[webkit-changes] [WebKit/WebKit] 40efee: Advanced Tracking and Fingerprinting Protection Is...

[youennf]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 40efee6a397a9ef0fadc63c54c180b99ac713ba5
      https://github.com/WebKit/WebKit/commit/40efee6a397a9ef0fadc63c54c180b99ac713ba5
  Author: Youenn Fablet <youenn at apple.com>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    A LayoutTests/http/tests/contentextensions/service-worker-block-everything-if-localhost-expected.txt
    A LayoutTests/http/tests/contentextensions/service-worker-block-everything-if-localhost-serviceworker.js
    A LayoutTests/http/tests/contentextensions/service-worker-block-everything-if-localhost.html
    A LayoutTests/http/tests/contentextensions/service-worker-block-everything-if-localhost.html.json
    M Source/WebCore/Modules/fetch/FetchLoader.cpp
    M Source/WebCore/Modules/fetch/FetchRequest.cpp
    M Source/WebCore/Modules/fetch/FetchRequest.h
    M Source/WebCore/loader/ResourceLoaderOptions.h
    M Source/WebCore/loader/ThreadableLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Source/WebCore/testing/Internals.cpp
    M Source/WebCore/testing/Internals.h
    M Source/WebCore/testing/Internals.idl
    M Source/WebCore/workers/service/context/ServiceWorkerFetch.cpp

  Log Message:
  -----------
  Advanced Tracking and Fingerprinting Protection Issue with Service Workers
rdar://117522948
https://bugs.webkit.org/show_bug.cgi?id=263366

Reviewed by Chris Dumez.

Requests exposed to service worker via the fetch events have already gone through content extension checks.
We can safely disable content extension checks for those requests.

We add a corresponding ResourceLoaderOptions which is tested in CachedResourceLoader::requestResource before apply content extension checks.
This new option is always enforcing content extension checks except for service worker fetch event requests.
We do so in ServiceWorkerFetch::dispatchFetchEvent, and we ensure that cloned requests or requests created from fetch event requests keep the same flag.

* LayoutTests/http/tests/contentextensions/service-worker-block-everything-if-localhost-expected.txt: Added.
* LayoutTests/http/tests/contentextensions/service-worker-block-everything-if-localhost-serviceworker.js: Added.
(onmessage.async e):
* LayoutTests/http/tests/contentextensions/service-worker-block-everything-if-localhost.html: Added.
* LayoutTests/http/tests/contentextensions/service-worker-block-everything-if-localhost.html.json: Added.
* Source/WebCore/Modules/fetch/FetchLoader.cpp:
(WebCore::FetchLoader::start):
* Source/WebCore/Modules/fetch/FetchRequest.cpp:
(WebCore::FetchRequest::initializeWith):
(WebCore::FetchRequest::clone):
* Source/WebCore/Modules/fetch/FetchRequest.h:
* Source/WebCore/loader/ResourceLoaderOptions.h:
(WebCore::ResourceLoaderOptions::shouldEnableContentExtensionsCheck):
(WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
(WebCore::ResourceLoaderOptions::fetchPriorityHint): Deleted.
* Source/WebCore/loader/ThreadableLoader.cpp:
(WebCore::ThreadableLoaderOptions::isolatedCopy const):
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::disableContentExtensionsChecks):
* Source/WebCore/testing/Internals.h:
* Source/WebCore/testing/Internals.idl:
* Source/WebCore/workers/service/context/ServiceWorkerFetch.cpp:
(WebCore::ServiceWorkerFetch::dispatchFetchEvent):

Canonical link: https://commits.webkit.org/275970@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications