Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 038f53fa65bf2d41bdc7b1b6639a7fef5180db68
https://github.com/WebKit/WebKit/commit/038f53fa65bf2d41bdc7b1b6639a7fef5180db68
Author: Charlie Wolfe <[email protected]>
Date: 2026-07-02 (Thu, 02 Jul 2026)
Changed paths:
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
M Source/WebCore/Modules/fetch/FetchLoader.cpp
M Source/WebCore/dom/ScriptExecutionContext.cpp
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/ResourceLoader.cpp
M Source/WebCore/page/ScriptTrackingPrivacyCategory.cpp
M Source/WebCore/page/ScriptTrackingPrivacyCategory.h
M Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
M Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
M
Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in
M Source/WebKit/NetworkProcess/NetworkSession.cpp
M Source/WebKit/NetworkProcess/NetworkSession.h
M Source/WebKit/Platform/cocoa/WebPrivacyHelpers.h
M Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm
M Source/WebKit/Shared/ScriptTrackingPrivacyFilter.cpp
M Source/WebKit/Shared/ScriptTrackingPrivacyFilter.h
M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
M Source/WebKit/WebProcess/WebProcess.cpp
M Source/WebKit/WebProcess/WebProcess.h
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/ScriptTrackingPrivacyTests.mm
Log Message:
-----------
Simplify script tracking privacy network request blocking
https://bugs.webkit.org/show_bug.cgi?id=318165
rdar://180971837
Reviewed by Matthew Finkel.
Collapse network-request blocking down to a single check: block any
non-main-frame subresource whose
destination is a targeted domain. This removes the "allow first load" latch and
the script taint
path, leaving destination-based blocking via NetworkSession::isRequestBlockable.
- Remove the per-page latch so all matching requests are blocked, not just
subsequent ones.
- Remove taint-based blocking: the
ScriptTrackingPrivacyCategory::NetworkRequests category and its
ResourceLoader/FetchLoader/DocumentThreadableLoader enforcement,
WebProcess::shouldBlockRequest,
ScriptTrackingPrivacyFilter::shouldBlockRequest, and the now-unused
isTaintedScriptURLBlockable.
- Remove the ScriptTrackingPrivacyNetworkRequestBlockingEnabled feature flag
and rename
ScriptTrackingPrivacyNetworkRequestBlockingLatchEnabled.
- Delete the obsolete latch/taint API tests.
Test: Tools/TestWebKitAPI/Tests/WebKit/WKWebView/ScriptTrackingPrivacyTests.mm
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/Modules/fetch/FetchLoader.cpp:
(WebCore::FetchLoader::start):
* Source/WebCore/dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::requiresScriptTrackingPrivacyProtection):
* Source/WebCore/loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadRequest):
* Source/WebCore/loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::willSendRequestInternal):
* Source/WebCore/page/ScriptTrackingPrivacyCategory.cpp:
(WebCore::description):
(WebCore::scriptCategoryAsFlag):
(WebCore::shouldEnableScriptTrackingPrivacy):
(WebCore::makeLogMessage):
* Source/WebCore/page/ScriptTrackingPrivacyCategory.h:
* Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::shouldBlockForTrackingPolicy):
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in:
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::shouldBlockRequestForTrackingPolicyAndUpdatePolicy):
Deleted.
* Source/WebKit/NetworkProcess/NetworkSession.h:
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.h:
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm:
(WebKit::isRequestBlockable):
(WebKit::allowedScriptTrackingCategories):
(WebKit::isTaintedScriptURLBlockable): Deleted.
* Source/WebKit/Shared/ScriptTrackingPrivacyFilter.cpp:
(WebKit::ScriptTrackingPrivacyFilter::shouldAllowAccess):
(WebKit::ScriptTrackingPrivacyFilter::shouldBlockRequest): Deleted.
* Source/WebKit/Shared/ScriptTrackingPrivacyFilter.h:
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::addParametersShared):
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::shouldBlockRequest): Deleted.
* Source/WebKit/WebProcess/WebProcess.h:
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/ScriptTrackingPrivacyTests.mm:
(TestWebKitAPI::setUpWebViewForFingerprintingTests):
(TestWebKitAPI::(ScriptTrackingPrivacyTests, SameSiteFetchNotBlocked)):
(TestWebKitAPI::(ScriptTrackingPrivacyTests, MainFrameNavigationNotBlocked)):
(TestWebKitAPI::(ScriptTrackingPrivacyTests, CrossSiteFetchBlocked)):
(TestWebKitAPI::getBundleResourceAsEncodedString): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, FetchBlocked)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, XHRBlocked)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, SyncXHRBlocked)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, ImgElementLoadBlocked)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, BlockSubsequentFetch)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, ScriptElementLoadBlocked)):
Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, BlockSubsequentElement)): Deleted.
(TestWebKitAPI::(ScriptTrackingPrivacyTests, BlockSubsequent2Element)): Deleted.
Canonical link: https://commits.webkit.org/316398@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications