[webkit-changes] [WebKit/WebKit] b632f9: [CSP] Implement prefetch-src directive

Mon, 17 Oct 2022 14:37:27 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: b632f9d274f316c51291f608c024595ea3f3fad6
      
https://github.com/WebKit/WebKit/commit/b632f9d274f316c51291f608c024595ea3f3fad6
  Author: Ryan Reno <[email protected]>
  Date:   2022-10-17 (Mon, 17 Oct 2022)

  Changed paths:
    A 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed-expected.txt
    A 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed.html
    A 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default-expected.txt
    A 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default.html
    A 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-expected.txt
    A 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked.html
    A 
LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed-expected.txt
    A 
LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default-expected.txt
    A 
LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-expected.txt
    M Source/WebCore/loader/LinkLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicy.h
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h

  Log Message:
  -----------
  [CSP] Implement prefetch-src directive
https://bugs.webkit.org/show_bug.cgi?id=185070
rdar://problem/39821187

Reviewed by Brent Fulgham.

Implement the prefetch-src CSP directive. <link rel=prefetch> is behind a 
runtime flag. If a
user chooses to enable LinkPrefetch then the prefetch-src directive will apply 
to any resources
that may be prefetched. In the default case, we can parse the directive but 
will not take any
action since we won't perform prefetches.

* LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src:
    These tests mirror the same behavior being tested by the WPT suite but 
since we don't support onload/onerror events
    for prefetched link resources we need to use our own test infrastructure to 
cover this behavior.
* 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed-expected.txt:
 Added.
* 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed.html:
 Added.
* 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default-expected.txt:
 Added.
* 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default.html:
 Added.
* 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-expected.txt:
 Added.
* 
LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked.html:
 Added.

* 
LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed-expected.txt:
 Added.
* 
LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default-expected.txt:
 Added.
* 
LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-expected.txt:
 Added.

* Source/WebCore/loader/LinkLoader.cpp:
(WebCore::LinkLoader::prefetchIfNeeded):
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::allowedByContentSecurityPolicy const):
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowPrefetchFromSource const):
* Source/WebCore/page/csp/ContentSecurityPolicy.h:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForPrefetch 
const):
(WebCore::ContentSecurityPolicyDirectiveList::addDirective):
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.cpp:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h:

Canonical link: https://commits.webkit.org/255653@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to