Diff
Modified: trunk/LayoutTests/ChangeLog (287692 => 287693)
--- trunk/LayoutTests/ChangeLog 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/LayoutTests/ChangeLog 2022-01-06 17:21:06 UTC (rev 287693)
@@ -1,3 +1,16 @@
+2022-01-06 Chris Dumez <cdu...@apple.com>
+
+ Drop implementation for COOP / COEP violation reporting
+ https://bugs.webkit.org/show_bug.cgi?id=234899
+
+ Reviewed by Geoffrey Garen.
+
+ Skip all COOP / COEP reporting tests instead of marking individual tests as flaky or failing.
+
+ * TestExpectations:
+ * platform/ios-wk2/TestExpectations:
+ * platform/mac-wk2/TestExpectations:
+
2022-01-06 Alan Bujtas <za...@apple.com>
Ensure that the top layer is always anchored to the RenderView
Modified: trunk/LayoutTests/TestExpectations (287692 => 287693)
--- trunk/LayoutTests/TestExpectations 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/LayoutTests/TestExpectations 2022-01-06 17:21:06 UTC (rev 287693)
@@ -217,6 +217,14 @@
# Only partial support on Cocoa platforms.
imported/w3c/web-platform-tests/speech-api/ [ Skip ]
+# Support for COOP / COEP violation reporting is missing.
+imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-navigation.https.html
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-subresource-corp.https.html
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-frame-owner.https.html
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-worker-owner.https.html
+
# Only Mac and iOS have an implementation of UIScriptController::doAsyncTask().
fast/harness/uiscriptcontroller [ Skip ]
@@ -424,15 +432,11 @@
imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/html/browsers/sandboxing/sandbox-disallow-popups.html [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/blob.https.html [ DumpJSConsoleLogInStdErr ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html [ DumpJSConsoleLogInStdErr ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-frame-owner.https.html [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coop-csp-sandbox.https.html [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coop-navigated-history-popup.https.html [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/html/cross-origin-opener-policy/navigate-to-aboutblank.https.html [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/html/cross-origin-opener-policy/navigate-top-to-aboutblank.https.html [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/html/cross-origin-opener-policy/popup-coop-by-sw.https.html [ DumpJSConsoleLogInStdErr ]
-imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-opener.https.html [ DumpJSConsoleLogInStdErr ]
-imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-popup.https.html [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-network-error.sub.html [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_anchor_download_allow_downloads.tentative.html [ DumpJSConsoleLogInStdErr ]
imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/css-module/integrity.html [ DumpJSConsoleLogInStdErr ]
@@ -760,9 +764,6 @@
imported/w3c/web-platform-tests/html/rendering/non-replaced-elements/form-controls/select-sizing-001.html [ ImageOnlyFailure ]
imported/w3c/web-platform-tests/html/rendering/non-replaced-elements/phrasing-content-0/font-element-text-decoration-color/001-x.xhtml [ ImageOnlyFailure ]
-# Cross-Origin Opener Policy access reporting is not supported and it is causing those tests to time out.
-imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/access-reporting [ Skip ]
-
# Cross-Origin-Embedder-Policy: credentialless is not supported.
imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless
Modified: trunk/LayoutTests/platform/ios-wk2/TestExpectations (287692 => 287693)
--- trunk/LayoutTests/platform/ios-wk2/TestExpectations 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/LayoutTests/platform/ios-wk2/TestExpectations 2022-01-06 17:21:06 UTC (rev 287693)
@@ -1155,8 +1155,6 @@
webkit.org/b/161359 imported/w3c/web-platform-tests/html/browsers/browsing-the-web/scroll-to-fragid/scroll-to-top.html [ Pass Failure ]
webkit.org/b/161631 imported/w3c/web-platform-tests/html/browsers/browsing-the-web/scroll-to-fragid/scroll-to-id-top.html [ Pass Failure ]
-webkit.org/b/232028 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html [ Pass Failure ]
-
# Newly imported WPT tests that are timing out on iOS.
imported/w3c/web-platform-tests/html/semantics/forms/the-button-element/button-activate-keyup-prevented.html [ Skip ]
imported/w3c/web-platform-tests/html/user-activation/activation-trigger-mouse-right.html [ Skip ]
@@ -2197,8 +2195,6 @@
webkit.org/b/232252 [ Release ] imported/w3c/web-platform-tests/webrtc/RTCDtlsTransport-state.html [ Pass Failure ]
-webkit.org/b/232337 [ Release ] imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-opener.https.html [ Pass Failure DumpJSConsoleLogInStdErr ]
-
# webkit.org/b/234278 The following 8 tests are flakey failures on iOS 15
imported/w3c/web-platform-tests/fetch/api/policies/referrer-no-referrer-service-worker.https.html [ Pass Failure ]
imported/w3c/web-platform-tests/fetch/api/request/destination/fetch-destination-frame.https.html [ Pass Failure ]
Modified: trunk/LayoutTests/platform/mac-wk2/TestExpectations (287692 => 287693)
--- trunk/LayoutTests/platform/mac-wk2/TestExpectations 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/LayoutTests/platform/mac-wk2/TestExpectations 2022-01-06 17:21:06 UTC (rev 287693)
@@ -1219,8 +1219,6 @@
webkit.org/b/230691 [ Release ] imported/w3c/web-platform-tests/html/cross-origin-opener-policy/iframe-popup-unsafe-none-to-unsafe-none.https.html [ Pass Failure ]
-webkit.org/b/232028 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/report-only-four-reports.https.html [ Pass Failure ]
-
webkit.org/b/232105 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/iframe-popup-same-origin-to-same-origin.https.html [ Pass Failure Crash ]
webkit.org/b/230113 [ BigSur+ Debug arm64 ] svg/animations/animate-elem-14-t-drt.html [ Pass Crash ]
@@ -1658,8 +1656,6 @@
webkit.org/b/229569 [ Catalina Release ] imported/w3c/web-platform-tests/webrtc/RTCPeerConnection-perfect-negotiation-stress-glare.https.html [ Pass Crash ]
-webkit.org/b/232337 [ Debug ] imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-coop-navigated-opener.https.html [ Pass Failure DumpJSConsoleLogInStdErr ]
-
# Plugins
# FIXME: Remove these tests.
platform/mac-wk2/plugins/npruntime/remove-property-from-_javascript_.html [ Skip ]
Modified: trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml (287692 => 287693)
--- trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml 2022-01-06 17:21:06 UTC (rev 287693)
@@ -409,18 +409,6 @@
WebCore:
default: false
-CoopCoepViolationReportingEnabled:
- type: bool
- humanReadableName: "COOP and COEP violations reporting"
- humanReadableDescription: "Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy reporting"
- defaultValue:
- WebKitLegacy:
- default: false
- WebKit:
- default: false
- WebCore:
- default: false
-
CoreImageAcceleratedFilterRenderEnabled:
type: bool
webcoreOnChange: setNeedsRelayoutAllFrames
Modified: trunk/Source/WebCore/ChangeLog (287692 => 287693)
--- trunk/Source/WebCore/ChangeLog 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/ChangeLog 2022-01-06 17:21:06 UTC (rev 287693)
@@ -1,5 +1,51 @@
2022-01-06 Chris Dumez <cdu...@apple.com>
+ Drop implementation for COOP / COEP violation reporting
+ https://bugs.webkit.org/show_bug.cgi?id=234899
+
+ Reviewed by Geoffrey Garen.
+
+ Drop implementation for COOP / COEP violation reporting. The implementation was based on an outdated version of the specification
+ and has never shipped. Many COOP/COEP reporting tests are also flaky.
+
+ * Sources.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+ * loader/CrossOriginEmbedderPolicy.cpp:
+ (WebCore::contextURLForReport): Deleted.
+ (WebCore::sendCOEPPolicyInheritenceViolation): Deleted.
+ (WebCore::sendCOEPCORPViolation): Deleted.
+ * loader/CrossOriginEmbedderPolicy.h:
+ * loader/CrossOriginOpenerPolicy.cpp:
+ (WebCore::enforceResponseCrossOriginOpenerPolicy):
+ (WebCore::doCrossOriginOpenerHandlingOfResponse):
+ (WebCore::crossOriginOpenerPolicyValueToEffectivePolicyString): Deleted.
+ (WebCore::sendViolationReportWhenNavigatingToCOOPResponse): Deleted.
+ (WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse): Deleted.
+ * loader/CrossOriginOpenerPolicy.h:
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::willSendRequest):
+ (WebCore::DocumentLoader::doCrossOriginOpenerHandlingOfResponse):
+ (WebCore::DocumentLoader::responseReceived):
+ * loader/PingLoader.cpp:
+ (WebCore::PingLoader::sendReportToEndpoint): Deleted.
+ * loader/PingLoader.h:
+ * loader/ReportingEndpointsCache.cpp: Removed.
+ (WebCore::ReportingEndpointsCache::Endpoint::Endpoint): Deleted.
+ (WebCore::ReportingEndpointsCache::Endpoint::hasExpired const): Deleted.
+ (WebCore::ReportingEndpointsCache::create): Deleted.
+ (WebCore::ReportingEndpointsCache::addEndpointsFromResponse): Deleted.
+ (WebCore::ReportingEndpointsCache::addEndpointsFromReportToHeader): Deleted.
+ (WebCore::ReportingEndpointsCache::addEndpointFromDictionary): Deleted.
+ (WebCore::ReportingEndpointsCache::endpointURL const): Deleted.
+ * loader/ReportingEndpointsCache.h: Removed.
+ * page/Page.cpp:
+ * page/Page.h:
+ (WebCore::Page::reportingEndpointsCache): Deleted.
+ * page/PageConfiguration.cpp:
+ * page/PageConfiguration.h:
+
+2022-01-06 Chris Dumez <cdu...@apple.com>
+
Drop unnecessary data member in WorkerThreadableLoader
https://bugs.webkit.org/show_bug.cgi?id=234907
Modified: trunk/Source/WebCore/Headers.cmake (287692 => 287693)
--- trunk/Source/WebCore/Headers.cmake 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/Headers.cmake 2022-01-06 17:21:06 UTC (rev 287693)
@@ -1007,7 +1007,6 @@
loader/PrivateClickMeasurement.h
loader/ProgressTracker.h
loader/ProgressTrackerClient.h
- loader/ReportingEndpointsCache.h
loader/ResourceCryptographicDigest.h
loader/ResourceLoadInfo.h
loader/ResourceLoadNotifier.h
Modified: trunk/Source/WebCore/Sources.txt (287692 => 287693)
--- trunk/Source/WebCore/Sources.txt 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/Sources.txt 2022-01-06 17:21:06 UTC (rev 287693)
@@ -1636,7 +1636,6 @@
loader/PolicyChecker.cpp
loader/PrivateClickMeasurement.cpp
loader/ProgressTracker.cpp
-loader/ReportingEndpointsCache.cpp
loader/ResourceCryptographicDigest.cpp
loader/ResourceLoadInfo.cpp
loader/ResourceLoadNotifier.cpp
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (287692 => 287693)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2022-01-06 17:21:06 UTC (rev 287693)
@@ -1243,7 +1243,6 @@
436708C712D9CA4B00044234 /* RenderSVGHiddenContainer.h in Headers */ = {isa = PBXBuildFile; fileRef = 4367088812D9CA4A00044234 /* RenderSVGHiddenContainer.h */; };
436708C912D9CA4B00044234 /* RenderSVGImage.h in Headers */ = {isa = PBXBuildFile; fileRef = 4367088A12D9CA4A00044234 /* RenderSVGImage.h */; };
436708CB12D9CA4B00044234 /* LegacyRenderSVGModelObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 4367088C12D9CA4A00044234 /* LegacyRenderSVGModelObject.h */; };
- 43670C9342D9BC4B00044234 /* RenderSVGModelObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 436708FD12D9CA4A00032114 /* RenderSVGModelObject.h */; };
436708CD12D9CA4B00044234 /* RenderSVGResource.h in Headers */ = {isa = PBXBuildFile; fileRef = 4367088E12D9CA4A00044234 /* RenderSVGResource.h */; };
436708CF12D9CA4B00044234 /* RenderSVGResourceClipper.h in Headers */ = {isa = PBXBuildFile; fileRef = 4367089012D9CA4A00044234 /* RenderSVGResourceClipper.h */; };
436708D112D9CA4B00044234 /* RenderSVGResourceContainer.h in Headers */ = {isa = PBXBuildFile; fileRef = 4367089212D9CA4A00044234 /* RenderSVGResourceContainer.h */; };
@@ -1266,6 +1265,7 @@
436708F612D9CA4B00044234 /* SVGResources.h in Headers */ = {isa = PBXBuildFile; fileRef = 436708B712D9CA4B00044234 /* SVGResources.h */; };
436708F812D9CA4B00044234 /* SVGResourcesCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 436708B912D9CA4B00044234 /* SVGResourcesCache.h */; settings = {ATTRIBUTES = (Private, ); }; };
436708FA12D9CA4B00044234 /* SVGResourcesCycleSolver.h in Headers */ = {isa = PBXBuildFile; fileRef = 436708BB12D9CA4B00044234 /* SVGResourcesCycleSolver.h */; };
+ 43670C9342D9BC4B00044234 /* RenderSVGModelObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 436708FD12D9CA4A00032114 /* RenderSVGModelObject.h */; };
439046D812DA25E800AF80A2 /* RenderMathMLBlock.h in Headers */ = {isa = PBXBuildFile; fileRef = 439046C412DA25E800AF80A2 /* RenderMathMLBlock.h */; };
439046DA12DA25E800AF80A2 /* RenderMathMLFenced.h in Headers */ = {isa = PBXBuildFile; fileRef = 439046C612DA25E800AF80A2 /* RenderMathMLFenced.h */; };
439046DA12DA25E800AF81B3 /* RenderMathMLFencedOperator.h in Headers */ = {isa = PBXBuildFile; fileRef = 439046C612DA25E800AF81B3 /* RenderMathMLFencedOperator.h */; };
@@ -1368,7 +1368,6 @@
46CA9C441F97BBE9004CFC3A /* VisibilityState.h in Headers */ = {isa = PBXBuildFile; fileRef = 46CA9C411F97BBE7004CFC3A /* VisibilityState.h */; settings = {ATTRIBUTES = (Private, ); }; };
46D0004026A0FEB300D1BF1E /* SubmitEvent.h in Headers */ = {isa = PBXBuildFile; fileRef = 46D0003E26A0FE6F00D1BF1E /* SubmitEvent.h */; };
46DBB6501AB8C96F00D9A813 /* PowerObserverMac.h in Headers */ = {isa = PBXBuildFile; fileRef = 46DBB64E1AB8C96F00D9A813 /* PowerObserverMac.h */; settings = {ATTRIBUTES = (Private, ); }; };
- 46DD6E1F26E7DBE7008C1F4C /* ReportingEndpointsCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 46DD6E1C26E7DBE6008C1F4C /* ReportingEndpointsCache.h */; settings = {ATTRIBUTES = (Private, ); }; };
46DD93D7269DE756001AFD88 /* BroadcastChannelIdentifier.h in Headers */ = {isa = PBXBuildFile; fileRef = 46DD93D5269DE74B001AFD88 /* BroadcastChannelIdentifier.h */; settings = {ATTRIBUTES = (Private, ); }; };
46DE9BB5269DF93E0024C5A6 /* BroadcastChannelRegistry.h in Headers */ = {isa = PBXBuildFile; fileRef = 46DE9BB4269DF9320024C5A6 /* BroadcastChannelRegistry.h */; settings = {ATTRIBUTES = (Private, ); }; };
46DFF4981DC2603100B80B48 /* ShadowRootMode.h in Headers */ = {isa = PBXBuildFile; fileRef = 46DFF4961DC2601300B80B48 /* ShadowRootMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -8986,11 +8985,10 @@
4367088812D9CA4A00044234 /* RenderSVGHiddenContainer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RenderSVGHiddenContainer.h; sourceTree = "<group>"; };
4367088912D9CA4A00044234 /* RenderSVGImage.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RenderSVGImage.cpp; sourceTree = "<group>"; };
4367088A12D9CA4A00044234 /* RenderSVGImage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RenderSVGImage.h; sourceTree = "<group>"; };
- 4367088D34E9CA4A00044234 /* RenderSVGModelObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RenderSVGModelObject.cpp; sourceTree = "<group>"; };
- 436708FD12D9CA4A00032114 /* RenderSVGModelObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RenderSVGModelObject.h; sourceTree = "<group>"; };
4367088B12D9CA4A00044234 /* LegacyRenderSVGModelObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LegacyRenderSVGModelObject.cpp; sourceTree = "<group>"; };
4367088C12D9CA4A00044234 /* LegacyRenderSVGModelObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LegacyRenderSVGModelObject.h; sourceTree = "<group>"; };
4367088D12D9CA4A00044234 /* RenderSVGResource.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RenderSVGResource.cpp; sourceTree = "<group>"; };
+ 4367088D34E9CA4A00044234 /* RenderSVGModelObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RenderSVGModelObject.cpp; sourceTree = "<group>"; };
4367088E12D9CA4A00044234 /* RenderSVGResource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RenderSVGResource.h; sourceTree = "<group>"; };
4367088F12D9CA4A00044234 /* RenderSVGResourceClipper.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RenderSVGResourceClipper.cpp; sourceTree = "<group>"; };
4367089012D9CA4A00044234 /* RenderSVGResourceClipper.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RenderSVGResourceClipper.h; sourceTree = "<group>"; };
@@ -9033,6 +9031,7 @@
436708B912D9CA4B00044234 /* SVGResourcesCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SVGResourcesCache.h; sourceTree = "<group>"; };
436708BA12D9CA4B00044234 /* SVGResourcesCycleSolver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SVGResourcesCycleSolver.cpp; sourceTree = "<group>"; };
436708BB12D9CA4B00044234 /* SVGResourcesCycleSolver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SVGResourcesCycleSolver.h; sourceTree = "<group>"; };
+ 436708FD12D9CA4A00032114 /* RenderSVGModelObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RenderSVGModelObject.h; sourceTree = "<group>"; };
439046C312DA25E800AF80A2 /* RenderMathMLBlock.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RenderMathMLBlock.cpp; sourceTree = "<group>"; };
439046C412DA25E800AF80A2 /* RenderMathMLBlock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RenderMathMLBlock.h; sourceTree = "<group>"; };
439046C512DA25E800AF80A2 /* RenderMathMLFenced.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RenderMathMLFenced.cpp; sourceTree = "<group>"; };
@@ -9252,8 +9251,6 @@
46D0003E26A0FE6F00D1BF1E /* SubmitEvent.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SubmitEvent.h; sourceTree = "<group>"; };
46D0003F26A0FE7000D1BF1E /* SubmitEvent.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = SubmitEvent.idl; sourceTree = "<group>"; };
46DBB64E1AB8C96F00D9A813 /* PowerObserverMac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PowerObserverMac.h; sourceTree = "<group>"; };
- 46DD6E1C26E7DBE6008C1F4C /* ReportingEndpointsCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ReportingEndpointsCache.h; sourceTree = "<group>"; };
- 46DD6E1E26E7DBE7008C1F4C /* ReportingEndpointsCache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ReportingEndpointsCache.cpp; sourceTree = "<group>"; };
46DD93D5269DE74B001AFD88 /* BroadcastChannelIdentifier.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BroadcastChannelIdentifier.h; sourceTree = "<group>"; };
46DE9BB4269DF9320024C5A6 /* BroadcastChannelRegistry.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BroadcastChannelRegistry.h; sourceTree = "<group>"; };
46DFF4961DC2601300B80B48 /* ShadowRootMode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ShadowRootMode.h; sourceTree = "<group>"; };
@@ -29627,8 +29624,6 @@
1A2A68210B5BEDE70002A480 /* ProgressTracker.cpp */,
1A2A68220B5BEDE70002A480 /* ProgressTracker.h */,
1ACADD781880D91C00D8B71D /* ProgressTrackerClient.h */,
- 46DD6E1E26E7DBE7008C1F4C /* ReportingEndpointsCache.cpp */,
- 46DD6E1C26E7DBE6008C1F4C /* ReportingEndpointsCache.h */,
7C2FA60F1EA95A3200A03108 /* ResourceCryptographicDigest.cpp */,
7C2FA6101EA95A3200A03108 /* ResourceCryptographicDigest.h */,
93E227DE0AF589AD00D48324 /* ResourceLoader.cpp */,
@@ -36800,7 +36795,6 @@
2DF512CE1D873E47001D6780 /* ReplaceRangeWithTextCommand.h in Headers */,
93309E0A099E64920056E581 /* ReplaceSelectionCommand.h in Headers */,
071C00342707D95500D027C7 /* ReplayKitCaptureSource.h in Headers */,
- 46DD6E1F26E7DBE7008C1F4C /* ReportingEndpointsCache.h in Headers */,
4998AEC613F9D0EA0090B1AA /* RequestAnimationFrameCallback.h in Headers */,
F4034FAC275EAD6E003A81F8 /* RequestCookieConsentOptions.h in Headers */,
F55B3DD01251F12D003EF269 /* ResetInputType.h in Headers */,
Modified: trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp (287692 => 287693)
--- trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -38,18 +38,6 @@
namespace WebCore {
-static URL contextURLForReport(Frame& frame)
-{
- auto reportURL = frame.document() ? frame.document()->url() : aboutBlankURL();
- if (reportURL.isAboutBlank()) {
- if (auto* parentFrame = frame.tree().parent(); parentFrame->document())
- reportURL = parentFrame->document()->url();
- else if (auto* openerFrame = frame.loader().opener(); openerFrame->document())
- reportURL = openerFrame->document()->url();
- }
- return reportURL;
-}
-
// https://html.spec.whatwg.org/multipage/origin.html#obtain-an-embedder-policy
CrossOriginEmbedderPolicy obtainCrossOriginEmbedderPolicy(const ResourceResponse& response, const ScriptExecutionContext* context)
{
@@ -110,33 +98,4 @@
}
}
-// https://html.spec.whatwg.org/multipage/origin.html#queue-a-cross-origin-embedder-policy-inheritance-violation
-void sendCOEPPolicyInheritenceViolation(Frame& frame, const WebCore::SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition disposition, const String& type, const URL& blockedURL)
-{
- if (!frame.settings().coopCoepViolationReportingEnabled())
- return;
-
- ASSERT(!endpoint.isEmpty());
- PingLoader::sendReportToEndpoint(frame, embedderOrigin, endpoint, "coep"_s, contextURLForReport(frame), frame.loader().userAgent(blockedURL), [&](auto& body) {
- body.setString("disposition"_s, disposition == COEPDisposition::Reporting ? "reporting"_s : "enforce"_s);
- body.setString("type"_s, type);
- body.setString("blockedURL"_s, PingLoader::sanitizeURLForReport(blockedURL));
- });
-}
-
-// https://fetch.spec.whatwg.org/#queue-a-cross-origin-embedder-policy-corp-violation-report
-void sendCOEPCORPViolation(Frame& frame, const SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition disposition, FetchOptions::Destination destination, const URL& blockedURL)
-{
- ASSERT(!endpoint.isEmpty());
- if (!frame.settings().coopCoepViolationReportingEnabled())
- return;
-
- PingLoader::sendReportToEndpoint(frame, embedderOrigin, endpoint, "coep"_s, contextURLForReport(frame), frame.loader().userAgent(blockedURL), [&](auto& body) {
- body.setString("disposition"_s, disposition == COEPDisposition::Reporting ? "reporting"_s : "enforce"_s);
- body.setString("type"_s, "corp");
- body.setString("blockedURL"_s, PingLoader::sanitizeURLForReport(blockedURL));
- body.setString("destination"_s, convertEnumerationToString(destination));
- });
-}
-
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.h (287692 => 287693)
--- trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.h 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.h 2022-01-06 17:21:06 UTC (rev 287693)
@@ -101,7 +101,5 @@
WEBCORE_EXPORT CrossOriginEmbedderPolicy obtainCrossOriginEmbedderPolicy(const ResourceResponse&, const ScriptExecutionContext*);
WEBCORE_EXPORT void addCrossOriginEmbedderPolicyHeaders(ResourceResponse&, const CrossOriginEmbedderPolicy&);
-WEBCORE_EXPORT void sendCOEPPolicyInheritenceViolation(Frame&, const SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition, const String& type, const URL& blockedURL);
-WEBCORE_EXPORT void sendCOEPCORPViolation(Frame&, const SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition, FetchOptions::Destination, const URL& blockedURL);
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp (287692 => 287693)
--- trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -56,21 +56,6 @@
return "unsafe-none"_s;
}
-static ASCIILiteral crossOriginOpenerPolicyValueToEffectivePolicyString(CrossOriginOpenerPolicyValue coop)
-{
- switch (coop) {
- case CrossOriginOpenerPolicyValue::SameOriginAllowPopups:
- return "same-origin-allow-popups"_s;
- case CrossOriginOpenerPolicyValue::SameOrigin:
- return "same-origin"_s;
- case CrossOriginOpenerPolicyValue::SameOriginPlusCOEP:
- return "same-origin-plus-coep"_s;
- case CrossOriginOpenerPolicyValue::UnsafeNone:
- break;
- }
- return "unsafe-none"_s;
-}
-
// https://html.spec.whatwg.org/multipage/origin.html#check-browsing-context-group-switch-coop-value
static bool checkIfCOOPValuesRequireBrowsingContextGroupSwitch(bool isInitialAboutBlank, CrossOriginOpenerPolicyValue activeDocumentCOOPValue, const SecurityOrigin& activeDocumentNavigationOrigin, CrossOriginOpenerPolicyValue responseCOOPValue, const SecurityOrigin& responseOrigin)
{
@@ -121,7 +106,7 @@
}
// https://html.spec.whatwg.org/multipage/origin.html#coop-enforce
-static CrossOriginOpenerPolicyEnforcementResult enforceResponseCrossOriginOpenerPolicy(const CrossOriginOpenerPolicyEnforcementResult& currentCoopEnforcementResult, const URL& responseURL, SecurityOrigin& responseOrigin, const CrossOriginOpenerPolicy& responseCOOP, bool isDisplayingInitialEmptyDocument, const Function<void(COOPDisposition)>& sendViolationReports)
+static CrossOriginOpenerPolicyEnforcementResult enforceResponseCrossOriginOpenerPolicy(const CrossOriginOpenerPolicyEnforcementResult& currentCoopEnforcementResult, const URL& responseURL, SecurityOrigin& responseOrigin, const CrossOriginOpenerPolicy& responseCOOP, bool isDisplayingInitialEmptyDocument)
{
CrossOriginOpenerPolicyEnforcementResult newCOOPEnforcementResult = {
responseURL,
@@ -132,15 +117,11 @@
currentCoopEnforcementResult.needsBrowsingContextGroupSwitchDueToReportOnly
};
- if (checkIfCOOPValuesRequireBrowsingContextGroupSwitch(isDisplayingInitialEmptyDocument, currentCoopEnforcementResult.crossOriginOpenerPolicy.value, currentCoopEnforcementResult.currentOrigin, responseCOOP.value, responseOrigin)) {
+ if (checkIfCOOPValuesRequireBrowsingContextGroupSwitch(isDisplayingInitialEmptyDocument, currentCoopEnforcementResult.crossOriginOpenerPolicy.value, currentCoopEnforcementResult.currentOrigin, responseCOOP.value, responseOrigin))
newCOOPEnforcementResult.needsBrowsingContextGroupSwitch = true;
- sendViolationReports(COOPDisposition::Enforce);
- }
- if (checkIfEnforcingReportOnlyCOOPWouldRequireBrowsingContextGroupSwitch(isDisplayingInitialEmptyDocument, currentCoopEnforcementResult.crossOriginOpenerPolicy, currentCoopEnforcementResult.currentOrigin, responseCOOP, responseOrigin)) {
+ if (checkIfEnforcingReportOnlyCOOPWouldRequireBrowsingContextGroupSwitch(isDisplayingInitialEmptyDocument, currentCoopEnforcementResult.crossOriginOpenerPolicy, currentCoopEnforcementResult.currentOrigin, responseCOOP, responseOrigin))
newCOOPEnforcementResult.needsBrowsingContextGroupSwitchDueToReportOnly = true;
- sendViolationReports(COOPDisposition::Reporting);
- }
return newCOOPEnforcementResult;
}
@@ -206,45 +187,8 @@
}
}
-// https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-to
-void sendViolationReportWhenNavigatingToCOOPResponse(Frame& frame, CrossOriginOpenerPolicy coop, COOPDisposition disposition, const URL& coopURL, const URL& previousResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& previousResponseOrigin, const String& referrer, const String& userAgent)
-{
- if (!frame.settings().coopCoepViolationReportingEnabled())
- return;
-
- auto& endpoint = coop.reportingEndpointForDisposition(disposition);
- if (endpoint.isEmpty())
- return;
-
- PingLoader::sendReportToEndpoint(frame, coopOrigin.data(), endpoint, "coop"_s, coopURL, userAgent, [&](auto& body) {
- body.setString("disposition"_s, disposition == COOPDisposition::Reporting ? "reporting"_s : "enforce"_s);
- body.setString("effectivePolicy"_s, crossOriginOpenerPolicyValueToEffectivePolicyString(disposition == COOPDisposition::Reporting ? coop.reportOnlyValue : coop.value));
- body.setString("previousResponseURL"_s, coopOrigin.isSameOriginAs(previousResponseOrigin) ? PingLoader::sanitizeURLForReport(previousResponseURL) : String());
- body.setString("type"_s, "navigation-to-response"_s);
- body.setString("referrer"_s, referrer);
- });
-}
-
-// https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-from
-void sendViolationReportWhenNavigatingAwayFromCOOPResponse(Frame& frame, CrossOriginOpenerPolicy coop, COOPDisposition disposition, const URL& coopURL, const URL& nextResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& nextResponseOrigin, bool isCOOPResponseNavigationSource, const String& userAgent)
-{
- if (!frame.settings().coopCoepViolationReportingEnabled())
- return;
-
- auto& endpoint = coop.reportingEndpointForDisposition(disposition);
- if (endpoint.isEmpty())
- return;
-
- PingLoader::sendReportToEndpoint(frame, coopOrigin.data(), endpoint, "coop"_s, coopURL, userAgent, [&](auto& body) {
- body.setString("disposition"_s, disposition == COOPDisposition::Reporting ? "reporting"_s : "enforce"_s);
- body.setString("effectivePolicy"_s, crossOriginOpenerPolicyValueToEffectivePolicyString(disposition == COOPDisposition::Reporting ? coop.reportOnlyValue : coop.value));
- body.setString("nextResponseURL"_s, coopOrigin.isSameOriginAs(nextResponseOrigin) || isCOOPResponseNavigationSource ? PingLoader::sanitizeURLForReport(nextResponseURL) : String());
- body.setString("type"_s, "navigation-from-response"_s);
- });
-}
-
// https://html.spec.whatwg.org/multipage/browsing-the-web.html#process-a-navigate-fetch (Step 13.5.6)
-std::optional<CrossOriginOpenerPolicyEnforcementResult> doCrossOriginOpenerHandlingOfResponse(const ResourceResponse& response, const std::optional<NavigationRequester>& requester, ContentSecurityPolicy* responseCSP, SandboxFlags effectiveSandboxFlags, bool isDisplayingInitialEmptyDocument, const CrossOriginOpenerPolicyEnforcementResult& currentCoopEnforcementResult, const Function<void(COOPDisposition disposition, const CrossOriginOpenerPolicy& responseCOOP, const SecurityOrigin& responseOrigin)>& sendViolationReports)
+std::optional<CrossOriginOpenerPolicyEnforcementResult> doCrossOriginOpenerHandlingOfResponse(const ResourceResponse& response, const std::optional<NavigationRequester>& requester, ContentSecurityPolicy* responseCSP, SandboxFlags effectiveSandboxFlags, bool isDisplayingInitialEmptyDocument, const CrossOriginOpenerPolicyEnforcementResult& currentCoopEnforcementResult)
{
auto [responseOrigin, responseCOOP] = computeResponseOriginAndCOOP(response, requester, responseCSP);
@@ -253,9 +197,7 @@
if (responseCOOP.value != CrossOriginOpenerPolicyValue::UnsafeNone && effectiveSandboxFlags != SandboxNone)
return std::nullopt;
- return enforceResponseCrossOriginOpenerPolicy(currentCoopEnforcementResult, response.url(), responseOrigin, responseCOOP, isDisplayingInitialEmptyDocument, [&, responseOrigin = responseOrigin, responseCOOP = responseCOOP](COOPDisposition disposition) {
- sendViolationReports(disposition, responseCOOP, responseOrigin);
- });
+ return enforceResponseCrossOriginOpenerPolicy(currentCoopEnforcementResult, response.url(), responseOrigin, responseCOOP, isDisplayingInitialEmptyDocument);
}
CrossOriginOpenerPolicyEnforcementResult CrossOriginOpenerPolicyEnforcementResult::from(const URL& currentURL, Ref<SecurityOrigin>&& currentOrigin, const CrossOriginOpenerPolicy& crossOriginOpenerPolicy, std::optional<NavigationRequester> requester, const URL& openerURL)
Modified: trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.h (287692 => 287693)
--- trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.h 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.h 2022-01-06 17:21:06 UTC (rev 287693)
@@ -131,9 +131,7 @@
CrossOriginOpenerPolicy obtainCrossOriginOpenerPolicy(const ResourceResponse&);
WEBCORE_EXPORT void addCrossOriginOpenerPolicyHeaders(ResourceResponse&, const CrossOriginOpenerPolicy&);
-WEBCORE_EXPORT void sendViolationReportWhenNavigatingToCOOPResponse(Frame&, CrossOriginOpenerPolicy, COOPDisposition, const URL& coopURL, const URL& previousResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& previousResponseOrigin, const String& referrer, const String& userAgent);
-WEBCORE_EXPORT void sendViolationReportWhenNavigatingAwayFromCOOPResponse(Frame&, CrossOriginOpenerPolicy, COOPDisposition, const URL& coopURL, const URL& nextResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& nextResponseOrigin, bool isCOOPResponseNavigationSource, const String& userAgent);
-WEBCORE_EXPORT std::optional<CrossOriginOpenerPolicyEnforcementResult> doCrossOriginOpenerHandlingOfResponse(const ResourceResponse&, const std::optional<NavigationRequester>&, ContentSecurityPolicy* responseCSP, SandboxFlags effectiveSandboxFlags, bool isDisplayingInitialEmptyDocument, const CrossOriginOpenerPolicyEnforcementResult& currentCoopEnforcementResult, const Function<void(COOPDisposition disposition, const CrossOriginOpenerPolicy& responseCOOP, const SecurityOrigin& responseOrigin)>& sendViolationReports);
+WEBCORE_EXPORT std::optional<CrossOriginOpenerPolicyEnforcementResult> doCrossOriginOpenerHandlingOfResponse(const ResourceResponse&, const std::optional<NavigationRequester>&, ContentSecurityPolicy* responseCSP, SandboxFlags effectiveSandboxFlags, bool isDisplayingInitialEmptyDocument, const CrossOriginOpenerPolicyEnforcementResult& currentCoopEnforcementResult);
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (287692 => 287693)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -80,7 +80,6 @@
#include "PolicyChecker.h"
#include "ProgressTracker.h"
#include "Quirks.h"
-#include "ReportingEndpointsCache.h"
#include "ResourceHandle.h"
#include "ResourceLoadObserver.h"
#include "RuntimeEnabledFeatures.h"
@@ -635,11 +634,6 @@
DOCUMENTLOADER_RELEASE_LOG("willSendRequest: With no provisional document loader");
bool didReceiveRedirectResponse = !redirectResponse.isNull();
- if (didReceiveRedirectResponse && m_frame->isMainFrame()) {
- if (auto reportingEndpointsCache = m_frame->page() ? m_frame->page()->reportingEndpointsCache() : nullptr)
- reportingEndpointsCache->addEndpointsFromResponse(redirectResponse);
- }
-
if (!frameLoader()->checkIfFormActionAllowedByCSP(newRequest.url(), didReceiveRedirectResponse, redirectResponse.url())) {
DOCUMENTLOADER_RELEASE_LOG("willSendRequest: canceling - form action not allowed by CSP");
cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
@@ -759,13 +753,7 @@
auto currentCoopEnforcementResult = CrossOriginOpenerPolicyEnforcementResult::from(m_frame->document()->url(), m_frame->document()->securityOrigin(), m_frame->document()->crossOriginOpenerPolicy(), m_triggeringAction.requester(), openerURL);
- auto newCoopEnforcementResult = WebCore::doCrossOriginOpenerHandlingOfResponse(response, m_triggeringAction.requester(), m_contentSecurityPolicy.get(), frameLoader()->effectiveSandboxFlags(), frameLoader()->stateMachine().isDisplayingInitialEmptyDocument(), currentCoopEnforcementResult, [&](COOPDisposition disposition, const CrossOriginOpenerPolicy& responseCOOP, const SecurityOrigin& responseOrigin) {
- // FIXME: Add the concept of browsing context group like in the specification instead of treating the whole process as a group.
- if (Page::nonUtilityPageCount() > 1) {
- sendViolationReportWhenNavigatingToCOOPResponse(*m_frame, responseCOOP, disposition, response.url(), currentCoopEnforcementResult.url, responseOrigin, currentCoopEnforcementResult.currentOrigin, m_request.httpReferrer(), m_request.httpUserAgent());
- sendViolationReportWhenNavigatingAwayFromCOOPResponse(*m_frame, currentCoopEnforcementResult.crossOriginOpenerPolicy, disposition, currentCoopEnforcementResult.url, response.url(), currentCoopEnforcementResult.currentOrigin, responseOrigin, currentCoopEnforcementResult.isCurrentContextNavigationSource, m_request.httpUserAgent());
- }
- });
+ auto newCoopEnforcementResult = WebCore::doCrossOriginOpenerHandlingOfResponse(response, m_triggeringAction.requester(), m_contentSecurityPolicy.get(), frameLoader()->effectiveSandboxFlags(), frameLoader()->stateMachine().isDisplayingInitialEmptyDocument(), currentCoopEnforcementResult);
if (!newCoopEnforcementResult) {
cancelMainResourceLoad(frameLoader()->cancelledError(m_request));
return std::nullopt;
@@ -924,11 +912,6 @@
if (willLoadFallback)
return;
- if (m_frame->isMainFrame()) {
- if (auto reportingEndpointsCache = m_frame->page() ? m_frame->page()->reportingEndpointsCache() : nullptr)
- reportingEndpointsCache->addEndpointsFromResponse(response);
- }
-
ASSERT(m_identifierForLoadWithoutResourceLoader || m_mainResource);
ResourceLoaderIdentifier identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : m_mainResource->identifier();
ASSERT(identifier);
Modified: trunk/Source/WebCore/loader/PingLoader.cpp (287692 => 287693)
--- trunk/Source/WebCore/loader/PingLoader.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/loader/PingLoader.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -49,7 +49,6 @@
#include "Page.h"
#include "PlatformStrategies.h"
#include "ProgressTracker.h"
-#include "ReportingEndpointsCache.h"
#include "ResourceError.h"
#include "ResourceHandle.h"
#include "ResourceLoadInfo.h"
@@ -250,33 +249,4 @@
return sanitizedURL.string();
}
-// https://www.w3.org/TR/reporting/#try-delivery
-void PingLoader::sendReportToEndpoint(Frame& frame, const SecurityOriginData& origin, const String& endpoint, const String& type, const URL& reportURL, const String& userAgent, const Function<void(JSON::Object&)>& populateReportBody)
-{
- ASSERT(!endpoint.isEmpty());
- auto reportingEndpointsCache = frame.page() ? frame.page()->reportingEndpointsCache() : nullptr;
- if (!reportingEndpointsCache)
- return;
- auto endpointURL = reportingEndpointsCache->endpointURL(origin, endpoint);
- if (!endpointURL.isValid())
- return;
-
- auto body = JSON::Object::create();
- populateReportBody(body);
-
- auto reportObject = JSON::Object::create();
- reportObject->setString("type"_s, type);
- if (reportURL.isValid())
- reportObject->setString("url"_s, reportURL.string());
- reportObject->setString("user_agent", userAgent);
- reportObject->setInteger("age", 0); // We currently do not delay sending the reports.
- reportObject->setObject("body"_s, WTFMove(body));
-
- auto reportList = JSON::Array::create();
- reportList->pushObject(reportObject);
-
- auto report = FormData::create(reportList->toJSONString().utf8());
- sendViolationReport(frame, endpointURL, WTFMove(report), ViolationReportType::StandardReportingAPIViolation);
-}
-
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/PingLoader.h (287692 => 287693)
--- trunk/Source/WebCore/loader/PingLoader.h 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/loader/PingLoader.h 2022-01-06 17:21:06 UTC (rev 287693)
@@ -59,7 +59,6 @@
WEBCORE_EXPORT static void sendViolationReport(Frame&, const URL& reportURL, Ref<FormData>&& report, ViolationReportType);
static String sanitizeURLForReport(const URL&);
- static void sendReportToEndpoint(Frame&, const SecurityOriginData&, const String& endpoint, const String& type, const URL& reportURL, const String& userAgent, const Function<void(JSON::Object&)>& populateReportBody);
private:
enum class ShouldFollowRedirects { No, Yes };
Deleted: trunk/Source/WebCore/loader/ReportingEndpointsCache.cpp (287692 => 287693)
--- trunk/Source/WebCore/loader/ReportingEndpointsCache.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/loader/ReportingEndpointsCache.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -1,182 +0,0 @@
-/*
- * Copyright (C) 2021 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "ReportingEndpointsCache.h"
-
-#include "HTTPHeaderNames.h"
-#include "ResourceResponse.h"
-#include "SecurityOrigin.h"
-#include <wtf/JSONValues.h>
-
-namespace WebCore {
-
-struct ReportingEndpointsCache::Endpoint {
- Endpoint() = default;
- Endpoint(URL&&, Seconds maxAge);
-
- bool hasExpired() const;
-
- URL url;
- MonotonicTime addTime;
- Seconds maxAge;
-};
-
-ReportingEndpointsCache::Endpoint::Endpoint(URL&& url, Seconds maxAge)
- : url(WTFMove(url))
- , addTime(MonotonicTime::now())
- , maxAge(maxAge)
-{
-}
-
-bool ReportingEndpointsCache::Endpoint::hasExpired() const
-{
- return MonotonicTime::now() - addTime > maxAge;
-}
-
-Ref<ReportingEndpointsCache> ReportingEndpointsCache::create()
-{
- return adoptRef(*new ReportingEndpointsCache);
-}
-
-ReportingEndpointsCache::ReportingEndpointsCache() = default;
-ReportingEndpointsCache::~ReportingEndpointsCache() = default;
-
-// https://www.w3.org/TR/reporting/#process-header
-void ReportingEndpointsCache::addEndpointsFromResponse(const ResourceResponse& response)
-{
- return addEndpointsFromReportToHeader(response.url(), response.httpHeaderField(HTTPHeaderName::ReportTo));
-}
-
-void ReportingEndpointsCache::addEndpointsFromReportToHeader(const URL& responseURL, const String& reportToHeaderValue)
-{
- if (reportToHeaderValue.isEmpty())
- return;
-
- auto securityOrigin = SecurityOrigin::create(responseURL);
- if (securityOrigin->isUnique() || !securityOrigin->isPotentiallyTrustworthy())
- return;
-
- auto findNextTopLevelComma = [&reportToHeaderValue](size_t startIndex) {
- unsigned depth = 0;
- for (size_t i = startIndex; i < reportToHeaderValue.length(); ++i) {
- auto c = reportToHeaderValue[i];
- if (c == '{')
- ++depth;
- else if (c == '}') {
- if (!depth)
- break;
- --depth;
- } else if (c == ',' && !depth)
- return i;
- }
- return notFound;
- };
- size_t dictionaryStart = 0;
- while (dictionaryStart < reportToHeaderValue.length()) {
- auto indexOfNextTopLevelComma = findNextTopLevelComma(dictionaryStart);
- if (indexOfNextTopLevelComma == notFound) {
- addEndpointFromDictionary(securityOrigin->data(), responseURL, reportToHeaderValue.substring(dictionaryStart));
- break;
- }
- addEndpointFromDictionary(securityOrigin->data(), responseURL, reportToHeaderValue.substring(dictionaryStart, indexOfNextTopLevelComma - dictionaryStart));
- dictionaryStart = indexOfNextTopLevelComma + 1;
- }
-}
-
-// https://www.w3.org/TR/reporting/#process-header
-void ReportingEndpointsCache::addEndpointFromDictionary(const SecurityOriginData& securityOrigin, const URL& responseURL, StringView dictionaryString)
-{
- auto json = JSON::Value::parseJSON(dictionaryString.toStringWithoutCopying());
- if (!json)
- return;
-
- auto jsonDictionary = json->asObject();
- if (!jsonDictionary)
- return;
-
- auto group = jsonDictionary->getString("group"_s);
- if (group.isEmpty())
- group = "default"_s;
-
- auto maxAge = jsonDictionary->getInteger("max_age");
- if (!maxAge || *maxAge < 0)
- return;
-
- if (!*maxAge) {
- // A value of 0 indicates we should remove the group from the cache.
- auto it = m_endpointsPerOrigin.find(securityOrigin);
- if (it == m_endpointsPerOrigin.end())
- return;
- it->value.remove(group);
- if (it->value.isEmpty())
- m_endpointsPerOrigin.remove(it);
- return;
- }
-
- auto endpoints = jsonDictionary->getArray("endpoints"_s);
- if (!endpoints || !endpoints->length())
- return;
-
- for (size_t i = 0; i < endpoints->length(); ++i) {
- auto endpoint = endpoints->get(i)->asObject();
- if (!endpoint)
- continue;
-
- auto endpointURLString = endpoint->getString("url"_s);
- if (endpointURLString.isEmpty())
- continue;
-
- auto endpointURL = URL(responseURL, endpointURLString);
- if (!endpointURL.isValid())
- continue;
-
- auto& endpointsForOrigin = m_endpointsPerOrigin.ensure(securityOrigin, [] {
- return HashMap<String, Endpoint> { };
- }).iterator->value;
- endpointsForOrigin.add(WTFMove(group), Endpoint(WTFMove(endpointURL), Seconds { static_cast<double>(*maxAge) }));
- return;
- }
-}
-
-URL ReportingEndpointsCache::endpointURL(const SecurityOriginData& origin, const String& group) const
-{
- auto outerIterator = m_endpointsPerOrigin.find(origin);
- if (outerIterator == m_endpointsPerOrigin.end())
- return { };
- auto& endpointsForOrigin = outerIterator->value;
- auto innerIterator = endpointsForOrigin.find(group);
- if (innerIterator == endpointsForOrigin.end())
- return { };
- if (innerIterator->value.hasExpired()) {
- endpointsForOrigin.remove(innerIterator);
- if (endpointsForOrigin.isEmpty())
- m_endpointsPerOrigin.remove(outerIterator);
- return { };
- }
- return innerIterator->value.url;
-}
-
-} // namespace WebCore
Deleted: trunk/Source/WebCore/loader/ReportingEndpointsCache.h (287692 => 287693)
--- trunk/Source/WebCore/loader/ReportingEndpointsCache.h 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/loader/ReportingEndpointsCache.h 2022-01-06 17:21:06 UTC (rev 287693)
@@ -1,57 +0,0 @@
-/*
- * Copyright (C) 2021 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#include "SecurityOriginData.h"
-#include <wtf/HashMap.h>
-#include <wtf/MonotonicTime.h>
-#include <wtf/RefCounted.h>
-#include <wtf/URLHash.h>
-
-namespace WebCore {
-
-class ResourceResponse;
-
-// https://www.w3.org/TR/reporting/#concept-storage
-class ReportingEndpointsCache : public RefCounted<ReportingEndpointsCache> {
- WTF_MAKE_FAST_ALLOCATED;
-public:
- WEBCORE_EXPORT static Ref<ReportingEndpointsCache> create();
- WEBCORE_EXPORT ~ReportingEndpointsCache();
-
- WEBCORE_EXPORT void addEndpointsFromReportToHeader(const URL&, const String&);
- void addEndpointsFromResponse(const ResourceResponse&);
- URL endpointURL(const SecurityOriginData&, const String& group) const;
-
-private:
- ReportingEndpointsCache();
- void addEndpointFromDictionary(const SecurityOriginData&, const URL& responseURL, StringView);
-
- struct Endpoint;
- mutable HashMap<SecurityOriginData, HashMap<String, Endpoint>> m_endpointsPerOrigin;
-};
-
-} // namespace WebCore
Modified: trunk/Source/WebCore/page/Page.cpp (287692 => 287693)
--- trunk/Source/WebCore/page/Page.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/page/Page.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -122,7 +122,6 @@
#include "RenderView.h"
#include "RenderWidget.h"
#include "RenderingUpdateScheduler.h"
-#include "ReportingEndpointsCache.h"
#include "ResizeObserver.h"
#include "ResourceUsageOverlay.h"
#include "RuntimeEnabledFeatures.h"
@@ -341,7 +340,6 @@
, m_shouldRelaxThirdPartyCookieBlocking(pageConfiguration.shouldRelaxThirdPartyCookieBlocking)
, m_httpsUpgradeEnabled(pageConfiguration.httpsUpgradeEnabled)
, m_permissionController(WTFMove(pageConfiguration.permissionController))
- , m_reportingEndpointsCache(WTFMove(pageConfiguration.reportingEndpointsCache))
, m_storageProvider(WTFMove(pageConfiguration.storageProvider))
, m_modelPlayerProvider(WTFMove(pageConfiguration.modelPlayerProvider))
{
Modified: trunk/Source/WebCore/page/Page.h (287692 => 287693)
--- trunk/Source/WebCore/page/Page.h 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/page/Page.h 2022-01-06 17:21:06 UTC (rev 287693)
@@ -145,7 +145,6 @@
class PointerLockController;
class ProgressTracker;
class RenderObject;
-class ReportingEndpointsCache;
class ResourceUsageOverlay;
class RenderingUpdateScheduler;
class ScrollLatchingController;
@@ -320,8 +319,6 @@
void remoteInspectorInformationDidChange() const;
#endif
- ReportingEndpointsCache* reportingEndpointsCache() { return m_reportingEndpointsCache.get(); }
-
Chrome& chrome() const { return *m_chrome; }
DragCaretController& dragCaretController() const { return *m_dragCaretController; }
#if ENABLE(DRAG_SUPPORT)
@@ -1268,7 +1265,6 @@
mutable MediaSessionGroupIdentifier m_mediaSessionGroupIdentifier;
Ref<PermissionController> m_permissionController;
- RefPtr<ReportingEndpointsCache> m_reportingEndpointsCache;
UniqueRef<StorageProvider> m_storageProvider;
UniqueRef<ModelPlayerProvider> m_modelPlayerProvider;
Modified: trunk/Source/WebCore/page/PageConfiguration.cpp (287692 => 287693)
--- trunk/Source/WebCore/page/PageConfiguration.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/page/PageConfiguration.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -44,7 +44,6 @@
#include "PermissionController.h"
#include "PluginInfoProvider.h"
#include "ProgressTrackerClient.h"
-#include "ReportingEndpointsCache.h"
#include "SocketProvider.h"
#include "SpeechRecognitionProvider.h"
#include "SpeechSynthesisClient.h"
Modified: trunk/Source/WebCore/page/PageConfiguration.h (287692 => 287693)
--- trunk/Source/WebCore/page/PageConfiguration.h 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebCore/page/PageConfiguration.h 2022-01-06 17:21:06 UTC (rev 287693)
@@ -67,7 +67,6 @@
class PermissionController;
class PluginInfoProvider;
class ProgressTrackerClient;
-class ReportingEndpointsCache;
class SocketProvider;
class SpeechRecognitionProvider;
class SpeechSynthesisClient;
@@ -141,7 +140,6 @@
Vector<UserContentURLPattern> corsDisablingPatterns;
UniqueRef<SpeechRecognitionProvider> speechRecognitionProvider;
UniqueRef<MediaRecorderProvider> mediaRecorderProvider;
- RefPtr<ReportingEndpointsCache> reportingEndpointsCache;
// FIXME: These should be all be Settings.
bool loadsSubresources { true };
Modified: trunk/Source/WebKit/ChangeLog (287692 => 287693)
--- trunk/Source/WebKit/ChangeLog 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebKit/ChangeLog 2022-01-06 17:21:06 UTC (rev 287693)
@@ -1,3 +1,33 @@
+2022-01-06 Chris Dumez <cdu...@apple.com>
+
+ Drop implementation for COOP / COEP violation reporting
+ https://bugs.webkit.org/show_bug.cgi?id=234899
+
+ Reviewed by Geoffrey Garen.
+
+ Drop implementation for COOP / COEP violation reporting. The implementation was based on an outdated version of the specification
+ and has never shipped. Many COOP/COEP reporting tests are also flaky.
+
+ * NetworkProcess/NetworkLoadChecker.cpp:
+ (WebKit::performCORPCheck):
+ * NetworkProcess/NetworkResourceLoader.cpp:
+ (WebKit::NetworkResourceLoader::shouldInterruptNavigationForCrossOriginEmbedderPolicy):
+ (WebKit::NetworkResourceLoader::shouldInterruptWorkerLoadForCrossOriginEmbedderPolicy):
+ (WebKit::NetworkResourceLoader::doCrossOriginOpenerHandlingOfResponse):
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::m_appHighlightsVisible):
+ (WebKit::WebPage::sendCOEPPolicyInheritenceViolation): Deleted.
+ (WebKit::WebPage::sendCOEPCORPViolation): Deleted.
+ (WebKit::WebPage::sendViolationReportWhenNavigatingToCOOPResponse): Deleted.
+ (WebKit::WebPage::sendViolationReportWhenNavigatingAwayFromCOOPResponse): Deleted.
+ * WebProcess/WebPage/WebPage.h:
+ * WebProcess/WebPage/WebPage.messages.in:
+ * WebProcess/WebProcess.cpp:
+ (WebKit::WebProcess::WebProcess):
+ * WebProcess/WebProcess.h:
+ (WebKit::WebProcess::webSocketChannelManager):
+ (WebKit::WebProcess::reportingEndpointsCache): Deleted.
+
2022-01-06 Jean-Yves Avenard <j...@apple.com>
Have CachedRawResourceClient and related networking actors use SharedBuffer.
Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (287692 => 287693)
--- trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -165,17 +165,9 @@
if (auto error = validateCrossOriginResourcePolicy(CrossOriginEmbedderPolicyValue::UnsafeNone, embedderOrigin, url, response, forNavigation))
return error;
- if (embedderCOEP.reportOnlyValue == CrossOriginEmbedderPolicyValue::RequireCORP && !embedderCOEP.reportOnlyReportingEndpoint.isEmpty() && loader) {
- if (auto error = validateCrossOriginResourcePolicy(embedderCOEP.reportOnlyValue, embedderOrigin, url, response, forNavigation))
- loader->send(Messages::WebPage::SendCOEPCORPViolation { loader->frameID(), embedderOrigin.data(), embedderCOEP.reportOnlyReportingEndpoint, COEPDisposition::Reporting, loader->parameters().options.destination, loader->firstResponseURL() }, loader->pageID());
- }
-
if (embedderCOEP.value == CrossOriginEmbedderPolicyValue::RequireCORP) {
- if (auto error = validateCrossOriginResourcePolicy(embedderCOEP.value, embedderOrigin, url, response, forNavigation)) {
- if (loader && !embedderCOEP.reportingEndpoint.isEmpty())
- loader->send(Messages::WebPage::SendCOEPCORPViolation { loader->frameID(), embedderOrigin.data(), embedderCOEP.reportingEndpoint, COEPDisposition::Enforce, loader->parameters().options.destination, loader->firstResponseURL() }, loader->pageID());
+ if (auto error = validateCrossOriginResourcePolicy(embedderCOEP.value, embedderOrigin, url, response, forNavigation))
return error;
- }
}
return std::nullopt;
}
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (287692 => 287693)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -622,16 +622,10 @@
// https://html.spec.whatwg.org/multipage/origin.html#check-a-navigation-response's-adherence-to-its-embedder-policy
if (m_parameters.parentCrossOriginEmbedderPolicy.value == WebCore::CrossOriginEmbedderPolicyValue::RequireCORP || m_parameters.parentCrossOriginEmbedderPolicy.reportOnlyValue == WebCore::CrossOriginEmbedderPolicyValue::RequireCORP) {
auto responseCOEP = WebCore::obtainCrossOriginEmbedderPolicy(response, nullptr);
- if (m_parameters.parentCrossOriginEmbedderPolicy.reportOnlyValue == WebCore::CrossOriginEmbedderPolicyValue::RequireCORP && responseCOEP.value != WebCore::CrossOriginEmbedderPolicyValue::RequireCORP) {
- if (auto parentOrigin = m_parameters.parentOrigin(); parentOrigin && !m_parameters.parentCrossOriginEmbedderPolicy.reportOnlyReportingEndpoint.isEmpty())
- send(Messages::WebPage::SendCOEPPolicyInheritenceViolation { m_parameters.webFrameID, parentOrigin->data(), m_parameters.parentCrossOriginEmbedderPolicy.reportOnlyReportingEndpoint, COEPDisposition::Reporting, "navigation"_s, m_firstResponseURL }, m_parameters.webPageID);
- }
if (m_parameters.parentCrossOriginEmbedderPolicy.value != WebCore::CrossOriginEmbedderPolicyValue::UnsafeNone && responseCOEP.value != WebCore::CrossOriginEmbedderPolicyValue::RequireCORP) {
String errorMessage = makeString("Refused to display '", response.url().stringCenterEllipsizedToLength(), "' in a frame because of Cross-Origin-Embedder-Policy.");
send(Messages::WebPage::AddConsoleMessage { m_parameters.webFrameID, MessageSource::Security, MessageLevel::Error, errorMessage, coreIdentifier() }, m_parameters.webPageID);
- if (auto parentOrigin = m_parameters.parentOrigin(); parentOrigin && !m_parameters.parentCrossOriginEmbedderPolicy.reportingEndpoint.isEmpty())
- send(Messages::WebPage::SendCOEPPolicyInheritenceViolation { m_parameters.webFrameID, parentOrigin->data(), m_parameters.parentCrossOriginEmbedderPolicy.reportingEndpoint, COEPDisposition::Enforce, "navigation"_s, m_firstResponseURL }, m_parameters.webPageID);
return true;
}
}
@@ -647,16 +641,10 @@
if (m_parameters.crossOriginEmbedderPolicy.value == WebCore::CrossOriginEmbedderPolicyValue::RequireCORP || m_parameters.crossOriginEmbedderPolicy.reportOnlyValue == WebCore::CrossOriginEmbedderPolicyValue::RequireCORP) {
auto responseCOEP = WebCore::obtainCrossOriginEmbedderPolicy(response, nullptr);
- if (m_parameters.crossOriginEmbedderPolicy.reportOnlyValue == WebCore::CrossOriginEmbedderPolicyValue::RequireCORP && responseCOEP.value == WebCore::CrossOriginEmbedderPolicyValue::UnsafeNone) {
- if (m_parameters.sourceOrigin && !m_parameters.crossOriginEmbedderPolicy.reportOnlyReportingEndpoint.isEmpty())
- send(Messages::WebPage::SendCOEPPolicyInheritenceViolation { m_parameters.webFrameID, m_parameters.sourceOrigin->data(), m_parameters.crossOriginEmbedderPolicy.reportOnlyReportingEndpoint, COEPDisposition::Reporting, "worker initialization"_s, m_firstResponseURL }, m_parameters.webPageID);
- }
if (m_parameters.crossOriginEmbedderPolicy.value == WebCore::CrossOriginEmbedderPolicyValue::RequireCORP && responseCOEP.value == WebCore::CrossOriginEmbedderPolicyValue::UnsafeNone) {
String errorMessage = makeString("Refused to load '", response.url().stringCenterEllipsizedToLength(), "' worker because of Cross-Origin-Embedder-Policy.");
send(Messages::WebPage::AddConsoleMessage { m_parameters.webFrameID, MessageSource::Security, MessageLevel::Error, errorMessage, coreIdentifier() }, m_parameters.webPageID);
- if (m_parameters.sourceOrigin && !m_parameters.crossOriginEmbedderPolicy.reportingEndpoint.isEmpty())
- send(Messages::WebPage::SendCOEPPolicyInheritenceViolation { m_parameters.webFrameID, m_parameters.sourceOrigin->data(), m_parameters.crossOriginEmbedderPolicy.reportingEndpoint, COEPDisposition::Enforce, "worker initialization"_s, m_firstResponseURL }, m_parameters.webPageID);
return true;
}
}
@@ -685,12 +673,7 @@
m_currentCoopEnforcementResult = CrossOriginOpenerPolicyEnforcementResult::from(m_parameters.documentURL, WTFMove(sourceOrigin), m_parameters.sourceCrossOriginOpenerPolicy, m_parameters.navigationRequester, m_parameters.openerURL);
}
- m_currentCoopEnforcementResult = WebCore::doCrossOriginOpenerHandlingOfResponse(response, m_parameters.navigationRequester, contentSecurityPolicy.get(), m_parameters.effectiveSandboxFlags, m_parameters.isDisplayingInitialEmptyDocument, *m_currentCoopEnforcementResult, [&](COOPDisposition disposition, const CrossOriginOpenerPolicy& responseCOOP, const SecurityOrigin& responseOrigin) {
- if (responseCOOP.hasReportingEndpoint(disposition))
- send(Messages::WebPage::SendViolationReportWhenNavigatingToCOOPResponse { m_parameters.webFrameID, responseCOOP, disposition, response.url(), m_currentCoopEnforcementResult->url, responseOrigin.data(), m_currentCoopEnforcementResult->currentOrigin->data(), originalRequest().httpReferrer(), originalRequest().httpUserAgent(), response.httpHeaderField(HTTPHeaderName::ReportTo) }, m_parameters.webPageID);
- if (m_currentCoopEnforcementResult->crossOriginOpenerPolicy.hasReportingEndpoint(disposition))
- send(Messages::WebPage::SendViolationReportWhenNavigatingAwayFromCOOPResponse { m_parameters.webFrameID, m_currentCoopEnforcementResult->crossOriginOpenerPolicy, disposition, m_currentCoopEnforcementResult->url, response.url(), m_currentCoopEnforcementResult->currentOrigin->data(), responseOrigin.data(), m_currentCoopEnforcementResult->isCurrentContextNavigationSource, originalRequest().httpUserAgent() }, m_parameters.webPageID);
- });
+ m_currentCoopEnforcementResult = WebCore::doCrossOriginOpenerHandlingOfResponse(response, m_parameters.navigationRequester, contentSecurityPolicy.get(), m_parameters.effectiveSandboxFlags, m_parameters.isDisplayingInitialEmptyDocument, *m_currentCoopEnforcementResult);
if (!m_currentCoopEnforcementResult)
return ResourceError { errorDomainWebKitInternal, 0, response.url(), "Navigation was blocked by Cross-Origin-Opener-Policy"_s, ResourceError::Type::AccessControl };
return std::nullopt;
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (287692 => 287693)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -234,7 +234,6 @@
#include <WebCore/RenderTheme.h>
#include <WebCore/RenderTreeAsText.h>
#include <WebCore/RenderView.h>
-#include <WebCore/ReportingEndpointsCache.h>
#include <WebCore/ResourceLoadStatistics.h>
#include <WebCore/ResourceRequest.h>
#include <WebCore/ResourceResponse.h>
@@ -620,7 +619,6 @@
pageConfiguration.pluginInfoProvider = &WebPluginInfoProvider::singleton();
pageConfiguration.storageNamespaceProvider = WebStorageNamespaceProvider::getOrCreate(*m_pageGroup);
pageConfiguration.visitedLinkStore = VisitedLinkTableController::getOrCreate(parameters.visitedLinkTableID);
- pageConfiguration.reportingEndpointsCache = &WebProcess::singleton().reportingEndpointsCache();
#if ENABLE(APPLE_PAY)
pageConfiguration.paymentCoordinatorClient = new WebPaymentCoordinator(*this);
@@ -4406,41 +4404,6 @@
PingLoader::sendViolationReport(*frame->coreFrame(), reportURL, report.releaseNonNull(), ViolationReportType::ContentSecurityPolicy);
}
-void WebPage::sendCOEPPolicyInheritenceViolation(FrameIdentifier frameID, const SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition disposition, const String& type, const URL& blockedURL)
-{
- if (auto* frame = WebProcess::singleton().webFrame(frameID); frame && frame->coreFrame())
- WebCore::sendCOEPPolicyInheritenceViolation(*frame->coreFrame(), embedderOrigin, endpoint, disposition, type, blockedURL);
-}
-
-void WebPage::sendCOEPCORPViolation(FrameIdentifier frameID, const SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition disposition, FetchOptions::Destination destination, const URL& blockedURL)
-{
- if (auto* frame = WebProcess::singleton().webFrame(frameID); frame && frame->coreFrame())
- WebCore::sendCOEPCORPViolation(*frame->coreFrame(), embedderOrigin, endpoint, disposition, destination, blockedURL);
-}
-
-void WebPage::sendViolationReportWhenNavigatingToCOOPResponse(FrameIdentifier frameID, const CrossOriginOpenerPolicy& coop, COOPDisposition disposition, const URL& coopURL, const URL& previousResponseURL, const SecurityOriginData& coopOrigin, const SecurityOriginData& previousResponseOrigin, const String& referrer, const String& userAgent, const String& reportToHeaderValue)
-{
- if (!reportToHeaderValue.isEmpty())
- WebProcess::singleton().reportingEndpointsCache().addEndpointsFromReportToHeader(coopURL, reportToHeaderValue);
-
- // FIXME: Add the concept of browsing context group like in the specification instead of treating the whole process as a group.
- if (Page::nonUtilityPageCount() <= 1)
- return;
-
- if (auto* frame = WebProcess::singleton().webFrame(frameID); frame && frame->coreFrame())
- WebCore::sendViolationReportWhenNavigatingToCOOPResponse(*frame->coreFrame(), coop, disposition, coopURL, previousResponseURL, coopOrigin.securityOrigin(), previousResponseOrigin.securityOrigin(), referrer, userAgent);
-}
-
-void WebPage::sendViolationReportWhenNavigatingAwayFromCOOPResponse(FrameIdentifier frameID, const CrossOriginOpenerPolicy& coop, COOPDisposition disposition, const URL& coopURL, const URL& nextResponseURL, const SecurityOriginData& coopOrigin, const SecurityOriginData& nextResponseOrigin, bool isCOOPResponseNavigationSource, const String& userAgent)
-{
- // FIXME: Add the concept of browsing context group like in the specification instead of treating the whole process as a group.
- if (Page::nonUtilityPageCount() <= 1)
- return;
-
- if (auto* frame = WebProcess::singleton().webFrame(frameID); frame && frame->coreFrame())
- WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse(*frame->coreFrame(), coop, disposition, coopURL, nextResponseURL, coopOrigin.securityOrigin(), nextResponseOrigin.securityOrigin(), isCOOPResponseNavigationSource, userAgent);
-}
-
void WebPage::enqueueSecurityPolicyViolationEvent(FrameIdentifier frameID, SecurityPolicyViolationEventInit&& eventInit)
{
auto* frame = WebProcess::singleton().webFrame(frameID);
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.h (287692 => 287693)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.h 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.h 2022-01-06 17:21:06 UTC (rev 287693)
@@ -443,10 +443,6 @@
void addConsoleMessage(WebCore::FrameIdentifier, MessageSource, MessageLevel, const String&, std::optional<WebCore::ResourceLoaderIdentifier> = std::nullopt);
void sendCSPViolationReport(WebCore::FrameIdentifier, const URL& reportURL, IPC::FormDataReference&&);
- void sendCOEPPolicyInheritenceViolation(WebCore::FrameIdentifier, const WebCore::SecurityOriginData& embedderOrigin, const String& endpoint, WebCore::COEPDisposition, const String& type, const URL& blockedURL);
- void sendCOEPCORPViolation(WebCore::FrameIdentifier, const WebCore::SecurityOriginData& embedderOrigin, const String& endpoint, WebCore::COEPDisposition, WebCore::FetchOptions::Destination, const URL& blockedURL);
- void sendViolationReportWhenNavigatingToCOOPResponse(WebCore::FrameIdentifier, const WebCore::CrossOriginOpenerPolicy&, WebCore::COOPDisposition, const URL& coopURL, const URL& previousResponseURL, const WebCore::SecurityOriginData& coopOrigin, const WebCore::SecurityOriginData& previousResponseOrigin, const String& referrer, const String& userAgent, const String& reportToHeaderValue);
- void sendViolationReportWhenNavigatingAwayFromCOOPResponse(WebCore::FrameIdentifier, const WebCore::CrossOriginOpenerPolicy&, WebCore::COOPDisposition, const URL& coopURL, const URL& nextResponseURL, const WebCore::SecurityOriginData& coopOrigin, const WebCore::SecurityOriginData& nextResponseOrigin, bool isCOOPResponseNavigationSource, const String& userAgent);
void enqueueSecurityPolicyViolationEvent(WebCore::FrameIdentifier, WebCore::SecurityPolicyViolationEventInit&&);
// -- Called by the DrawingArea.
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in (287692 => 287693)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in 2022-01-06 17:21:06 UTC (rev 287693)
@@ -29,10 +29,6 @@
AddConsoleMessage(WebCore::FrameIdentifier frameID, enum:uint8_t JSC::MessageSource messageSource, enum:uint8_t JSC::MessageLevel messageLevel, String message, std::optional<WebCore::ResourceLoaderIdentifier> requestID)
SendCSPViolationReport(WebCore::FrameIdentifier frameID, URL reportURL, IPC::FormDataReference reportData)
- SendCOEPPolicyInheritenceViolation(WebCore::FrameIdentifier frameID, struct WebCore::SecurityOriginData embedderOrigin, String endpoint, enum:bool WebCore::COEPDisposition disposition, String type, URL blockedURL)
- SendCOEPCORPViolation(WebCore::FrameIdentifier frameID, struct WebCore::SecurityOriginData embedderOrigin, String endpoint, enum:bool WebCore::COEPDisposition disposition, enum:uint8_t WebCore::FetchOptions::Destination destination, URL blockedURL)
- SendViolationReportWhenNavigatingToCOOPResponse(WebCore::FrameIdentifier frameID, struct WebCore::CrossOriginOpenerPolicy coop, enum:bool WebCore::COOPDisposition disposition, URL coopURL, URL previousResponseURL, struct WebCore::SecurityOriginData coopOrigin, struct WebCore::SecurityOriginData previousResponseOrigin, String referrer, String userAgent, String reportToHeaderValue)
- SendViolationReportWhenNavigatingAwayFromCOOPResponse(WebCore::FrameIdentifier frameID, struct WebCore::CrossOriginOpenerPolicy coop, enum:bool WebCore::COOPDisposition disposition, URL coopURL, URL nextResponseURL, struct WebCore::SecurityOriginData coopOrigin, struct WebCore::SecurityOriginData nextResponseOrigin, bool isCOOPResponseNavigationSource, String userAgent)
EnqueueSecurityPolicyViolationEvent(WebCore::FrameIdentifier frameID, struct WebCore::SecurityPolicyViolationEventInit eventInit)
TestProcessIncomingSyncMessagesWhenWaitingForSyncReply() -> (bool handled) Synchronous
Modified: trunk/Source/WebKit/WebProcess/WebProcess.cpp (287692 => 287693)
--- trunk/Source/WebKit/WebProcess/WebProcess.cpp 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebKit/WebProcess/WebProcess.cpp 2022-01-06 17:21:06 UTC (rev 287693)
@@ -126,7 +126,6 @@
#include <WebCore/ProcessWarming.h>
#include <WebCore/RegistrableDomain.h>
#include <WebCore/RemoteCommandListener.h>
-#include <WebCore/ReportingEndpointsCache.h>
#include <WebCore/ResourceLoadStatistics.h>
#include <WebCore/RuntimeApplicationChecks.h>
#include <WebCore/RuntimeEnabledFeatures.h>
@@ -281,7 +280,6 @@
, m_broadcastChannelRegistry(WebBroadcastChannelRegistry::create())
, m_webLockRegistry(RemoteWebLockRegistry::create(*this))
, m_cookieJar(WebCookieJar::create())
- , m_reportingEndpointsCache(ReportingEndpointsCache::create())
, m_dnsPrefetchHystereris([this](PAL::HysteresisState state) { if (state == PAL::HysteresisState::Stopped) m_dnsPrefetchedHosts.clear(); })
, m_nonVisibleProcessGraphicsCleanupTimer(*this, &WebProcess::nonVisibleProcessGraphicsCleanupTimerFired)
#if ENABLE(NON_VISIBLE_WEBPROCESS_MEMORY_CLEANUP_TIMER)
Modified: trunk/Source/WebKit/WebProcess/WebProcess.h (287692 => 287693)
--- trunk/Source/WebKit/WebProcess/WebProcess.h 2022-01-06 17:15:43 UTC (rev 287692)
+++ trunk/Source/WebKit/WebProcess/WebProcess.h 2022-01-06 17:21:06 UTC (rev 287693)
@@ -97,7 +97,6 @@
class CertificateInfo;
class PageGroup;
class RegistrableDomain;
-class ReportingEndpointsCache;
class ResourceRequest;
class UserGestureToken;
@@ -344,7 +343,6 @@
RemoteWebLockRegistry& webLockRegistry() { return m_webLockRegistry.get(); }
WebCookieJar& cookieJar() { return m_cookieJar.get(); }
WebSocketChannelManager& webSocketChannelManager() { return m_webSocketChannelManager; }
- WebCore::ReportingEndpointsCache& reportingEndpointsCache() { return m_reportingEndpointsCache.get(); }
#if PLATFORM(IOS_FAMILY) && !PLATFORM(MACCATALYST)
float backlightLevel() const { return m_backlightLevel; }
@@ -680,7 +678,6 @@
Ref<WebBroadcastChannelRegistry> m_broadcastChannelRegistry;
Ref<RemoteWebLockRegistry> m_webLockRegistry;
Ref<WebCookieJar> m_cookieJar;
- Ref<WebCore::ReportingEndpointsCache> m_reportingEndpointsCache;
WebSocketChannelManager m_webSocketChannelManager;
RefPtr<LibWebRTCNetwork> m_libWebRTCNetwork;
