[webkit-changes] [WebKit/WebKit] c8ce02: Enhanced Security heuristics should exclude localhost

ronan-apple Fri, 06 Feb 2026 14:47:11 -0800

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c8ce02dc63f10941e3b126425003fb80fcb7aa05
      
https://github.com/WebKit/WebKit/commit/c8ce02dc63f10941e3b126425003fb80fcb7aa05
  Author: Ronan Turner <[email protected]>
  Date:   2026-02-06 (Fri, 06 Feb 2026)


  Changed paths:
    M Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm

  Log Message:
  -----------
  Enhanced Security heuristics should exclude localhost
https://bugs.webkit.org/show_bug.cgi?id=307158
rdar://169791550

Reviewed by Matthew Finkel.

The heuristics for enabling Enhanced Security already exclude local IP
address navigations. We should include localhost in this too.

Added a new test which confirms this behaviour:

    * EnhancedSecurityPolicies.HttpLocalhostLoad

* Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp:
(WebKit::EnhancedSecurityTracking::enableIfRequired):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm:
(runHttpLocalhostLoad):

Canonical link: https://commits.webkit.org/306974@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

[webkit-changes] [WebKit/WebKit] c8ce02: Enhanced Security heuristics should exclude localhost

Reply via email to