[webkit-changes] [WebKit/WebKit] 2b7b71: Fix opener relationship behaviour with Enhanced Se...

Mon, 19 Jan 2026 01:36:31 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 2b7b71455948b3f8d4a0c4298592915f09b3756e
      
https://github.com/WebKit/WebKit/commit/2b7b71455948b3f8d4a0c4298592915f09b3756e
  Author: Ronan Turner <[email protected]>
  Date:   2026-01-19 (Mon, 19 Jan 2026)

  Changed paths:
    M Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp
    M Source/WebKit/UIProcess/EnhancedSecurityTracking.h
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm

  Log Message:
  -----------
  Fix opener relationship behaviour with Enhanced Security
https://bugs.webkit.org/show_bug.cgi?id=305317
rdar://167971340

Reviewed by Per Arne Vollan.

We cannot make an EnhancedSecurity state change when we have an opener
relationship, as we do not have the ability to maintain the opener
relationship across process boundaries until site isolation is present.

Therefore, we should not change EnhancedSecurity state when a navigation
requires an opener relationship, as otherwise a process swap will have to
occur to accommodate the change in state.

This change applies this behaviour, which fixes the following tests when
the Enhanced Security heuristics flag is enabled by default:

  * AdvancedPrivacyProtections.DoNotHideReferrerInPopupWindow
  * SOAuthorizationPopUp.InterceptionSucceedCloseByItself
  * SOAuthorizationPopUp.InterceptionSucceedCloseByParent
  * SOAuthorizationPopUp.InterceptionSucceedCloseByWebKit
  * SOAuthorizationPopUp.InterceptionSucceedNewWindowNavigation
  * SOAuthorizationPopUp.InterceptionSucceedSuppressActiveSession
  * SOAuthorizationPopUp.InterceptionSucceedTwice
  * SOAuthorizationPopUp.InterceptionSucceedWithCookie
  * SOAuthorizationPopUp.SOAuthorizationLoadPolicyAllowAsync
  * WKWebExtensionAPIDevTools.PortMessagePassingFromPanelToBackground

Three additional tests are also added that ensure correct behaviour with and
without site isolation:

  * EnhancedSecurityPolicies.HttpsOpeningHttp
  * EnhancedSecurityPolicies.OpenerMultipleNavigations
  * EnhancedSecurityPolicies.OpenerThenSelfNavigation

Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm

* Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp:
(WebKit::EnhancedSecurityTracking::trackNavigation):
* Source/WebKit/UIProcess/EnhancedSecurityTracking.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm:
(runHttpsOpeningHttp):
(runOpenerMultipleNavigations):
(runOpenerThenSelfNavigation):

Canonical link: https://commits.webkit.org/305806@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to