[webkit-changes] [WebKit/WebKit] d21e3b: Don't block request with custom scheme and handler...
Matthew Finkel
noreply at github.com
Fri Mar 22 12:57:12 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d21e3b49f7f1806155705638a624a455de31c419
https://github.com/WebKit/WebKit/commit/d21e3b49f7f1806155705638a624a455de31c419
Author: Matthew Finkel <sysrqb at apple.com>
Date: 2024-03-22 (Fri, 22 Mar 2024)
Changed paths:
M Source/WebCore/loader/MixedContentChecker.cpp
M Source/WebCore/loader/MixedContentChecker.h
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm
Log Message:
-----------
Don't block request with custom scheme and handler for upgradable mixed content
https://bugs.webkit.org/show_bug.cgi?id=271345
rdar://124197113
Reviewed by Alex Christensen.
Mixing a secure context (e.g., a page loaded with https:) and a resource URL
using a custom URL scheme handler is problematic now since we enabled upgrading
mixed content in 274826 at main. We only upgrade http: URLs for passive content,
and we block all other insecure requests. As a result, we block all requests
that use a custom scheme. This change adds a carve-out for custom schemes when
deciding if the request is for "upgradable" mixed-content.
* Source/WebCore/loader/MixedContentChecker.cpp:
(WebCore::shouldBlockInsecureContent):
(WebCore::MixedContentChecker::shouldBlockRequestForDisplayableContent):
(WebCore::MixedContentChecker::shouldBlockRequestForRunnableContent):
* Source/WebCore/loader/MixedContentChecker.h:
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestImage):
(WebCore::CachedResourceLoader::checkInsecureContent const):
(WebCore::CachedResourceLoader::canRequest):
(WebCore::CachedResourceLoader::canRequestAfterRedirection const):
(WebCore::CachedResourceLoader::requestResource):
* Source/WebCore/loader/cache/CachedResourceLoader.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
(TEST):
Canonical link: https://commits.webkit.org/276565@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list