Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d8706351a89a02b79b6d4508f1bfb74325465acf
https://github.com/WebKit/WebKit/commit/d8706351a89a02b79b6d4508f1bfb74325465acf
Author: Timothy Hatcher <[email protected]>
Date: 2023-02-07 (Tue, 07 Feb 2023)
Changed paths:
M Source/WebKit/NetworkProcess/NetworkProcess.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm
Log Message:
-----------
Cross-Origin-Resource-Policy blocks fetch from extensions.
https://webkit.org/b/251858
rdar://103793194
Reviewed by Chris Dumez.
SecurityPolicy was blocking the fetch load due to the
Cross-Origin-Resource-Policy check
in the NetworkProcess. In the WebProcess, SecurityPolicy checks were succeeding
due to the
existing call to SecurityPolicy::allowAccessTo() when parsing the
corsDisablingPatterns.
This step was missing in the NetworkProcess. Now both processes have the same
checks.
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::setCORSDisablingPatterns): Add the pattern to
SecurityPolicy to
match WebPage.cpp's parseAndAllowAccessToCORSDisablingPatterns().
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
(TEST(URLSchemeHandler, DisableCORSAndCORP)): Added.
Canonical link: https://commits.webkit.org/259976@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
