[webkit-changes] [WebKit/WebKit] a99b31: [Site Isolation] FrameLoader::loadURL should updat...

Sihui noreply at github.com
Fri May 10 16:35:36 PDT 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: a99b31fcfb61f1cc4c28ae2b8075e0a5c289461a
      https://github.com/WebKit/WebKit/commit/a99b31fcfb61f1cc4c28ae2b8075e0a5c289461a
  Author: Sihui Liu <sihui_liu at apple.com>
  Date:   2024-05-10 (Fri, 10 May 2024)

  Changed paths:
    M Source/WebCore/loader/FrameLoader.cpp
    M Source/WebCore/loader/FrameLoader.h

  Log Message:
  -----------
  [Site Isolation] FrameLoader::loadURL should update request before sending it to remote target frame
https://bugs.webkit.org/show_bug.cgi?id=273845
rdar://127698349

Reviewed by Alex Christensen.

Test http/tests/cookies/same-site/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page.html fails
with site isolation on because same-site cookies are unexpectedly included in network request initiated by third-party
frame. The cause is ResourceRequest sent to remote target frame does not have correct samesite and topsite information.
To fix this, update request with extra information before sending it to remote frame.

* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadURL):
(WebCore::FrameLoader::updateRequestAndAddExtraFields):
* Source/WebCore/loader/FrameLoader.h:

Canonical link: https://commits.webkit.org/278640@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list