[webkit-changes] [WebKit/WebKit] 6a2c5a: Timing-Allow-Origin works with 302
youennf
noreply at github.com
Tue May 7 03:18:11 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 6a2c5a3042534caf2df6952d1d7d151d3e3c76bc
https://github.com/WebKit/WebKit/commit/6a2c5a3042534caf2df6952d1d7d151d3e3c76bc
Author: Youenn Fablet <youenn at apple.com>
Date: 2024-05-07 (Tue, 07 May 2024)
Changed paths:
M LayoutTests/http/wpt/resource-timing/resources/rt-utilities.sub.js
A LayoutTests/http/wpt/resource-timing/rt-cors-2-expected.txt
A LayoutTests/http/wpt/resource-timing/rt-cors-2.html
A LayoutTests/http/wpt/resource-timing/rt-cors-2.js
M Source/WebKit/NetworkProcess/NetworkDataTask.h
M Source/WebKit/NetworkProcess/NetworkLoad.cpp
M Source/WebKit/NetworkProcess/NetworkLoad.h
M Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
M Source/WebKit/NetworkProcess/NetworkLoadChecker.h
M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h
M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
M Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp
M Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h
M Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp
M Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.h
Log Message:
-----------
Timing-Allow-Origin works with 302
https://bugs.webkit.org/show_bug.cgi?id=272682
rdar://126531139
Reviewed by Alex Christensen.
We move the TAO check from platform specific NetworkDataTask implementations to NetworkLoadChecker.
This allows us to implement the algorithm as defined in fetch, including checking the response tainting.
This aligns behavior with Chrome and Firefox.
For top level navigation, we were using the source origin, but we should use the top origin for top level navigations,
as top level navigations are same origin.
* LayoutTests/http/wpt/resource-timing/resources/rt-utilities.sub.js:
(addACAOHeader):
* LayoutTests/http/wpt/resource-timing/rt-cors-2-expected.txt: Added.
* LayoutTests/http/wpt/resource-timing/rt-cors-2.html: Added.
* LayoutTests/http/wpt/resource-timing/rt-cors-2.js: Added.
(assertAlways):
(assertRedirectWithDisallowedTimingData):
(assertDisallowedTimingData):
(promise_test):
* Source/WebKit/NetworkProcess/NetworkDataTask.h:
(WebKit::NetworkDataTask::setTimingAllowFailedFlag):
* Source/WebKit/NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::setTimingAllowFailedFlag):
* Source/WebKit/NetworkProcess/NetworkLoad.h:
* Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::validateResponse):
(WebKit::NetworkLoadChecker::checkTAO):
* Source/WebKit/NetworkProcess/NetworkLoadChecker.h:
(WebKit::NetworkLoadChecker::timingAllowFailedFlag const):
(WebKit::NetworkLoadChecker::isSameOriginRequest const):
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::didFinishLoading):
(WebKit::NetworkResourceLoader::willSendRedirectedRequestInternal):
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::setTimingAllowFailedFlag):
(WebKit::NetworkDataTaskCocoa::checkTAO): Deleted.
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):
* Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp:
(WebKit::NetworkDataTaskCurl::updateNetworkLoadMetrics):
(WebKit::NetworkDataTaskCurl::setTimingAllowFailedFlag):
* Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h:
* Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp:
(WebKit::NetworkDataTaskSoup::didSendRequest):
(WebKit::NetworkDataTaskSoup::setTimingAllowFailedFlag):
* Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.h:
Canonical link: https://commits.webkit.org/278448@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list