[webkit-changes] [WebKit/WebKit] d933b2: HTTPS-Only should fail on an initial HTTP load and...
Matthew Finkel
noreply at github.com
Tue Aug 22 16:14:06 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d933b28b5045856895963997211e3292aa94549b
https://github.com/WebKit/WebKit/commit/d933b28b5045856895963997211e3292aa94549b
Author: Matthew Finkel <sysrqb at apple.com>
Date: 2023-08-22 (Tue, 22 Aug 2023)
Changed paths:
M Source/WebCore/en.lproj/Localizable.strings
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/EmptyClients.cpp
M Source/WebCore/loader/EmptyFrameLoaderClient.h
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/FrameLoader.h
M Source/WebCore/loader/LocalFrameLoaderClient.h
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
M Source/WebKit/Shared/API/APIError.h
M Source/WebKit/Shared/WebErrors.cpp
M Source/WebKit/Shared/WebErrors.h
M Source/WebKit/UIProcess/API/Cocoa/WKErrorPrivate.h
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm
Log Message:
-----------
HTTPS-Only should fail on an initial HTTP load and support redirects from https to http
https://bugs.webkit.org/show_bug.cgi?id=260221
rdar://problem/113989408
Reviewed by Alex Christensen.
HTTPS-Only expects that request for an initial load should not require
upgrading from HTTP to HTTPS. If the load should use HTTPS, then the
application should request that scheme. Therefore, if an initial request is
HTTP then WebKit should fail the load after considering all other upgrade
options, including HSTS and content extensions. The existing implementation
incorrectly upgraded the request as a last resort. This patch changes that
behavior and introduces a new error type for this case. This patch also
modifies the relevant API test appropriately.
* Source/WebCore/en.lproj/Localizable.strings:
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::loadMainResource):
* Source/WebCore/loader/EmptyClients.cpp:
(WebCore::EmptyFrameLoaderClient::httpsOnlyHTTPURLError const):
* Source/WebCore/loader/EmptyFrameLoaderClient.h:
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::shouldUpgradeRequestforHTTPSOnly const):
(WebCore::FrameLoader::upgradeRequestforHTTPSOnlyIfNeeded const):
* Source/WebCore/loader/FrameLoader.h:
* Source/WebCore/loader/LocalFrameLoaderClient.h:
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):
* Source/WebKit/Shared/API/APIError.h:
* Source/WebKit/Shared/WebErrors.cpp:
(WebKit::httpsOnlyHTTPURLError):
* Source/WebKit/Shared/WebErrors.h:
* Source/WebKit/UIProcess/API/Cocoa/WKErrorPrivate.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::httpsOnlyHTTPURLError const):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::httpsUpgradeRedirectLoopError const):
(WebFrameLoaderClient::httpsOnlyHTTPURLError const):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm:
(TEST):
Canonical link: https://commits.webkit.org/267156@main
More information about the webkit-changes
mailing list