[webkit-changes] [WebKit/WebKit] 73556f: declarativeNetRequest-initiated cross-domain redir...

[Alex Christensen]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 73556f8ce7487cb5cc430f1e7b602978d92cb95b
      https://github.com/WebKit/WebKit/commit/73556f8ce7487cb5cc430f1e7b602978d92cb95b
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKContentExtensionStore.mm

  Log Message:
  -----------
  declarativeNetRequest-initiated cross-domain redirect of main resource should not crash
https://bugs.webkit.org/show_bug.cgi?id=274759
rdar://116459903

Reviewed by Timothy Hatcher.

declarativeNetRequest introduced a new kind of redirect that can be used to redirect resources to
a different origin.  When this happens with the main frame's main resource, the UI process wasn't
informed of the origin change, so when it tries to load anything the origin checks in
NetworkProcess::allowsFirstPartyForCookies fail and the process is assumed to be trying to access
a domain it wasn't given access to by the UI process and it terminates.  To solve this, when a
cross-domain redirect happens as a result of declarativeNetRequest, cancel the load and initiate
a new load to the new domain, which will go through the proper UI process checks and accounting.
Covered by a new API test that uses the WKContentRuleList SPI that declarativeNetRequest uses.

* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKContentExtensionStore.mm:
(TEST_F):

Canonical link: https://commits.webkit.org/279357@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications