[webkit-changes] [WebKit/WebKit] 7143ac: Gate AddOriginAccessAllowListEntry IPC behind Allo...

Fri, 12 Jun 2026 07:35:28 -0700 


Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 7143ace56abb865760f080d2e558497d06be20e5
      
https://github.com/WebKit/WebKit/commit/7143ace56abb865760f080d2e558497d06be20e5
  Author: Darryl Parkinson <[email protected]>
  Date:   2026-06-12 (Fri, 12 Jun 2026)

  Changed paths:
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
    M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/IPCTestingAPI.mm
    M Tools/WebKitTestRunner/TestController.cpp
    M Tools/WebKitTestRunner/TestOptions.cpp
    M Tools/WebKitTestRunner/TestOptions.h

  Log Message:
  -----------
  Gate AddOriginAccessAllowListEntry IPC behind AllowTestOnlyIPC
rdar://171243270

Reviewed by Charlie Wolfe and Ryosuke Niwa.

Origin access allowlist IPC messages on NetworkConnectionToWebProcess
modify a process-global allowlist with no validation, allowing a
compromised WebContent
process to bypass CORS for all connections.

These messages are only used by TestRunner SPI. Gate them behind
EnabledBy=AllowTestOnlyIPC so they are rejected unless the test-only
flag is set.

Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm

* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm:
(AddOriginAccessAllowListEntryRequiresTestOnlyIPC)):
(AddOriginAccessAllowListEntryAllowedWithTestOnlyIPC)):
* Tools/WebKitTestRunner/TestController.cpp:
(WTR::TestController::resetPreferencesToConsistentValues):
* Tools/WebKitTestRunner/TestOptions.cpp:
(WTR::TestOptions::defaults):
(WTR::TestOptions::keyTypeMapping):
* Tools/WebKitTestRunner/TestOptions.h:
(WTR::TestOptions::allowTestOnlyOriginAccessAllowListIPC const):

Originally-landed-as: 305413.421@rapid/safari-7624.2.5.110-branch 
(44da09d437d9).
rdar://176067091
Canonical link: 
https://flagged.apple.com:443/proxy?t2=DD7A9O9zL6&o=aHR0cHM6Ly9jb21taXRzLndlYmtpdC5vcmcvMzE1MDk1QG1haW4=&emid=1b4097ca-1648-4431-91f3-cb1416c184f5&c=11



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to