Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9a2a1a1b69328785129d43e47f6f0e91154b00fa
https://github.com/WebKit/WebKit/commit/9a2a1a1b69328785129d43e47f6f0e91154b00fa
Author: Basuke Suzuki <[email protected]>
Date: 2026-05-12 (Tue, 12 May 2026)
Changed paths:
M Source/WebCore/loader/DocumentLoader.cpp
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/CustomUserAgent.mm
Log Message:
-----------
[WebKit] Apply authoritative User-Agent on redirect after policy callback
https://bugs.webkit.org/show_bug.cgi?id=313542
rdar://176265326
Reviewed by Chris Dumez.
When an application updates the custom User-Agent (via
WKWebView.customUserAgent,
WKWebpagePreferences._customUserAgent, or
WKWebpagePreferences._customUserAgentAsSiteSpecificQuirks) from inside
decidePolicyForNavigationAction for a 302 redirect target, the updated
User-Agent is not applied to the request that actually gets sent to the server
unless a process swap happens to be triggered by the cross-origin redirect.
In the programmatic webView.load(_:) case there is no committed document yet,
so the cross-origin redirect does not trigger a process swap. The redirected
ResourceRequest carries the original request's User-Agent header through to the
WebProcess, and FrameLoader::applyUserAgentIfNeeded() short-circuits because
the header is already present. The request reaches the server with the stale
UA.
In the link-click case, the prior page is already committed, so the cross-site
redirect triggers PSON. The replacement WebProcess rebuilds the request from
scratch using the current page-level UA, and the fresh value reaches the
server. This is incidental — the non-PSON path needs the same outcome.
Re-apply the authoritative User-Agent inside DocumentLoader::willSendRequest()'s
navigation-policy completion handler when the decision is to continue the load.
FrameLoader::userAgent(url) is the same function applyUserAgentIfNeeded() uses
for initial requests and consults every UA source — storage-access quirks,
WebsitePolicies site-specific-quirks UA, the regular customUserAgent,
InspectorInstrumentation overrides, and the page-level m_userAgent — so
resolving through it here covers all of them on the redirected request too,
including URL-dependent quirks that differ between the initial URL and the
redirect target. The write is skipped when the computed UA is empty or matches
the header already on the request.
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/CustomUserAgent.mm:
Canonical link: https://commits.webkit.org/313127@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
