[webkit-changes] [WebKit/WebKit] d87063: Cross-Origin-Resource-Policy blocks fetch from ext...
Timothy Hatcher
noreply at github.com
Tue Feb 7 12:59:20 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d8706351a89a02b79b6d4508f1bfb74325465acf
https://github.com/WebKit/WebKit/commit/d8706351a89a02b79b6d4508f1bfb74325465acf
Author: Timothy Hatcher <timothy at apple.com>
Date: 2023-02-07 (Tue, 07 Feb 2023)
Changed paths:
M Source/WebKit/NetworkProcess/NetworkProcess.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm
Log Message:
-----------
Cross-Origin-Resource-Policy blocks fetch from extensions.
https://webkit.org/b/251858
rdar://103793194
Reviewed by Chris Dumez.
SecurityPolicy was blocking the fetch load due to the Cross-Origin-Resource-Policy check
in the NetworkProcess. In the WebProcess, SecurityPolicy checks were succeeding due to the
existing call to SecurityPolicy::allowAccessTo() when parsing the corsDisablingPatterns.
This step was missing in the NetworkProcess. Now both processes have the same checks.
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::setCORSDisablingPatterns): Add the pattern to SecurityPolicy to
match WebPage.cpp's parseAndAllowAccessToCORSDisablingPatterns().
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
(TEST(URLSchemeHandler, DisableCORSAndCORP)): Added.
Canonical link: https://commits.webkit.org/259976@main
More information about the webkit-changes
mailing list