[webkit-changes] [WebKit/WebKit] 6a2c5a: Timing-Allow-Origin works with 302

youennf noreply at github.com
Tue May 7 03:18:11 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 6a2c5a3042534caf2df6952d1d7d151d3e3c76bc
      https://github.com/WebKit/WebKit/commit/6a2c5a3042534caf2df6952d1d7d151d3e3c76bc
  Author: Youenn Fablet <youenn at apple.com>
  Date:   2024-05-07 (Tue, 07 May 2024)

  Changed paths:
    M LayoutTests/http/wpt/resource-timing/resources/rt-utilities.sub.js
    A LayoutTests/http/wpt/resource-timing/rt-cors-2-expected.txt
    A LayoutTests/http/wpt/resource-timing/rt-cors-2.html
    A LayoutTests/http/wpt/resource-timing/rt-cors-2.js
    M Source/WebKit/NetworkProcess/NetworkDataTask.h
    M Source/WebKit/NetworkProcess/NetworkLoad.cpp
    M Source/WebKit/NetworkProcess/NetworkLoad.h
    M Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
    M Source/WebKit/NetworkProcess/NetworkLoadChecker.h
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
    M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h
    M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
    M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
    M Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp
    M Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h
    M Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp
    M Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.h

  Log Message:
  -----------
  Timing-Allow-Origin works with 302
https://bugs.webkit.org/show_bug.cgi?id=272682
rdar://126531139

Reviewed by Alex Christensen.

We move the TAO check from platform specific NetworkDataTask implementations to NetworkLoadChecker.
This allows us to implement the algorithm as defined in fetch, including checking the response tainting.
This aligns behavior with Chrome and Firefox.
For top level navigation, we were using the source origin, but we should use the top origin for top level navigations,
as top level navigations are same origin.

* LayoutTests/http/wpt/resource-timing/resources/rt-utilities.sub.js:
(addACAOHeader):
* LayoutTests/http/wpt/resource-timing/rt-cors-2-expected.txt: Added.
* LayoutTests/http/wpt/resource-timing/rt-cors-2.html: Added.
* LayoutTests/http/wpt/resource-timing/rt-cors-2.js: Added.
(assertAlways):
(assertRedirectWithDisallowedTimingData):
(assertDisallowedTimingData):
(promise_test):
* Source/WebKit/NetworkProcess/NetworkDataTask.h:
(WebKit::NetworkDataTask::setTimingAllowFailedFlag):
* Source/WebKit/NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::setTimingAllowFailedFlag):
* Source/WebKit/NetworkProcess/NetworkLoad.h:
* Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::validateResponse):
(WebKit::NetworkLoadChecker::checkTAO):
* Source/WebKit/NetworkProcess/NetworkLoadChecker.h:
(WebKit::NetworkLoadChecker::timingAllowFailedFlag const):
(WebKit::NetworkLoadChecker::isSameOriginRequest const):
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::didFinishLoading):
(WebKit::NetworkResourceLoader::willSendRedirectedRequestInternal):
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::setTimingAllowFailedFlag):
(WebKit::NetworkDataTaskCocoa::checkTAO): Deleted.
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):
* Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp:
(WebKit::NetworkDataTaskCurl::updateNetworkLoadMetrics):
(WebKit::NetworkDataTaskCurl::setTimingAllowFailedFlag):
* Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h:
* Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp:
(WebKit::NetworkDataTaskSoup::didSendRequest):
(WebKit::NetworkDataTaskSoup::setTimingAllowFailedFlag):
* Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.h:

Canonical link: https://commits.webkit.org/278448@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list