[webkit-changes] [WebKit/WebKit] a99b31: [Site Isolation] FrameLoader::loadURL should updat...
Sihui
noreply at github.com
Fri May 10 16:35:36 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a99b31fcfb61f1cc4c28ae2b8075e0a5c289461a
https://github.com/WebKit/WebKit/commit/a99b31fcfb61f1cc4c28ae2b8075e0a5c289461a
Author: Sihui Liu <sihui_liu at apple.com>
Date: 2024-05-10 (Fri, 10 May 2024)
Changed paths:
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/FrameLoader.h
Log Message:
-----------
[Site Isolation] FrameLoader::loadURL should update request before sending it to remote target frame
https://bugs.webkit.org/show_bug.cgi?id=273845
rdar://127698349
Reviewed by Alex Christensen.
Test http/tests/cookies/same-site/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page.html fails
with site isolation on because same-site cookies are unexpectedly included in network request initiated by third-party
frame. The cause is ResourceRequest sent to remote target frame does not have correct samesite and topsite information.
To fix this, update request with extra information before sending it to remote frame.
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadURL):
(WebCore::FrameLoader::updateRequestAndAddExtraFields):
* Source/WebCore/loader/FrameLoader.h:
Canonical link: https://commits.webkit.org/278640@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list