[webkit-changes] [WebKit/WebKit] b632f9: [CSP] Implement prefetch-src directive

Ryan Reno noreply at github.com
Mon Oct 17 14:37:12 PDT 2022


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: b632f9d274f316c51291f608c024595ea3f3fad6
      https://github.com/WebKit/WebKit/commit/b632f9d274f316c51291f608c024595ea3f3fad6
  Author: Ryan Reno <rreno at apple.com>
  Date:   2022-10-17 (Mon, 17 Oct 2022)

  Changed paths:
    A LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed-expected.txt
    A LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed.html
    A LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default-expected.txt
    A LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default.html
    A LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-expected.txt
    A LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked.html
    A LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed-expected.txt
    A LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default-expected.txt
    A LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-expected.txt
    M Source/WebCore/loader/LinkLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicy.h
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h

  Log Message:
  -----------
  [CSP] Implement prefetch-src directive
https://bugs.webkit.org/show_bug.cgi?id=185070
rdar://problem/39821187

Reviewed by Brent Fulgham.

Implement the prefetch-src CSP directive. <link rel=prefetch> is behind a runtime flag. If a
user chooses to enable LinkPrefetch then the prefetch-src directive will apply to any resources
that may be prefetched. In the default case, we can parse the directive but will not take any
action since we won't perform prefetches.

* LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src:
    These tests mirror the same behavior being tested by the WPT suite but since we don't support onload/onerror events
    for prefetched link resources we need to use our own test infrastructure to cover this behavior.
* LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed-expected.txt: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed.html: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default-expected.txt: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default.html: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-expected.txt: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked.html: Added.

* LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-allowed-expected.txt: Added.
* LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-by-default-expected.txt: Added.
* LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/prefetch-src/prefetch-blocked-expected.txt: Added.

* Source/WebCore/loader/LinkLoader.cpp:
(WebCore::LinkLoader::prefetchIfNeeded):
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::allowedByContentSecurityPolicy const):
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowPrefetchFromSource const):
* Source/WebCore/page/csp/ContentSecurityPolicy.h:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForPrefetch const):
(WebCore::ContentSecurityPolicyDirectiveList::addDirective):
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.cpp:
* Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h:

Canonical link: https://commits.webkit.org/255653@main




More information about the webkit-changes mailing list