Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 00b6b38f4c2f624e7763c0431c4bc827730a6661
https://github.com/WebKit/WebKit/commit/00b6b38f4c2f624e7763c0431c4bc827730a6661
Author: Ronan Turner <[email protected]>
Date: 2026-01-27 (Tue, 27 Jan 2026)
Changed paths:
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentLoader.h
M Source/WebCore/loader/EmptyClients.cpp
M Source/WebCore/loader/EmptyFrameLoaderClient.h
M Source/WebCore/loader/FrameLoadRequest.h
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/LocalFrameLoaderClient.h
M Source/WebCore/platform/network/cf/ResourceRequest.h
M Source/WebCore/platform/network/curl/ResourceRequest.h
M Source/WebCore/platform/network/soup/ResourceRequest.h
M Source/WebKit/Shared/LoadParameters.h
M Source/WebKit/Shared/LoadParameters.serialization.in
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/WebProcess/Storage/RemoteWorkerFrameLoaderClient.cpp
M Source/WebKit/WebProcess/Storage/RemoteWorkerFrameLoaderClient.h
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.mm
M Source/WebKitLegacy/mac/WebView/WebDocumentLoaderMac.h
M Source/WebKitLegacy/mac/WebView/WebDocumentLoaderMac.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm
Log Message:
-----------
Fix History events original request tracking in Enhanced Security
https://bugs.webkit.org/show_bug.cgi?id=305376
rdar://168056407
Reviewed by Matthew Finkel.
Addresses the following test failures when Enhanced Security Heuristics
are enabled:
* HistoryDelegate.PersistentDataStoreSendsHistoryEvents
*
HistoryDelegate.NonpersistentDataStoreSendsHistoryEventsWhenAllowingPrivacySensitiveOperations
The issue here relates to having begun to load a request in the regular
WebContent process, before navigation policy decisions decide to switch
to an Enhanced Security process.
When this occurs, we do a new loadRequest call on the ProvisionalPageProxy
via continueNavigationInNewProcess. This, however, uses the ResourceRequest
from the Navigation object that was passed to decidePolicyForNavigationAction,
which has already been mutated by the original WebContent process. When
this is then passed to the new Enhanced Security process, this is treated
as the original ResourceRequest and used for reporting history events,
leading to the failing test.
Instead, we now pass through the original ResourceRequest if we are doing
a continuing load from such a policy decision, and use this as the original
request when creating the DocumentLoader in the new Enhanced Security
process.
Some minor header refactoring was also required as ResourceRequest.h now
becomes a necessary include in LocalFrameLoaderClient.h, which triggered
some build issues on Linux and Windows platforms. Removing BlobData.h
was feasible and prevented many other header includes that caused the
build issue.
Added a new test (HistoryEventsUseCorrectOriginalRequest) that ensures
this behaviour is tested without the flag needing to be enabled by default.
Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::DocumentLoader):
* Source/WebCore/loader/DocumentLoader.h:
(WebCore::DocumentLoader::create):
* Source/WebCore/loader/EmptyClients.cpp:
(WebCore::EmptyFrameLoaderClient::createDocumentLoader):
* Source/WebCore/loader/EmptyFrameLoaderClient.h:
* Source/WebCore/loader/FrameLoadRequest.h:
(WebCore::FrameLoadRequest::setOriginalResourceRequest):
(WebCore::FrameLoadRequest::hasOriginalResourceRequest):
(WebCore::FrameLoadRequest::takeOriginalResourceRequest):
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::load):
* Source/WebCore/loader/LocalFrameLoaderClient.h:
* Source/WebCore/platform/network/FormData.h:
* Source/WebCore/platform/network/ResourceRequestBase.h:
* Source/WebCore/platform/network/curl/CurlFormDataStream.cpp:
* Source/WebKit/Shared/LoadParameters.h:
* Source/WebKit/Shared/LoadParameters.serialization.in:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::loadRequestWithNavigationShared):
* Source/WebKit/WebProcess/Storage/RemoteWorkerFrameLoaderClient.cpp:
(WebKit::RemoteWorkerFrameLoaderClient::createDocumentLoader):
* Source/WebKit/WebProcess/Storage/RemoteWorkerFrameLoaderClient.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::createDocumentLoader):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadRequest):
(WebKit::WebPage::createDocumentLoader):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::createDocumentLoader):
* Source/WebKitLegacy/mac/WebView/WebDocumentLoaderMac.h:
(WebDocumentLoaderMac::create):
* Source/WebKitLegacy/mac/WebView/WebDocumentLoaderMac.mm:
(WebDocumentLoaderMac::WebDocumentLoaderMac):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm:
(-[EnhancedSecurityHistoryDelegate _webView:didNavigateWithNavigationData:]):
(-[EnhancedSecurityHistoryDelegate _webView:didUpdateHistoryTitle:forURL:]):
(-[EnhancedSecurityHistoryDelegate
_webView:didPerformServerRedirectFromURL:toURL:]):
(TEST(EnhancedSecurityPolicies, HistoryEventsUseCorrectOriginalRequest)):
Canonical link: https://commits.webkit.org/306272@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
