[webkit-changes] [WebKit/WebKit] d21e3b: Don't block request with custom scheme and handler...

Matthew Finkel noreply at github.com
Fri Mar 22 12:57:12 PDT 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: d21e3b49f7f1806155705638a624a455de31c419
      https://github.com/WebKit/WebKit/commit/d21e3b49f7f1806155705638a624a455de31c419
  Author: Matthew Finkel <sysrqb at apple.com>
  Date:   2024-03-22 (Fri, 22 Mar 2024)

  Changed paths:
    M Source/WebCore/loader/MixedContentChecker.cpp
    M Source/WebCore/loader/MixedContentChecker.h
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.h
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm

  Log Message:
  -----------
  Don't block request with custom scheme and handler for upgradable mixed content
https://bugs.webkit.org/show_bug.cgi?id=271345
rdar://124197113

Reviewed by Alex Christensen.

Mixing a secure context (e.g., a page loaded with https:) and a resource URL
using a custom URL scheme handler is problematic now since we enabled upgrading
mixed content in 274826 at main. We only upgrade http: URLs for passive content,
and we block all other insecure requests. As a result, we block all requests
that use a custom scheme. This change adds a carve-out for custom schemes when
deciding if the request is for "upgradable" mixed-content.

* Source/WebCore/loader/MixedContentChecker.cpp:
(WebCore::shouldBlockInsecureContent):
(WebCore::MixedContentChecker::shouldBlockRequestForDisplayableContent):
(WebCore::MixedContentChecker::shouldBlockRequestForRunnableContent):
* Source/WebCore/loader/MixedContentChecker.h:
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestImage):
(WebCore::CachedResourceLoader::checkInsecureContent const):
(WebCore::CachedResourceLoader::canRequest):
(WebCore::CachedResourceLoader::canRequestAfterRedirection const):
(WebCore::CachedResourceLoader::requestResource):
* Source/WebCore/loader/cache/CachedResourceLoader.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
(TEST):

Canonical link: https://commits.webkit.org/276565@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list