Diff
Modified: trunk/Source/WebKit/ChangeLog (278455 => 278456)
--- trunk/Source/WebKit/ChangeLog 2021-06-04 14:19:18 UTC (rev 278455)
+++ trunk/Source/WebKit/ChangeLog 2021-06-04 14:22:43 UTC (rev 278456)
@@ -1,3 +1,17 @@
+2021-06-04 Jan-Michael Brummer <jan.brum...@tabos.org>
+
+ [GTK][WPE] Expose setCORSDisablingPatterns
+ https://bugs.webkit.org/show_bug.cgi?id=219995
+
+ Reviewed by Carlos Garcia Campos.
+
+ * UIProcess/API/glib/WebKitWebView.cpp:
+ (webkit_web_view_set_cors_allowlist):
+ * UIProcess/API/gtk/WebKitWebView.h:
+ * UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
+ * UIProcess/API/wpe/WebKitWebView.h:
+ * UIProcess/API/wpe/docs/wpe-1.0-sections.txt:
+
2021-06-03 Sihui Liu <sihui_...@apple.com>
Make WebIDBServer use WorkQueue instead of Thread
Modified: trunk/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp (278455 => 278456)
--- trunk/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp 2021-06-04 14:19:18 UTC (rev 278455)
+++ trunk/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp 2021-06-04 14:22:43 UTC (rev 278456)
@@ -4780,3 +4780,38 @@
protectedProcessProxy->requestTermination(WebKit::ProcessTerminationReason::RequestedByClient);
}
}
+
+/**
+ * webkit_web_view_set_cors_allowlist:
+ * @web_view: a #WebKitWebView
+ * @allowlist: (array zero-terminated=1) (element-type utf8) (transfer none) (nullable): an allowlist of URI patterns, or %NULL
+ *
+ * Sets the @allowlist for which
+ * [Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
+ * checks are disabled in @web_view. URI patterns must be of the form
+ * `[protocol]://[host]/[path]`, each component may contain the wildcard
+ * character (`*`) to represent zero or more other characters. All three
+ * components are required and must not be omitted from the URI
+ * patterns.
+ *
+ * Disabling CORS checks permits resources from other origins to load
+ * allowlisted resources. It does not permit the allowlisted resources
+ * to load resources from other origins.
+ *
+ * If this function is called multiple times, only the allowlist set by
+ * the most recent call will be effective.
+ *
+ * Since: 2.34
+ */
+void webkit_web_view_set_cors_allowlist(WebKitWebView* webView, const gchar* const* allowList)
+{
+ g_return_if_fail(WEBKIT_IS_WEB_VIEW(webView));
+
+ Vector<String> allowListVector;
+ if (allowList) {
+ for (auto str = allowList; *str; ++str)
+ allowListVector.append(String::fromUTF8(*str));
+ }
+
+ getPage(webView).setCORSDisablingPatterns(WTFMove(allowListVector));
+}
Modified: trunk/Source/WebKit/UIProcess/API/gtk/WebKitWebView.h (278455 => 278456)
--- trunk/Source/WebKit/UIProcess/API/gtk/WebKitWebView.h 2021-06-04 14:19:18 UTC (rev 278455)
+++ trunk/Source/WebKit/UIProcess/API/gtk/WebKitWebView.h 2021-06-04 14:22:43 UTC (rev 278456)
@@ -587,6 +587,9 @@
WEBKIT_API WebKitInputMethodContext *
webkit_web_view_get_input_method_context (WebKitWebView *web_view);
+WEBKIT_API void
+webkit_web_view_set_cors_allowlist (WebKitWebView *web_view,
+ const gchar * const *allowlist);
WEBKIT_API WebKitWebsitePolicies *
webkit_web_view_get_website_policies (WebKitWebView *web_view);
Modified: trunk/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt (278455 => 278456)
--- trunk/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt 2021-06-04 14:19:18 UTC (rev 278455)
+++ trunk/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt 2021-06-04 14:22:43 UTC (rev 278456)
@@ -292,6 +292,7 @@
webkit_web_view_get_website_policies
webkit_web_view_get_is_web_process_responsive
webkit_web_view_terminate_web_process
+webkit_web_view_set_cors_allowlist
<SUBSECTION WebKitJavascriptResult>
WebKitJavascriptResult
Modified: trunk/Source/WebKit/UIProcess/API/wpe/WebKitWebView.h (278455 => 278456)
--- trunk/Source/WebKit/UIProcess/API/wpe/WebKitWebView.h 2021-06-04 14:19:18 UTC (rev 278455)
+++ trunk/Source/WebKit/UIProcess/API/wpe/WebKitWebView.h 2021-06-04 14:22:43 UTC (rev 278456)
@@ -573,6 +573,10 @@
WEBKIT_API void
webkit_web_view_terminate_web_process (WebKitWebView *web_view);
+WEBKIT_API void
+webkit_web_view_set_cors_allowlist (WebKitWebView *web_view,
+ const gchar * const *allowlist);
+
G_END_DECLS
#endif
Modified: trunk/Source/WebKit/UIProcess/API/wpe/docs/wpe-1.0-sections.txt (278455 => 278456)
--- trunk/Source/WebKit/UIProcess/API/wpe/docs/wpe-1.0-sections.txt 2021-06-04 14:19:18 UTC (rev 278455)
+++ trunk/Source/WebKit/UIProcess/API/wpe/docs/wpe-1.0-sections.txt 2021-06-04 14:22:43 UTC (rev 278456)
@@ -264,6 +264,7 @@
webkit_web_view_get_website_policies
webkit_web_view_get_is_web_process_responsive
webkit_web_view_terminate_web_process
+webkit_web_view_set_cors_allowlist
<SUBSECTION WebKitJavascriptResult>
WebKitJavascriptResult
Modified: trunk/Tools/ChangeLog (278455 => 278456)
--- trunk/Tools/ChangeLog 2021-06-04 14:19:18 UTC (rev 278455)
+++ trunk/Tools/ChangeLog 2021-06-04 14:22:43 UTC (rev 278456)
@@ -1,3 +1,14 @@
+2021-06-04 Michael Catanzaro <mcatanz...@gnome.org>
+
+ [GTK][WPE] Expose setCORSDisablingPatterns
+ https://bugs.webkit.org/show_bug.cgi?id=219995
+
+ Reviewed by Carlos Garcia Campos.
+
+ * TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp:
+ (testWebViewCORSAllowlist):
+ (beforeAll):
+
2021-06-04 Aakash Jain <aakash_j...@apple.com>
[ews] Speed up ews status bubble loading speed
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp (278455 => 278456)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp 2021-06-04 14:19:18 UTC (rev 278455)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp 2021-06-04 14:22:43 UTC (rev 278456)
@@ -1608,6 +1608,57 @@
g_assert_true(webkit_web_view_get_is_web_process_responsive(test->m_webView));
}
+static void testWebViewCORSAllowlist(WebViewTest* test, gconstpointer)
+{
+ webkit_web_context_register_uri_scheme(test->m_webContext.get(), "foo",
+ [](WebKitURISchemeRequest* request, gpointer userData) {
+ GRefPtr<GInputStream> inputStream = adoptGRef(g_memory_input_stream_new());
+ const char* data = ""
+ g_memory_input_stream_add_data(G_MEMORY_INPUT_STREAM(inputStream.get()), data, strlen(data), nullptr);
+ webkit_uri_scheme_request_finish(request, inputStream.get(), strlen(data), "text/html");
+ }, nullptr, nullptr);
+
+ char html[] = "<html><script>let foo = 0; fetch('foo://bar/baz').then(response => { if (response.status === 200) foo = 42});</script></html>";
+ webkit_web_view_load_html(test->m_webView, html, "http://example.com");
+ test->waitUntilLoadFinished();
+
+ // Request is not allowed, foo should be 0.
+ GUniqueOutPtr<GError> error;
+ WebKitJavascriptResult* result = test->runJavaScriptAndWaitUntilFinished("foo;", &error.outPtr());
+ g_assert_no_error(error.get());
+ JSCValue* value = webkit_javascript_result_get_js_value(result);
+ g_assert_cmpint(jsc_value_to_int32(value), ==, 0);
+ webkit_javascript_result_unref(result);
+
+ // Allowlisting host alone does not work. Path is also required. foo should remain 0.
+ GUniquePtr<char*> allowlist(g_new(char*, 2));
+ allowlist.get()[0] = g_strdup("foo://*");
+ allowlist.get()[1] = nullptr;
+ webkit_web_view_set_cors_allowlist(test->m_webView, allowlist.get());
+
+ webkit_web_view_load_html(test->m_webView, html, "http://example.com");
+ test->waitUntilLoadFinished();
+ result = test->runJavaScriptAndWaitUntilFinished("foo;", &error.outPtr());
+ g_assert_no_error(error.get());
+ value = webkit_javascript_result_get_js_value(result);
+ g_assert_cmpint(jsc_value_to_int32(value), ==, 0);
+ webkit_javascript_result_unref(result);
+
+ // Finally let's properly allow our scheme. foo should now change to 42 when the request succeeds.
+ allowlist.reset(g_new(char*, 2));
+ allowlist.get()[0] = g_strdup("foo://*/*");
+ allowlist.get()[1] = nullptr;
+ webkit_web_view_set_cors_allowlist(test->m_webView, allowlist.get());
+
+ webkit_web_view_load_html(test->m_webView, html, "http://example.com");
+ test->waitUntilLoadFinished();
+ result = test->runJavaScriptAndWaitUntilFinished("foo;", &error.outPtr());
+ g_assert_no_error(error.get());
+ value = webkit_javascript_result_get_js_value(result);
+ g_assert_cmpint(jsc_value_to_int32(value), ==, 42);
+ webkit_javascript_result_unref(result);
+}
+
#if USE(SOUP2)
static void serverCallback(SoupServer* server, SoupMessage* message, const char* path, GHashTable*, SoupClientContext*, gpointer)
#else
@@ -1678,6 +1729,7 @@
WebViewTest::add("WebKitWebView", "is-web-process-responsive", testWebViewIsWebProcessResponsive);
WebViewTerminateWebProcessTest::add("WebKitWebView", "terminate-web-process", testWebViewTerminateWebProcess);
WebViewTerminateWebProcessTest::add("WebKitWebView", "terminate-unresponsive-web-process", testWebViewTerminateUnresponsiveWebProcess);
+ WebViewTest::add("WebKitWebView", "cors-allowlist", testWebViewCORSAllowlist);
}
void afterAll()
