[webkit-changes] [WebKit/WebKit] c4b430: Data Isolation bypass using webarchive requests lo...

Robert Jenner noreply at github.com
Thu Jan 30 10:35:00 PST 2025 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c4b430ee35fdb00e727b5fc9276dd1455fbd0f3e
      https://github.com/WebKit/WebKit/commit/c4b430ee35fdb00e727b5fc9276dd1455fbd0f3e
  Author: Robert Jenner <jenner at apple.com>
  Date:   2025-01-30 (Thu, 30 Jan 2025)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.h
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebProcessPool.cpp
    M Source/WebKit/UIProcess/WebProcessPool.h

  Log Message:
  -----------
  Data Isolation bypass using webarchive requests loaded from file URLs
https://bugs.webkit.org/show_bug.cgi?id=284433
rdar://140567264

Reviewed by Alex Christensen.

Loading a web archive will already force a process swap, but the UI process will not always tell the
network process to add unconditional cookie access for the new web process. If we do correctly tell the
network process this, we can remove the web processes ability to give itself cookie access using
webarchives loaded from file URLs.

* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::webProcessWillLoadWebArchive): Deleted.
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::didReceiveMainResourceResponse):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::processForNavigation):
(WebKit::WebProcessPool::prepareProcessForNavigation):
* Source/WebKit/UIProcess/WebProcessPool.h:

Originally-landed-as: 283286.584 at safari-7620-branch (81cdf598d45d). rdar://143592891
Canonical link: https://commits.webkit.org/289566@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list