<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[184598] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/184598">184598</a></dd>
<dt>Author</dt> <dd>beidson@apple.com</dd>
<dt>Date</dt> <dd>2015-05-19 15:22:51 -0700 (Tue, 19 May 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>X-Frame-Options headers not respected when loading from application cache.
<rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
Reviewed by Alexey Proskuryakov.
Source/WebCore:
Test: http/tests/appcache/x-frame-options-prevents-framing.php
This patch updates SubstituteData to hold on to a ResourceResponse instead of just a URL.
It also updates all users of SubstituteData to reflect this.
Finally it updates ApplicationCacheHost to put the full response (including x-frame-options header)
in the SubstituteData so they can be checked at the appropriate times.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::handleSubstituteDataLoadNow):
(WebCore::DocumentLoader::responseReceived): Update an ASSERT to reflect that it's okay to not have
a main resource as long as you have a substitute identifier for it.
(WebCore::DocumentLoader::documentURL):
(WebCore::DocumentLoader::contentFilterDidDecide):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadArchive):
(WebCore::FrameLoader::defaultSubstituteDataForURL):
* loader/SubstituteData.h:
(WebCore::SubstituteData::SubstituteData):
(WebCore::SubstituteData::shouldRevealToSessionHistory):
(WebCore::SubstituteData::mimeType):
(WebCore::SubstituteData::textEncoding):
(WebCore::SubstituteData::response):
(WebCore::SubstituteData::responseURL): Deleted.
* loader/appcache/ApplicationCacheHost.cpp:
(WebCore::ApplicationCacheHost::maybeLoadMainResource): Put the full ResourceResponse here, which
includes x-frame-options headers sent back when the resources was initially loaded from the network.
* platform/network/ResourceResponseBase.h:
Source/WebKit/mac:
* WebView/WebFrame.mm:
(-[WebFrame _loadData:MIMEType:textEncodingName:baseURL:unreachableURL:]):
Source/WebKit/win:
* WebFrame.cpp:
(WebFrame::loadData):
Source/WebKit2:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadDataImpl):
LayoutTests:
* http/tests/appcache/resources/x-frame-options-prevents-framing-test.html: Added.
* http/tests/appcache/resources/x-frame-options-prevents-framing.manifest: Added.
* http/tests/appcache/x-frame-options-prevents-framing-expected.txt: Added.
* http/tests/appcache/x-frame-options-prevents-framing.php: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreloaderDocumentLoadercpp">trunk/Source/WebCore/loader/DocumentLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderFrameLoadercpp">trunk/Source/WebCore/loader/FrameLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderSubstituteDatah">trunk/Source/WebCore/loader/SubstituteData.h</a></li>
<li><a href="#trunkSourceWebCoreloaderappcacheApplicationCacheHostcpp">trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkResourceResponseBaseh">trunk/Source/WebCore/platform/network/ResourceResponseBase.h</a></li>
<li><a href="#trunkSourceWebKitmacChangeLog">trunk/Source/WebKit/mac/ChangeLog</a></li>
<li><a href="#trunkSourceWebKitmacWebViewWebFramemm">trunk/Source/WebKit/mac/WebView/WebFrame.mm</a></li>
<li><a href="#trunkSourceWebKitwinChangeLog">trunk/Source/WebKit/win/ChangeLog</a></li>
<li><a href="#trunkSourceWebKitwinWebFramecpp">trunk/Source/WebKit/win/WebFrame.cpp</a></li>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2WebProcessWebPageWebPagecpp">trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestsappcacheresourcesxframeoptionspreventsframingtesthtml">trunk/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing-test.html</a></li>
<li><a href="#trunkLayoutTestshttptestsappcacheresourcesxframeoptionspreventsframingmanifest">trunk/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing.manifest</a></li>
<li><a href="#trunkLayoutTestshttptestsappcachexframeoptionspreventsframingexpectedtxt">trunk/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestsappcachexframeoptionspreventsframingphp">trunk/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/LayoutTests/ChangeLog 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -1,3 +1,15 @@
</span><ins>+2015-05-19 Brady Eidson <beidson@apple.com>
+
+ X-Frame-Options headers not respected when loading from application cache.
+ <rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
+
+ Reviewed by Alexey Proskuryakov.
+
+ * http/tests/appcache/resources/x-frame-options-prevents-framing-test.html: Added.
+ * http/tests/appcache/resources/x-frame-options-prevents-framing.manifest: Added.
+ * http/tests/appcache/x-frame-options-prevents-framing-expected.txt: Added.
+ * http/tests/appcache/x-frame-options-prevents-framing.php: Added.
+
</ins><span class="cx"> 2015-05-19 Youenn Fablet <youenn.fablet@crf.canon.fr>
</span><span class="cx">
</span><span class="cx"> AudioContext should resolve promises with jsUndefined() and not jsNull()
</span></span></pre></div>
<a id="trunkLayoutTestshttptestsappcacheresourcesxframeoptionspreventsframingtesthtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing-test.html (0 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing-test.html (rev 0)
+++ trunk/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing-test.html 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+<script>
+
+function loaded()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+window.onload = loaded();
+
+</script>
+The following iframe is a document that was cached in the application cache.<br>
+It also had "x-frame-options: deny" set, so it should not actually show up in the iframe<br>
+<iframe src="http:/127.0.0.1:8000/appcache/x-frame-options-prevents-framing.php"></iframe>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestsappcacheresourcesxframeoptionspreventsframingmanifest"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing.manifest (0 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing.manifest (rev 0)
+++ trunk/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing.manifest 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -0,0 +1,2 @@
</span><ins>+CACHE MANIFEST
+empty.txt
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestsappcachexframeoptionspreventsframingexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing-expected.txt (0 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing-expected.txt 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -0,0 +1,9 @@
</span><ins>+CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/appcache/x-frame-options-prevents-framing.php' in a frame because it set 'X-Frame-Options' to 'deny'.
+The following iframe is a document that was cached in the application cache.
+It also had "x-frame-options: deny" set, so it should not actually show up in the iframe
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestsappcachexframeoptionspreventsframingphp"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing.php (0 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing.php (rev 0)
+++ trunk/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing.php 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+<?php
+header("X-FRAME-OPTIONS: deny");
+?>
+<html manifest="resources/x-frame-options-prevents-framing.manifest">
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ testRunner.waitUntilDone();
+}
+
+function cached()
+{
+ window.location.href = "/appcache/resources/x-frame-options-prevents-framing-test.html";
+}
+applicationCache.addEventListener('cached', cached, false);
+
+</script>
+This document should not be frameable.<br>
+If you see this text in an iframe, then there is a bug.<br>
+</html>
</ins></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebCore/ChangeLog 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -1,3 +1,44 @@
</span><ins>+2015-05-19 Brady Eidson <beidson@apple.com>
+
+ X-Frame-Options headers not respected when loading from application cache.
+ <rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
+
+ Reviewed by Alexey Proskuryakov.
+
+ Test: http/tests/appcache/x-frame-options-prevents-framing.php
+
+ This patch updates SubstituteData to hold on to a ResourceResponse instead of just a URL.
+
+ It also updates all users of SubstituteData to reflect this.
+
+ Finally it updates ApplicationCacheHost to put the full response (including x-frame-options header)
+ in the SubstituteData so they can be checked at the appropriate times.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::handleSubstituteDataLoadNow):
+ (WebCore::DocumentLoader::responseReceived): Update an ASSERT to reflect that it's okay to not have
+ a main resource as long as you have a substitute identifier for it.
+ (WebCore::DocumentLoader::documentURL):
+ (WebCore::DocumentLoader::contentFilterDidDecide):
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::loadArchive):
+ (WebCore::FrameLoader::defaultSubstituteDataForURL):
+
+ * loader/SubstituteData.h:
+ (WebCore::SubstituteData::SubstituteData):
+ (WebCore::SubstituteData::shouldRevealToSessionHistory):
+ (WebCore::SubstituteData::mimeType):
+ (WebCore::SubstituteData::textEncoding):
+ (WebCore::SubstituteData::response):
+ (WebCore::SubstituteData::responseURL): Deleted.
+
+ * loader/appcache/ApplicationCacheHost.cpp:
+ (WebCore::ApplicationCacheHost::maybeLoadMainResource): Put the full ResourceResponse here, which
+ includes x-frame-options headers sent back when the resources was initially loaded from the network.
+
+ * platform/network/ResourceResponseBase.h:
+
</ins><span class="cx"> 2015-05-19 Brent Fulgham <bfulgham@apple.com>
</span><span class="cx">
</span><span class="cx"> REGRESSION(142590): Part 2: Scroll-snap points are improperly snapping to earlier index values (Scrolling Thread)
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderDocumentLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -457,10 +457,10 @@
</span><span class="cx">
</span><span class="cx"> void DocumentLoader::handleSubstituteDataLoadNow()
</span><span class="cx"> {
</span><del>- URL url = m_substituteData.responseURL();
- if (url.isEmpty())
- url = m_request.url();
- ResourceResponse response(url, m_substituteData.mimeType(), m_substituteData.content()->size(), m_substituteData.textEncoding());
</del><ins>+ ResourceResponse response = m_substituteData.response();
+ if (response.url().isEmpty())
+ response = ResourceResponse(m_request.url(), m_substituteData.mimeType(), m_substituteData.content()->size(), m_substituteData.textEncoding());
+
</ins><span class="cx"> responseReceived(0, response);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -606,7 +606,7 @@
</span><span class="cx"> auto it = commonHeaders.find(HTTPHeaderName::XFrameOptions);
</span><span class="cx"> if (it != commonHeaders.end()) {
</span><span class="cx"> String content = it->value;
</span><del>- ASSERT(m_mainResource);
</del><ins>+ ASSERT(m_identifierForLoadWithoutResourceLoader || m_mainResource);
</ins><span class="cx"> unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : m_mainResource->identifier();
</span><span class="cx"> ASSERT(identifier);
</span><span class="cx"> if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), identifier)) {
</span><span class="lines">@@ -1234,7 +1234,7 @@
</span><span class="cx">
</span><span class="cx"> URL DocumentLoader::documentURL() const
</span><span class="cx"> {
</span><del>- URL url = substituteData().responseURL();
</del><ins>+ URL url = substituteData().response().url();
</ins><span class="cx"> #if ENABLE(WEB_ARCHIVE)
</span><span class="cx"> if (url.isEmpty() && m_archive && m_archive->type() == Archive::WebArchive)
</span><span class="cx"> url = m_archive->mainResource()->url();
</span><span class="lines">@@ -1609,7 +1609,8 @@
</span><span class="cx"> URL blockedURL;
</span><span class="cx"> blockedURL.setProtocol(ContentFilter::urlScheme());
</span><span class="cx"> blockedURL.setHost(ASCIILiteral("blocked-page"));
</span><del>- SubstituteData substituteData { contentFilter->replacementData(), ASCIILiteral("text/html"), ASCIILiteral("UTF-8"), documentURL() };
</del><ins>+ ResourceResponse response(URL(), ASCIILiteral("text/html"), contentFilter->replacementData()->size(), ASCIILiteral("UTF-8"));
+ SubstituteData substituteData { contentFilter->replacementData(), documentURL(), response, SubstituteData::SessionHistoryVisibility::Hidden };
</ins><span class="cx"> frame()->navigationScheduler().scheduleSubstituteDataLoad(blockedURL, substituteData);
</span><span class="cx"> }
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderFrameLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/FrameLoader.cpp 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -925,8 +925,9 @@
</span><span class="cx"> ASSERT(mainResource);
</span><span class="cx"> if (!mainResource)
</span><span class="cx"> return;
</span><del>-
- SubstituteData substituteData(mainResource->data(), mainResource->mimeType(), mainResource->textEncoding(), URL());
</del><ins>+
+ ResourceResponse response(URL(), mainResource->mimeType(), mainResource->data()->size(), mainResource->textEncoding());
+ SubstituteData substituteData(mainResource->data(), URL(), response, SubstituteData::SessionHistoryVisibility::Hidden);
</ins><span class="cx">
</span><span class="cx"> ResourceRequest request(mainResource->url());
</span><span class="cx"> #if PLATFORM(MAC)
</span><span class="lines">@@ -1272,7 +1273,9 @@
</span><span class="cx"> String srcdoc = m_frame.ownerElement()->fastGetAttribute(srcdocAttr);
</span><span class="cx"> ASSERT(!srcdoc.isNull());
</span><span class="cx"> CString encodedSrcdoc = srcdoc.utf8();
</span><del>- return SubstituteData(SharedBuffer::create(encodedSrcdoc.data(), encodedSrcdoc.length()), "text/html", "UTF-8", URL());
</del><ins>+
+ ResourceResponse response(URL(), ASCIILiteral("text/html"), encodedSrcdoc.length(), ASCIILiteral("UTF-8"));
+ return SubstituteData(SharedBuffer::create(encodedSrcdoc.data(), encodedSrcdoc.length()), URL(), response, SubstituteData::SessionHistoryVisibility::Hidden);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void FrameLoader::load(const FrameLoadRequest& passedRequest)
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderSubstituteDatah"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/SubstituteData.h (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/SubstituteData.h 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebCore/loader/SubstituteData.h 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -26,8 +26,9 @@
</span><span class="cx"> #ifndef SubstituteData_h
</span><span class="cx"> #define SubstituteData_h
</span><span class="cx">
</span><del>-#include "URL.h"
</del><ins>+#include "ResourceResponse.h"
</ins><span class="cx"> #include "SharedBuffer.h"
</span><ins>+#include "URL.h"
</ins><span class="cx"> #include <wtf/PassRefPtr.h>
</span><span class="cx"> #include <wtf/RefPtr.h>
</span><span class="cx">
</span><span class="lines">@@ -35,41 +36,37 @@
</span><span class="cx">
</span><span class="cx"> class SubstituteData {
</span><span class="cx"> public:
</span><ins>+ enum class SessionHistoryVisibility {
+ Visible,
+ Hidden,
+ };
+
</ins><span class="cx"> SubstituteData()
</span><del>- : m_shouldRevealToSessionHistory(false)
</del><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- SubstituteData(PassRefPtr<SharedBuffer> content, const String& mimeType,
- const String& textEncoding, const URL& failingURL,
- const URL& responseURL = URL(), bool shouldRevealToSessionHistory = false)
</del><ins>+ SubstituteData(PassRefPtr<SharedBuffer> content, const URL& failingURL, const ResourceResponse& response, SessionHistoryVisibility shouldRevealToSessionHistory)
</ins><span class="cx"> : m_content(content)
</span><del>- , m_mimeType(mimeType)
- , m_textEncoding(textEncoding)
</del><span class="cx"> , m_failingURL(failingURL)
</span><del>- , m_responseURL(responseURL)
</del><ins>+ , m_response(response)
</ins><span class="cx"> , m_shouldRevealToSessionHistory(shouldRevealToSessionHistory)
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static const bool ShouldRevealToSessionHistory = true;
-
</del><span class="cx"> bool isValid() const { return m_content != 0; }
</span><del>- bool shouldRevealToSessionHistory() const { return m_shouldRevealToSessionHistory; }
</del><ins>+ bool shouldRevealToSessionHistory() const { return m_shouldRevealToSessionHistory == SessionHistoryVisibility::Visible; }
</ins><span class="cx">
</span><span class="cx"> const SharedBuffer* content() const { return m_content.get(); }
</span><del>- const String& mimeType() const { return m_mimeType; }
- const String& textEncoding() const { return m_textEncoding; }
</del><ins>+ const String& mimeType() const { return m_response.mimeType(); }
+ const String& textEncoding() const { return m_response.textEncodingName(); }
</ins><span class="cx"> const URL& failingURL() const { return m_failingURL; }
</span><del>- const URL& responseURL() const { return m_responseURL; }
</del><ins>+ const ResourceResponse& response() const { return m_response; }
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> RefPtr<SharedBuffer> m_content;
</span><del>- String m_mimeType;
- String m_textEncoding;
</del><span class="cx"> URL m_failingURL;
</span><del>- URL m_responseURL;
- bool m_shouldRevealToSessionHistory;
</del><ins>+ ResourceResponse m_response;
+ SessionHistoryVisibility m_shouldRevealToSessionHistory { SessionHistoryVisibility::Hidden };
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderappcacheApplicationCacheHostcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -84,12 +84,20 @@
</span><span class="cx"> if (m_mainResourceApplicationCache) {
</span><span class="cx"> // Get the resource from the application cache. By definition, cacheForMainRequest() returns a cache that contains the resource.
</span><span class="cx"> ApplicationCacheResource* resource = m_mainResourceApplicationCache->resourceForRequest(request);
</span><ins>+
+ // ApplicationCache resources have fragment identifiers stripped off of their URLs,
+ // but we'll need to restore that for the SubstituteData.
+ ResourceResponse responseToUse = resource->response();
+ if (request.url().hasFragmentIdentifier()) {
+ URL url = responseToUse.url();
+ url.setFragmentIdentifier(request.url().fragmentIdentifier());
+ responseToUse.setURL(url);
+ }
+
</ins><span class="cx"> substituteData = SubstituteData(resource->data(),
</span><del>- resource->response().mimeType(),
- resource->response().textEncodingName(),
</del><span class="cx"> URL(),
</span><del>- URL(),
- SubstituteData::ShouldRevealToSessionHistory);
</del><ins>+ responseToUse,
+ SubstituteData::SessionHistoryVisibility::Visible);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkResourceResponseBaseh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.h (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/ResourceResponseBase.h 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.h 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -133,7 +133,7 @@
</span><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> WEBCORE_EXPORT ResourceResponseBase();
</span><del>- ResourceResponseBase(const URL&, const String& mimeType, long long expectedLength, const String& textEncodingName);
</del><ins>+ WEBCORE_EXPORT ResourceResponseBase(const URL&, const String& mimeType, long long expectedLength, const String& textEncodingName);
</ins><span class="cx">
</span><span class="cx"> WEBCORE_EXPORT void lazyInit(InitLevel) const;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebKitmacChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/ChangeLog (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/ChangeLog 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebKit/mac/ChangeLog 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -1,3 +1,13 @@
</span><ins>+2015-05-19 Brady Eidson <beidson@apple.com>
+
+ X-Frame-Options headers not respected when loading from application cache.
+ <rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
+
+ Reviewed by Alexey Proskuryakov.
+
+ * WebView/WebFrame.mm:
+ (-[WebFrame _loadData:MIMEType:textEncodingName:baseURL:unreachableURL:]):
+
</ins><span class="cx"> 2015-05-18 Skachkov Alexandr <gskachkov@gmail.com>
</span><span class="cx">
</span><span class="cx"> [ES6] Arrow function syntax. Feature flag for arrow function
</span></span></pre></div>
<a id="trunkSourceWebKitmacWebViewWebFramemm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/WebView/WebFrame.mm (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/WebView/WebFrame.mm 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebKit/mac/WebView/WebFrame.mm 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -2525,7 +2525,8 @@
</span><span class="cx"> [NSURLProtocol setProperty:@"" forKey:@"WebDataRequest" inRequest:(NSMutableURLRequest *)request.nsURLRequest(UpdateHTTPBody)];
</span><span class="cx"> #endif
</span><span class="cx">
</span><del>- SubstituteData substituteData(WebCore::SharedBuffer::wrapNSData(data), MIMEType, encodingName, [unreachableURL absoluteURL], responseURL);
</del><ins>+ ResourceResponse response(responseURL, MIMEType, [data length], encodingName);
+ SubstituteData substituteData(WebCore::SharedBuffer::wrapNSData(data), [unreachableURL absoluteURL], response, SubstituteData::SessionHistoryVisibility::Hidden);
</ins><span class="cx">
</span><span class="cx"> _private->coreFrame->loader().load(FrameLoadRequest(_private->coreFrame, request, substituteData));
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebKitwinChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/win/ChangeLog (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/win/ChangeLog 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebKit/win/ChangeLog 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -1,3 +1,13 @@
</span><ins>+2015-05-19 Brady Eidson <beidson@apple.com>
+
+ X-Frame-Options headers not respected when loading from application cache.
+ <rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
+
+ Reviewed by Alexey Proskuryakov.
+
+ * WebFrame.cpp:
+ (WebFrame::loadData):
+
</ins><span class="cx"> 2015-05-11 Brent Fulgham <bfulgham@apple.com>
</span><span class="cx">
</span><span class="cx"> [Win] Move Windows build target to Windows 7 (or newer)
</span></span></pre></div>
<a id="trunkSourceWebKitwinWebFramecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/win/WebFrame.cpp (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/win/WebFrame.cpp 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebKit/win/WebFrame.cpp 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -561,12 +561,13 @@
</span><span class="cx"> // FIXME: We should really be using MarshallingHelpers::BSTRToKURL here,
</span><span class="cx"> // but that would turn a null BSTR into a null URL, and we crash inside of
</span><span class="cx"> // WebCore if we use a null URL in constructing the ResourceRequest.
</span><del>- URL baseKURL = URL(URL(), String(baseURL ? baseURL : L"", SysStringLen(baseURL)));
</del><ins>+ URL baseCoreURL = URL(URL(), String(baseURL ? baseURL : L"", SysStringLen(baseURL)));
</ins><span class="cx">
</span><del>- URL failingKURL = MarshallingHelpers::BSTRToKURL(failingURL);
</del><ins>+ URL failingCoreURL = MarshallingHelpers::BSTRToKURL(failingURL);
</ins><span class="cx">
</span><del>- ResourceRequest request(baseKURL);
- SubstituteData substituteData(data, mimeTypeString, encodingString, failingKURL);
</del><ins>+ ResourceRequest request(baseCoreURL);
+ ResourceResponse response(URL(), mimeTypeString, data->size(), encodingString);
+ SubstituteData substituteData(data, failingCoreURL, response, SubstituteData::SessionHistoryVisibility::Hidden);
</ins><span class="cx">
</span><span class="cx"> // This method is only called from IWebFrame methods, so don't ASSERT that the Frame pointer isn't null.
</span><span class="cx"> if (Frame* coreFrame = core(this))
</span></span></pre></div>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebKit2/ChangeLog 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -1,3 +1,13 @@
</span><ins>+2015-05-19 Brady Eidson <beidson@apple.com>
+
+ X-Frame-Options headers not respected when loading from application cache.
+ <rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
+
+ Reviewed by Alexey Proskuryakov.
+
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::loadDataImpl):
+
</ins><span class="cx"> 2015-05-19 Sungmann Cho <sungmann.cho@navercorp.com>
</span><span class="cx">
</span><span class="cx"> Add PLUGIN_ARCHITECTURE(MAC) around WKNVCALayerRenderServerPort in NetscapeBrowserFunc.h.
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcessWebPageWebPagecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (184597 => 184598)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2015-05-19 22:10:07 UTC (rev 184597)
+++ trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2015-05-19 22:22:51 UTC (rev 184598)
</span><span class="lines">@@ -1039,7 +1039,8 @@
</span><span class="cx"> m_pendingNavigationID = navigationID;
</span><span class="cx">
</span><span class="cx"> ResourceRequest request(baseURL);
</span><del>- SubstituteData substituteData(sharedBuffer, MIMEType, encodingName, unreachableURL);
</del><ins>+ ResourceResponse response(URL(), MIMEType, sharedBuffer->size(), encodingName);
+ SubstituteData substituteData(sharedBuffer, unreachableURL, response, SubstituteData::SessionHistoryVisibility::Hidden);
</ins><span class="cx">
</span><span class="cx"> // Let the InjectedBundle know we are about to start the load, passing the user data from the UIProcess
</span><span class="cx"> // to all the client to set up any needed state.
</span></span></pre>
</div>
</div>
</body>
</html>