Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a99b31fcfb61f1cc4c28ae2b8075e0a5c289461a
https://github.com/WebKit/WebKit/commit/a99b31fcfb61f1cc4c28ae2b8075e0a5c289461a
Author: Sihui Liu <[email protected]>
Date: 2024-05-10 (Fri, 10 May 2024)
Changed paths:
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/FrameLoader.h
Log Message:
-----------
[Site Isolation] FrameLoader::loadURL should update request before sending it
to remote target frame
https://bugs.webkit.org/show_bug.cgi?id=273845
rdar://127698349
Reviewed by Alex Christensen.
Test
http/tests/cookies/same-site/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page.html
fails
with site isolation on because same-site cookies are unexpectedly included in
network request initiated by third-party
frame. The cause is ResourceRequest sent to remote target frame does not have
correct samesite and topsite information.
To fix this, update request with extra information before sending it to remote
frame.
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadURL):
(WebCore::FrameLoader::updateRequestAndAddExtraFields):
* Source/WebCore/loader/FrameLoader.h:
Canonical link: https://commits.webkit.org/278640@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
