[webkit-changes] [WebKit/WebKit] 38e9c1: Cross-Origin-Embedder-Policy incorrectly blocks if...

Chris Dumez noreply at github.com
Tue Mar 21 10:22:18 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 38e9c1ce273d686e528abb7687a99e4677445540
      https://github.com/WebKit/WebKit/commit/38e9c1ce273d686e528abb7687a99e4677445540
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-03-21 (Tue, 21 Mar 2023)

  Changed paths:
    A LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https-expected.txt
    A LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https.html
    A LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https.html.headers
    A LayoutTests/http/wpt/html/cross-origin-embedder-policy/resources/require-corp-cacheable-iframe.html
    A LayoutTests/http/wpt/html/cross-origin-embedder-policy/resources/require-corp-cacheable-iframe.html.headers
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

  Log Message:
  -----------
  Cross-Origin-Embedder-Policy incorrectly blocks iframe on cache hit
https://bugs.webkit.org/show_bug.cgi?id=254065

Reviewed by Youenn Fablet.

iframe loads served by the HTTP disk cache would fail Cross-Origin-Embedder-Policy
(COEP) validation because shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions()
was doing the checks using `m_response` instead of the `response` that is passed
in argument. `m_response` has not yet been updated to be the same as `response`
in the case where the response comes from the disk cache.

* LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https-expected.txt: Added.
* LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https.html: Added.
* LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https.html.headers: Added.
* LayoutTests/http/wpt/html/cross-origin-embedder-policy/resources/require-corp-cacheable-iframe.html: Added.
* LayoutTests/http/wpt/html/cross-origin-embedder-policy/resources/require-corp-cacheable-iframe.html.headers: Added.
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions):

Canonical link: https://commits.webkit.org/261924@main

More information about the webkit-changes mailing list