Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2745429641071660f77d69c64cd04727ee8e31c5
https://github.com/WebKit/WebKit/commit/2745429641071660f77d69c64cd04727ee8e31c5
Author: Yoav Weiss <[email protected]>
Date: 2025-06-05 (Thu, 05 Jun 2025)
Changed paths:
M LayoutTests/TestExpectations
M
LayoutTests/imported/w3c/web-platform-tests/common/dispatcher/dispatcher.js
A
LayoutTests/imported/w3c/web-platform-tests/common/dispatcher/remote-executor.html
A
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/resources/ran.js
M
LayoutTests/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/remote-context-helper-tests/navigation-bfcache.window-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/reporting/resources/report-helper.js
M
LayoutTests/imported/w3c/web-platform-tests/subresource-integrity/integrity-policy/parsing_type=enforce-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/subresource-integrity/integrity-policy/parsing_type=report-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/subresource-integrity/integrity-policy/script.https-expected.txt
M LayoutTests/platform/mac-wk1/TestExpectations
A
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/subresource-integrity/integrity-policy/script.https-expected.txt
M Source/WebCore/CMakeLists.txt
M Source/WebCore/DerivedSources-input.xcfilelist
M Source/WebCore/DerivedSources-output.xcfilelist
M Source/WebCore/DerivedSources.make
A Source/WebCore/Modules/reporting/IntegrityPolicyViolationReportBody.cpp
A Source/WebCore/Modules/reporting/IntegrityPolicyViolationReportBody.h
A Source/WebCore/Modules/reporting/IntegrityPolicyViolationReportBody.idl
M Source/WebCore/Modules/reporting/ReportingObserver.cpp
M Source/WebCore/Modules/reporting/ViolationReportType.h
M Source/WebCore/Modules/url-pattern/URLPattern.cpp
M Source/WebCore/Modules/webcodecs/WebCodecsVideoDecoder.h
M Source/WebCore/Modules/webdatabase/DatabaseManager.cpp
M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.h
M Source/WebCore/Modules/webtransport/WebTransportDatagramDuplexStream.cpp
M Source/WebCore/Modules/webxr/WebXRBoundedReferenceSpace.cpp
M Source/WebCore/Modules/webxr/WebXRSession.cpp
M Source/WebCore/Sources.txt
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
M Source/WebCore/bindings/js/JSReportBodyCustom.cpp
M Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
M Source/WebCore/dom/SecurityContext.cpp
M Source/WebCore/dom/SecurityContext.h
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentLoader.h
M Source/WebCore/loader/FrameLoader.cpp
A Source/WebCore/loader/IntegrityPolicy.cpp
A Source/WebCore/loader/IntegrityPolicy.h
M Source/WebCore/loader/PingLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
M Source/WebCore/platform/network/HTTPHeaderNames.in
M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Log Message:
-----------
Implement Integrity-Policy for scripts
https://bugs.webkit.org/show_bug.cgi?id=293433
Reviewed by Sam Weinig.
This PR implements the Integrity-Policy header and enforces it on script
destinations.
* LayoutTests/TestExpectations: Deleted expectations for Integrity-Policy tests.
* LayoutTests/imported/w3c/web-platform-tests/common/dispatcher/dispatcher.js:
Imported the latest from WPT.
*
LayoutTests/imported/w3c/web-platform-tests/common/dispatcher/remote-executor.html:
Imported the latest from WPT.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/resources/ran.js:
Imported the latest from WPT.
*
LayoutTests/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/remote-context-helper-tests/navigation-bfcache.window-expected.txt:
Expectation change due to imports.
*
LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt:
Progression due to imports.
*
LayoutTests/imported/w3c/web-platform-tests/reporting/resources/report-helper.js:
(getReport): Ensured that blockedURL also counts towards getting a report.
*
LayoutTests/imported/w3c/web-platform-tests/subresource-integrity/integrity-policy/parsing_type=enforce-expected.txt:
Adjusted expectations.
*
LayoutTests/imported/w3c/web-platform-tests/subresource-integrity/integrity-policy/parsing_type=report-expected.txt:
Adjusted expectations.
*
LayoutTests/imported/w3c/web-platform-tests/subresource-integrity/integrity-policy/script.https-expected.txt:
Adjusted expectations.
*
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/subresource-integrity/integrity-policy/script.https-expected.txt:
Added failing expectation, due to https issues with reporting.
* LayoutTests/platform/mac-wk1/TestExpectations: Set expectations for
reporting-based tests to fail on WK1.
* Source/WebCore/bindings/scripts/CodeGeneratorJS.pm: Include DocumentInlines.h
from JS*Document cpp files.
* Source/WebCore/CMakeLists.txt: Add IntegrityPolicyViolationReportBody.idl
* Source/WebCore/DerivedSources-input.xcfilelist: Add
IntegrityPolicyViolationReportBody.idl
* Source/WebCore/DerivedSources-output.xcfilelist: Add
IntegrityPolicyViolationReportBody.idl
* Source/WebCore/DerivedSources.make: Add IntegrityPolicyViolationReportBody.idl
* Source/WebCore/Headers.cmake: Add IntegrityPolicyViolationReportBody.h
* Source/WebCore/Modules/reporting/IntegrityPolicyViolationReportBody.cpp:
Added.
(WebCore::IntegrityPolicyViolationReportBody::IntegrityPolicyViolationReportBody):
(WebCore::IntegrityPolicyViolationReportBody::create):
(WebCore::IntegrityPolicyViolationReportBody::type const):
(WebCore::IntegrityPolicyViolationReportBody::documentURL const):
(WebCore::IntegrityPolicyViolationReportBody::blockedURL const):
(WebCore::IntegrityPolicyViolationReportBody::destination const):
(WebCore::IntegrityPolicyViolationReportBody::reportOnly const):
* Source/WebCore/Modules/reporting/IntegrityPolicyViolationReportBody.h: Added.
(isType):
* Source/WebCore/Modules/reporting/IntegrityPolicyViolationReportBody.idl:
* Source/WebCore/Modules/reporting/ReportingObserver.cpp:
(WebCore::isVisibleToReportingObservers): Add "integrity-violation" as a
visible observer.
* Source/WebCore/Modules/reporting/ViolationReportType.h: Add IntegrityPolicy
as a report type.
* Source/WebCore/Modules/url-pattern/URLPattern.cpp: Add required header
include.
* Source/WebCore/Modules/webcodecs/WebCodecsVideoDecoder.h: Add required header
include.
* Source/WebCore/Modules/webdatabase/DatabaseManager.cpp: Add required header
include.
* Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.h: Fix C++
safety issues.
* Source/WebCore/Modules/webtransport/WebTransportDatagramDuplexStream.cpp: Add
required header include.
* Source/WebCore/Modules/webxr/WebXRBoundedReferenceSpace.cpp: Add required
header include.
* Source/WebCore/Modules/webxr/WebXRSession.cpp: Add required header include.
* Source/WebCore/Sources.txt: Add IntegrityPolicyViolationReportBody.cpp (and
its JS eq equivalent), and IntegrityPolicy.cpp
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/bindings/js/JSReportBodyCustom.cpp:
(WebCore::toJSNewlyCreated): Add IntegrityViolation handling.
* Source/WebCore/dom/SecurityContext.cpp: Define getters/setters.
(WebCore::SecurityContext::~SecurityContext):
(WebCore::SecurityContext::integrityPolicy const):
(WebCore::SecurityContext::setIntegrityPolicy):
(WebCore::SecurityContext::integrityPolicyReportOnly const):
(WebCore::SecurityContext::setIntegrityPolicyReportOnly):
* Source/WebCore/dom/SecurityContext.h: Add integrityPolicy and
integrityPolicyReportOnly.
(WebCore::SecurityContext::integrityPolicy const):
(WebCore::SecurityContext::setIntegrityPolicy):
(WebCore::SecurityContext::integrityPolicyReportOnly const):
(WebCore::SecurityContext::setIntegrityPolicyReportOnly):
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived): Process the Integrity-Policy
headers.
(WebCore::DocumentLoader::integrityPolicy): Getter impl.
(WebCore::DocumentLoader::integrityPolicyReportOnly): Getter impl.
* Source/WebCore/loader/DocumentLoader.h: Hold unique_ptr for integrityPolicy
and integrityPolicyReportOnly and move them when requested.
(WebCore::DocumentLoader::integrityPolicy):
(WebCore::DocumentLoader::integrityPolicyReportOnly):
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::didBeginDocument): Set integrityPolicy and
integrityPolicyReportOnly on Document.
* Source/WebCore/loader/IntegrityPolicy.cpp: Added.
(WebCore::reportViolation): Report an integrity violation.
(WebCore::processIntegrityPolicy): Parse and process an integrity policy header.
(WebCore::shouldRequestBeBlockedByIntegrityPolicy): Asses if a request should
be blocked due to integrity policy.
* Source/WebCore/loader/IntegrityPolicy.h:
* Source/WebCore/loader/PingLoader.cpp:
(WebCore::PingLoader::sendViolationReport): Add IntegrityPolicy as a violation
report type.
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::canRequest): call
shouldRequestBeBlockedByIntegrityPolicy.
* Source/WebCore/platform/network/HTTPHeaderNames.in: Add Integrity-Policy and
Integrity-Policy-Report-Only headers
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
Canonical link: https://commits.webkit.org/295903@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
