Diff
Modified: trunk/LayoutTests/ChangeLog (285564 => 285565)
--- trunk/LayoutTests/ChangeLog 2021-11-10 05:23:04 UTC (rev 285564)
+++ trunk/LayoutTests/ChangeLog 2021-11-10 06:52:44 UTC (rev 285565)
@@ -1,3 +1,17 @@
+2021-11-09 Chris Dumez <[email protected]>
+
+ [macOS] Enable NSURLSession partitioning based on first-party domain at CFNetwork level
+ https://bugs.webkit.org/show_bug.cgi?id=230750
+ <rdar://problem/83159358>
+
+ Reviewed by Alex Christensen.
+
+ Skip a few ITP session partitioning tests on newer OSes now that session partitioning
+ happens for all first-party domains at CFNetwork level on these OSes.
+
+ * platform/ios-wk2/TestExpectations:
+ * platform/mac-wk2/TestExpectations:
+
2021-11-09 Ben Nham <[email protected]>
Add support for PushSubscriptionChangeEvent
Modified: trunk/LayoutTests/platform/ios-wk2/TestExpectations (285564 => 285565)
--- trunk/LayoutTests/platform/ios-wk2/TestExpectations 2021-11-10 05:23:04 UTC (rev 285564)
+++ trunk/LayoutTests/platform/ios-wk2/TestExpectations 2021-11-10 06:52:44 UTC (rev 285565)
@@ -2166,6 +2166,10 @@
#rdar://82183980 ([ iOS 15 ]editing/selection/ios/hide-selection-in-tiny-contenteditable.html is a flaky failure)
editing/selection/ios/hide-selection-in-tiny-contenteditable.html [ Pass Failure ]
+# On iOS15+, CFNetwork does full NSURLSession partitioning based on first-party domains and ITP session partitioning is thus disabled.
+http/tests/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction.py [ Skip ]
+http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction.py [ Skip ]
+
# These tests fail/timeout on iPhone 12 simulator
fast/events/ios/viewport-no-width-value-allows-double-tap.html [ Skip ]
fast/visual-viewport/ios/stable-update-with-keyboard.html [ Skip ]
Modified: trunk/LayoutTests/platform/mac-wk2/TestExpectations (285564 => 285565)
--- trunk/LayoutTests/platform/mac-wk2/TestExpectations 2021-11-10 05:23:04 UTC (rev 285564)
+++ trunk/LayoutTests/platform/mac-wk2/TestExpectations 2021-11-10 06:52:44 UTC (rev 285565)
@@ -326,6 +326,10 @@
http/wpt/mediarecorder/set-srcObject-MediaStream-Blob.html [ Pass Failure Timeout ]
[ BigSur+ ] http/wpt/mediarecorder/video-rotation.html [ Pass Failure Timeout ]
+# On Monterey+, CFNetwork does full NSURLSession partitioning based on first-party domains and ITP session partitioning is thus disabled.
+[ Monterey+ ] http/tests/resourceLoadStatistics/do-not-switch-session-on-navigation-to-prevalent-without-interaction.py [ Skip ]
+[ Monterey+ ] http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction.py [ Skip ]
+
# rdar://76909385
[ Monterey+ ] http/tests/websocket/tests/hybi/interleaved-fragments.html [ Pass Failure Timeout ]
[ Monterey+ ] http/tests/websocket/tests/hybi/send-object-tostring-check.html [ Pass Failure Timeout ]
Modified: trunk/Source/WTF/ChangeLog (285564 => 285565)
--- trunk/Source/WTF/ChangeLog 2021-11-10 05:23:04 UTC (rev 285564)
+++ trunk/Source/WTF/ChangeLog 2021-11-10 06:52:44 UTC (rev 285565)
@@ -1,3 +1,17 @@
+2021-11-09 Chris Dumez <[email protected]>
+
+ [macOS] Enable NSURLSession partitioning based on first-party domain at CFNetwork level
+ https://bugs.webkit.org/show_bug.cgi?id=230750
+ <rdar://problem/83159358>
+
+ Reviewed by Alex Christensen.
+
+ Add HAVE(CFNETWORK_SESSION_PARTITIONING_BASED_ON_FIRST_PARTY_DOMAIN) build time flag that is true
+ on newer Apple OSes where CFNetwork does NSURLSession partitioning based on first-party domain for
+ us.
+
+ * wtf/PlatformHave.h:
+
2021-11-09 Megan Gardner <[email protected]>
Turn on selection flipping by default.
Modified: trunk/Source/WTF/wtf/PlatformHave.h (285564 => 285565)
--- trunk/Source/WTF/wtf/PlatformHave.h 2021-11-10 05:23:04 UTC (rev 285564)
+++ trunk/Source/WTF/wtf/PlatformHave.h 2021-11-10 06:52:44 UTC (rev 285565)
@@ -958,6 +958,7 @@
|| (PLATFORM(APPLETV) && __TV_OS_VERSION_MIN_REQUIRED >= 150000)
#define HAVE_CFNETWORK_NSURLSESSION_ATTRIBUTED_BUNDLE_IDENTIFIER 1
#define HAVE_CFNETWORK_NSURLSESSION_HSTS_WITH_UNTRUSTED_ROOT 1
+#define HAVE_CFNETWORK_SESSION_PARTITIONING_BASED_ON_FIRST_PARTY_DOMAIN 1
#define HAVE_AUDIO_OBJECT_PROPERTY_ELEMENT_MAIN 1
#define HAVE_IMAGE_RESTRICTED_DECODING 1
#define HAVE_XPC_CONNECTION_COPY_INVALIDATION_REASON 1
Modified: trunk/Source/WebKit/ChangeLog (285564 => 285565)
--- trunk/Source/WebKit/ChangeLog 2021-11-10 05:23:04 UTC (rev 285564)
+++ trunk/Source/WebKit/ChangeLog 2021-11-10 06:52:44 UTC (rev 285565)
@@ -1,3 +1,27 @@
+2021-11-09 Chris Dumez <[email protected]>
+
+ [macOS] Enable NSURLSession partitioning based on first-party domain at CFNetwork level
+ https://bugs.webkit.org/show_bug.cgi?id=230750
+ <rdar://problem/83159358>
+
+ Reviewed by Alex Christensen.
+
+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+ (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
+ (overrideAttributionContext): Deleted.
+ Stop disabling CFNetwork NSURLSession partitioning based on first-party domain on
+ macOS.
+
+ * NetworkProcess/cocoa/NetworkSessionCocoa.h:
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (WebKit::NetworkSessionCocoa::sessionWrapperForTask):
+ (WebKit::NetworkSessionCocoa::hasIsolatedSession const):
+ (WebKit::NetworkSessionCocoa::clearIsolatedSessions):
+ (WebKit::NetworkSessionCocoa::invalidateAndCancelSessionSet):
+ Disable ITP session partitioning of certain prevalent domains on platforms where
+ CFNetwork already does full partitioning of all domains (now that it is enabled
+ on macOS 12+ and iOS15+).
+
2021-11-09 Per Arne Vollan <[email protected]>
[iOS][GPUP] Remove shared memory access
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (285564 => 285565)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2021-11-10 05:23:04 UTC (rev 285564)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2021-11-10 06:52:44 UTC (rev 285565)
@@ -57,7 +57,6 @@
#if USE(APPLE_INTERNAL_SDK)
#import <WebKitAdditions/NetworkDataTaskCocoaAdditions.h>
#else
-static void overrideAttributionContext(NSMutableURLRequest *) { }
static void processPCMRequest(WebCore::PrivateClickMeasurement::PcmDataCarried, NSMutableURLRequest *) { }
#endif
@@ -344,8 +343,6 @@
mutableRequest.get().attribution = request.isAppInitiated() ? NSURLRequestAttributionDeveloper : NSURLRequestAttributionUser;
#endif
- overrideAttributionContext(mutableRequest.get());
-
nsRequest = mutableRequest;
#if ENABLE(APP_PRIVACY_REPORT)
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h (285564 => 285565)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h 2021-11-10 05:23:04 UTC (rev 285564)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h 2021-11-10 06:52:44 UTC (rev 285565)
@@ -79,10 +79,13 @@
return adoptRef(*new SessionSet);
}
- SessionWrapper& isolatedSession(WebCore::StoredCredentialsPolicy, const WebCore::RegistrableDomain&, NavigatingToAppBoundDomain, NetworkSessionCocoa&);
SessionWrapper& initializeEphemeralStatelessSessionIfNeeded(NavigatingToAppBoundDomain, NetworkSessionCocoa&);
+#if !HAVE(CFNETWORK_SESSION_PARTITIONING_BASED_ON_FIRST_PARTY_DOMAIN)
+ SessionWrapper& isolatedSession(WebCore::StoredCredentialsPolicy, const WebCore::RegistrableDomain&, NavigatingToAppBoundDomain, NetworkSessionCocoa&);
HashMap<WebCore::RegistrableDomain, std::unique_ptr<IsolatedSession>> isolatedSessions;
+#endif
+
std::unique_ptr<IsolatedSession> appBoundSession;
SessionWrapper sessionWithCredentialStorage;
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (285564 => 285565)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2021-11-10 05:23:04 UTC (rev 285564)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2021-11-10 06:52:44 UTC (rev 285565)
@@ -1419,7 +1419,8 @@
auto shouldBeConsideredAppBound = isNavigatingToAppBoundDomain ? *isNavigatingToAppBoundDomain : NavigatingToAppBoundDomain::Yes;
if (isParentProcessAFullWebBrowser(networkProcess()))
shouldBeConsideredAppBound = NavigatingToAppBoundDomain::No;
-#if ENABLE(INTELLIGENT_TRACKING_PREVENTION)
+ // This ITP partitioning is unnecessary on newer platforms since CFNetwork already has full partioning based on first-party domains.
+#if ENABLE(INTELLIGENT_TRACKING_PREVENTION) && !HAVE(CFNETWORK_SESSION_PARTITIONING_BASED_ON_FIRST_PARTY_DOMAIN)
if (auto* storageSession = networkStorageSession()) {
auto firstParty = WebCore::RegistrableDomain(request.firstPartyForCookies());
if (storageSession->shouldBlockThirdPartyCookiesButKeepFirstPartyCookiesFor(firstParty))
@@ -1426,6 +1427,8 @@
return sessionSetForPage(webPageProxyID).isolatedSession(storedCredentialsPolicy, firstParty, shouldBeConsideredAppBound, *this);
} else
ASSERT_NOT_REACHED();
+#else
+ UNUSED_PARAM(request);
#endif
#if ENABLE(APP_BOUND_DOMAINS)
@@ -1490,11 +1493,14 @@
}
#endif
+#if !HAVE(CFNETWORK_SESSION_PARTITIONING_BASED_ON_FIRST_PARTY_DOMAIN)
SessionWrapper& NetworkSessionCocoa::isolatedSession(WebPageProxyIdentifier webPageProxyID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, const WebCore::RegistrableDomain& firstPartyDomain, NavigatingToAppBoundDomain isNavigatingToAppBoundDomain)
{
return sessionSetForPage(webPageProxyID).isolatedSession(storedCredentialsPolicy, firstPartyDomain, isNavigatingToAppBoundDomain, *this);
}
+#endif
+#if !HAVE(CFNETWORK_SESSION_PARTITIONING_BASED_ON_FIRST_PARTY_DOMAIN)
SessionWrapper& SessionSet::isolatedSession(WebCore::StoredCredentialsPolicy storedCredentialsPolicy, const WebCore::RegistrableDomain& firstPartyDomain, NavigatingToAppBoundDomain isNavigatingToAppBoundDomain, NetworkSessionCocoa& session)
{
auto& entry = isolatedSessions.ensure(firstPartyDomain, [this, &session, isNavigatingToAppBoundDomain] {
@@ -1537,9 +1543,15 @@
return sessionWrapper;
}
+#endif
+
bool NetworkSessionCocoa::hasIsolatedSession(const WebCore::RegistrableDomain& domain) const
{
+#if HAVE(CFNETWORK_SESSION_PARTITIONING_BASED_ON_FIRST_PARTY_DOMAIN)
+ UNUSED_PARAM(domain);
+ return true;
+#else
if (m_defaultSessionSet->isolatedSessions.contains(domain))
return true;
for (auto& sessionSet : m_perPageSessionSets.values()) {
@@ -1548,13 +1560,16 @@
}
return false;
+#endif
}
void NetworkSessionCocoa::clearIsolatedSessions()
{
+#if !HAVE(CFNETWORK_SESSION_PARTITIONING_BASED_ON_FIRST_PARTY_DOMAIN)
m_defaultSessionSet->isolatedSessions.clear();
for (auto& sessionSet : m_perPageSessionSets.values())
sessionSet->isolatedSessions.clear();
+#endif
}
void NetworkSessionCocoa::invalidateAndCancelSessionSet(SessionSet& sessionSet)
@@ -1566,6 +1581,7 @@
[sessionSet.sessionWithoutCredentialStorage.delegate sessionInvalidated];
[sessionSet.ephemeralStatelessSession.delegate sessionInvalidated];
+#if !HAVE(CFNETWORK_SESSION_PARTITIONING_BASED_ON_FIRST_PARTY_DOMAIN)
for (auto& session : sessionSet.isolatedSessions.values()) {
[session->sessionWithCredentialStorage.session invalidateAndCancel];
[session->sessionWithCredentialStorage.delegate sessionInvalidated];
@@ -1573,6 +1589,7 @@
[session->sessionWithoutCredentialStorage.delegate sessionInvalidated];
}
sessionSet.isolatedSessions.clear();
+#endif
if (sessionSet.appBoundSession) {
[sessionSet.appBoundSession->sessionWithCredentialStorage.session invalidateAndCancel];
