[webkit-changes] [WebKit/WebKit] 35c9c0: Allow loading any secure resources when HTTPSOnly ...

[Matthew Finkel]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 35c9c0e8123fe88456fab96be5fdf19edac5c010
      https://github.com/WebKit/WebKit/commit/35c9c0e8123fe88456fab96be5fdf19edac5c010
  Author: Matthew Finkel <sysrqb at apple.com>
  Date:   2024-10-11 (Fri, 11 Oct 2024)

  Changed paths:
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm

  Log Message:
  -----------
  Allow loading any secure resources when HTTPSOnly is enabled
https://bugs.webkit.org/show_bug.cgi?id=281231
rdar://137452788

Reviewed by Timothy Hatcher and Alex Christensen.

Currently, https is the only allowed scheme when HTTPSOnly is enabled. This
prevents loading a page with any other URL that is considered secure because we
can't upgrade it to a secure connection and we can't fallback to a non-secure
connection (these concepts don't really make sense for a local scheme).  This
change consults the scheme registry to check if the protocol is considered
secure.

Combined changes:
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm:
(TEST(WKNavigation, HTTPSOnlyNonHTTPSSecureSchemes)):

Canonical link: https://commits.webkit.org/285019@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications