[webkit-changes] [WebKit/WebKit] 38e9c1: Cross-Origin-Embedder-Policy incorrectly blocks if...
Chris Dumez
noreply at github.com
Tue Mar 21 10:22:18 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 38e9c1ce273d686e528abb7687a99e4677445540
https://github.com/WebKit/WebKit/commit/38e9c1ce273d686e528abb7687a99e4677445540
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-03-21 (Tue, 21 Mar 2023)
Changed paths:
A LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https-expected.txt
A LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https.html
A LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https.html.headers
A LayoutTests/http/wpt/html/cross-origin-embedder-policy/resources/require-corp-cacheable-iframe.html
A LayoutTests/http/wpt/html/cross-origin-embedder-policy/resources/require-corp-cacheable-iframe.html.headers
M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
Log Message:
-----------
Cross-Origin-Embedder-Policy incorrectly blocks iframe on cache hit
https://bugs.webkit.org/show_bug.cgi?id=254065
Reviewed by Youenn Fablet.
iframe loads served by the HTTP disk cache would fail Cross-Origin-Embedder-Policy
(COEP) validation because shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions()
was doing the checks using `m_response` instead of the `response` that is passed
in argument. `m_response` has not yet been updated to be the same as `response`
in the case where the response comes from the disk cache.
* LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https-expected.txt: Added.
* LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https.html: Added.
* LayoutTests/http/wpt/html/cross-origin-embedder-policy/cached-iframe-require-corp.https.html.headers: Added.
* LayoutTests/http/wpt/html/cross-origin-embedder-policy/resources/require-corp-cacheable-iframe.html: Added.
* LayoutTests/http/wpt/html/cross-origin-embedder-policy/resources/require-corp-cacheable-iframe.html.headers: Added.
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions):
Canonical link: https://commits.webkit.org/261924@main
More information about the webkit-changes
mailing list