Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 127f09e27552446d2e11e4ca83618d2b4d085d0e
      
https://github.com/WebKit/WebKit/commit/127f09e27552446d2e11e4ca83618d2b4d085d0e
  Author: Ronan Turner <[email protected]>
  Date:   2026-06-18 (Thu, 18 Jun 2026)

  Changed paths:
    M Source/WebCore/loader/FrameLoaderTypes.h
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
    M Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
    M 
Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.h
    M Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp
    M Source/WebKit/Scripts/webkit/messages.py
    M Source/WebKit/Shared/LoadParameters.h
    M
Source/WebKit/Shared/LoadParameters.serialization.in
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp
    M Source/WebKit/UIProcess/EnhancedSecurityTracking.h
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in
    M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.h
    M Tools/Scripts/webkitpy/style/checkers/cpp.py
    M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/EnhancedSecurityPolicies.mm

  Log Message:
  -----------
  Defer process swapping for HTTP redirects with Enhanced
Security
https://bugs.webkit.org/show_bug.cgi?id=316031
rdar://176807076

Reviewed by Alex Christensen.

Enhanced Security currently eagerly enables Enhanced Security for HTTP requests,
unless certain conditions are met that allow us to determine that this will not
be eligible (e.g. a HTTPS upgrade will happen).

However, this means that in the (common) case where we receive a redirect that
performs a same-site upgrade from HTTP -> HTTPS, we cycle through processes as
we'll initially swap into an Enhanced Security process, then back to a regular
WebContent when we receive the HTTPS ugprade.

To avoid this churn, this change refactors some of the ES logic and adds a later
opportunity to enable ES when the actual response comes back for a request. In
the common scenario of HTTP -> HTTPS upgrades this will mean that we will remain
in the same initially chosen (regular) WebContent process all through.

In the rarer case of receiving an actual response to the HTTP
request, at response
time we'll now opt to spin up an Enhanced Security process and swap to it. An
extra challenge with this approach is ensuring that the request is not repeated
to the web server - we've already performed the request and received the 
response.
To handle this correctly, we temporarily save off the NetworkResourceLoader,
obtain an identifier that is then passed to the newly created Enhanced Security
process, which will then ask the Network process to re-attach this loader and
resume the load lifecycle in the new process.

There are certain scenarios (e.g. opener relationship, or ES already active) 
that
cause us to not need to do this swap. To avoid unnecessary Network -> UI IPC, we
plumb through a new flag in LoadParameters that indicates if we may need to do
this swap and only send the IPC message when this is true.

This change follows a similar path to swapping the BrowsingContextGroup. As 
such,
this path has been refactored to share more of this code
for continuing navigations
in a new process when this response comes in.

Some additional release logging was also added to assist in ES debugging.

Several new tests are required to cover the Enhanced Security swapping case,
specifically extra checks around COOP and same-site downgrades. We also adjust
several tests to ensure that the HTTP server is only sent the correct number of
requests, ensuring the loader resume in the swapped process happens correctly.

The heuristics feature has been temporarily disabled if site isolation is
enabled. An upcoming change will re-enable this once the site isolation side
of this change is handled cleanly. The equivalent EnhancedSecurityPolicies
tests have been temporarily disabled to account for this.

Test: Tools/TestWebKitAPI/Tests/WebKit/WKWebView/EnhancedSecurityPolicies.mm

* Source/WebCore/loader/FrameLoaderTypes.h:
*
Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::adoptNetworkResourceLoader):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in:
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::sendDidReceiveResponseWithPotentialProcessSwap):
(WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
(WebKit::NetworkResourceLoader::sendDidReceiveResponsePotentiallyInNewBrowsingContextGroup):
 Deleted.
* Source/WebKit/NetworkProcess/NetworkResourceLoader.h:
* Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp:
(WebKit::ServiceWorkerFetchTask::processResponse):
* Source/WebKit/Scripts/webkit/messages.py:
(headers_for_type):
* Source/WebKit/Shared/LoadParameters.h:
*
Source/WebKit/Shared/LoadParameters.serialization.in:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp:
(WebKit::isURLCandidateForEnhancedSecurity):
(WebKit::EnhancedSecurityTracking::enableIfRequired):
(WebKit::isNavigationExemptFromEnhancedSecurityDueToOpener):
(WebKit::EnhancedSecurityTracking::trackNavigation):
(WebKit::EnhancedSecurityTracking::shouldEnableForInsecureResponse):
(WebKit::shouldExpectHTTPSUpgrade): Deleted.
* Source/WebKit/UIProcess/EnhancedSecurityTracking.h:
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::considerProcessSwapForNavigationResponse):
(WebKit::NetworkProcessProxy::triggerBrowsingContextGroupSwitchForNavigation): 
Deleted.
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.h:
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in:
*
Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::cancel):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::shouldUseEnhancedSecurityHeuristics):
(WebKit::WebPageProxy::loadRequestWithNavigationShared):
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
(WebKit::WebPageProxy::continueNavigationInNewProcess):
(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::performProcessSwapForNavigationResponse):
(WebKit::WebPageProxy::triggerBrowsingContextGroupSwitchForNavigation):
(WebKit::WebPageProxy::triggerProcessSwapForEnhancedSecurity):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadRequest):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Tools/Scripts/webkitpy/style/checkers/cpp.py:
*
Tools/TestWebKitAPI/Tests/WebKit/WKWebView/EnhancedSecurityPolicies.mm:
(runHttpLoad):
(runHttpLoadWithCOOP):
(runHttpsToHttpDowngradeSameDomain):
(runHttpsToHttpWithCOOP):
(runSameSiteHttpsUpgradeJavascript):
(runHttpToHttpsRedirectNoEnhancedSecurityProcess):

Canonical link: 
https://flagged.apple.com:443/proxy?t2=dI3w9p0bs3&o=aHR0cHM6Ly9jb21taXRzLndlYmtpdC5vcmcvMzE1NDUyQG1haW4=&emid=20d81c0d-44ff-44d7-81f0-5882a2d85793&c=11



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to