[webkit-changes] [WebKit/WebKit] 8a3335: Upgrade upgradable content in mixed security contexts
Matthew Finkel
noreply at github.com
Fri Feb 9 21:12:19 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8a3335648a55dacd22afee2ebdd7e40e5fd2259e
https://github.com/WebKit/WebKit/commit/8a3335648a55dacd22afee2ebdd7e40e5fd2259e
Author: Matthew Finkel <sysrqb at apple.com>
Date: 2024-02-09 (Fri, 09 Feb 2024)
Changed paths:
A LayoutTests/http/tests/blink/sendbeacon/beacon-cross-origin-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/blink/sendbeacon/beacon-cross-origin-UpgradeMixedContent.https.html
M LayoutTests/http/tests/blink/sendbeacon/beacon-cross-origin.https-expected.txt
A LayoutTests/http/tests/inspector/network/loadResource-insecure-resource-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/inspector/network/loadResource-insecure-resource-UpgradeMixedContent.html
A LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-UpgradeMixedContent.html
M LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt
A LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https-UpgradeMixedContent.html
M LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt
A LayoutTests/http/tests/navigation/ping-attribute/secure-anchor-cross-origin-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/navigation/ping-attribute/secure-anchor-cross-origin-UpgradeMixedContent.html
M LayoutTests/http/tests/navigation/ping-attribute/secure-anchor-cross-origin-expected.txt
M LayoutTests/http/tests/navigation/resources/check-ping.py
A LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-img/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-img/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-img/no-referrer/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-img/no-referrer/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-img/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-img/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-img/origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-img/origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-img/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-img/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-img/strict-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-img/strict-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy-img/unsafe-url/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy-img/unsafe-url/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy/origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy/origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http-UpgradeMixedContent.https.html
A LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade-UpgradeMixedContent.https.html
A LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-open-window-upgrades-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-open-window-upgrades-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/import-insecure-script-in-iframe-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/import-insecure-script-in-iframe-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-basic-auth-image-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-basic-auth-image-UpgradeMixedContent.https.html
A LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-image-in-iframe-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-image-in-iframe-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-with-cors-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-with-cors-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-script-redirects-to-basic-auth-secure-script-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-script-redirects-to-basic-auth-secure-script-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/insecure-stylesheet-redirects-to-basic-auth-secure-stylesheet-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/insecure-stylesheet-redirects-to-basic-auth-secure-stylesheet-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-UpgradeMixedContent.html
M LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt
A LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-UpgradeMixedContent.html
A LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-cors-image.html
M LayoutTests/http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie.html
A LayoutTests/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-UpgradeMixedContent.https.html
A LayoutTests/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-UpgradeMixedContent.https.html
A LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-UpgradeMixedContent-expected.txt
A LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-UpgradeMixedContent.html
A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-UpgradeMixedContent.https-expected.txt
A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-UpgradeMixedContent.https.html
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/beacon.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/beacon.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/beacon.https-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/beacon.https-expected.txt
R LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/beacon.https-expected.txt
R LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/beacon.https-expected.txt
M LayoutTests/platform/mac-wk1/TestExpectations
A LayoutTests/platform/mac-wk1/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/navigation/ping-attribute/area-cross-origin-from-https-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/navigation/ping-attribute/secure-anchor-cross-origin-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/referrer-policy-img/no-referrer/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/referrer-policy-img/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/referrer-policy-img/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/referrer-policy-img/strict-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-basic-auth-image-UpgradeMixedContent.https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-css-with-secure-cookies-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-UpgradeMixedContent-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-UpgradeMixedContent.https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-UpgradeMixedContent.https-expected.txt
A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-UpgradeMixedContent-expected.txt
M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
M Source/WebCore/Modules/websockets/WebSocket.cpp
M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/MixedContentChecker.cpp
M Source/WebCore/loader/MixedContentChecker.h
M Source/WebCore/loader/SubframeLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
M Source/WebCore/loader/cache/CachedResourceRequest.cpp
M Source/WebCore/loader/cache/CachedResourceRequest.h
M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
M Source/WebCore/page/csp/ContentSecurityPolicy.h
M Tools/DumpRenderTree/TestRunner.h
M Tools/DumpRenderTree/mac/DumpRenderTree.mm
M Tools/DumpRenderTree/mac/UIDelegate.mm
M Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm
Log Message:
-----------
Upgrade upgradable content in mixed security contexts
https://bugs.webkit.org/show_bug.cgi?id=247197
rdar://problem/101678657
Reviewed by Youenn Fablet.
This change aligns WebKit with the current Mixed Content Level 2 specification.
When mixed content (e.g., http: resource from a https: document) is requested,
the request is either blocked or "upgraded" to https:. Previously, some
insecure content was blocked and other insecure content was loaded (without
modification). In this change, all previously blocked content is still blocked,
but now content that was loaded from an insecure channel is now "upgraded" to a
secure connection ("https") before attempting the request.
All requests are "blockable" except for "upgradable" requests, and upgradable requests are defined as:
https://www.w3.org/TR/mixed-content/#upgrade-algorithm
1. If one or more of the following conditions is met, return without modifying request:
1. request’s URL is a potentially trustworthy URL.
2. request’s URL’s host is an IP address.
3. § 4.3 Does settings prohibit mixed security contexts? returns "Does Not Restrict Mixed Security Contents" when applied to request’s client.
4. request’s destination is not "image", "audio", or "video".
5. request’s destination is "image" and request’s initiator is "imageset".
2. If request’s URL’s scheme is http, set request’s URL’s scheme to https, and return.
This change also improves support for mixed content beacon and ping requests.
Most of the tests are duplicates of existing tests but with the
UpgradeMixedContentEnabled preference enabled.
* LayoutTests/http/tests/blink/sendbeacon/beacon-cross-origin-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/blink/sendbeacon/beacon-cross-origin-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/blink/sendbeacon/beacon-cross-origin.https-expected.txt:
* LayoutTests/http/tests/inspector/network/loadResource-insecure-resource-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/inspector/network/loadResource-insecure-resource-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt:
* LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt:
* LayoutTests/http/tests/navigation/ping-attribute/secure-anchor-cross-origin-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/navigation/ping-attribute/secure-anchor-cross-origin-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/navigation/ping-attribute/secure-anchor-cross-origin-expected.txt:
* LayoutTests/http/tests/navigation/resources/check-ping.py:
* LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-img/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-img/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-img/no-referrer/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-img/no-referrer/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-img/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-img/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-img/origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-img/origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-img/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-img/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-img/strict-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-img/strict-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy-img/unsafe-url/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy-img/unsafe-url/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy/origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy/origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-open-window-upgrades-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-open-window-upgrades-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/import-insecure-script-in-iframe-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/import-insecure-script-in-iframe-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-basic-auth-image-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-basic-auth-image-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-image-in-iframe-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-image-in-iframe-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-with-cors-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-with-cors-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-script-redirects-to-basic-auth-secure-script-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-script-redirects-to-basic-auth-secure-script-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-stylesheet-redirects-to-basic-auth-secure-stylesheet-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-stylesheet-redirects-to-basic-auth-secure-stylesheet-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-cors-image.html: Added.
* LayoutTests/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-UpgradeMixedContent.https.html: Added.
* LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-UpgradeMixedContent.html: Added.
* LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-UpgradeMixedContent.https.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/beacon.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/beacon.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/beacon.https-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/beacon.https-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/beacon.https-expected.txt: Removed.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/beacon.https-expected.txt: Removed.
* LayoutTests/platform/mac-wk1/TestExpectations:
* LayoutTests/platform/mac-wk1/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-UpgradeMixedContent-expected.txt: Copied from LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt.
* LayoutTests/platform/mac-wk1/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt: Copied from LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt.
* LayoutTests/platform/mac-wk1/http/tests/navigation/ping-attribute/area-cross-origin-from-https-UpgradeMixedContent-expected.txt: Copied from LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt.
* LayoutTests/platform/mac-wk1/http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt: Copied from LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt.
* LayoutTests/platform/mac-wk1/http/tests/navigation/ping-attribute/secure-anchor-cross-origin-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/referrer-policy-img/no-referrer/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/referrer-policy-img/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/referrer-policy-img/strict-origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/referrer-policy-img/strict-origin/cross-origin-http-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-basic-auth-image-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-css-with-secure-cookies-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-UpgradeMixedContent-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image-UpgradeMixedContent.https-expected.txt: Added.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-UpgradeMixedContent-expected.txt: Added.
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::connect):
* Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
(WebCore::WorkerThreadableWebSocketChannel::Bridge::connect):
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* Source/WebCore/loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadRequest):
* Source/WebCore/loader/MixedContentChecker.cpp:
(WebCore::isMixedContent):
(WebCore::logConsoleWarning):
(WebCore::logConsoleWarningForUpgrade):
(WebCore::MixedContentChecker::frameAndAncestorsCanDisplayInsecureContent):
(WebCore::MixedContentChecker::frameAndAncestorsCanRunInsecureContent):
(WebCore::MixedContentChecker::shouldUpgradeInsecureContent):
(WebCore::MixedContentChecker::shouldBlockInsecureContent):
(WebCore::logWarning): Deleted.
* Source/WebCore/loader/MixedContentChecker.h:
* Source/WebCore/loader/SubframeLoader.cpp:
(WebCore::FrameLoader::SubframeLoader::pluginIsLoadable):
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestImage):
(WebCore::isUpgradableTypeFromResourceType):
(WebCore::CachedResourceLoader::checkInsecureContent const):
(WebCore::CachedResourceLoader::canRequest):
(WebCore::CachedResourceLoader::canRequestAfterRedirection const):
(WebCore::CachedResourceLoader::updateRequestAfterRedirection):
(WebCore::CachedResourceLoader::requestResource):
* Source/WebCore/loader/cache/CachedResourceLoader.h:
* Source/WebCore/loader/cache/CachedResourceRequest.cpp:
(WebCore::upgradeInsecureResourceRequestIfNeeded):
(WebCore::CachedResourceRequest::upgradeInsecureRequestIfNeeded):
* Source/WebCore/loader/cache/CachedResourceRequest.h:
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded const):
* Source/WebCore/page/csp/ContentSecurityPolicy.h:
Canonical link: https://commits.webkit.org/274409@main
More information about the webkit-changes
mailing list