[webkit-changes] [WebKit/WebKit] deeefb: Incorrect Sec-Fetch-Site values on sandboxed iframes

Sun, 16 Jun 2024 23:38:29 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: deeefb52b7fdf76d21c9d747106deb3045e14119
      
https://github.com/WebKit/WebKit/commit/deeefb52b7fdf76d21c9d747106deb3045e14119
  Author: Youenn Fablet <[email protected]>
  Date:   2024-06-16 (Sun, 16 Jun 2024)

  Changed paths:
    A LayoutTests/http/wpt/fetch/fetch-metadata-for-sandbox-iframes-expected.txt
    A 
LayoutTests/http/wpt/fetch/fetch-metadata-for-sandbox-iframes-reuse-expected.txt
    A LayoutTests/http/wpt/fetch/fetch-metadata-for-sandbox-iframes-reuse.html
    A LayoutTests/http/wpt/fetch/fetch-metadata-for-sandbox-iframes.html
    A LayoutTests/http/wpt/fetch/resources/sec-fetch-site.py
    M Source/WebCore/loader/SubresourceLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.h

  Log Message:
  -----------
  Incorrect Sec-Fetch-Site values on sandboxed iframes
https://bugs.webkit.org/show_bug.cgi?id=260284
rdar://114340186

Reviewed by Brady Eidson.

For navigation loads, we were always using the frame origin to compute 
sec-fetch-site.
This does not work for initial iframe loads, since the load is made on behalf 
of the context that created the iframe.
For navigation loads, we are now reyling on the requester origin info from the 
document loader if available.

* LayoutTests/http/wpt/fetch/fetch-metadata-for-sandbox-iframes-expected.txt: 
Added.
* 
LayoutTests/http/wpt/fetch/fetch-metadata-for-sandbox-iframes-reuse-expected.txt:
 Added.
* LayoutTests/http/wpt/fetch/fetch-metadata-for-sandbox-iframes-reuse.html: 
Added.
* LayoutTests/http/wpt/fetch/fetch-metadata-for-sandbox-iframes.html: Added.
* LayoutTests/http/wpt/fetch/resources/sec-fetch-site.py: Added.
(main):
* Source/WebCore/loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::SubresourceLoader):
(WebCore::SubresourceLoader::willSendRequestInternal):
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::convertEnumerationToString):
(WebCore::computeFetchMetadataSiteInternal):
(WebCore::CachedResourceLoader::computeFetchMetadataSite):
(WebCore::CachedResourceLoader::computeFetchMetadataSiteAfterRedirection):
(WebCore::CachedResourceLoader::updateHTTPRequestHeaders):
* Source/WebCore/loader/cache/CachedResourceLoader.h:

Canonical link: https://commits.webkit.org/280065@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to