Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: bd3009db79e1a9bc7b0bc40065872aae8653b485
https://github.com/WebKit/WebKit/commit/bd3009db79e1a9bc7b0bc40065872aae8653b485
Author: Ruthvik Konda <[email protected]>
Date: 2025-10-05 (Sun, 05 Oct 2025)
Changed paths:
M LayoutTests/TestExpectations
A
LayoutTests/http/tests/site-isolation/mixedContent/about-blank-iframe-in-main-frame-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/about-blank-iframe-in-main-frame.html
A
LayoutTests/http/tests/site-isolation/mixedContent/anchor-cross-origin-from-https-UpgradeMixedContent-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/anchor-cross-origin-from-https-UpgradeMixedContent.html
A
LayoutTests/http/tests/site-isolation/mixedContent/beacon-cross-origin-UpgradeMixedContent.https-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/beacon-cross-origin-UpgradeMixedContent.https.html
A
LayoutTests/http/tests/site-isolation/mixedContent/data-url-iframe-in-main-frame-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/data-url-iframe-in-main-frame.html
A
LayoutTests/http/tests/site-isolation/mixedContent/iframe-upgrade-UpgradeMixedContent.https-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/iframe-upgrade-UpgradeMixedContent.https.html
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-audio-video-in-main-frame-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-audio-video-in-main-frame.html
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-css-in-iframe-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-css-in-iframe.html
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-iframe-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-iframe.html
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent.html
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent.html
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-image-in-iframe-UpgradeMixedContent-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-image-in-iframe-UpgradeMixedContent.html
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-script-in-iframe-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-script-in-iframe.html
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-websocket-in-iframe-UpgradeMixedContent-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/insecure-websocket-in-iframe-UpgradeMixedContent.html
A
LayoutTests/http/tests/site-isolation/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/redirect-http-to-https-iframe-in-main-frame.html
A
LayoutTests/http/tests/site-isolation/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
A
LayoutTests/http/tests/site-isolation/mixedContent/redirect-https-to-http-iframe-in-main-frame.html
A
LayoutTests/http/tests/site-isolation/mixedContent/resources/frame-with-about-blank-frame.html
A
LayoutTests/http/tests/site-isolation/mixedContent/resources/frame-with-insecure-css.html
A
LayoutTests/http/tests/site-isolation/mixedContent/resources/frame-with-insecure-frame.html
A
LayoutTests/http/tests/site-isolation/mixedContent/resources/frame-with-insecure-iframe.html
A
LayoutTests/http/tests/site-isolation/mixedContent/resources/frame-with-redirect-http-to-https-frame.html
M LayoutTests/platform/ios/TestExpectations
M Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations
M Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
M Source/WebCore/dom/Document.cpp
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/LocalFrameLoaderClient.cpp
M Source/WebCore/loader/LocalFrameLoaderClient.h
M Source/WebCore/loader/MixedContentChecker.cpp
M Source/WebCore/loader/MixedContentChecker.h
M Source/WebCore/page/Frame.h
M Source/WebCore/page/LocalFrame.cpp
M Source/WebCore/page/LocalFrame.h
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/ProcessSyncData.in
M Source/WebCore/page/RemoteFrame.cpp
M Source/WebCore/page/RemoteFrame.h
M Source/WebCore/page/RemoteFrameClient.h
M Source/WebKit/UIProcess/WebFrameProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h
M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h
Log Message:
-----------
[Site Isolation] Mixed content handling
https://bugs.webkit.org/show_bug.cgi?id=300018
rdar://156109147
Reviewed by Sihui Liu.
The current implementation of mixed content relies on frames being LocalFrames.
This assumption is no longer valid with Site Isolation. This PR fixes all cases
where RemoteFrames are involved in mixed content.
A new FrameTreeSyncData member (FrameURLProtocol) is introduced in order to
solve
mixed content checks with RemoteFrames. Since provisional frames aren't in the
frame tree
and we need to access parent frames of provisional frames,
provisionalParentFrame() is added.
Since logging is now on a frame basis and is only allowed for LocalFrames,
extra machinery is
added in order to enable logging for RemoteFrame scenarios in mixed content.
For these scenarios,
we send an IPC message to WebPageProxy. WebPageProxy then performs its own
addConsoleMessage()
which has been modified to forward the message to the appropriate WebProcess
with the corresponding
LocalFrame. Rather than send(), we do sendToProcessContainingFrame(). This not
only preserves existing
functionality that uses addConsoleMessage() but also enables all future use
cases for RemoteFrames
that need to perform logging.
A representative sample of tests is added to tests/site-isolation. In order to
test SI behavior,
these tests mainly include mixed content cases that involve cross site iframes.
A few of these tests don't use cross site iframes but are included in order to
ensure that the main mixed
content scenarios still work with SI on.
Tests:
http/tests/site-isolation/mixedContent/about-blank-iframe-in-main-frame.html
http/tests/site-isolation/mixedContent/anchor-cross-origin-from-https-UpgradeMixedContent.html
http/tests/site-isolation/mixedContent/beacon-cross-origin-UpgradeMixedContent.https.html
http/tests/site-isolation/mixedContent/data-url-iframe-in-main-frame.html
http/tests/site-isolation/mixedContent/iframe-upgrade-UpgradeMixedContent.https.html
http/tests/site-isolation/mixedContent/insecure-audio-video-in-main-frame.html
http/tests/site-isolation/mixedContent/insecure-css-in-iframe.html
http/tests/site-isolation/mixedContent/insecure-iframe-in-iframe.html
http/tests/site-isolation/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent.html
http/tests/site-isolation/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent.html
http/tests/site-isolation/mixedContent/insecure-image-in-iframe-UpgradeMixedContent.html
http/tests/site-isolation/mixedContent/insecure-script-in-iframe.html
http/tests/site-isolation/mixedContent/insecure-websocket-in-iframe-UpgradeMixedContent.html
http/tests/site-isolation/mixedContent/redirect-http-to-https-iframe-in-main-frame.html
http/tests/site-isolation/mixedContent/redirect-https-to-http-iframe-in-main-frame.html
* LayoutTests/TestExpectations:
*
LayoutTests/http/tests/site-isolation/mixedContent/about-blank-iframe-in-main-frame-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/about-blank-iframe-in-main-frame.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/anchor-cross-origin-from-https-UpgradeMixedContent-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/anchor-cross-origin-from-https-UpgradeMixedContent.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/beacon-cross-origin-UpgradeMixedContent.https-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/beacon-cross-origin-UpgradeMixedContent.https.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/data-url-iframe-in-main-frame-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/data-url-iframe-in-main-frame.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/iframe-upgrade-UpgradeMixedContent.https-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/iframe-upgrade-UpgradeMixedContent.https.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-audio-video-in-main-frame-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-audio-video-in-main-frame.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-css-in-iframe-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-css-in-iframe.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-iframe-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-iframe.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-image-in-iframe-UpgradeMixedContent-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-image-in-iframe-UpgradeMixedContent.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-script-in-iframe-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-script-in-iframe.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-websocket-in-iframe-UpgradeMixedContent-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/insecure-websocket-in-iframe-UpgradeMixedContent.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/redirect-http-to-https-iframe-in-main-frame.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/redirect-https-to-http-iframe-in-main-frame.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/resources/frame-with-about-blank-frame.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/resources/frame-with-insecure-css.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/resources/frame-with-insecure-frame.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/resources/frame-with-insecure-iframe.html:
Added.
*
LayoutTests/http/tests/site-isolation/mixedContent/resources/frame-with-redirect-http-to-https-frame.html:
Added.
* LayoutTests/platform/ios/TestExpectations:
* Source/WebCore/SaferCPPExpectations/UncheckedCallArgsCheckerExpectations:
* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations:
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::populateDocumentSyncDataForNewlyConstructedDocument):
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* Source/WebCore/loader/LocalFrameLoaderClient.cpp:
(WebCore::LocalFrameLoaderClient::provisionalParentFrame const):
* Source/WebCore/loader/LocalFrameLoaderClient.h:
* Source/WebCore/loader/MixedContentChecker.cpp:
(WebCore::isDocumentSecure):
(WebCore::isDataContextSecure):
(WebCore::isMixedContent):
(WebCore::MixedContentChecker::shouldUpgradeInsecureContent):
(WebCore::MixedContentChecker::shouldBlockRequest):
(WebCore::logConsoleWarning):
* Source/WebCore/loader/MixedContentChecker.h:
* Source/WebCore/page/Frame.h:
* Source/WebCore/page/LocalFrame.cpp:
(WebCore::LocalFrame::reportMixedContentViolation const):
(WebCore::LocalFrame::frameURLProtocol const):
* Source/WebCore/page/LocalFrame.h:
* Source/WebCore/page/Page.cpp:
(WebCore::Page::updateProcessSyncData):
* Source/WebCore/page/ProcessSyncData.in:
* Source/WebCore/page/RemoteFrame.cpp:
(WebCore::RemoteFrame::reportMixedContentViolation const):
(WebCore::RemoteFrame::frameURLProtocol const):
* Source/WebCore/page/RemoteFrame.h:
* Source/WebCore/page/RemoteFrameClient.h:
* Source/WebKit/UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::calculateFrameTreeSyncData const):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::addConsoleMessage):
(WebKit::WebPageProxy::reportMixedContentViolation):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::provisionalParentFrame const):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp:
(WebKit::WebRemoteFrameClient::reportMixedContentViolation):
* Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h:
Canonical link: https://commits.webkit.org/301022@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
