[webkit-changes] [WebKit/WebKit] 33bacb: Add support for COEP violation reporting
Chris Dumez
noreply at github.com
Tue Sep 13 21:26:04 PDT 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 33bacbfe4c429e62f63587f0ba98013a0db2bfad
https://github.com/WebKit/WebKit/commit/33bacbfe4c429e62f63587f0ba98013a0db2bfad
Author: Chris Dumez <cdumez at apple.com>
Date: 2022-09-13 (Tue, 13 Sep 2022)
Changed paths:
M LayoutTests/TestExpectations
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/failure-check-sequence.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/block-local-documents-inheriting-none.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-navigation.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-subresource-corp.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-document-reporting-endpoint.https.window-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/failure-check-sequence.https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt
A LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/failure-check-sequence.https-expected.txt
A LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt
A LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt
M Source/WebCore/CMakeLists.txt
M Source/WebCore/DerivedSources-input.xcfilelist
M Source/WebCore/DerivedSources-output.xcfilelist
M Source/WebCore/DerivedSources.make
M Source/WebCore/Headers.cmake
M Source/WebCore/Modules/reporting/Report.cpp
M Source/WebCore/Modules/reporting/Report.h
M Source/WebCore/Modules/reporting/ReportBody.cpp
M Source/WebCore/Modules/reporting/ReportingClient.h
M Source/WebCore/Modules/reporting/ReportingObserver.cpp
M Source/WebCore/Modules/reporting/ViolationReportType.h
M Source/WebCore/Sources.txt
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
M Source/WebCore/bindings/js/JSReportBodyCustom.cpp
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/Document.h
A Source/WebCore/loader/COEPInheritenceViolationReportBody.cpp
A Source/WebCore/loader/COEPInheritenceViolationReportBody.h
A Source/WebCore/loader/COEPInheritenceViolationReportBody.idl
A Source/WebCore/loader/CORPViolationReportBody.cpp
A Source/WebCore/loader/CORPViolationReportBody.h
A Source/WebCore/loader/CORPViolationReportBody.idl
M Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp
M Source/WebCore/loader/CrossOriginEmbedderPolicy.h
M Source/WebCore/loader/CrossOriginOpenerPolicy.cpp
M Source/WebCore/loader/PingLoader.cpp
M Source/WebCore/loader/PingLoader.h
M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
M Source/WebCore/workers/WorkerGlobalScope.cpp
M Source/WebCore/workers/WorkerGlobalScope.h
M Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
M Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp
M Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
M Source/WebKit/NetworkProcess/NetworkResourceLoader.h
M Source/WebKit/Shared/WebCoreArgumentCoders.cpp
M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
Log Message:
-----------
Add support for COEP violation reporting
https://bugs.webkit.org/show_bug.cgi?id=244985
Reviewed by Brent Fulgham.
Add support for COEP violation reporting:
- https://html.spec.whatwg.org/multipage/origin.html#queue-a-cross-origin-embedder-policy-inheritance-violation
- https://fetch.spec.whatwg.org/#queue-a-cross-origin-embedder-policy-corp-violation-report
* LayoutTests/TestExpectations:
* LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-navigation.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-subresource-corp.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-document-reporting-endpoint.https.window-expected.txt:
* Source/WebCore/DerivedSources-input.xcfilelist:
* Source/WebCore/DerivedSources-output.xcfilelist:
* Source/WebCore/DerivedSources.make:
* Source/WebCore/Modules/reporting/Report.cpp:
(WebCore::Report::createReportFormDataForViolation):
* Source/WebCore/Modules/reporting/Report.h:
* Source/WebCore/Modules/reporting/ReportBody.cpp:
* Source/WebCore/Modules/reporting/ReportingClient.h:
* Source/WebCore/Modules/reporting/ReportingObserver.cpp:
(WebCore::isVisibleToReportingObservers):
* Source/WebCore/Modules/reporting/ViolationReportType.h:
* Source/WebCore/Sources.txt:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/bindings/js/JSReportBodyCustom.cpp:
(WebCore::toJSNewlyCreated):
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::sendReportToEndpoints):
* Source/WebCore/dom/Document.h:
* Source/WebCore/loader/COEPInheritenceViolationReportBody.cpp: Copied from Source/WebCore/Modules/reporting/Report.cpp.
(WebCore::COEPInheritenceViolationReportBody::create):
(WebCore::COEPInheritenceViolationReportBody::COEPInheritenceViolationReportBody):
(WebCore::COEPInheritenceViolationReportBody::disposition const):
* Source/WebCore/loader/COEPInheritenceViolationReportBody.h: Copied from Source/WebCore/Modules/reporting/Report.h.
(WebCore::COEPInheritenceViolationReportBody::blockedURL const):
(WebCore::COEPInheritenceViolationReportBody::encode const):
(WebCore::COEPInheritenceViolationReportBody::decode):
(isType):
* Source/WebCore/loader/COEPInheritenceViolationReportBody.idl: Copied from Source/WebCore/Modules/reporting/ReportBody.cpp.
* Source/WebCore/loader/CORPViolationReportBody.cpp: Copied from Source/WebCore/Modules/reporting/Report.cpp.
(WebCore::CORPViolationReportBody::create):
(WebCore::CORPViolationReportBody::CORPViolationReportBody):
(WebCore::CORPViolationReportBody::type const):
(WebCore::CORPViolationReportBody::disposition const):
(WebCore::CORPViolationReportBody::destination const):
* Source/WebCore/loader/CORPViolationReportBody.h: Added.
(WebCore::CORPViolationReportBody::blockedURL const):
(WebCore::CORPViolationReportBody::encode const):
(WebCore::CORPViolationReportBody::decode):
(isType):
* Source/WebCore/loader/CORPViolationReportBody.idl: Copied from Source/WebCore/Modules/reporting/ReportBody.cpp.
* Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp:
(WebCore::sendCOEPInheritenceViolation):
(WebCore::sendCOEPCORPViolation):
* Source/WebCore/loader/CrossOriginEmbedderPolicy.h:
* Source/WebCore/loader/CrossOriginOpenerPolicy.cpp:
(WebCore::sendViolationReportWhenNavigatingToCOOPResponse):
(WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse):
(WebCore::createViolationReportObject): Deleted.
* Source/WebCore/loader/PingLoader.cpp:
(WebCore::PingLoader::sendViolationReport):
* Source/WebCore/loader/PingLoader.h:
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::reportViolation const):
* Source/WebCore/workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::sendReportToEndpoints):
* Source/WebCore/workers/WorkerGlobalScope.h:
* Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::contextURLforCORPViolation):
(WebKit::performCORPCheck):
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions):
(WebKit::NetworkResourceLoader::shouldInterruptNavigationForCrossOriginEmbedderPolicy):
(WebKit::NetworkResourceLoader::shouldInterruptWorkerLoadForCrossOriginEmbedderPolicy):
(WebKit::NetworkResourceLoader::frameIdentifierForReport const):
(WebKit::NetworkResourceLoader::notifyReportObservers):
(WebKit::NetworkResourceLoader::sendReportToEndpoints):
* Source/WebKit/NetworkProcess/NetworkResourceLoader.h:
* Source/WebKit/Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<RefPtr<WebCore::ReportBody>>::encode):
(IPC::ArgumentCoder<RefPtr<WebCore::ReportBody>>::decode):
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::addParametersShared):
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
(WebKit::WebLoaderStrategy::startPingLoad):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::sendReportToEndpoints):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
Canonical link: https://commits.webkit.org/254466@main
More information about the webkit-changes
mailing list