Diff
Modified: branches/safari-612-branch/LayoutTests/ChangeLog (283930 => 283931)
--- branches/safari-612-branch/LayoutTests/ChangeLog 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/LayoutTests/ChangeLog 2021-10-11 20:14:05 UTC (rev 283931)
@@ -1,3 +1,16 @@
+2021-10-04 Chris Dumez <[email protected]>
+
+ Use isolated NSURLSessions for each first party registrable domain
+ https://bugs.webkit.org/show_bug.cgi?id=230750
+ <rdar://83159358>
+
+ Reviewed by Alex Christensen.
+
+ This test is now passing more checks on WebKit2 but still completely fails on WebKit1 so I am
+ adding a WK1-specific baseline.
+
+ * platform/mac-wk1/imported/w3c/web-platform-tests/fetch/connection-pool/network-partition-key-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/fetch/connection-pool/network-partition-key-expected.txt.
+
2021-09-16 Chris Dumez <[email protected]>
Add violations reporting support for Cross-Origin-Embedder-Policy
Deleted: branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction-expected.txt (283930 => 283931)
--- branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction-expected.txt 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction-expected.txt 2021-10-11 20:14:05 UTC (rev 283931)
@@ -1,12 +0,0 @@
-Tests that the session is not switched upon top frame navigation to a prevalent resource without user interaction.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Should have and has the session cookie.
-PASS Should have and has the persistent cookie.
-PASS Origin has no isolated session.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
Deleted: branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction.py (283930 => 283931)
--- branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction.py 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction.py 2021-10-11 20:14:05 UTC (rev 283931)
@@ -1,117 +0,0 @@
-#!/usr/bin/env python3
-
-import sys
-
-sys.stdout.write(
- 'Cache-Control: no-store\r\n'
- 'Content-Type: text/html\r\n\r\n'
-)
-
-print('''<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="UTF-8">
- <script src=""
- <script src=""
-</head>
-<body _onload_="runTest()">
-<script>
- description("Tests that the session is not switched upon top frame navigation to a prevalent resource without user interaction.");
- jsTestIsAsync = true;
-
- const prevalentOrigin = "http://127.0.0.1:8000";
- const nonPrevalentOrigin = "http://localhost:8000";
- const sessionCookieName = "sessionCookie";
- const persistentCookieName = "persistentCookie";
- const twoMinutesInSeconds = 120;
-
- function setSessionCookie() {
- document.cookie = sessionCookieName + "=1; path=/";
- }
-
- function setPersistentCookie() {
- document.cookie = persistentCookieName + "=1; path=/; Max-Age=" + twoMinutesInSeconds + ";";
- }
-
- function checkCookies(shouldHaveSessionCookie, shouldHavePersistentCookie) {
- let hasSessionCookie = (document.cookie + "").includes(sessionCookieName),
- hasPersistentCookie = (document.cookie + "").includes(persistentCookieName);
-
- if (shouldHaveSessionCookie && hasSessionCookie)
- testPassed("Should have and has the session cookie.");
- else if (shouldHaveSessionCookie && !hasSessionCookie) {
- testFailed("Should have but doesn\'t have the session cookie.");
- setEnableFeature(false, finishJSTest);
- } else if (!shouldHaveSessionCookie && hasSessionCookie) {
- testFailed("Shouldn\'t have but has the session cookie.");
- setEnableFeature(false, finishJSTest);
- } else
- testPassed("Shouldn\'t have and doesn\'t have the session cookie.");
-
-
- if (shouldHavePersistentCookie && hasPersistentCookie)
- testPassed("Should have and has the persistent cookie.");
- else if (shouldHavePersistentCookie && !hasPersistentCookie) {
- testFailed("Should have but doesn\'t have the persistent cookie.");
- setEnableFeature(false, finishJSTest);
- } else if (!shouldHavePersistentCookie && hasPersistentCookie) {
- testFailed("Shouldn\'t have but has the persistent cookie.");
- setEnableFeature(false, finishJSTest);
- } else
- testPassed("Shouldn\'t have and doesn\'t have the persistent cookie.");
- }
-
- function runTest() {
- switch (document.location.hash) {
- case "":
- if (document.location.origin !== prevalentOrigin)
- testFailed("Test is not starting out on " + prevalentOrigin + ".");
-
- setEnableFeature(true, function () {
- if (testRunner.isStatisticsPrevalentResource(prevalentOrigin))
- testFailed(prevalentOrigin + " was classified as prevalent resource before the test starts.");
- document.location.hash = "step1";
- runTest();
- });
- case "#step1":
- setSessionCookie();
- setPersistentCookie();
- checkCookies(true, true);
- if (testRunner.hasStatisticsIsolatedSession(prevalentOrigin)) {
- testFailed("Origin has isolated session.");
- setEnableFeature(false, finishJSTest);
- } else
- testPassed("Origin has no isolated session.");
- document.location.href = "" + "/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction.py#step2";
- break;
- case "#step2":
- document.location.hash = "step3";
- if (document.location.origin !== nonPrevalentOrigin)
- testFailed("Step 2 is not on " + nonPrevalentOrigin + ".");
- testRunner.setStatisticsPrevalentResource(prevalentOrigin, true, function() {
- if (!testRunner.isStatisticsPrevalentResource(prevalentOrigin)) {
- testFailed(prevalentOrigin + " did not get set as prevalent resource.");
- setEnableFeature(false, finishJSTest);
- }
- testRunner.statisticsUpdateCookieBlocking(runTest);
- });
- break;
- case "#step3":
- document.location.href = "" + "/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction.py#step4";
- break;
- case "#step4":
- checkCookies(true, true);
- if (testRunner.hasStatisticsIsolatedSession(prevalentOrigin))
- testFailed("Origin has isolated session.");
- else
- testPassed("Origin has no isolated session.");
- setEnableFeature(false, finishJSTest);
- break;
- default:
- testFailed("Unknown hash.");
- setEnableFeature(false, finishJSTest);
- }
- }
-</script>
-</body>
-</html>''')
\ No newline at end of file
Deleted: branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction-expected.txt (283930 => 283931)
--- branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction-expected.txt 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction-expected.txt 2021-10-11 20:14:05 UTC (rev 283931)
@@ -1,12 +0,0 @@
-Tests that the session is switched upon top frame navigation to a prevalent resource with user interaction.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Should have and has the session cookie.
-PASS Should have and has the persistent cookie.
-PASS Origin has isolated session.
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
Deleted: branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction.py (283930 => 283931)
--- branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction.py 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction.py 2021-10-11 20:14:05 UTC (rev 283931)
@@ -1,119 +0,0 @@
-#!/usr/bin/env python3
-
-import sys
-
-sys.stdout.write(
- 'Cache-Control: no-store\r\n'
- 'Content-Type: text/html\r\n\r\n'
-)
-
-print('''<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="UTF-8">
- <script src=""
- <script src=""
-</head>
-<body _onload_="runTest()">
-<script>
- description("Tests that the session is switched upon top frame navigation to a prevalent resource with user interaction.");
- jsTestIsAsync = true;
-
- const prevalentOrigin = "http://127.0.0.1:8000";
- const nonPrevalentOrigin = "http://localhost:8000";
- const sessionCookieName = "sessionCookie";
- const persistentCookieName = "persistentCookie";
- const twoMinutesInSeconds = 120;
-
- function setSessionCookie() {
- document.cookie = sessionCookieName + "=1; path=/";
- }
-
- function setPersistentCookie() {
- document.cookie = persistentCookieName + "=1; path=/; Max-Age=" + twoMinutesInSeconds + ";";
- }
-
- function checkCookies(shouldHaveSessionCookie, shouldHavePersistentCookie) {
- let hasSessionCookie = (document.cookie + "").includes(sessionCookieName),
- hasPersistentCookie = (document.cookie + "").includes(persistentCookieName);
-
- if (shouldHaveSessionCookie && hasSessionCookie)
- testPassed("Should have and has the session cookie.");
- else if (shouldHaveSessionCookie && !hasSessionCookie) {
- testFailed("Should have but doesn\'t have the session cookie.");
- setEnableFeature(false, finishJSTest);
- } else if (!shouldHaveSessionCookie && hasSessionCookie) {
- testFailed("Shouldn\'t have but has the session cookie.");
- setEnableFeature(false, finishJSTest);
- } else
- testPassed("Shouldn\'t have and doesn\'t have the session cookie.");
-
-
- if (shouldHavePersistentCookie && hasPersistentCookie)
- testPassed("Should have and has the persistent cookie.");
- else if (shouldHavePersistentCookie && !hasPersistentCookie) {
- testFailed("Should have but doesn\'t have the persistent cookie.");
- setEnableFeature(false, finishJSTest);
- } else if (!shouldHavePersistentCookie && hasPersistentCookie) {
- testFailed("Shouldn\'t have but has the persistent cookie.");
- setEnableFeature(false, finishJSTest);
- } else
- testPassed("Shouldn\'t have and doesn\'t have the persistent cookie.");
- }
-
- function runTest() {
- switch (document.location.hash) {
- case "":
- if (document.location.origin !== prevalentOrigin)
- testFailed("Test is not starting out on " + prevalentOrigin + ".");
- setEnableFeature(true, function () {
- if (testRunner.isStatisticsPrevalentResource(prevalentOrigin))
- testFailed(prevalentOrigin + " was classified as prevalent resource before the test starts.");
- document.location.hash = "step1";
- runTest();
- });
- break;
- case "#step1":
- testRunner.setStatisticsHasHadUserInteraction(prevalentOrigin, true, function() {
- setSessionCookie();
- setPersistentCookie();
- checkCookies(true, true);
- if (testRunner.hasStatisticsIsolatedSession(prevalentOrigin)) {
- testFailed("Origin has isolated session.");
- setEnableFeature(false, finishJSTest);
- } else
- testPassed("Origin has no isolated session.");
- document.location.href = "" + "/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction.py#step2";
- });
- break;
- case "#step2":
- document.location.hash = "step3";
- if (document.location.origin !== nonPrevalentOrigin)
- testFailed("Step 2 is not on " + nonPrevalentOrigin + ".");
- testRunner.setStatisticsPrevalentResource(prevalentOrigin, true, function() {
- if (!testRunner.isStatisticsPrevalentResource(prevalentOrigin)) {
- testFailed(prevalentOrigin + " did not get set as prevalent resource.");
- setEnableFeature(false, finishJSTest);
- }
- testRunner.statisticsUpdateCookieBlocking(runTest);
- });
- break;
- case "#step3":
- document.location.href = "" + "/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction.py#step4";
- break;
- case "#step4":
- checkCookies(true, true);
- if (testRunner.hasStatisticsIsolatedSession(prevalentOrigin))
- testPassed("Origin has isolated session.");
- else
- testFailed("Origin has no isolated session.");
- setEnableFeature(false, finishJSTest);
- break;
- default:
- testFailed("Unknown hash.");
- setEnableFeature(false, finishJSTest);
- }
- }
-</script>
-</body>
-</html>''')
\ No newline at end of file
Copied: branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-without-interaction-expected.txt (from rev 283929, branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction-expected.txt) (0 => 283931)
--- branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-without-interaction-expected.txt (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-without-interaction-expected.txt 2021-10-11 20:14:05 UTC (rev 283931)
@@ -0,0 +1,12 @@
+Tests that the session is switched upon top frame navigation to a prevalent resource without user interaction.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Should have and has the session cookie.
+PASS Should have and has the persistent cookie.
+PASS Origin has isolated session.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Copied: branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-without-interaction.py (from rev 283929, branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction.py) (0 => 283931)
--- branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-without-interaction.py (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-without-interaction.py 2021-10-11 20:14:05 UTC (rev 283931)
@@ -0,0 +1,119 @@
+#!/usr/bin/env python3
+
+import sys
+
+sys.stdout.write(
+ 'Cache-Control: no-store\r\n'
+ 'Content-Type: text/html\r\n\r\n'
+)
+
+print('''<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <script src=""
+ <script src=""
+</head>
+<body _onload_="runTest()">
+<script>
+ description("Tests that the session is switched upon top frame navigation to a prevalent resource without user interaction.");
+ jsTestIsAsync = true;
+
+ const prevalentOrigin = "http://127.0.0.1:8000";
+ const nonPrevalentOrigin = "http://localhost:8000";
+ const sessionCookieName = "sessionCookie";
+ const persistentCookieName = "persistentCookie";
+ const twoMinutesInSeconds = 120;
+
+ function setSessionCookie() {
+ document.cookie = sessionCookieName + "=1; path=/";
+ }
+
+ function setPersistentCookie() {
+ document.cookie = persistentCookieName + "=1; path=/; Max-Age=" + twoMinutesInSeconds + ";";
+ }
+
+ function checkCookies(shouldHaveSessionCookie, shouldHavePersistentCookie) {
+ let hasSessionCookie = (document.cookie + "").includes(sessionCookieName),
+ hasPersistentCookie = (document.cookie + "").includes(persistentCookieName);
+
+ if (shouldHaveSessionCookie && hasSessionCookie)
+ testPassed("Should have and has the session cookie.");
+ else if (shouldHaveSessionCookie && !hasSessionCookie) {
+ testFailed("Should have but doesn\'t have the session cookie.");
+ setEnableFeature(false, finishJSTest);
+ } else if (!shouldHaveSessionCookie && hasSessionCookie) {
+ testFailed("Shouldn\'t have but has the session cookie.");
+ setEnableFeature(false, finishJSTest);
+ } else
+ testPassed("Shouldn\'t have and doesn\'t have the session cookie.");
+
+
+ if (shouldHavePersistentCookie && hasPersistentCookie)
+ testPassed("Should have and has the persistent cookie.");
+ else if (shouldHavePersistentCookie && !hasPersistentCookie) {
+ testFailed("Should have but doesn\'t have the persistent cookie.");
+ setEnableFeature(false, finishJSTest);
+ } else if (!shouldHavePersistentCookie && hasPersistentCookie) {
+ testFailed("Shouldn\'t have but has the persistent cookie.");
+ setEnableFeature(false, finishJSTest);
+ } else
+ testPassed("Shouldn\'t have and doesn\'t have the persistent cookie.");
+ }
+
+ function runTest() {
+ switch (document.location.hash) {
+ case "":
+ if (document.location.origin !== prevalentOrigin)
+ testFailed("Test is not starting out on " + prevalentOrigin + ".");
+
+ setEnableFeature(true, function () {
+ if (testRunner.isStatisticsPrevalentResource(prevalentOrigin))
+ testFailed(prevalentOrigin + " was classified as prevalent resource before the test starts.");
+ document.location.hash = "step1";
+ runTest();
+ });
+ break;
+ case "#step1":
+ setSessionCookie();
+ setPersistentCookie();
+ checkCookies(true, true);
+ if (testRunner.hasStatisticsIsolatedSession(prevalentOrigin))
+ testPassed("Origin has isolated session.");
+ else {
+ testFailed("Origin has no isolated session.");
+ setEnableFeature(false, finishJSTest);
+ }
+ document.location.href = "" + "/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-without-interaction.py#step2";
+ break;
+ case "#step2":
+ document.location.hash = "step3";
+ if (document.location.origin !== nonPrevalentOrigin)
+ testFailed("Step 2 is not on " + nonPrevalentOrigin + ".");
+ testRunner.setStatisticsPrevalentResource(prevalentOrigin, true, function() {
+ if (!testRunner.isStatisticsPrevalentResource(prevalentOrigin)) {
+ testFailed(prevalentOrigin + " did not get set as prevalent resource.");
+ setEnableFeature(false, finishJSTest);
+ }
+ testRunner.statisticsUpdateCookieBlocking(runTest);
+ });
+ break;
+ case "#step3":
+ document.location.href = "" + "/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-without-interaction.py#step4";
+ break;
+ case "#step4":
+ checkCookies(true, true);
+ if (testRunner.hasStatisticsIsolatedSession(prevalentOrigin))
+ testPassed("Origin has isolated session.");
+ else
+ testFailed("Origin has no isolated session.");
+ setEnableFeature(false, finishJSTest);
+ break;
+ default:
+ testFailed("Unknown hash.");
+ setEnableFeature(false, finishJSTest);
+ }
+ }
+</script>
+</body>
+</html>''')
Modified: branches/safari-612-branch/LayoutTests/imported/w3c/ChangeLog (283930 => 283931)
--- branches/safari-612-branch/LayoutTests/imported/w3c/ChangeLog 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/LayoutTests/imported/w3c/ChangeLog 2021-10-11 20:14:05 UTC (rev 283931)
@@ -1,3 +1,15 @@
+2021-10-04 Chris Dumez <[email protected]>
+
+ Use isolated NSURLSessions for each first party registrable domain
+ https://bugs.webkit.org/show_bug.cgi?id=230750
+ <rdar://83159358>
+
+ Reviewed by Alex Christensen.
+
+ Rebaseline WPT test that is now passing more checks.
+
+ * web-platform-tests/fetch/connection-pool/network-partition-key-expected.txt:
+
2021-09-28 Chris Dumez <[email protected]>
Move Cross-Origin-Opener-Policy handling to the NetworkProcess
Modified: branches/safari-612-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/connection-pool/network-partition-key-expected.txt (283930 => 283931)
--- branches/safari-612-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/connection-pool/network-partition-key-expected.txt 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/connection-pool/network-partition-key-expected.txt 2021-10-11 20:14:05 UTC (rev 283931)
@@ -1,12 +1,12 @@
-FAIL With credentials promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
-FAIL Without credentials promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
-FAIL Cross-site resources with credentials promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
-FAIL Cross-site resources without credentials promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
-FAIL Iframes promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
-FAIL Workers promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
-FAIL Workers with cross-site resources promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
+PASS With credentials
+PASS Without credentials
+PASS Cross-site resources with credentials
+PASS Cross-site resources without credentials
+PASS Iframes
+PASS Workers
+PASS Workers with cross-site resources
FAIL CSP sandbox promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
FAIL about:blank from opaque origin iframe promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
Modified: branches/safari-612-branch/LayoutTests/platform/gtk/TestExpectations (283930 => 283931)
--- branches/safari-612-branch/LayoutTests/platform/gtk/TestExpectations 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/LayoutTests/platform/gtk/TestExpectations 2021-10-11 20:14:05 UTC (rev 283931)
@@ -898,8 +898,6 @@
webkit.org/b/209727 fast/forms/placeholder-content-line-height.html [ ImageOnlyFailure ]
-webkit.org/b/210487 http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction.py [ Failure ]
-
webkit.org/b/210796 http/tests/resourceLoadStatistics/standalone-web-application-exempt-from-website-data-deletion.html [ Failure ]
webkit.org/b/210849 compositing/overflow/rtl-scrollbar-layer-positioning.html [ Failure ]
Copied: branches/safari-612-branch/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/connection-pool/network-partition-key-expected.txt (from rev 283929, branches/safari-612-branch/LayoutTests/imported/w3c/web-platform-tests/fetch/connection-pool/network-partition-key-expected.txt) (0 => 283931)
--- branches/safari-612-branch/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/connection-pool/network-partition-key-expected.txt (rev 0)
+++ branches/safari-612-branch/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/connection-pool/network-partition-key-expected.txt 2021-10-11 20:14:05 UTC (rev 283931)
@@ -0,0 +1,12 @@
+
+
+FAIL With credentials promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
+FAIL Without credentials promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
+FAIL Cross-site resources with credentials promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
+FAIL Cross-site resources without credentials promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
+FAIL Iframes promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
+FAIL Workers promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
+FAIL Workers with cross-site resources promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
+FAIL CSP sandbox promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
+FAIL about:blank from opaque origin iframe promise_test: Unhandled rejection with value: "assert_equals: Socket unexpectedly reused expected \"ok\" but got \"Multiple partition IDs used on a socket\""
+
Modified: branches/safari-612-branch/LayoutTests/platform/wpe/TestExpectations (283930 => 283931)
--- branches/safari-612-branch/LayoutTests/platform/wpe/TestExpectations 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/LayoutTests/platform/wpe/TestExpectations 2021-10-11 20:14:05 UTC (rev 283931)
@@ -594,8 +594,6 @@
webkit.org/b/210262 fast/selectors/text-field-selection-stroke-color.html [ ImageOnlyFailure ]
webkit.org/b/210262 fast/selectors/text-field-selection-text-shadow.html [ ImageOnlyFailure ]
-webkit.org/b/210487 http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction.py [ Failure ]
-
webkit.org/b/211563 fast/text-indicator/text-indicator-estimated-color-with-implicit-newline.html [ Failure ]
# Only enabled on Mac/iOS so far.
Modified: branches/safari-612-branch/Source/WebCore/ChangeLog (283930 => 283931)
--- branches/safari-612-branch/Source/WebCore/ChangeLog 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/Source/WebCore/ChangeLog 2021-10-11 20:14:05 UTC (rev 283931)
@@ -1,3 +1,19 @@
+2021-10-04 Chris Dumez <[email protected]>
+
+ Use isolated NSURLSessions for each first party registrable domain
+ https://bugs.webkit.org/show_bug.cgi?id=230750
+ <rdar://83159358>
+
+ Reviewed by Alex Christensen.
+
+ Fix bug where service worker soft-update requests would have their "first-party-for-cookies"
+ field set to "https:" instead of a full origin (e.g. "https://localhost:8080"). This was
+ causing some service worker test failures now that we use different NSURLSession based on
+ the "first-party-for-cookies" field.
+
+ * workers/service/server/SWServer.cpp:
+ (WebCore::originURL):
+
2021-09-28 Chris Dumez <[email protected]>
Move Cross-Origin-Opener-Policy handling to the NetworkProcess
Modified: branches/safari-612-branch/Source/WebCore/workers/service/server/SWServer.cpp (283930 => 283931)
--- branches/safari-612-branch/Source/WebCore/workers/service/server/SWServer.cpp 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/Source/WebCore/workers/service/server/SWServer.cpp 2021-10-11 20:14:05 UTC (rev 283931)
@@ -440,11 +440,7 @@
URL static inline originURL(const SecurityOrigin& origin)
{
- URL url;
- url.setProtocol(origin.protocol());
- url.setHost(origin.host());
- url.setPort(origin.port());
- return url;
+ return URL(URL(), origin.data().toString());
}
void SWServer::startScriptFetch(const ServiceWorkerJobData& jobData, SWServerRegistration& registration)
Modified: branches/safari-612-branch/Source/WebKit/ChangeLog (283930 => 283931)
--- branches/safari-612-branch/Source/WebKit/ChangeLog 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/Source/WebKit/ChangeLog 2021-10-11 20:14:05 UTC (rev 283931)
@@ -1,3 +1,24 @@
+2021-10-04 Chris Dumez <[email protected]>
+
+ Use isolated NSURLSessions for each first party registrable domain
+ https://bugs.webkit.org/show_bug.cgi?id=230750
+ <rdar://83159358>
+
+ Reviewed by Alex Christensen.
+
+ Previously would use up to 10 isolated NSURLSessions only for domains marked as prevalent
+ by ITP *and* that the user interacts with as first party website. We now use different
+ isolated NSURLSession for each top-level registrable domain, not matter their ITP status.
+ This significantly improves privacy.
+
+ To avoid having too many NSURLSession, we clear the ones that haven't been used in the
+ last 10 minutes, every time we add a new one.
+
+ * NetworkProcess/cocoa/NetworkSessionCocoa.h:
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (WebKit::NetworkSessionCocoa::sessionWrapperForTask):
+ (WebKit::SessionSet::isolatedSession):
+
2021-09-28 Chris Dumez <[email protected]>
Move Cross-Origin-Opener-Policy handling to the NetworkProcess
Modified: branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h (283930 => 283931)
--- branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h 2021-10-11 20:14:05 UTC (rev 283931)
@@ -91,6 +91,8 @@
bool tryPasswordBasedAuthentication(const WebCore::AuthenticationChallenge&, ChallengeCompletionHandler&);
void applySniffingPoliciesAndBindRequestToInferfaceIfNeeded(RetainPtr<NSURLRequest>&, bool shouldContentSniff, bool shouldContentEncodingSniff);
+ void swapSessionIfNecessary(WebCore::ResourceRequest&);
+ void initializeDataTask(const WebCore::ResourceRequest&);
#if ENABLE(RESOURCE_LOAD_STATISTICS)
static NSHTTPCookieStorage *statelessCookieStorage();
@@ -123,6 +125,10 @@
bool m_isAlwaysOnLoggingAllowed { false };
WebCore::ShouldRelaxThirdPartyCookieBlocking m_shouldRelaxThirdPartyCookieBlocking { WebCore::ShouldRelaxThirdPartyCookieBlocking::No };
RefPtr<WebCore::SecurityOrigin> m_sourceOrigin;
+ std::optional<NavigatingToAppBoundDomain> m_isNavigatingToAppBoundDomain;
+#if HAVE(NW_ACTIVITY)
+ RetainPtr<nw_activity_t> m_nwActivity;
+#endif
};
WebCore::Credential serverTrustCredential(const WebCore::AuthenticationChallenge&);
Modified: branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (283930 => 283931)
--- branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2021-10-11 20:14:05 UTC (rev 283931)
@@ -302,6 +302,10 @@
, m_isAlwaysOnLoggingAllowed(computeIsAlwaysOnLoggingAllowed(session))
, m_shouldRelaxThirdPartyCookieBlocking(parameters.shouldRelaxThirdPartyCookieBlocking)
, m_sourceOrigin(parameters.sourceOrigin)
+ , m_isNavigatingToAppBoundDomain(parameters.isNavigatingToAppBoundDomain)
+#if HAVE(NW_ACTIVITY)
+ , m_nwActivity(parameters.networkActivityTracker ? parameters.networkActivityTracker->getPlatformObject() : nullptr)
+#endif
{
auto request = parameters.request;
auto url = ""
@@ -328,14 +332,6 @@
}
#endif
- bool shouldBlockCookies = false;
-#if ENABLE(RESOURCE_LOAD_STATISTICS)
- shouldBlockCookies = m_storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::EphemeralStateless;
- if (auto* networkStorageSession = session.networkStorageSession()) {
- if (!shouldBlockCookies)
- shouldBlockCookies = networkStorageSession->shouldBlockCookies(request, frameID(), pageID(), m_shouldRelaxThirdPartyCookieBlocking);
- }
-#endif
restrictRequestReferrerToOriginIfNeeded(request);
RetainPtr<NSURLRequest> nsRequest = request.nsURLRequest(WebCore::HTTPBodyUpdatePolicy::UpdateHTTPBody);
@@ -374,7 +370,21 @@
#endif
}
+ initializeDataTask(request);
+}
+
+void NetworkDataTaskCocoa::initializeDataTask(const WebCore::ResourceRequest& request)
+{
+ bool shouldBlockCookies = false;
#if ENABLE(RESOURCE_LOAD_STATISTICS)
+ shouldBlockCookies = m_storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::EphemeralStateless;
+ if (auto* networkStorageSession = m_session->networkStorageSession()) {
+ if (!shouldBlockCookies)
+ shouldBlockCookies = networkStorageSession->shouldBlockCookies(request, frameID(), pageID(), m_shouldRelaxThirdPartyCookieBlocking);
+ }
+#endif
+
+#if ENABLE(RESOURCE_LOAD_STATISTICS)
#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
applyCookiePolicyForThirdPartyCNAMECloaking(request);
#endif
@@ -381,7 +391,7 @@
if (shouldBlockCookies) {
#if !RELEASE_LOG_DISABLED
if (m_session->shouldLogCookieInformation())
- RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), Network, "%p - NetworkDataTaskCocoa::logCookieInformation: pageID=%" PRIu64 ", frameID=%" PRIu64 ", taskID=%lu: Blocking cookies for URL %s", this, pageID().toUInt64(), frameID().toUInt64(), (unsigned long)[m_task taskIdentifier], [nsRequest URL].absoluteString.UTF8String);
+ RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), Network, "%p - NetworkDataTaskCocoa::logCookieInformation: pageID=%" PRIu64 ", frameID=%" PRIu64 ", taskID=%lu: Blocking cookies for URL %s", this, pageID().toUInt64(), frameID().toUInt64(), (unsigned long)[m_task taskIdentifier], request.url().string().utf8().data());
#else
LOG(NetworkSession, "%lu Blocking cookies for URL %s", (unsigned long)[m_task taskIdentifier], [nsRequest URL].absoluteString.UTF8String);
#endif
@@ -395,8 +405,8 @@
updateTaskWithFirstPartyForSameSiteCookies(m_task.get(), request);
#if HAVE(NW_ACTIVITY)
- if (parameters.networkActivityTracker)
- m_task.get()._nw_activity = parameters.networkActivityTracker->getPlatformObject();
+ if (m_nwActivity)
+ m_task.get()._nw_activity = m_nwActivity.get();
#endif
}
@@ -543,8 +553,10 @@
m_client->willPerformHTTPRedirection(WTFMove(redirectResponse), WTFMove(request), [completionHandler = WTFMove(completionHandler), this, weakThis = makeWeakPtr(*this)] (auto&& request) mutable {
if (!weakThis || !m_session)
return completionHandler({ });
- if (!request.isNull())
+ if (!request.isNull()) {
restrictRequestReferrerToOriginIfNeeded(request);
+ swapSessionIfNecessary(request);
+ }
completionHandler(WTFMove(request));
});
else {
@@ -553,6 +565,29 @@
}
}
+void NetworkDataTaskCocoa::swapSessionIfNecessary(WebCore::ResourceRequest& request)
+{
+ // We only swap session based on first party registrable domain so only redirects of top level navigations may swap session (when redirecting cross-site).
+ if (!isTopLevelNavigation())
+ return;
+
+ auto& updatedSession = static_cast<NetworkSessionCocoa&>(*m_session).sessionWrapperForTask(m_webPageProxyID, request, m_storedCredentialsPolicy, m_isNavigatingToAppBoundDomain);
+ if (!m_sessionWrapper || m_sessionWrapper == &updatedSession)
+ return;
+
+ auto previousTask = std::exchange(m_task, nullptr);
+
+ m_sessionWrapper->dataTaskMap.remove([previousTask taskIdentifier]);
+ m_sessionWrapper = makeWeakPtr(updatedSession);
+
+ m_task = [m_sessionWrapper->session dataTaskWithRequest:request.nsURLRequest(WebCore::HTTPBodyUpdatePolicy::UpdateHTTPBody)];
+ m_sessionWrapper->dataTaskMap.add([m_task taskIdentifier], this);
+
+ initializeDataTask(request);
+ [m_task resume];
+ request = { };
+}
+
void NetworkDataTaskCocoa::setPendingDownloadLocation(const WTF::String& filename, SandboxExtension::Handle&& sandboxExtensionHandle, bool allowOverwrite)
{
NetworkDataTask::setPendingDownloadLocation(filename, { }, allowOverwrite);
Modified: branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h (283930 => 283931)
--- branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h 2021-10-11 20:14:05 UTC (rev 283931)
@@ -69,7 +69,7 @@
public:
SessionWrapper sessionWithCredentialStorage;
SessionWrapper sessionWithoutCredentialStorage;
- WallTime lastUsed;
+ MonotonicTime lastUsed;
};
struct SessionSet : public RefCounted<SessionSet>, public CanMakeWeakPtr<SessionSet> {
Modified: branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (283930 => 283931)
--- branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2021-10-11 20:10:13 UTC (rev 283930)
+++ branches/safari-612-branch/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2021-10-11 20:14:05 UTC (rev 283931)
@@ -97,8 +97,6 @@
CFStringRef const WebKit2HTTPProxyDefaultsKey = static_cast<CFStringRef>(@"WebKit2HTTPProxy");
CFStringRef const WebKit2HTTPSProxyDefaultsKey = static_cast<CFStringRef>(@"WebKit2HTTPSProxy");
-constexpr unsigned maxNumberOfIsolatedSessions { 10 };
-
static NSURLSessionResponseDisposition toNSURLSessionResponseDisposition(WebCore::PolicyAction disposition)
{
switch (disposition) {
@@ -1438,14 +1436,6 @@
auto shouldBeConsideredAppBound = isNavigatingToAppBoundDomain ? *isNavigatingToAppBoundDomain : NavigatingToAppBoundDomain::Yes;
if (isParentProcessAFullWebBrowser(networkProcess()))
shouldBeConsideredAppBound = NavigatingToAppBoundDomain::No;
-#if ENABLE(RESOURCE_LOAD_STATISTICS)
- if (auto* storageSession = networkStorageSession()) {
- auto firstParty = WebCore::RegistrableDomain(request.firstPartyForCookies());
- if (storageSession->shouldBlockThirdPartyCookiesButKeepFirstPartyCookiesFor(firstParty))
- return sessionSetForPage(webPageProxyID).isolatedSession(storedCredentialsPolicy, firstParty, shouldBeConsideredAppBound, *this);
- } else
- ASSERT_NOT_REACHED();
-#endif
#if ENABLE(APP_BOUND_DOMAINS)
if (shouldBeConsideredAppBound == NavigatingToAppBoundDomain::Yes)
@@ -1452,14 +1442,11 @@
return appBoundSession(webPageProxyID, storedCredentialsPolicy);
#endif
- switch (storedCredentialsPolicy) {
- case WebCore::StoredCredentialsPolicy::Use:
- return sessionSetForPage(webPageProxyID).sessionWithCredentialStorage;
- case WebCore::StoredCredentialsPolicy::DoNotUse:
- return sessionSetForPage(webPageProxyID).sessionWithoutCredentialStorage;
- case WebCore::StoredCredentialsPolicy::EphemeralStateless:
- return initializeEphemeralStatelessSessionIfNeeded(webPageProxyID, NavigatingToAppBoundDomain::No);
- }
+ auto firstParty = WebCore::RegistrableDomain(request.firstPartyForCookies());
+ if (firstParty.isEmpty())
+ firstParty = WebCore::RegistrableDomain(request.url());
+
+ return sessionSetForPage(webPageProxyID).isolatedSession(storedCredentialsPolicy, firstParty, shouldBeConsideredAppBound, *this);
}
#if ENABLE(APP_BOUND_DOMAINS)
@@ -1516,44 +1503,36 @@
SessionWrapper& SessionSet::isolatedSession(WebCore::StoredCredentialsPolicy storedCredentialsPolicy, const WebCore::RegistrableDomain firstPartyDomain, NavigatingToAppBoundDomain isNavigatingToAppBoundDomain, NetworkSessionCocoa& session)
{
- auto& entry = isolatedSessions.ensure(firstPartyDomain, [this, &session, isNavigatingToAppBoundDomain] {
+ auto addResult = isolatedSessions.ensure(firstPartyDomain, [this, &session, isNavigatingToAppBoundDomain] {
auto newEntry = makeUnique<IsolatedSession>();
newEntry->sessionWithCredentialStorage.initialize(sessionWithCredentialStorage.session.get().configuration, session, WebCore::StoredCredentialsPolicy::Use, isNavigatingToAppBoundDomain);
newEntry->sessionWithoutCredentialStorage.initialize(sessionWithoutCredentialStorage.session.get().configuration, session, WebCore::StoredCredentialsPolicy::DoNotUse, isNavigatingToAppBoundDomain);
return newEntry;
- }).iterator->value;
+ });
- entry->lastUsed = WallTime::now();
+ auto now = MonotonicTime::now();
+ auto& isolatedSession = addResult.iterator->value;
+ isolatedSession->lastUsed = now;
auto& sessionWrapper = [&] (auto storedCredentialsPolicy) -> SessionWrapper& {
switch (storedCredentialsPolicy) {
case WebCore::StoredCredentialsPolicy::Use:
LOG(NetworkSession, "Using isolated NSURLSession with credential storage.");
- return entry->sessionWithCredentialStorage;
+ return isolatedSession->sessionWithCredentialStorage;
case WebCore::StoredCredentialsPolicy::DoNotUse:
LOG(NetworkSession, "Using isolated NSURLSession without credential storage.");
- return entry->sessionWithoutCredentialStorage;
+ return isolatedSession->sessionWithoutCredentialStorage;
case WebCore::StoredCredentialsPolicy::EphemeralStateless:
return initializeEphemeralStatelessSessionIfNeeded(isNavigatingToAppBoundDomain, session);
}
} (storedCredentialsPolicy);
- if (isolatedSessions.size() > maxNumberOfIsolatedSessions) {
- WebCore::RegistrableDomain keyToRemove;
- auto oldestTimestamp = WallTime::now();
- for (auto& key : isolatedSessions.keys()) {
- auto timestamp = isolatedSessions.get(key)->lastUsed;
- if (timestamp < oldestTimestamp) {
- oldestTimestamp = timestamp;
- keyToRemove = key;
- }
- }
- LOG(NetworkSession, "About to remove isolated NSURLSession.");
- isolatedSessions.remove(keyToRemove);
+ if (addResult.isNewEntry) {
+ isolatedSessions.removeIf([&](auto& entry) {
+ return (now - entry.value->lastUsed) > 10_min;
+ });
}
- RELEASE_ASSERT(isolatedSessions.size() <= maxNumberOfIsolatedSessions);
-
return sessionWrapper;
}
