Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: ecefed4aedd09fb161101c151d7b1faab025174e
https://github.com/WebKit/WebKit/commit/ecefed4aedd09fb161101c151d7b1faab025174e
Author: Youenn Fablet <[email protected]>
Date: 2024-01-25 (Thu, 25 Jan 2024)
Changed paths:
M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/HSTS.mm
Log Message:
-----------
HSTS not partitioned for Fetch (according to privacytests.org)
rdar://119047103
Reviewed by Alex Christensen.
When downgrading in WKNetworkSessionDelegate to not use HSTS, we were
downgrading by creating the downgraded request and triggering a synthetic
redirection.
Fetch is exposing whether a redirection is done via Response.redirected, and
this includes synthetic redirections.
This allows a web page to query the HSTS global cache.
To prevent this, we directly downgrade the request and continue the load with
the downgraded request.
We do not need the synthetic redirection since the downgraded request should be
exactly the same as the initial request.
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(downgradeRequest):
(-[WKNetworkSessionDelegate
URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate
URLSession:task:_schemeUpgraded:completionHandler:]):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/HSTS.mm:
(TestWebKitAPI::TEST):
Originally-landed-as: 267815.612@safari-7617-branch (61598c9bb40b).
rdar://121480873
Canonical link: https://commits.webkit.org/273503@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
