Title: [283021] branches/safari-612-branch
- Revision
- 283021
- Author
- [email protected]
- Date
- 2021-09-23 19:57:50 -0700 (Thu, 23 Sep 2021)
Log Message
Revert r282084. rdar://problem/83429618
Modified Paths
Diff
Modified: branches/safari-612-branch/LayoutTests/imported/w3c/ChangeLog (283020 => 283021)
--- branches/safari-612-branch/LayoutTests/imported/w3c/ChangeLog 2021-09-24 01:02:51 UTC (rev 283020)
+++ branches/safari-612-branch/LayoutTests/imported/w3c/ChangeLog 2021-09-24 02:57:50 UTC (rev 283021)
@@ -1,50 +1,3 @@
-2021-09-23 Alan Coon <[email protected]>
-
- Cherry-pick r282084. rdar://problem/83429618
-
- [wpt-improvement] Improve CSP support for window reuse
- https://bugs.webkit.org/show_bug.cgi?id=229882
- <rdar://78416553>
-
- Reviewed by Chris Dumez.
-
- LayoutTests/imported/w3c:
-
- Rebaseline a test that now passes.
-
- * web-platform-tests/content-security-policy/sandbox/window-reuse-sandboxed-expected.txt:
-
- Source/WebCore:
-
- If window.open is used to host content with a CSP sandbox header, we should always
- create a new window, rather than reusing the existing one, unless the header
- includes 'allow-same-site'.
-
- This improves our WPT score.
-
- Tested by: imported/w3c/web-platform-tests/content-security-policy/sandbox/window-reuse-sandboxed.html
-
- * loader/DocumentLoader.cpp:
- (WebCore::DocumentLoader::responseReceived): Parse the HTTP headers earlier so we can
- make decisions based on their state.
- * loader/DocumentWriter.cpp:
- (WebCore::DocumentWriter::begin): Don't reuse the current window if 'allow-same-site'
- is not allowed.
-
- git-svn-id: https://svn.webkit.org/repository/webkit/trunk@282084 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
- 2021-09-07 Brent Fulgham <[email protected]>
-
- [wpt-improvement] Improve CSP support for window reuse
- https://bugs.webkit.org/show_bug.cgi?id=229882
- <rdar://78416553>
-
- Reviewed by Chris Dumez.
-
- Rebaseline a test that now passes.
-
- * web-platform-tests/content-security-policy/sandbox/window-reuse-sandboxed-expected.txt:
-
2021-09-16 Russell Epstein <[email protected]>
Cherry-pick r282017. rdar://problem/83183644
Modified: branches/safari-612-branch/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/sandbox/window-reuse-sandboxed-expected.txt (283020 => 283021)
--- branches/safari-612-branch/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/sandbox/window-reuse-sandboxed-expected.txt 2021-09-24 01:02:51 UTC (rev 283020)
+++ branches/safari-612-branch/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/sandbox/window-reuse-sandboxed-expected.txt 2021-09-24 02:57:50 UTC (rev 283021)
@@ -1,3 +1,3 @@
-PASS Window object should not be reused
+FAIL Window object should not be reused assert_equals: expected (undefined) undefined but got (string) "test"
Modified: branches/safari-612-branch/Source/WebCore/ChangeLog (283020 => 283021)
--- branches/safari-612-branch/Source/WebCore/ChangeLog 2021-09-24 01:02:51 UTC (rev 283020)
+++ branches/safari-612-branch/Source/WebCore/ChangeLog 2021-09-24 02:57:50 UTC (rev 283021)
@@ -1002,64 +1002,6 @@
(WebCore::SourceBufferParserWebM::TrackData::resetCompleted):
(WebCore::SourceBufferParserWebM::TrackData::reset):
-2021-09-23 Alan Coon <[email protected]>
-
- Cherry-pick r282084. rdar://problem/83429618
-
- [wpt-improvement] Improve CSP support for window reuse
- https://bugs.webkit.org/show_bug.cgi?id=229882
- <rdar://78416553>
-
- Reviewed by Chris Dumez.
-
- LayoutTests/imported/w3c:
-
- Rebaseline a test that now passes.
-
- * web-platform-tests/content-security-policy/sandbox/window-reuse-sandboxed-expected.txt:
-
- Source/WebCore:
-
- If window.open is used to host content with a CSP sandbox header, we should always
- create a new window, rather than reusing the existing one, unless the header
- includes 'allow-same-site'.
-
- This improves our WPT score.
-
- Tested by: imported/w3c/web-platform-tests/content-security-policy/sandbox/window-reuse-sandboxed.html
-
- * loader/DocumentLoader.cpp:
- (WebCore::DocumentLoader::responseReceived): Parse the HTTP headers earlier so we can
- make decisions based on their state.
- * loader/DocumentWriter.cpp:
- (WebCore::DocumentWriter::begin): Don't reuse the current window if 'allow-same-site'
- is not allowed.
-
- git-svn-id: https://svn.webkit.org/repository/webkit/trunk@282084 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
- 2021-09-07 Brent Fulgham <[email protected]>
-
- [wpt-improvement] Improve CSP support for window reuse
- https://bugs.webkit.org/show_bug.cgi?id=229882
- <rdar://78416553>
-
- Reviewed by Chris Dumez.
-
- If window.open is used to host content with a CSP sandbox header, we should always
- create a new window, rather than reusing the existing one, unless the header
- includes 'allow-same-site'.
-
- This improves our WPT score.
-
- Tested by: imported/w3c/web-platform-tests/content-security-policy/sandbox/window-reuse-sandboxed.html
-
- * loader/DocumentLoader.cpp:
- (WebCore::DocumentLoader::responseReceived): Parse the HTTP headers earlier so we can
- make decisions based on their state.
- * loader/DocumentWriter.cpp:
- (WebCore::DocumentWriter::begin): Don't reuse the current window if 'allow-same-site'
- is not allowed.
-
2021-09-22 Alan Coon <[email protected]>
Cherry-pick r280705. rdar://problem/83430104
Modified: branches/safari-612-branch/Source/WebCore/loader/DocumentLoader.cpp (283020 => 283021)
--- branches/safari-612-branch/Source/WebCore/loader/DocumentLoader.cpp 2021-09-24 01:02:51 UTC (rev 283020)
+++ branches/safari-612-branch/Source/WebCore/loader/DocumentLoader.cpp 2021-09-24 02:57:50 UTC (rev 283021)
@@ -919,12 +919,6 @@
{
ASSERT_UNUSED(resource, m_mainResource == &resource);
- if (!response.httpHeaderField(HTTPHeaderName::ContentSecurityPolicy).isNull()) {
- m_contentSecurityPolicy = makeUnique<ContentSecurityPolicy>(URL { response.url() }, nullptr);
- m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders { response }, m_request.httpReferrer(), ContentSecurityPolicy::ReportParsingErrors::No);
- } else
- m_contentSecurityPolicy = nullptr;
-
#if ENABLE(RESOURCE_LOAD_STATISTICS)
// FIXME(218779): Remove this quirk once microsoft.com completes their login flow redesign.
if (m_frame && m_frame->document()) {
Modified: branches/safari-612-branch/Source/WebCore/loader/DocumentWriter.cpp (283020 => 283021)
--- branches/safari-612-branch/Source/WebCore/loader/DocumentWriter.cpp 2021-09-24 01:02:51 UTC (rev 283020)
+++ branches/safari-612-branch/Source/WebCore/loader/DocumentWriter.cpp 2021-09-24 02:57:50 UTC (rev 283021)
@@ -142,12 +142,6 @@
&& m_frame->document()->isSecureTransitionTo(url)
&& (m_frame->window() && !m_frame->window()->wasWrappedWithoutInitializedSecurityOrigin() && m_frame->window()->mayReuseForNavigation());
- if (shouldReuseDefaultView) {
- ASSERT(m_frame->loader().documentLoader());
- if (auto* contentSecurityPolicy = m_frame->loader().documentLoader()->contentSecurityPolicy())
- shouldReuseDefaultView = !(contentSecurityPolicy->sandboxFlags() & SandboxOrigin);
- }
-
// Temporarily extend the lifetime of the existing document so that FrameLoader::clear() doesn't destroy it as
// we need to retain its ongoing set of upgraded requests in new navigation contexts per <http://www.w3.org/TR/upgrade-insecure-requests/>
// and we may also need to inherit its Content Security Policy below.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
