Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f8332133a12b758485dd348da4c6ed991bde98f5
https://github.com/WebKit/WebKit/commit/f8332133a12b758485dd348da4c6ed991bde98f5
Author: Brent Fulgham <[email protected]>
Date: 2025-06-17 (Tue, 17 Jun 2025)
Changed paths:
A
LayoutTests/http/tests/lockdown-mode/heic-shown-in-lockdown-mode.http-expected.txt
A LayoutTests/http/tests/lockdown-mode/heic-shown-in-lockdown-mode.http.html
A
LayoutTests/http/tests/lockdown-mode/no-heic-in-lockdown-mode.https-expected.txt
A LayoutTests/http/tests/lockdown-mode/no-heic-in-lockdown-mode.https.html
M LayoutTests/platform/glib/TestExpectations
M LayoutTests/platform/mac-wk1/TestExpectations
M LayoutTests/platform/win/TestExpectations
M LayoutTests/platform/wpe/TestExpectations
M Source/WTF/wtf/URL.cpp
M Source/WTF/wtf/URL.h
M Source/WebCore/PAL/pal/cocoa/LockdownModeCocoa.h
M Source/WebCore/PAL/pal/cocoa/LockdownModeCocoa.mm
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/cache/CachedResourceRequest.cpp
M Source/WebCore/loader/cache/CachedResourceRequest.h
M Source/WebCore/platform/graphics/cg/UTIRegistry.mm
M Source/WebKit/UIProcess/API/Cocoa/_WKSystemPreferences.mm
M Source/WebKit/WebProcess/WebProcess.cpp
M Tools/TestRunnerShared/TestFeatures.cpp
M Tools/TestWebKitAPI/Tests/WTF/URL.cpp
M Tools/WebKitTestRunner/TestOptions.h
M Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm
Log Message:
-----------
[Lockdown Mode] Make sure Accept Header matches LDM capabilities
https://bugs.webkit.org/show_bug.cgi?id=293385
<rdar://problem/151333451>
Reviewed by Pascoe.
We recently discovered that in Lockdown Mode WebKit generates an AcceptHeader
containing image
types that are disabled. There is no security issue from this, but it's
annoying to LDM users
who may end up downloading unusable images, etc.
This patch causes the Accept Header logic to check for Lockdown Mode state, and
only emit
relevant types when communicating with a secure server.
This patch also updates WebKitTestRunner with the ability to activate Lockdown
Mode for tests in
the 'lockdown-mode' directory.
It also disambiguates checks for the enablement of the Lockdown Mode feature
from the specific
use of the Lockdown Mode framework, which only exists on some systems at
present. This allows
Open Source builds to activate the feature in WebKit and test it.
Tests:
LayoutTests/http/tests/lockdown-mode/heic-shown-in-lockdown-mode.http.html
LayoutTests/http/tests/lockdown-mode/no-heic-in-lockdown-mode.https.html
* Source/WTF/wtf/PlatformHave.h: Disambiguate the Lockdown Mode feature from
the Lockdown Mode
framework.
* Source/WTF/wtf/URL.cpp:
(WTF::URL::protocolIsSecure const): Added.
* Source/WTF/wtf/URL.h:
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::updateRequestAndAddExtraFields): Pass new argument.
* Source/WebCore/loader/cache/CachedResourceRequest.cpp:
(WebCore::acceptHeaderValueForImageResource): Only send Lockdown-supported
image types
to secure servers when in lockdown mode.
(WebCore::CachedResourceRequest::acceptHeaderValueFromType):
(WebCore::CachedResourceRequest::setAcceptHeaderIfNone):
* Source/WebCore/loader/cache/CachedResourceRequest.h:
* Tools/TestRunnerShared/TestFeatures.cpp:
(WTR::shouldEnableLockdownMode): Add Lockdown Mode test feature.
(WTR::hardcodedFeaturesBasedOnPathForTest): Add check for 'lockdown-mode'
directory.
* Tools/TestWebKitAPI/Tests/WTF/URL.cpp:
(TestWebKitAPI::TEST_F(WTF_URL, ProtocolIsSecure)):
* Tools/WebKitTestRunner/TestOptions.h:
(WTR::TestOptions::lockdownModeEnabled const):
* Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm:
(WTR::TestController::configureWebpagePreferences): Set lockdown mode when
appropriate.
Canonical link: https://commits.webkit.org/296345@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
