (272617 => 272618)

--- trunk/Source/WebCore/html/HTMLFormControlElement.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/html/HTMLFormControlElement.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -215,7 +215,7 @@
     }
 
     auto& document = element->document();
-    if (!document.frame()->isMainFrame() && !document.topDocument().securityOrigin().canAccess(document.securityOrigin())) {
+    if (!document.frame()->isMainFrame() && !document.topDocument().securityOrigin().isSameOriginDomain(document.securityOrigin())) {
         document.addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Blocked autofocusing on a form control in a cross-origin subframe."_s);
         return false;
     }

Modified: trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp (272617 => 272618)

--- trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -102,7 +102,7 @@
 {
     if (completeURL.protocolIsJavaScript()) {
         RefPtr<Document> contentDocument = this->contentDocument();
-        if (contentDocument && !document().securityOrigin().canAccess(contentDocument->securityOrigin()))
+        if (contentDocument && !document().securityOrigin().isSameOriginDomain(contentDocument->securityOrigin()))
             return false;
     }
 

Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (272617 => 272618)

--- trunk/Source/WebCore/loader/DocumentLoader.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -1128,7 +1128,7 @@
 // https://w3c.github.io/ServiceWorker/#control-and-use-window-client
 static inline bool shouldUseActiveServiceWorkerFromParent(const Document& document, const Document& parent)
 {
-    return !document.url().protocolIsInHTTPFamily() && !document.securityOrigin().isUnique() && parent.securityOrigin().canAccess(document.securityOrigin());
+    return !document.url().protocolIsInHTTPFamily() && !document.securityOrigin().isUnique() && parent.securityOrigin().isSameOriginDomain(document.securityOrigin());
 }
 #endif
 

Modified: trunk/Source/WebCore/loader/DocumentWriter.cpp (272617 => 272618)

--- trunk/Source/WebCore/loader/DocumentWriter.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/loader/DocumentWriter.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -57,7 +57,7 @@
 {
     if (is<XMLDocument>(frame->document()))
         return false;
-    return parentFrame && parentFrame->document()->securityOrigin().canAccess(frame->document()->securityOrigin());
+    return parentFrame && parentFrame->document()->securityOrigin().isSameOriginDomain(frame->document()->securityOrigin());
 }
     
 // This is only called by ScriptController::executeIfJavaScriptURL

Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (272617 => 272618)

--- trunk/Source/WebCore/loader/FrameLoader.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -3372,7 +3372,7 @@
             Document* parentDocument = parentFrame->document();
             if (!parentDocument)
                 return true;
-            if (!m_frame.document() || !m_frame.document()->securityOrigin().canAccess(parentDocument->securityOrigin())) {
+            if (!m_frame.document() || !m_frame.document()->securityOrigin().isSameOriginDomain(parentDocument->securityOrigin())) {
                 document->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Blocked attempt to show beforeunload confirmation dialog on behalf of a frame with different security origin. Protocols, domains, and ports must match."_s);
                 return true;
             }

Modified: trunk/Source/WebCore/loader/LinkLoader.cpp (272617 => 272618)

--- trunk/Source/WebCore/loader/LinkLoader.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/loader/LinkLoader.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -213,7 +213,7 @@
         return;
     ASSERT(document.settings().linkPreconnectEnabled());
     StoredCredentialsPolicy storageCredentialsPolicy = StoredCredentialsPolicy::Use;
-    if (equalIgnoringASCIICase(params.crossOrigin, "anonymous") && document.securityOrigin().canAccess(SecurityOrigin::create(href)))
+    if (equalIgnoringASCIICase(params.crossOrigin, "anonymous") && document.securityOrigin().isSameOriginDomain(SecurityOrigin::create(href)))
         storageCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
     ASSERT(document.frame()->loader().networkingContext());
     platformStrategies()->loaderStrategy()->preconnectTo(document.frame()->loader(), href, storageCredentialsPolicy, [weakDocument = makeWeakPtr(document), href](ResourceError error) {

Modified: trunk/Source/WebCore/loader/ResourceLoadInfo.cpp (272617 => 272618)

--- trunk/Source/WebCore/loader/ResourceLoadInfo.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/loader/ResourceLoadInfo.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -119,7 +119,7 @@
     Ref<SecurityOrigin> mainDocumentSecurityOrigin = SecurityOrigin::create(mainDocumentURL);
     Ref<SecurityOrigin> resourceSecurityOrigin = SecurityOrigin::create(resourceURL);
 
-    return !mainDocumentSecurityOrigin->canAccess(resourceSecurityOrigin.get());
+    return !mainDocumentSecurityOrigin->isSameOriginDomain(resourceSecurityOrigin.get());
 }
     
 ResourceFlags ResourceLoadInfo::getResourceFlags() const

Modified: trunk/Source/WebCore/page/DOMWindow.cpp (272617 => 272618)

--- trunk/Source/WebCore/page/DOMWindow.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/page/DOMWindow.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -1112,7 +1112,7 @@
         return;
     }
 
-    if (!document()->securityOrigin().canAccess(document()->topDocument().securityOrigin())) {
+    if (!document()->securityOrigin().isSameOriginDomain(document()->topDocument().securityOrigin())) {
         printErrorMessage("Use of window.alert is not allowed in different origin-domain iframes.");
         return;
     }
@@ -1145,7 +1145,7 @@
         return false;
     }
 
-    if (!document()->securityOrigin().canAccess(document()->topDocument().securityOrigin())) {
+    if (!document()->securityOrigin().isSameOriginDomain(document()->topDocument().securityOrigin())) {
         printErrorMessage("Use of window.confirm is not allowed in different origin-domain iframes.");
         return false;
     }
@@ -1178,7 +1178,7 @@
         return String();
     }
 
-    if (!document()->securityOrigin().canAccess(document()->topDocument().securityOrigin())) {
+    if (!document()->securityOrigin().isSameOriginDomain(document()->topDocument().securityOrigin())) {
         printErrorMessage("Use of window.prompt is not allowed in different origin-domain iframes.");
         return String();
     }
@@ -1933,7 +1933,7 @@
 
     Document* mainFrameDocument = frame->mainFrame().document();
 
-    if (mainFrameDocument && document()->securityOrigin().canAccess(mainFrameDocument->securityOrigin()))
+    if (mainFrameDocument && document()->securityOrigin().isSameOriginDomain(mainFrameDocument->securityOrigin()))
         return true;
 
     return false;
@@ -2386,7 +2386,7 @@
     if (activeWindowURL.isNull())
         return String();
 
-    ASSERT(!activeWindow.document()->securityOrigin().canAccess(document()->securityOrigin()));
+    ASSERT(!activeWindow.document()->securityOrigin().isSameOriginDomain(document()->securityOrigin()));
 
     // FIXME: This message, and other console messages, have extra newlines. Should remove them.
     SecurityOrigin& activeOrigin = activeWindow.document()->securityOrigin();
@@ -2447,7 +2447,7 @@
 
         // FIXME: The name canAccess seems to be a roundabout way to ask "can execute script".
         // Can we name the SecurityOrigin function better to make this more clear?
-        if (activeWindow.document()->securityOrigin().canAccess(document()->securityOrigin()))
+        if (activeWindow.document()->securityOrigin().isSameOriginDomain(document()->securityOrigin()))
             return false;
     }
 

Modified: trunk/Source/WebCore/page/FrameView.cpp (272617 => 272618)

--- trunk/Source/WebCore/page/FrameView.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/page/FrameView.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -3187,7 +3187,7 @@
     if (!parentDocument)
         return false;
 
-    return document->securityOrigin().canAccess(parentDocument->securityOrigin());
+    return document->securityOrigin().isSameOriginDomain(parentDocument->securityOrigin());
 }
 
 void FrameView::scrollToAnchor()

Modified: trunk/Source/WebCore/page/Location.cpp (272617 => 272618)

--- trunk/Source/WebCore/page/Location.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/page/Location.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -253,7 +253,7 @@
     // FIXME: It's not clear this cross-origin security check is valuable.
     // We allow one page to change the location of another. Why block attempts to reload?
     // Other location operations simply block use of _javascript_ URLs cross origin.
-    if (!activeDocument.securityOrigin().canAccess(targetDocument.securityOrigin())) {
+    if (!activeDocument.securityOrigin().isSameOriginDomain(targetDocument.securityOrigin())) {
         auto& targetWindow = *targetDocument.domWindow();
         targetWindow.printErrorMessage(targetWindow.crossDomainAccessErrorMessage(activeWindow, IncludeTargetOrigin::Yes));
         return;

Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (272617 => 272618)

--- trunk/Source/WebCore/page/SecurityOrigin.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -269,7 +269,7 @@
     return false;
 }
 
-bool SecurityOrigin::canAccess(const SecurityOrigin& other) const
+bool SecurityOrigin::isSameOriginDomain(const SecurityOrigin& other) const
 {
     if (m_universalAccess)
         return true;
@@ -356,7 +356,7 @@
     if (this == &dragInitiator)
         return true;
 
-    return canAccess(dragInitiator);
+    return isSameOriginDomain(dragInitiator);
 }
 
 // This is a hack to allow keep navigation to http/https feeds working. To remove this

Modified: trunk/Source/WebCore/page/SecurityOrigin.h (272617 => 272618)

--- trunk/Source/WebCore/page/SecurityOrigin.h	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/page/SecurityOrigin.h	2021-02-10 00:15:44 UTC (rev 272618)
@@ -91,13 +91,13 @@
     // Protocols like blob: and filesystem: fall into this latter category.
     static bool isSecure(const URL&);
 
+    // This method implements the "same origin-domain" algorithm from the HTML Standard:
+    // https://html.spec.whatwg.org/#same-origin-domain
     // Returns true if this SecurityOrigin can script objects in the given
     // SecurityOrigin. For example, call this function before allowing
     // script from one security origin to read or write objects from
     // another SecurityOrigin.
-    // This method implements the "same origin-domain" algorithm from the HTML Standard:
-    // https://html.spec.whatwg.org/#same-origin-domain
-    WEBCORE_EXPORT bool canAccess(const SecurityOrigin&) const;
+    WEBCORE_EXPORT bool isSameOriginDomain(const SecurityOrigin&) const;
 
     // Returns true if this SecurityOrigin can read content retrieved from
     // the given URL. For example, call this function before issuing
@@ -191,7 +191,7 @@
 
     // This method checks for equality between SecurityOrigins, not whether
     // one origin can access another. It is used for hash table keys.
-    // For access checks, use canAccess().
+    // For access checks, use isSameOriginDomain().
     // FIXME: If this method is really only useful for hash table keys, it
     // should be refactored into SecurityOriginHash.
     WEBCORE_EXPORT bool equal(const SecurityOrigin*) const;

Modified: trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp (272617 => 272618)

--- trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -843,7 +843,7 @@
 {
     GST_TRACE_OBJECT(pipeline(), "Checking %u origins", m_origins.size());
     for (auto& responseOrigin : m_origins) {
-        if (!origin.canAccess(*responseOrigin)) {
+        if (!origin.isSameOriginDomain(*responseOrigin)) {
             GST_DEBUG_OBJECT(pipeline(), "Found reachable response origin");
             return true;
         }

Modified: trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp (272617 => 272618)

--- trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -1177,7 +1177,7 @@
 
     auto* cachedResourceStreamingClient = reinterpret_cast<CachedResourceStreamingClient*>(members->resource->client());
     for (auto& responseOrigin : cachedResourceStreamingClient->securityOrigins()) {
-        if (!origin.canAccess(*responseOrigin))
+        if (!origin.isSameOriginDomain(*responseOrigin))
             return true;
     }
     return false;

Modified: trunk/Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm (272617 => 272618)

--- trunk/Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm	2021-02-10 00:15:44 UTC (rev 272618)
@@ -359,7 +359,7 @@
 - (BOOL)wouldTaintOrigin:(const WebCore::SecurityOrigin &)origin
 {
     for (auto& responseOrigin : _origins) {
-        if (!origin.canAccess(*responseOrigin))
+        if (!origin.isSameOriginDomain(*responseOrigin))
             return true;
     }
     return false;

Modified: trunk/Source/WebCore/rendering/RenderWidget.cpp (272617 => 272618)

--- trunk/Source/WebCore/rendering/RenderWidget.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Source/WebCore/rendering/RenderWidget.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -224,7 +224,7 @@
 {
     if (paintInfo.requireSecurityOriginAccessForWidgets) {
         if (auto contentDocument = frameOwnerElement().contentDocument()) {
-            if (!document().securityOrigin().canAccess(contentDocument->securityOrigin()))
+            if (!document().securityOrigin().isSameOriginDomain(contentDocument->securityOrigin()))
                 return;
         }
     }

Modified: trunk/Tools/ChangeLog (272617 => 272618)

--- trunk/Tools/ChangeLog	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Tools/ChangeLog	2021-02-10 00:15:44 UTC (rev 272618)
@@ -1,3 +1,16 @@
+2021-02-09  Chris Dumez  <cdu...@apple.com>
+
+        Rename SecurityOrigin's canAccess() to isSameOriginDomain() to match HTML specification naming
+        https://bugs.webkit.org/show_bug.cgi?id=221630
+
+        Reviewed by Geoffrey Garen.
+
+        Rename SecurityOrigin's canAccess() to isSameOriginDomain() to match HTML specification naming:
+        - https://html.spec.whatwg.org/#same-origin-domain
+
+        * TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp:
+        (TestWebKitAPI::TEST_F):
+
 2021-02-09  Alex Christensen  <achristen...@webkit.org>
 
         Fix Catalina build.

Modified: trunk/Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp (272617 => 272618)

--- trunk/Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp	2021-02-09 23:06:53 UTC (rev 272617)
+++ trunk/Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp	2021-02-10 00:15:44 UTC (rev 272618)
@@ -139,9 +139,9 @@
     EXPECT_TRUE(tempFileOrigin->isSameSchemeHostPort(bangContainingOrigin.get()));
     EXPECT_TRUE(tempFileOrigin->isSameSchemeHostPort(quoteContainingOrigin.get()));
 
-    EXPECT_TRUE(tempFileOrigin->canAccess(spaceContainingOrigin.get()));
-    EXPECT_TRUE(tempFileOrigin->canAccess(bangContainingOrigin.get()));
-    EXPECT_TRUE(tempFileOrigin->canAccess(quoteContainingOrigin.get()));
+    EXPECT_TRUE(tempFileOrigin->isSameOriginDomain(spaceContainingOrigin.get()));
+    EXPECT_TRUE(tempFileOrigin->isSameOriginDomain(bangContainingOrigin.get()));
+    EXPECT_TRUE(tempFileOrigin->isSameOriginDomain(quoteContainingOrigin.get()));
 }
 
 TEST_F(SecurityOriginTest, IsPotentiallyTrustworthy)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes