[webkit-changes] [WebKit/WebKit] 73a878: Handle blob: PolicyContainer inheritance from the ...

Ryan Reno noreply at github.com
Mon Oct 10 10:24:45 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 73a8787f1d069ff502146c0588eddf245a185999
      https://github.com/WebKit/WebKit/commit/73a8787f1d069ff502146c0588eddf245a185999
  Author: Ryan Reno <rreno at apple.com>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/inheritance/history-iframe.sub-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/inheritance/history.sub-expected.txt
    M Source/WebCore/Sources.txt
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp
    M Source/WebCore/loader/CrossOriginEmbedderPolicy.h
    M Source/WebCore/loader/CrossOriginOpenerPolicy.cpp
    M Source/WebCore/loader/CrossOriginOpenerPolicy.h
    M Source/WebCore/loader/DocumentWriter.cpp
    M Source/WebCore/loader/FrameLoader.cpp
    A Source/WebCore/loader/PolicyContainer.cpp
    M Source/WebCore/loader/PolicyContainer.h
    M Source/WebCore/page/csp/ContentSecurityPolicyResponseHeaders.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicyResponseHeaders.h
    M Source/WebCore/platform/network/BlobResourceHandle.cpp
    M Source/WebKit/NetworkProcess/NetworkDataTaskBlob.cpp

  Log Message:
  -----------
  Handle blob: PolicyContainer inheritance from the Network Process
https://bugs.webkit.org/show_bug.cgi?id=246093
<rdar://100813396>

Reviewed by Chris Dumez.

The blob store in the Network process holds the appropriate PolicyContainer to inherit from.
This patch solves blob URL PolicyContainer inheritance by crafting an HTTP response with the
policy headers generated from that PolicyContainer.

* LayoutTests/imported/w3c/web-platform-tests/content-security-policy/inheritance/history-iframe.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/content-security-policy/inheritance/history.sub-expected.txt:
* Source/WebCore/Sources.txt:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp:
(WebCore::CrossOriginEmbedderPolicy::addPolicyHeadersTo const):
(WebCore::addCrossOriginEmbedderPolicyHeaders): Deleted.
* Source/WebCore/loader/CrossOriginEmbedderPolicy.h:
* Source/WebCore/loader/CrossOriginOpenerPolicy.cpp:
(WebCore::CrossOriginOpenerPolicy::addPolicyHeadersTo const):
(WebCore::addCrossOriginOpenerPolicyHeaders): Deleted.
* Source/WebCore/loader/CrossOriginOpenerPolicy.h:
* Source/WebCore/loader/DocumentWriter.cpp:
(WebCore::DocumentWriter::begin):
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::didBeginDocument):
    Blob inheritance effectively happens here. We parse the HTTP headers returned from the Network process
    and update our security origin to the origin of the blob URL. The SO that CSP needs for 'self' in
    the case of the document having an opaque origin should be the blob's origin [0].
* Source/WebCore/loader/PolicyContainer.cpp: Copied from Source/WebCore/page/csp/ContentSecurityPolicyResponseHeaders.cpp.
(WebCore::addPolicyContainerHeaders):
* Source/WebCore/loader/PolicyContainer.h:
* Source/WebCore/page/csp/ContentSecurityPolicyResponseHeaders.cpp:
(WebCore::ContentSecurityPolicyResponseHeaders::addPolicyHeadersTo const):
* Source/WebCore/page/csp/ContentSecurityPolicyResponseHeaders.h:
* Source/WebCore/platform/network/BlobResourceHandle.cpp:
(WebCore::BlobResourceHandle::notifyResponseOnSuccess):
* Source/WebKit/NetworkProcess/NetworkDataTaskBlob.cpp:
(WebKit::NetworkDataTaskBlob::dispatchDidReceiveResponse):

[0] https://w3c.github.io/webappsec-csp/#framework-policy

Canonical link: https://commits.webkit.org/255352@main

More information about the webkit-changes mailing list