[webkit-changes] [291310] trunk

Tue, 15 Mar 2022 13:31:09 -0700

Title: [291310] trunk
Revision
291310
Author
[email protected]
Date
2022-03-15 13:30:16 -0700 (Tue, 15 Mar 2022)

Log Message

Add initial implementation of Fetch Metadata
https://bugs.webkit.org/show_bug.cgi?id=204744

Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Update expectations for Fetch Metadata.

* web-platform-tests/fetch/metadata/download.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/download.https.sub.html:
* web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any-expected.txt: Added.
* web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any.worker-expected.txt: Added.
* web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt: Added.
* web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt: Added.
* web-platform-tests/fetch/metadata/fetch.sub-expected.txt:
* web-platform-tests/fetch/metadata/font.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/img.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/redirect/cross-site-redirect.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/redirect/multiple-redirect-cross-site.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/script.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/script.sub-expected.txt:
* web-platform-tests/fetch/metadata/serviceworker-accessors.https.sub-expected.txt: Added.
* web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/trailing-dot.https.sub.any-expected.txt: Added.
* web-platform-tests/fetch/metadata/trailing-dot.https.sub.any.worker-expected.txt: Added.
* web-platform-tests/fetch/metadata/unload.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/worker.https.sub-expected.txt:
* web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt:
* web-platform-tests/service-workers/service-worker/update-module-request-mode.https-expected.txt:

Source/WebCore:

Add initial implementation of Fetch Metadata as specified here:
https://w3c.github.io/webappsec-fetch-metadata/

Currently only Fetch-Sec-Mode and Fetch-Sec-Dest are implemented with more
to come in later patches.

Test: http/wpt/fetch/fetch-metadata-same-origin-redirect.html

* loader/CrossOriginAccessControl.cpp:
(WebCore::cleanHTTPRequestHeadersForAccessControl):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::updateHTTPRequestHeaders):
* loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::updateFetchMetadataHeaders):
* loader/cache/CachedResourceRequest.h:
* platform/network/HTTPHeaderNames.in:

Source/WTF:

Add new experimental preference for Fetch Metadata, disabled by default.

* Scripts/Preferences/WebPreferencesExperimental.yaml:

LayoutTests:

Skip fewer of the Fetch Metadata tests. Many still timeout and are still
being worked on.

* TestExpectations:
* http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt: Added.
* http/wpt/fetch/fetch-metadata-same-origin-redirect.html: Added.
* platform/mac-wk1/TestExpectations:
* platform/mac-wk1/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any-expected.txt: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (291309 => 291310)


--- trunk/LayoutTests/ChangeLog	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/ChangeLog	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,3 +1,19 @@
+2022-03-15  Patrick Griffis  <[email protected]>
+
+        Add initial implementation of Fetch Metadata
+        https://bugs.webkit.org/show_bug.cgi?id=204744
+
+        Reviewed by Youenn Fablet.
+
+        Skip fewer of the Fetch Metadata tests. Many still timeout and are still
+        being worked on.
+
+        * TestExpectations:
+        * http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt: Added.
+        * http/wpt/fetch/fetch-metadata-same-origin-redirect.html: Added.
+        * platform/mac-wk1/TestExpectations:
+        * platform/mac-wk1/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any-expected.txt: Added.
+
 2022-03-15  Matteo Flores  <[email protected]>
 
         [ iOS ] ASSERTION FAILED: m_isWaitingForDidUpdateGeometry on accessibility/visible-character-range.html

Modified: trunk/LayoutTests/TestExpectations (291309 => 291310)


--- trunk/LayoutTests/TestExpectations	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/TestExpectations	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1032,7 +1032,6 @@
 
 # Fetch features that are not implemented.
 imported/w3c/web-platform-tests/fetch/corb [ Skip ]
-imported/w3c/web-platform-tests/fetch/metadata/ [ Skip ]
 imported/w3c/web-platform-tests/fetch/sec-metadata [ Skip ]
 
 # These fetch tests time out
@@ -1039,6 +1038,20 @@
 imported/w3c/web-platform-tests/fetch/api/request/destination/fetch-destination.https.html [ Skip ]
 imported/w3c/web-platform-tests/fetch/api/request/destination/fetch-destination-prefetch.https.html [ Skip ]
 imported/w3c/web-platform-tests/fetch/content-type/response.window.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/history.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/object.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/prefetch.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/preload.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/report.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/embed.https.sub.tentative.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/form.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/iframe.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/iframe.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/navigation.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/style.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-http-upgrade.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/window-open.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/redirect/ [ Skip ]
 
 # Not supported
 imported/w3c/web-platform-tests/background-fetch [ Skip ]

Added: trunk/LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt (0 => 291310)


--- trunk/LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,8 @@
+
+
+PASS Same-Origin -> Same-Origin redirect
+PASS undefined: sec-fetch-dest
+PASS undefined: sec-fetch-mode
+FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS undefined: sec-fetch-user
+

Added: trunk/LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect.html (0 => 291310)


--- trunk/LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect.html	                        (rev 0)
+++ trunk/LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect.html	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+
+<link rel="author" href="" title="Maciek Trzos">
+<script src=""
+<script src=""
+<script src=""
+<script src=""
+<body></body>
+<script>
+  let nonce = token();
+
+  promise_test(t => {
+    return new Promise((resolve, reject) => {
+      let key = "redirect-same-origin-same-origin" + nonce;
+
+      let e = document.createElement('img');
+      e.src = "" + key;
+      let expected = {"site":"same-origin", "user":"", "mode": "no-cors", "dest": "image"};
+
+      e._onload_ = e => {
+        validate_expectations(key, expected)
+          .then(_ => resolve())
+          .catch(e => reject(e));
+      };
+      e._onerror_ = e => {
+        validate_expectations(key, expected)
+          .then(_ => resolve())
+          .catch(e => reject(e));
+      };
+
+      document.body.appendChild(e);
+    })
+  }, "Same-Origin -> Same-Origin redirect");
+</script>

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/ChangeLog	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,3 +1,37 @@
+2022-03-15  Patrick Griffis  <[email protected]>
+
+        Add initial implementation of Fetch Metadata
+        https://bugs.webkit.org/show_bug.cgi?id=204744
+
+        Reviewed by Youenn Fablet.
+
+        Update expectations for Fetch Metadata.
+
+        * web-platform-tests/fetch/metadata/download.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/download.https.sub.html:
+        * web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any-expected.txt: Added.
+        * web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any.worker-expected.txt: Added.
+        * web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt: Added.
+        * web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt: Added.
+        * web-platform-tests/fetch/metadata/fetch.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/font.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/img.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/redirect/cross-site-redirect.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/redirect/multiple-redirect-cross-site.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/script.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/script.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/serviceworker-accessors.https.sub-expected.txt: Added.
+        * web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/trailing-dot.https.sub.any-expected.txt: Added.
+        * web-platform-tests/fetch/metadata/trailing-dot.https.sub.any.worker-expected.txt: Added.
+        * web-platform-tests/fetch/metadata/unload.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/worker.https.sub-expected.txt:
+        * web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt:
+        * web-platform-tests/service-workers/service-worker/update-module-request-mode.https-expected.txt:
+
 2022-03-15  Antti Koivisto  <[email protected]>
 
         background-clip:text doesn't work with display:flex

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/download.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/download.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/download.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,4 +1,4 @@
-2720a7fc-88c1-4e47-80fe-d0b64d39369e
+Download URL
 
 PASS localhost -> localhost:9443 download

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/download.https.sub.html (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/download.https.sub.html	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/download.https.sub.html	2022-03-15 20:30:16 UTC (rev 291310)
@@ -12,7 +12,7 @@
       let nonce = token();
       let a = document.createElement('a');
       a.download = '';
-      a.text = nonce;
+      a.text = 'Download URL';
 
       let url = "" + nonce;
       a.href = ""

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any-expected.txt (0 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,5 @@
+Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/echo-as-json.py
+
+FAIL Same-site fetch with preflight promise_test: Unhandled rejection with value: object "TypeError: Load failed"
+FAIL Cross-site fetch with preflight promise_test: Unhandled rejection with value: object "TypeError: URL is not valid or contains user credentials."
+

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any.worker-expected.txt (0 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any.worker-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any.worker-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,5 @@
+Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/echo-as-json.py
+
+FAIL Same-site fetch with preflight promise_test: Unhandled rejection with value: object "TypeError: Load failed"
+FAIL Cross-site fetch with preflight promise_test: Unhandled rejection with value: object "TypeError: URL is not valid or contains user credentials."
+

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,7 +1,7 @@
 
 PASS Sec-Fetch headers after SW fallback
-FAIL undefined: sec-fetch-dest assert_equals: expected "empty" but got ""
-FAIL undefined: sec-fetch-mode assert_equals: expected "no-cors" but got ""
+PASS undefined: sec-fetch-dest
+PASS undefined: sec-fetch-mode
 FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got ""
 PASS undefined: sec-fetch-user

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,7 +1,7 @@
 
 PASS Sec-Fetch headers after SW fallback
-FAIL undefined: sec-fetch-dest assert_equals: expected "empty" but got ""
-FAIL undefined: sec-fetch-mode assert_equals: expected "no-cors" but got ""
+PASS undefined: sec-fetch-dest
+PASS undefined: sec-fetch-mode
 FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got ""
 PASS undefined: sec-fetch-user

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt (0 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,25 @@
+Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/echo-as-json.py
+
+PASS Same-origin fetch
+FAIL Same-site fetch promise_test: Unhandled rejection with value: object "TypeError: Load failed"
+FAIL Cross-site fetch promise_test: Unhandled rejection with value: object "TypeError: URL is not valid or contains user credentials."
+PASS Same-origin mode
+PASS CORS mode
+PASS no-CORS mode
+PASS Same-origin fetch: sec-fetch-dest
+PASS Same-origin fetch: sec-fetch-mode
+FAIL Same-origin fetch: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS Same-origin fetch: sec-fetch-user
+PASS Same-origin mode: sec-fetch-dest
+PASS Same-origin mode: sec-fetch-mode
+FAIL Same-origin mode: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS Same-origin mode: sec-fetch-user
+PASS CORS mode: sec-fetch-dest
+PASS CORS mode: sec-fetch-mode
+FAIL CORS mode: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS CORS mode: sec-fetch-user
+PASS no-CORS mode: sec-fetch-dest
+PASS no-CORS mode: sec-fetch-mode
+FAIL no-CORS mode: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS no-CORS mode: sec-fetch-user
+

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt (0 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,25 @@
+Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/echo-as-json.py
+
+PASS Same-origin fetch
+FAIL Same-site fetch promise_test: Unhandled rejection with value: object "TypeError: Load failed"
+FAIL Cross-site fetch promise_test: Unhandled rejection with value: object "TypeError: URL is not valid or contains user credentials."
+PASS Same-origin mode
+PASS CORS mode
+PASS no-CORS mode
+PASS Same-origin fetch: sec-fetch-dest
+PASS Same-origin fetch: sec-fetch-mode
+FAIL Same-origin fetch: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS Same-origin fetch: sec-fetch-user
+PASS Same-origin mode: sec-fetch-dest
+PASS Same-origin mode: sec-fetch-mode
+FAIL Same-origin mode: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS Same-origin mode: sec-fetch-user
+PASS CORS mode: sec-fetch-dest
+PASS CORS mode: sec-fetch-mode
+FAIL CORS mode: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS CORS mode: sec-fetch-user
+PASS no-CORS mode: sec-fetch-dest
+PASS no-CORS mode: sec-fetch-mode
+FAIL no-CORS mode: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS no-CORS mode: sec-fetch-user
+

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,12 +1,12 @@
 
 PASS http->https fetch (cross-scheme => cross-site)
 PASS http->http fetch (non-trustworthy destination => no metadata)
-FAIL http->https fetch (cross-scheme => cross-site): sec-fetch-dest assert_equals: expected "empty" but got ""
-FAIL http->https fetch (cross-scheme => cross-site): sec-fetch-mode assert_equals: expected "cors" but got ""
+PASS http->https fetch (cross-scheme => cross-site): sec-fetch-dest
+PASS http->https fetch (cross-scheme => cross-site): sec-fetch-mode
 FAIL http->https fetch (cross-scheme => cross-site): sec-fetch-site assert_equals: expected "cross-site" but got ""
 PASS http->https fetch (cross-scheme => cross-site): sec-fetch-user
-PASS http->http fetch (non-trustworthy destination => no metadata): sec-fetch-dest
-PASS http->http fetch (non-trustworthy destination => no metadata): sec-fetch-mode
+FAIL http->http fetch (non-trustworthy destination => no metadata): sec-fetch-dest assert_equals: expected "" but got "empty"
+FAIL http->http fetch (non-trustworthy destination => no metadata): sec-fetch-mode assert_equals: expected "" but got "cors"
 PASS http->http fetch (non-trustworthy destination => no metadata): sec-fetch-site
 PASS http->http fetch (non-trustworthy destination => no metadata): sec-fetch-user

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/font.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/font.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/font.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,5 +1,4 @@
 Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/record-header.py?file=font-same-site
-Blocked access to external URL https://www.127.0.0.1:9443/fetch/metadata/resources/record-header.py?file=font-cross-site
 1
 2
 3
@@ -7,8 +6,8 @@
 PASS Same-Origin font
 FAIL Same-Site font assert_not_equals: got disallowed value "No header has been recorded"
 FAIL Cross-Site font assert_not_equals: got disallowed value "No header has been recorded"
-FAIL Same-Origin font: sec-fetch-dest assert_equals: expected "font" but got ""
-FAIL Same-Origin font: sec-fetch-mode assert_equals: expected "cors" but got ""
+PASS Same-Origin font: sec-fetch-dest
+FAIL Same-Origin font: sec-fetch-mode assert_equals: expected "cors" but got "no-cors"
 FAIL Same-Origin font: sec-fetch-site assert_equals: expected "same-origin" but got ""
 PASS Same-Origin font: sec-fetch-user

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/img.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/img.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/img.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,12 +1,11 @@
 Blocked access to external URL https://www.localhost:9443/common/security-features/subresource/image.py
-Blocked access to external URL https://www.127.0.0.1:9443/common/security-features/subresource/image.py
 
 
 PASS Same-origin image
 FAIL Same-site image promise_test: Unhandled rejection with value: object "[object Event]"
 FAIL Cross-site image promise_test: Unhandled rejection with value: object "[object Event]"
-FAIL Same-origin image: sec-fetch-dest assert_equals: expected (string) "image" but got (undefined) undefined
-FAIL Same-origin image: sec-fetch-mode assert_equals: expected (string) "cors" but got (undefined) undefined
+PASS Same-origin image: sec-fetch-dest
+PASS Same-origin image: sec-fetch-mode
 FAIL Same-origin image: sec-fetch-site assert_equals: expected (string) "same-origin" but got (undefined) undefined
 PASS Same-origin image: sec-fetch-user

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/cross-site-redirect.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/cross-site-redirect.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/cross-site-redirect.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,6 +1,3 @@
-Blocked access to external URL https://www.127.0.0.1:9443/xhr/resources/redirect.py?location=https://localhost:9443/fetch/metadata/resources/record-header.py?file=redirect-cross-site-same-origine77b7cb2-bb1b-4bb1-8937-21f880b6d953
-Blocked access to external URL https://www.127.0.0.1:9443/xhr/resources/redirect.py?location=https://www.localhost:9443/fetch/metadata/resources/record-header.py?file=redirect-cross-site-same-sitee77b7cb2-bb1b-4bb1-8937-21f880b6d953
-Blocked access to external URL https://www.127.0.0.1:9443/xhr/resources/redirect.py?location=https://www.127.0.0.1:9443/fetch/metadata/resources/record-header.py?file=redirect-cross-site-cross-sitee77b7cb2-bb1b-4bb1-8937-21f880b6d953
 
 
 FAIL Cross-Site -> Same-Origin redirect assert_not_equals: got disallowed value "No header has been recorded"

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-cross-site.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-cross-site.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-cross-site.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,7 +1,4 @@
-Blocked access to external URL https://www.127.0.0.1:9443/xhr/resources/redirect.py?location=https://localhost:9443/fetch/metadata/resources/record-header.py?file=redirect-multiple-cross-site5a40eb3c-96ac-49ec-83f5-4d063da69516
 
 
-Harness Error (TIMEOUT), message = null
+FAIL Same-Origin -> Cross-Site -> Same-Origin redirect assert_not_equals: got disallowed value "No header has been recorded"
 
-TIMEOUT Same-Origin -> Cross-Site -> Same-Origin redirect Test timed out
-

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,11 +1,9 @@
 Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/echo-as-script.py
-Blocked access to external URL https://www.127.0.0.1:9443/fetch/metadata/resources/echo-as-script.py
 Blocked access to external URL https://www.localhost:9443/fetch/metadata/resources/echo-as-script.py
-Blocked access to external URL https://www.127.0.0.1:9443/fetch/metadata/resources/echo-as-script.py
 
 PASS Same-origin script
-FAIL Same-origin script: sec-fetch-dest assert_equals: expected "script" but got ""
-FAIL Same-origin script: sec-fetch-mode assert_equals: expected "no-cors" but got ""
+PASS Same-origin script: sec-fetch-dest
+PASS Same-origin script: sec-fetch-mode
 FAIL Same-origin script: sec-fetch-site assert_equals: expected "same-origin" but got ""
 PASS Same-origin script: sec-fetch-user
 PASS Same-site script
@@ -19,8 +17,8 @@
 FAIL Cross-site script: sec-fetch-site null is not an object (evaluating 'value.site')
 FAIL Cross-site script: sec-fetch-user null is not an object (evaluating 'value.user')
 PASS Same-origin CORS script
-FAIL Same-origin CORS script: sec-fetch-dest assert_equals: expected "script" but got ""
-FAIL Same-origin CORS script: sec-fetch-mode assert_equals: expected "cors" but got ""
+PASS Same-origin CORS script: sec-fetch-dest
+PASS Same-origin CORS script: sec-fetch-mode
 FAIL Same-origin CORS script: sec-fetch-site assert_equals: expected "same-origin" but got ""
 PASS Same-origin CORS script: sec-fetch-user

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,11 +1,9 @@
 Blocked access to external URL http://www.localhost:8800/fetch/metadata/resources/echo-as-script.py
-Blocked access to external URL http://www.127.0.0.1:8800/fetch/metadata/resources/echo-as-script.py
 Blocked access to external URL http://www.localhost:8800/fetch/metadata/resources/echo-as-script.py
-Blocked access to external URL http://www.127.0.0.1:8800/fetch/metadata/resources/echo-as-script.py
 
 PASS Non-secure same-origin script => No headers
-PASS Non-secure same-origin script => No headers: sec-fetch-dest
-PASS Non-secure same-origin script => No headers: sec-fetch-mode
+FAIL Non-secure same-origin script => No headers: sec-fetch-dest assert_equals: expected "" but got "script"
+FAIL Non-secure same-origin script => No headers: sec-fetch-mode assert_equals: expected "" but got "no-cors"
 PASS Non-secure same-origin script => No headers: sec-fetch-site
 PASS Non-secure same-origin script => No headers: sec-fetch-user
 PASS Non-secure same-site script => No headers

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker-accessors.https.sub-expected.txt (0 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker-accessors.https.sub-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker-accessors.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,7 @@
+
+PASS Sec-Fetch headers in Service Worker fetch handler.
+PASS undefined: sec-fetch-dest
+PASS undefined: sec-fetch-mode
+PASS undefined: sec-fetch-site
+PASS undefined: sec-fetch-user
+

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,11 +1,11 @@
 
 PASS metadata for service worker scripts
-FAIL Register service worker: sec-fetch-dest assert_equals: expected "serviceworker" but got ""
-FAIL Register service worker: sec-fetch-mode assert_equals: expected "same-origin" but got ""
+PASS Register service worker: sec-fetch-dest
+PASS Register service worker: sec-fetch-mode
 FAIL Register service worker: sec-fetch-site assert_equals: expected "same-origin" but got ""
 PASS Register service worker: sec-fetch-user
-FAIL Update service worker: sec-fetch-dest assert_equals: expected "serviceworker" but got ""
-FAIL Update service worker: sec-fetch-mode assert_equals: expected "same-origin" but got ""
+PASS Update service worker: sec-fetch-dest
+PASS Update service worker: sec-fetch-mode
 FAIL Update service worker: sec-fetch-site assert_equals: expected "same-origin" but got ""
 PASS Update service worker: sec-fetch-user

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,4 +1,7 @@
 
-Harness Error (FAIL), message = TypeError: null is not an object (evaluating 'sharedWorker.port.start')
+PASS Same-Origin sharedworker
+PASS undefined: sec-fetch-dest
+PASS undefined: sec-fetch-mode
+FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS undefined: sec-fetch-user
 
-

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/trailing-dot.https.sub.any-expected.txt (0 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/trailing-dot.https.sub.any-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/trailing-dot.https.sub.any-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,7 @@
+Blocked access to external URL https://localhost.:9443/fetch/metadata/resources/echo-as-json.py
+Blocked access to external URL https://www.localhost.:9443/fetch/metadata/resources/echo-as-json.py
+
+FAIL Fetching a resource from the same origin, but spelled with a trailing dot. promise_test: Unhandled rejection with value: object "TypeError: Load failed"
+FAIL Fetching a resource from the same site, but spelled with a trailing dot. promise_test: Unhandled rejection with value: object "TypeError: Load failed"
+FAIL Fetching a resource from a cross-site host, spelled with a trailing dot. promise_test: Unhandled rejection with value: object "TypeError: URL is not valid or contains user credentials."
+

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/trailing-dot.https.sub.any.worker-expected.txt (0 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/trailing-dot.https.sub.any.worker-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/trailing-dot.https.sub.any.worker-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,7 @@
+Blocked access to external URL https://localhost.:9443/fetch/metadata/resources/echo-as-json.py
+Blocked access to external URL https://www.localhost.:9443/fetch/metadata/resources/echo-as-json.py
+
+FAIL Fetching a resource from the same origin, but spelled with a trailing dot. promise_test: Unhandled rejection with value: object "TypeError: Load failed"
+FAIL Fetching a resource from the same site, but spelled with a trailing dot. promise_test: Unhandled rejection with value: object "TypeError: Load failed"
+FAIL Fetching a resource from a cross-site host, spelled with a trailing dot. promise_test: Unhandled rejection with value: object "TypeError: URL is not valid or contains user credentials."
+

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,8 +1,8 @@
 
 
 PASS Fetch from an unload handler
-FAIL undefined: sec-fetch-dest assert_equals: expected "empty" but got ""
-FAIL undefined: sec-fetch-mode assert_equals: expected "no-cors" but got ""
+PASS undefined: sec-fetch-dest
+PASS undefined: sec-fetch-mode
 FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got ""
 PASS undefined: sec-fetch-user

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/worker.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/worker.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/worker.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,7 +1,7 @@
 
 PASS Same-Origin worker
-FAIL undefined: sec-fetch-dest assert_equals: expected "worker" but got ""
-FAIL undefined: sec-fetch-mode assert_equals: expected "same-origin" but got ""
+PASS undefined: sec-fetch-dest
+PASS undefined: sec-fetch-mode
 FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got ""
 PASS undefined: sec-fetch-user

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,7 +1,7 @@
 
 PASS Same-Origin xslt
-FAIL undefined: sec-fetch-dest assert_equals: expected "xslt" but got ""
-FAIL undefined: sec-fetch-mode assert_equals: expected "same-origin" but got ""
+PASS undefined: sec-fetch-dest
+PASS undefined: sec-fetch-mode
 FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got ""
 PASS undefined: sec-fetch-user

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/update-module-request-mode.https-expected.txt (291309 => 291310)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/update-module-request-mode.https-expected.txt	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/update-module-request-mode.https-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,3 +1,3 @@
 
-FAIL headers of a main module script assert_equals: expected (string) "same-origin" but got (undefined) undefined
+PASS headers of a main module script

Modified: trunk/LayoutTests/platform/mac-wk1/TestExpectations (291309 => 291310)


--- trunk/LayoutTests/platform/mac-wk1/TestExpectations	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/LayoutTests/platform/mac-wk1/TestExpectations	2022-03-15 20:30:16 UTC (rev 291310)
@@ -542,6 +542,12 @@
 imported/w3c/web-platform-tests/eventsource/eventsource-constructor-url-bogus.any.serviceworker.html [ Skip ]
 imported/w3c/web-platform-tests/fetch/api/request/destination [ Skip ]
 imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any.worker.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/serviceworker-accessors.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/serviceworker.https.sub.html
+imported/w3c/web-platform-tests/fetch/metadata/sharedworker.https.sub.html [ Skip ]
 imported/w3c/web-platform-tests/fetch/range/sw.https.window.html [ Skip ]
 imported/w3c/web-platform-tests/server-timing/service_worker_idl.html [ Skip ]
 imported/w3c/web-platform-tests/push-api [ Skip ]
@@ -752,6 +758,10 @@
 fast/scrolling/sync-scroll-overscroll-behavior-iframe.html [ Skip ]
 fast/scrolling/sync-scroll-overscroll-behavior-unscrollable-iframe.html [ Skip ]
 
+# Fetch tests that only timeout in WK1.
+imported/w3c/web-platform-tests/fetch/metadata/download.https.sub.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub.html [ Skip ]
+
 ### END OF (2) Failures without bug reports
 ########################################

Added: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any-expected.txt (0 => 291310)


--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fetch/metadata/fetch-preflight.https.sub.any-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,4 @@
+
+FAIL Same-site fetch with preflight promise_test: Unhandled rejection with value: object "TypeError: Load failed"
+FAIL Cross-site fetch with preflight promise_test: Unhandled rejection with value: object "TypeError: URL is not valid or contains user credentials."
+

Copied: trunk/LayoutTests/platform/win/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt (from rev 291309, trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub-expected.txt) (0 => 291310)


--- trunk/LayoutTests/platform/win/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/win/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt	2022-03-15 20:30:16 UTC (rev 291310)
@@ -0,0 +1,8 @@
+
+
+PASS Same-Origin -> Same-Origin redirect
+FAIL undefined: sec-fetch-dest assert_equals: expected "image" but got ""
+FAIL undefined: sec-fetch-mode assert_equals: expected "no-cors" but got ""
+FAIL undefined: sec-fetch-site assert_equals: expected "same-origin" but got ""
+PASS undefined: sec-fetch-user
+

Modified: trunk/Source/WTF/ChangeLog (291309 => 291310)


--- trunk/Source/WTF/ChangeLog	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/Source/WTF/ChangeLog	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,3 +1,14 @@
+2022-03-15  Patrick Griffis  <[email protected]>
+
+        Add initial implementation of Fetch Metadata
+        https://bugs.webkit.org/show_bug.cgi?id=204744
+
+        Reviewed by Youenn Fablet.
+
+        Add new experimental preference for Fetch Metadata, disabled by default.
+
+        * Scripts/Preferences/WebPreferencesExperimental.yaml:
+
 2022-03-15  Philippe Normand  <[email protected]>
 
         Unreviewed, CMake Debug build fix attempt after 248407@main

Modified: trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml (291309 => 291310)


--- trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml	2022-03-15 20:30:16 UTC (rev 291310)
@@ -537,6 +537,18 @@
     WebKit:
       default: true
 
+FetchMetadataEnabled:
+  type: bool
+  humanReadableName: "Fetch Metadata"
+  humanReadableDescription: "Enable Fetch Metadata headers"
+  defaultValue:
+    WebCore:
+      default: false
+    WebKit:
+      default: false
+    WebKitLegacy:
+      default: false
+
 FileSystemAccessEnabled:
   type: bool
   humanReadableName: "File System Access API"

Modified: trunk/Source/WebCore/ChangeLog (291309 => 291310)


--- trunk/Source/WebCore/ChangeLog	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/Source/WebCore/ChangeLog	2022-03-15 20:30:16 UTC (rev 291310)
@@ -1,3 +1,27 @@
+2022-03-15  Patrick Griffis  <[email protected]>
+
+        Add initial implementation of Fetch Metadata
+        https://bugs.webkit.org/show_bug.cgi?id=204744
+
+        Reviewed by Youenn Fablet.
+
+        Add initial implementation of Fetch Metadata as specified here:
+        https://w3c.github.io/webappsec-fetch-metadata/
+
+        Currently only Fetch-Sec-Mode and Fetch-Sec-Dest are implemented with more
+        to come in later patches.
+
+        Test: http/wpt/fetch/fetch-metadata-same-origin-redirect.html
+
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::cleanHTTPRequestHeadersForAccessControl):
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::updateHTTPRequestHeaders):
+        * loader/cache/CachedResourceRequest.cpp:
+        (WebCore::CachedResourceRequest::updateFetchMetadataHeaders):
+        * loader/cache/CachedResourceRequest.h:
+        * platform/network/HTTPHeaderNames.in:
+
 2022-03-15  Zan Dobersek  <[email protected]>
 
         REGRESSION(r291270): Changes need better build-time guards

Modified: trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp (291309 => 291310)


--- trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp	2022-03-15 20:30:16 UTC (rev 291310)
@@ -216,6 +216,8 @@
         request.clearHTTPAcceptEncoding();
     if (!headersToKeep.contains(HTTPHeadersToKeepFromCleaning::CacheControl))
         request.removeHTTPHeaderField(HTTPHeaderName::CacheControl);
+    request.removeHTTPHeaderField(HTTPHeaderName::SecFetchDest);
+    request.removeHTTPHeaderField(HTTPHeaderName::SecFetchMode);
 }
 
 CrossOriginAccessControlCheckDisabler& CrossOriginAccessControlCheckDisabler::singleton()

Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (291309 => 291310)


--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp	2022-03-15 20:30:16 UTC (rev 291310)
@@ -790,11 +790,13 @@
 
 void CachedResourceLoader::updateHTTPRequestHeaders(FrameLoader& frameLoader, CachedResource::Type type, CachedResourceRequest& request)
 {
-    // Implementing steps 7 to 12 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
+    // Implementing steps 11 to 19 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch as of 22 Feb 2022.
 
     // FIXME: We should reconcile handling of MainResource with other resources.
     if (type != CachedResource::Type::MainResource)
         request.updateReferrerAndOriginHeaders(frameLoader);
+    if (frameLoader.frame().settings().fetchMetadataEnabled())
+        request.updateFetchMetadataHeaders();
     request.updateUserAgentHeader(frameLoader);
 
     request.updateAccordingCacheMode();

Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp (291309 => 291310)


--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp	2022-03-15 20:30:16 UTC (rev 291310)
@@ -41,6 +41,10 @@
 
 namespace WebCore {
 
+// Created by binding generator.
+String convertEnumerationToString(FetchOptions::Destination);
+String convertEnumerationToString(FetchOptions::Mode);
+
 CachedResourceRequest::CachedResourceRequest(ResourceRequest&& resourceRequest, const ResourceLoaderOptions& options, std::optional<ResourceLoadPriority> priority, String&& charset)
     : m_resourceRequest(WTFMove(resourceRequest))
     , m_charset(WTFMove(charset))
@@ -250,6 +254,20 @@
     FrameLoader::addHTTPOriginIfNeeded(m_resourceRequest, outgoingOrigin);
 }
 
+void CachedResourceRequest::updateFetchMetadataHeaders()
+{
+    // Implementing step 13 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch as of 22 Feb 2022
+    // https://w3c.github.io/webappsec-fetch-metadata/#fetch-integration
+    auto requestOrigin = SecurityOrigin::create(m_resourceRequest.url());
+    if (!requestOrigin->isPotentiallyTrustworthy())
+        return;
+
+    // The Fetch IDL documents this as "" while FetchMetadata expects "empty", otherwise they match.
+    String destinationString = m_options.destination == FetchOptions::Destination::EmptyString ? "empty"_s : convertEnumerationToString(m_options.destination);
+    m_resourceRequest.setHTTPHeaderField(HTTPHeaderName::SecFetchDest, WTFMove(destinationString));
+    m_resourceRequest.setHTTPHeaderField(HTTPHeaderName::SecFetchMode, convertEnumerationToString(m_options.mode));
+}
+
 void CachedResourceRequest::updateUserAgentHeader(FrameLoader& frameLoader)
 {
     frameLoader.applyUserAgentIfNeeded(m_resourceRequest);

Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.h (291309 => 291310)


--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.h	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.h	2022-03-15 20:30:16 UTC (rev 291310)
@@ -78,6 +78,7 @@
 
     void updateForAccessControl(Document&);
 
+    void updateFetchMetadataHeaders();
     void updateReferrerPolicy(ReferrerPolicy);
     void updateReferrerAndOriginHeaders(FrameLoader&);
     void updateUserAgentHeader(FrameLoader&);

Modified: trunk/Source/WebCore/platform/network/HTTPHeaderNames.in (291309 => 291310)


--- trunk/Source/WebCore/platform/network/HTTPHeaderNames.in	2022-03-15 20:09:33 UTC (rev 291309)
+++ trunk/Source/WebCore/platform/network/HTTPHeaderNames.in	2022-03-15 20:30:16 UTC (rev 291310)
@@ -84,6 +84,8 @@
 Referrer-Policy
 Refresh
 Report-To
+Sec-Fetch-Dest
+Sec-Fetch-Mode
 Sec-WebSocket-Accept
 Sec-WebSocket-Extensions
 Sec-WebSocket-Key

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to