Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 0c6fc3c778e57a5b66b2045881310b2a63068b0d
https://github.com/WebKit/WebKit/commit/0c6fc3c778e57a5b66b2045881310b2a63068b0d
Author: Ronan Turner <[email protected]>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp
M Source/WebKit/NetworkProcess/NetworkProcess.cpp
M Source/WebKit/NetworkProcess/NetworkProcess.h
M Source/WebKit/NetworkProcess/NetworkProcess.messages.in
M Source/WebKit/Platform/Logging.h
M Source/WebKit/Shared/WebsiteData/WebsiteData.cpp
M Source/WebKit/Shared/WebsiteData/WebsiteDataType.h
M Source/WebKit/Shared/WebsiteData/WebsiteDataType.serialization.in
M Source/WebKit/Sources.txt
M Source/WebKit/UIProcess/API/APINavigation.cpp
M Source/WebKit/UIProcess/API/APINavigation.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataRecord.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataRecordInternal.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataRecordPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm
M Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp
M Source/WebKit/UIProcess/EnhancedSecurityTracking.h
M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
M Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
M Source/WebKit/UIProcess/WebFramePolicyListenerProxy.cpp
M Source/WebKit/UIProcess/WebFramePolicyListenerProxy.h
M Source/WebKit/UIProcess/WebFrameProxy.cpp
M Source/WebKit/UIProcess/WebFrameProxy.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm
A Source/WebKit/UIProcess/WebsiteData/EnhancedSecuritySitesHolder.cpp
A Source/WebKit/UIProcess/WebsiteData/EnhancedSecuritySitesHolder.h
A Source/WebKit/UIProcess/WebsiteData/EnhancedSecuritySitesPersistence.cpp
A Source/WebKit/UIProcess/WebsiteData/EnhancedSecuritySitesPersistence.h
M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp
M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h
M Source/WebKit/WebKit.xcodeproj/project.pbxproj
M Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm
Log Message:
-----------
Implement heuristics to drop out of Enhanced Security
https://bugs.webkit.org/show_bug.cgi?id=303390
rdar://165692583
Reviewed by Matthew Finkel.
This change expands upon prior Enhanced Security adoption for HTTP which
now applies heuristics to determine when to drop out of Enhanced Security,
in particular, when we consider a site to have had meaningful prior
usage outside of Enhanced Security.
One requirement of this is to add a new WebsiteDataType for tracking when
sites have been seen outside of Enhanced Security, or only when Enhanced
Security was enabled. We persist this to a new db specifically for
Enhanced Security.
Additional tests have been implemented that check that these heuristics
apply successfully in conditions that we expect.
Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm
* Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:
(WebKit::WebResourceLoadStatisticsStore::monitoredDataTypes):
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::hasLocalStorageOrCookies):
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/NetworkProcess/NetworkProcess.messages.in:
* Source/WebKit/Platform/Logging.h:
* Source/WebKit/Shared/WebsiteData/WebsiteData.cpp:
(WebKit::WebsiteData::ownerProcess):
* Source/WebKit/Shared/WebsiteData/WebsiteDataType.h:
(WebKit::toString):
* Source/WebKit/Shared/WebsiteData/WebsiteDataType.serialization.in:
* Source/WebKit/Sources.txt:
* Source/WebKit/UIProcess/API/APINavigation.cpp:
(API::Navigation::setCurrentRequest):
(API::Navigation::setHasStorageForCurrentSite):
* Source/WebKit/UIProcess/API/APINavigation.h:
(API::Navigation::hasStorageForCurrentSite const):
* Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataRecord.mm:
(dataTypesToString):
* Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataRecordInternal.h:
(WebKit::toWebsiteDataType):
(WebKit::toWKWebsiteDataTypes):
* Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataRecordPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
(+[WKWebsiteDataStore _allWebsiteDataTypesIncludingPrivate]):
* Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp:
(WebKit::enabledSitesMap):
(WebKit::didSitePreviouslyUseEnhancedSecurity):
(WebKit::trackSiteSeenOutsideEnhancedSecurity):
(WebKit::updateEnhancedSecurityDomains):
(WebKit::EnhancedSecurityTracking::initializeWithWebsiteDataStore):
(WebKit::EnhancedSecurityTracking::enableFor):
(WebKit::EnhancedSecurityTracking::trackChangingSiteNavigation):
(WebKit::EnhancedSecurityTracking::trackSameSiteNavigation):
(WebKit::EnhancedSecurityTracking::trackNavigation):
* Source/WebKit/UIProcess/EnhancedSecurityTracking.h:
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::hasLocalStorageOrCookies):
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.h:
* Source/WebKit/UIProcess/WebFramePolicyListenerProxy.cpp:
(WebKit::WebFramePolicyListenerProxy::WebFramePolicyListenerProxy):
(WebKit::WebFramePolicyListenerProxy::didReceiveAppBoundDomainResult):
(WebKit::WebFramePolicyListenerProxy::didReceiveSafeBrowsingResults):
(WebKit::WebFramePolicyListenerProxy::didReceiveInitialLinkDecorationFilteringData):
(WebKit::WebFramePolicyListenerProxy::didReceiveSiteHasStorageResults):
(WebKit::WebFramePolicyListenerProxy::use):
* Source/WebKit/UIProcess/WebFramePolicyListenerProxy.h:
(WebKit::WebFramePolicyListenerProxy::create):
* Source/WebKit/UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::setUpPolicyListenerProxy):
* Source/WebKit/UIProcess/WebFrameProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::decidePolicyForNewWindowAction):
(WebKit::WebPageProxy::decidePolicyForResponseShared):
(WebKit::WebPageProxy::beginSiteHasStorageCheck):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:
(WebKit::WebsiteDataStore::defaultEnhancedSecurityDirectory):
(WebKit::WebsiteDataStore::enhancedSecuritySitesHolder):
(WebKit::WebsiteDataStore::trackEnhancedSecurityForDomain):
(WebKit::WebsiteDataStore::fetchEnhancedSecurityOnlyDomains):
(WebKit::WebsiteDataStore::fetchAllEnhancedSecuritySites):
(WebKit::WebsiteDataStore::removeEnhancedSecuritySites):
(WebKit::WebsiteDataStore::removeAllEnhancedSecuritySites):
* Source/WebKit/UIProcess/WebsiteData/EnhancedSecuritySitesHolder.cpp: Added.
(WebKit::EnhancedSecuritySitesHolder::sharedWorkQueueSingleton):
(WebKit::EnhancedSecuritySitesHolder::create):
(WebKit::EnhancedSecuritySitesHolder::EnhancedSecuritySitesHolder):
(WebKit::EnhancedSecuritySitesHolder::~EnhancedSecuritySitesHolder):
(WebKit::EnhancedSecuritySitesHolder::fetchEnhancedSecurityOnlyDomains):
(WebKit::EnhancedSecuritySitesHolder::fetchAllEnhancedSecuritySites):
(WebKit::EnhancedSecuritySitesHolder::trackEnhancedSecurityForDomain):
(WebKit::EnhancedSecuritySitesHolder::deleteSites):
(WebKit::EnhancedSecuritySitesHolder::deleteAllSites):
* Source/WebKit/UIProcess/WebsiteData/EnhancedSecuritySitesHolder.h: Copied
from Source/WebKit/UIProcess/EnhancedSecurityTracking.h.
* Source/WebKit/UIProcess/WebsiteData/EnhancedSecuritySitesPersistence.cpp:
Added.
(WebKit::EnhancedSecuritySitesPersistence::EnhancedSecuritySitesPersistence):
(WebKit::EnhancedSecuritySitesPersistence::~EnhancedSecuritySitesPersistence):
(WebKit::EnhancedSecuritySitesPersistence::reportSQLError):
(WebKit::databasePath):
(WebKit::EnhancedSecuritySitesPersistence::checkedDatabase const):
(WebKit::EnhancedSecuritySitesPersistence::cachedStatement):
(WebKit::EnhancedSecuritySitesPersistence::openDatabase):
(WebKit::EnhancedSecuritySitesPersistence::deleteSite):
(WebKit::EnhancedSecuritySitesPersistence::deleteSites):
(WebKit::EnhancedSecuritySitesPersistence::deleteAllSites):
(WebKit::EnhancedSecuritySitesPersistence::enhancedSecurityOnlyDomains):
(WebKit::EnhancedSecuritySitesPersistence::allEnhancedSecuritySites):
(WebKit::EnhancedSecuritySitesPersistence::trackEnhancedSecurityForDomain):
(WebKit::EnhancedSecuritySitesPersistence::closeDatabase):
* Source/WebKit/UIProcess/WebsiteData/EnhancedSecuritySitesPersistence.h: Added.
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::resolveDirectories):
(WebKit::WebsiteDataStore::fetchDataAndApply):
(WebKit::WebsiteDataStore::removeData):
(WebKit::WebsiteDataStore::hasLocalStorageOrCookies const):
(WebKit::WebsiteDataStore::removeEnhancedSecuritySites):
(WebKit::WebsiteDataStore::removeAllEnhancedSecuritySites):
(WebKit::WebsiteDataStore::fetchEnhancedSecurityOnlyDomains):
(WebKit::WebsiteDataStore::fetchAllEnhancedSecuritySites):
(WebKit::WebsiteDataStore::trackEnhancedSecurityForDomain):
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp:
(WebKit::WebsiteDataStoreConfiguration::initializePaths):
(WebKit::WebsiteDataStoreConfiguration::Directories::isolatedCopy const):
(WebKit::WebsiteDataStoreConfiguration::Directories::isolatedCopy):
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h:
(WebKit::WebsiteDataStoreConfiguration::enhancedSecurityDirectory const):
(WebKit::WebsiteDataStoreConfiguration::setEnhancedSecurityDirectory):
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm:
(runHttpThenNavigateToHttpsSiteWithCookies):
(runHttpThenNavigateToHttpsSiteWithLocalStorage):
(runHttpThenHttpsThenNavigateToHttpsSiteWithCookies):
(runHttpThenNavigateToHttpsSiteWithCookiesThenHttps):
(runHttpThenNavigateToHttpsSetCookiesThenNavigateToHttpsAgain):
(runHttpRedirectsHttpsWithExplicitNavigationToMeaningfulSite):
(runWindowOpenThenNavigateToMeaningfulSite):
(runHttpThenNavigateToHttpsSiteWithCookiesViaAPI):
(enhancedSecuritySitesPath):
(emptyEnhancedSecuritySitesPath):
(createEnhancedSecuritySitesTable):
(addEnhancedSecuritySite):
(setUpEnhancedSecuritySeenValues):
(cleanUpEnhancedSecuritySites):
(runHttpThenNavigateToHttpsSiteWithCookiesViaAndExpectations):
(runHttpThenNavigateToHttpsSiteWithCookiesViaAPIAndNotSeenOutsideEnhancedSecurity):
(runHttpThenNavigateToHttpsSiteWithCookiesViaAPIAndSeenOutsideEnhancedSecurity):
Canonical link: https://commits.webkit.org/303988@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
