[webkit-changes] [WebKit/WebKit] 3479e4: NetworkResourceLoader::isMainFrameLoad() should be...

Tue, 19 Dec 2023 15:29:52 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 3479e44a7b3628dd55a1df3a7f5b7919be913f6e
      
https://github.com/WebKit/WebKit/commit/3479e44a7b3628dd55a1df3a7f5b7919be913f6e
  Author: Alex Christensen <[email protected]>
  Date:   2023-12-19 (Tue, 19 Dec 2023)

  Changed paths:
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
    M 
Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm
    M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm

  Log Message:
  -----------
  NetworkResourceLoader::isMainFrameLoad() should be correct with site 
isolation enabled
https://bugs.webkit.org/show_bug.cgi?id=266658

Reviewed by Pascoe.

frameAncestorOrigins was empty so isMainFrameLoad() was incorrectly returning 
true for
non-main frames, causing them not to commit loads if cross-origin-opener-policy 
header
fields were present in the response of an iframe.  Normally,
NetworkResourceLoader::doCrossOriginOpenerHandlingOfResponse would return early 
because
it wasn't a main frame load.  That happens again after this PR.
Since a web content process shouldn't know the origins of ancestor frames that 
aren't
same-site, I add nullptr to the Vector<RefPtr<SecurityOrigin>> if I encounter a 
RemoteFrame
in the tree ancestry.  I added a few previously-unneeded null checks to prevent 
it from
crashing.

* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::checkFrameAncestors):
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::shouldInterruptLoadForXFrameOptions):
* 
Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm:
(WebKit::SubFrameSOAuthorizationSession::shouldInterruptLoadForXFrameOptions):
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm:
(TestWebKitAPI::TEST):

Canonical link: https://commits.webkit.org/272306@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to