[webkit-changes] [WebKit/WebKit] 3a8c83: CORS for Web Extension pages should respect grante...

Fri, 15 Nov 2024 13:16:28 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 3a8c831bd7998e484a95f83fc3dd2d13bace4be1
      
https://github.com/WebKit/WebKit/commit/3a8c831bd7998e484a95f83fc3dd2d13bace4be1
  Author: Timothy Hatcher <[email protected]>
  Date:   2024-11-15 (Fri, 15 Nov 2024)

  Changed paths:
    M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
    M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
    M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm
    M Source/WebKit/UIProcess/Extensions/WebExtensionContext.h
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm

  Log Message:
  -----------
  CORS for Web Extension pages should respect granted per-site permissions.
https://webkit.org/b/278590
rdar://102912898

Reviewed by Brian Weinstein.

Only give CORS pattern exceptions for granted permission match patterns, not 
all requested
match patterns.

To mitigate the risk of extension breakage caused by access control errors in 
Fetch and
XHR requests, we will proactively monitor such failures and prompt the user for 
permission
to the affected URL. Although the initial request will still fail, subsequent 
requests
will be successful if the user grants the necessary permission.

* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _corsDisablingPatterns]): Added.
(-[WKWebView _setCORSDisablingPatterns:]): Added.
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h:
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm:
(WebKit::WebExtensionContext::permissionsDidChange): Call 
updateCORSDisablingPatternsOnAllExtensionPages().
(WebKit::WebExtensionContext::requestPermissionMatchPatterns): Null check 
completionHandler.
(WebKit::WebExtensionContext::requestPermissionToAccessURLs): Ditto.
(WebKit::WebExtensionContext::resourceLoadDidCompleteWithError): Prompt for 
permission and log error.
(WebKit::WebExtensionContext::corsDisablingPatterns): Use granted match 
patterns.
(WebKit::WebExtensionContext::updateCORSDisablingPatternsOnAllExtensionPages): 
Added.
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIPermissions.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, 
CORSUsingFetchWithPermissions)): Added.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, 
CORSUsingFetchWithoutPermissions)): Added.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, 
CORSUsingFetchWithoutGrantingPermission)): Added.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, 
CORSUsingXHRWithPermissions)): Added.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, 
CORSUsingXHRWithoutPermissions)): Added.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, 
CORSUsingXHRWithoutGrantingPermission)): Added.
(TestWebKitAPI::TEST(WKWebExtensionAPIPermissions, CORS)): Deleted.

Canonical link: https://commits.webkit.org/286651@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to