Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 038f53fa65bf2d41bdc7b1b6639a7fef5180db68
      
https://github.com/WebKit/WebKit/commit/038f53fa65bf2d41bdc7b1b6639a7fef5180db68
  Author: Charlie Wolfe <[email protected]>
  Date:   2026-07-02 (Thu, 02 Jul 2026)

  Changed paths:
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
    M Source/WebCore/Modules/fetch/FetchLoader.cpp
    M Source/WebCore/dom/ScriptExecutionContext.cpp
    M Source/WebCore/loader/DocumentThreadableLoader.cpp
    M Source/WebCore/loader/ResourceLoader.cpp
    M Source/WebCore/page/ScriptTrackingPrivacyCategory.cpp
    M Source/WebCore/page/ScriptTrackingPrivacyCategory.h
    M Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
    M Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
    M 
Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in
    M Source/WebKit/NetworkProcess/NetworkSession.cpp
    M Source/WebKit/NetworkProcess/NetworkSession.h
    M Source/WebKit/Platform/cocoa/WebPrivacyHelpers.h
    M Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm
    M Source/WebKit/Shared/ScriptTrackingPrivacyFilter.cpp
    M Source/WebKit/Shared/ScriptTrackingPrivacyFilter.h
    M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
    M Source/WebKit/WebProcess/WebProcess.cpp
    M Source/WebKit/WebProcess/WebProcess.h
    M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/ScriptTrackingPrivacyTests.mm

  Log Message:
  -----------
  Simplify script tracking privacy network request blocking
https://bugs.webkit.org/show_bug.cgi?id=318165
rdar://180971837

Reviewed by Matthew Finkel.

Collapse network-request blocking down to a single check: block any 
non-main-frame subresource whose
destination is a targeted domain. This removes the "allow first load" latch and 
the script taint
path, leaving destination-based blocking via NetworkSession::isRequestBlockable.

- Remove the per-page latch so all matching requests are blocked, not just 
subsequent ones.

- Remove taint-based blocking: the 
ScriptTrackingPrivacyCategory::NetworkRequests category and its
  ResourceLoader/FetchLoader/DocumentThreadableLoader enforcement, 
WebProcess::shouldBlockRequest,
  ScriptTrackingPrivacyFilter::shouldBlockRequest, and the now-unused 
isTaintedScriptURLBlockable.

- Remove the ScriptTrackingPrivacyNetworkRequestBlockingEnabled feature flag 
and rename
  ScriptTrackingPrivacyNetworkRequestBlockingLatchEnabled.

- Delete the obsolete latch/taint API tests.

Test: Tools/TestWebKitAPI/Tests/WebKit/WKWebView/ScriptTrackingPrivacyTests.mm

* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/Modules/fetch/FetchLoader.cpp:
(WebCore::FetchLoader::start):
* Source/WebCore/dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::requiresScriptTrackingPrivacyProtection):
* Source/WebCore/loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadRequest):
* Source/WebCore/loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::willSendRequestInternal):
* Source/WebCore/page/ScriptTrackingPrivacyCategory.cpp:
(WebCore::description):
(WebCore::scriptCategoryAsFlag):
(WebCore::shouldEnableScriptTrackingPrivacy):
(WebCore::makeLogMessage):
* Source/WebCore/page/ScriptTrackingPrivacyCategory.h:
* Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::shouldBlockForTrackingPolicy):
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in:
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::shouldBlockRequestForTrackingPolicyAndUpdatePolicy): 
Deleted.
* Source/WebKit/NetworkProcess/NetworkSession.h:
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.h:
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm:
(WebKit::isRequestBlockable):
(WebKit::allowedScriptTrackingCategories):
(WebKit::isTaintedScriptURLBlockable): Deleted.
* Source/WebKit/Shared/ScriptTrackingPrivacyFilter.cpp:
(WebKit::ScriptTrackingPrivacyFilter::shouldAllowAccess):
(WebKit::ScriptTrackingPrivacyFilter::shouldBlockRequest): Deleted.
* Source/WebKit/Shared/ScriptTrackingPrivacyFilter.h:
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::addParametersShared):
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::shouldBlockRequest): Deleted.
* Source/WebKit/WebProcess/WebProcess.h:
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/ScriptTrackingPrivacyTests.mm:
(TestWebKitAPI::setUpWebViewForFingerprintingTests):
(TestWebKitAPI::(ScriptTrackingPrivacyTests, SameSiteFetchNotBlocked)):
(TestWebKitAPI::(ScriptTrackingPrivacyTests, MainFrameNavigationNotBlocked)):
(TestWebKitAPI::(ScriptTrackingPrivacyTests, CrossSiteFetchBlocked)):
(TestWebKitAPI::getBundleResourceAsEncodedString): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, FetchBlocked)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, XHRBlocked)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, SyncXHRBlocked)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, ImgElementLoadBlocked)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, BlockSubsequentFetch)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, ScriptElementLoadBlocked)): 
Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, BlockSubsequentElement)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, BlockSubsequent2Element)): Deleted.

Canonical link: https://commits.webkit.org/316398@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to