[webkit-changes] [WebKit/WebKit] e5f68a: Implement FetchMetadata Site
Patrick
noreply at github.com
Thu Oct 20 17:02:37 PDT 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e5f68a529bf10ce8b4f41f3ec5dd409224b28ee0
https://github.com/WebKit/WebKit/commit/e5f68a529bf10ce8b4f41f3ec5dd409224b28ee0
Author: Patrick Griffis <pgriffis at igalia.com>
Date: 2022-10-20 (Thu, 20 Oct 2022)
Changed paths:
M LayoutTests/TestExpectations
M LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/font.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/form.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/img.https.sub-expected.txt
A LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/navigation.https.sub-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub-expected.txt
R LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-http-upgrade.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-https-downgrade.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/window-open.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/worker.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/navigation-headers.https-expected.txt
M LayoutTests/platform/glib/TestExpectations
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/fetch.sub-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/font.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/form.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/history.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/iframe.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/iframe.sub-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/img.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/preload.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/redirect/cross-site-redirect.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-cross-site.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-same-site.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/redirect/same-origin-redirect.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/redirect/same-site-redirect.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/report.https.sub-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/script.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/style.https.sub-expected.txt
A LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/window-open.https.sub-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/service-workers/service-worker/navigation-headers.https-expected.txt
M Source/WebCore/loader/CrossOriginAccessControl.cpp
M Source/WebCore/loader/SubresourceLoader.cpp
M Source/WebCore/loader/SubresourceLoader.h
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.h
M Source/WebCore/loader/cache/CachedResourceRequest.cpp
M Source/WebCore/loader/cache/CachedResourceRequest.h
M Source/WebCore/page/SecurityOrigin.cpp
M Source/WebCore/page/SecurityOrigin.h
M Source/WebCore/platform/PublicSuffix.h
M Source/WebCore/platform/network/HTTPHeaderNames.in
M Source/WebCore/platform/soup/PublicSuffixSoup.cpp
Log Message:
-----------
Implement FetchMetadata Site
https://bugs.webkit.org/show_bug.cgi?id=238265
Reviewed by Youenn Fablet.
This implements the Sec-Fetch-Site header as part of FetchMetadata.
The site is computed on first use in the CachedResourceLoader and then tracked in the SubResourceLoader through
redirects.
The test results are only accurate on the GLib ports as they run under the web-platform.test domains which
can test proper same-site relationships as well as non-trustworthy domains (localhost is always trusted).
* LayoutTests/TestExpectations:
* LayoutTests/http/wpt/fetch/fetch-metadata-same-origin-redirect-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--fallback.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch-via-serviceworker--respondWith.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.https.sub.any.worker-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/fetch.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/font.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/form.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/iframe.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/img.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/navigation.https.sub-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/multiple-redirect-https-downgrade-upgrade.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-http-upgrade.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/redirect/redirect-https-downgrade.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/script.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/serviceworker.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/sharedworker.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/unload.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/window-open.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/worker.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/xslt.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/navigation-headers.https-expected.txt:
* Source/WebCore/loader/CrossOriginAccessControl.cpp:
(WebCore::cleanHTTPRequestHeadersForAccessControl):
* Source/WebCore/loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::SubresourceLoader):
(WebCore::SubresourceLoader::willSendRequestInternal):
* Source/WebCore/loader/SubresourceLoader.h:
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::convertEnumerationToString):
(WebCore::updateRequestFetchMetadataHeaders):
(WebCore::CachedResourceLoader::computeFetchMetadataSite):
(WebCore::CachedResourceLoader::updateRequestAfterRedirection):
(WebCore::CachedResourceLoader::updateHTTPRequestHeaders):
* Source/WebCore/loader/cache/CachedResourceLoader.h:
* Source/WebCore/loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::updateFetchMetadataHeaders): Deleted.
* Source/WebCore/loader/cache/CachedResourceRequest.h:
* Source/WebCore/page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::isSameSiteAs const):
* Source/WebCore/page/SecurityOrigin.h:
* Source/WebCore/platform/network/HTTPHeaderNames.in:
Canonical link: https://commits.webkit.org/255810@main
More information about the webkit-changes
mailing list