<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[211701] branches/safari-603-branch</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/211701">211701</a></dd>
<dt>Author</dt> <dd>matthew_hanson@apple.com</dd>
<dt>Date</dt> <dd>2017-02-05 21:25:23 -0800 (Sun, 05 Feb 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/211656">r211656</a>. rdar://problem/30102568</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari603branchSourceWebCoreChangeLog">branches/safari-603-branch/Source/WebCore/ChangeLog</a></li>
<li><a href="#branchessafari603branchSourceWebCoredomDocumentcpp">branches/safari-603-branch/Source/WebCore/dom/Document.cpp</a></li>
<li><a href="#branchessafari603branchSourceWebCoreloaderFrameLoaderClienth">branches/safari-603-branch/Source/WebCore/loader/FrameLoaderClient.h</a></li>
<li><a href="#branchessafari603branchSourceWebCorepagecspContentSecurityPolicycpp">branches/safari-603-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp</a></li>
<li><a href="#branchessafari603branchSourceWebCorepagecspContentSecurityPolicyh">branches/safari-603-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h</a></li>
<li><a href="#branchessafari603branchSourceWebKit2ChangeLog">branches/safari-603-branch/Source/WebKit2/ChangeLog</a></li>
<li><a href="#branchessafari603branchSourceWebKit2SharedWebPageCreationParameterscpp">branches/safari-603-branch/Source/WebKit2/Shared/WebPageCreationParameters.cpp</a></li>
<li><a href="#branchessafari603branchSourceWebKit2SharedWebPageCreationParametersh">branches/safari-603-branch/Source/WebKit2/Shared/WebPageCreationParameters.h</a></li>
<li><a href="#branchessafari603branchSourceWebKit2UIProcessAPIAPIPageConfigurationcpp">branches/safari-603-branch/Source/WebKit2/UIProcess/API/APIPageConfiguration.cpp</a></li>
<li><a href="#branchessafari603branchSourceWebKit2UIProcessAPIAPIPageConfigurationh">branches/safari-603-branch/Source/WebKit2/UIProcess/API/APIPageConfiguration.h</a></li>
<li><a href="#branchessafari603branchSourceWebKit2UIProcessAPICocoaWKWebViewmm">branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm</a></li>
<li><a href="#branchessafari603branchSourceWebKit2UIProcessAPICocoaWKWebViewConfigurationmm">branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfiguration.mm</a></li>
<li><a href="#branchessafari603branchSourceWebKit2UIProcessAPICocoaWKWebViewConfigurationPrivateh">branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h</a></li>
<li><a href="#branchessafari603branchSourceWebKit2UIProcessWebPageProxycpp">branches/safari-603-branch/Source/WebKit2/UIProcess/WebPageProxy.cpp</a></li>
<li><a href="#branchessafari603branchSourceWebKit2UIProcessWebPageProxyh">branches/safari-603-branch/Source/WebKit2/UIProcess/WebPageProxy.h</a></li>
<li><a href="#branchessafari603branchSourceWebKit2WebProcessWebCoreSupportWebFrameLoaderClientcpp">branches/safari-603-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp</a></li>
<li><a href="#branchessafari603branchSourceWebKit2WebProcessWebCoreSupportWebFrameLoaderClienth">branches/safari-603-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.h</a></li>
<li><a href="#branchessafari603branchSourceWebKit2WebProcessWebPageWebPagecpp">branches/safari-603-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp</a></li>
<li><a href="#branchessafari603branchSourceWebKit2WebProcessWebPageWebPageh">branches/safari-603-branch/Source/WebKit2/WebProcess/WebPage/WebPage.h</a></li>
<li><a href="#branchessafari603branchToolsChangeLog">branches/safari-603-branch/Tools/ChangeLog</a></li>
<li><a href="#branchessafari603branchToolsTestWebKitAPITestWebKitAPIxcodeprojprojectpbxproj">branches/safari-603-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari603branchToolsTestWebKitAPITestsWebKit2CocoaOverrideContentSecurityPolicymm">branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/OverrideContentSecurityPolicy.mm</a></li>
<li><a href="#branchessafari603branchToolsTestWebKitAPITestsWebKit2Cocoapagewithcspiframehtml">branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-with-csp-iframe.html</a></li>
<li><a href="#branchessafari603branchToolsTestWebKitAPITestsWebKit2Cocoapagewithcsphtml">branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-with-csp.html</a></li>
<li><a href="#branchessafari603branchToolsTestWebKitAPITestsWebKit2Cocoapagewithoutcspiframehtml">branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-without-csp-iframe.html</a></li>
<li><a href="#branchessafari603branchToolsTestWebKitAPITestsWebKit2Cocoapagewithoutcsphtml">branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-without-csp.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari603branchSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebCore/ChangeLog        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -1,3 +1,32 @@
</span><ins>+2017-02-05 Matthew Hanson <matthew_hanson@apple.com>
+
+ Merge r211656. rdar://problem/30102568
+
+ 2017-02-03 Daniel Bates <dabates@apple.com>
+
+ [Mac][WK2] Add SPI to override the Content Security Policy of a page
+ https://bugs.webkit.org/show_bug.cgi?id=167810
+ <rdar://problem/30102568>
+
+ Reviewed by Anders Carlsson.
+
+ * dom/Document.cpp:
+ (WebCore::Document::initSecurityContext): Apply the embedding client's override Content Security
+ Policy to the document if one exists.
+ * loader/FrameLoaderClient.h: Add function overrideContentSecurityPolicy() that a FrameLoaderClient
+ can override to provide a custom Content Security Policy for a document (defaults: null string - no policy).
+ As its name implies, the policy returned by overrideContentSecurityPolicy() will define the Content
+ Security Policy for the document, overriding any subsequently received Content Security Policy for
+ the document.
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::copyStateFrom): Only copy policies from the specified ContentSecurityPolicy
+ object if our policy was not specified by the embedding client.
+ (WebCore::ContentSecurityPolicy::didReceiveHeader): Set ContentSecurityPolicy::m_hasAPIPolicy to true
+ when we receive an API policy from the embedding client (ContentSecurityPolicy::PolicyFrom::API). An
+ API policy must be defined before a policy received from a document. Do not process a received header
+ if we already have an API policy as the API policy overrides all other policies.
+ * page/csp/ContentSecurityPolicy.h:
+
</ins><span class="cx"> 2017-02-02 Matthew Hanson <matthew_hanson@apple.com>
</span><span class="cx">
</span><span class="cx"> Merge r211541. rdar://problem/30100286
</span></span></pre></div>
<a id="branchessafari603branchSourceWebCoredomDocumentcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebCore/dom/Document.cpp (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebCore/dom/Document.cpp        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebCore/dom/Document.cpp        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -5133,6 +5133,10 @@
</span><span class="cx"> setSecurityOriginPolicy(SecurityOriginPolicy::create(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique() : SecurityOrigin::create(m_url)));
</span><span class="cx"> setContentSecurityPolicy(std::make_unique<ContentSecurityPolicy>(*this));
</span><span class="cx">
</span><ins>+ String overrideContentSecurityPolicy = m_frame->loader().client().overrideContentSecurityPolicy();
+ if (!overrideContentSecurityPolicy.isNull())
+ contentSecurityPolicy()->didReceiveHeader(overrideContentSecurityPolicy, ContentSecurityPolicyHeaderType::Enforce, ContentSecurityPolicy::PolicyFrom::API);
+
</ins><span class="cx"> #if USE(QUICK_LOOK)
</span><span class="cx"> if (shouldEnforceQuickLookSandbox())
</span><span class="cx"> applyQuickLookSandbox();
</span></span></pre></div>
<a id="branchessafari603branchSourceWebCoreloaderFrameLoaderClienth"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebCore/loader/FrameLoaderClient.h (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebCore/loader/FrameLoaderClient.h        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebCore/loader/FrameLoaderClient.h        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -260,6 +260,8 @@
</span><span class="cx"> virtual void setTitle(const StringWithDirection&, const URL&) = 0;
</span><span class="cx">
</span><span class="cx"> virtual String userAgent(const URL&) = 0;
</span><ins>+
+ virtual String overrideContentSecurityPolicy() const { return String(); }
</ins><span class="cx">
</span><span class="cx"> virtual void savePlatformDataToCachedFrame(CachedFrame*) = 0;
</span><span class="cx"> virtual void transitionToCommittedFromCachedFrame(CachedFrame*) = 0;
</span></span></pre></div>
<a id="branchessafari603branchSourceWebCorepagecspContentSecurityPolicycpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -110,6 +110,8 @@
</span><span class="cx">
</span><span class="cx"> void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other)
</span><span class="cx"> {
</span><ins>+ if (m_hasAPIPolicy)
+ return;
</ins><span class="cx"> ASSERT(m_policies.isEmpty());
</span><span class="cx"> for (auto& policy : other->m_policies)
</span><span class="cx"> didReceiveHeader(policy->header(), policy->headerType(), ContentSecurityPolicy::PolicyFrom::Inherited);
</span><span class="lines">@@ -177,6 +179,14 @@
</span><span class="cx">
</span><span class="cx"> void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicy::PolicyFrom policyFrom)
</span><span class="cx"> {
</span><ins>+ if (m_hasAPIPolicy)
+ return;
+
+ if (policyFrom == PolicyFrom::API) {
+ ASSERT(m_policies.isEmpty());
+ m_hasAPIPolicy = true;
+ }
+
</ins><span class="cx"> // RFC2616, section 4.2 specifies that headers appearing multiple times can
</span><span class="cx"> // be combined with a comma. Walk the header string, and parse each comma
</span><span class="cx"> // separated chunk as a separate header.
</span></span></pre></div>
<a id="branchessafari603branchSourceWebCorepagecspContentSecurityPolicyh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -74,6 +74,7 @@
</span><span class="cx"> void didCreateWindowShell(JSDOMWindowShell&) const;
</span><span class="cx">
</span><span class="cx"> enum class PolicyFrom {
</span><ins>+ API,
</ins><span class="cx"> HTTPEquivMeta,
</span><span class="cx"> HTTPHeader,
</span><span class="cx"> Inherited,
</span><span class="lines">@@ -212,6 +213,7 @@
</span><span class="cx"> bool m_overrideInlineStyleAllowed { false };
</span><span class="cx"> bool m_isReportingEnabled { true };
</span><span class="cx"> bool m_upgradeInsecureRequests { false };
</span><ins>+ bool m_hasAPIPolicy { false };
</ins><span class="cx"> OptionSet<ContentSecurityPolicyHashAlgorithm> m_hashAlgorithmsForInlineScripts;
</span><span class="cx"> OptionSet<ContentSecurityPolicyHashAlgorithm> m_hashAlgorithmsForInlineStylesheets;
</span><span class="cx"> HashSet<RefPtr<SecurityOrigin>> m_insecureNavigationRequestsToUpgrade;
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/ChangeLog (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/ChangeLog        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/ChangeLog        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -1,3 +1,50 @@
</span><ins>+2017-02-05 Matthew Hanson <matthew_hanson@apple.com>
+
+ Merge r211656. rdar://problem/30102568
+
+ 2017-02-03 Daniel Bates <dabates@apple.com>
+
+ [Mac][WK2] Add SPI to override the Content Security Policy of a page
+ https://bugs.webkit.org/show_bug.cgi?id=167810
+ <rdar://problem/30102568>
+
+ Reviewed by Anders Carlsson.
+
+ Add SPI to WKWebViewConfiguration so that an embedding client can define a custom Content Security
+ Policy that overrides the Content Security Policy of any page loaded in the web view.
+
+ * Shared/WebPageCreationParameters.cpp:
+ (WebKit::WebPageCreationParameters::encode): Encode instance variable overrideContentSecurityPolicy.
+ (WebKit::WebPageCreationParameters::decode): Decode instance variable overrideContentSecurityPolicy.
+ * Shared/WebPageCreationParameters.h:
+ * UIProcess/API/APIPageConfiguration.cpp:
+ (API::PageConfiguration::copy): Copy instance variable overrideContentSecurityPolicy.
+ * UIProcess/API/APIPageConfiguration.h:
+ (API::PageConfiguration::overrideContentSecurityPolicy): Added.
+ (API::PageConfiguration::setOverrideContentSecurityPolicy): Added.
+ * UIProcess/API/Cocoa/WKWebView.mm:
+ (-[WKWebView _initializeWithConfiguration:]): Copy overrideContentSecurityPolicy set on the WKWebViewConfiguration
+ object to the API::PageConfiguration object if non-nil.
+ * UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
+ (-[WKWebViewConfiguration copyWithZone:]): Copy the instance variable overrideContentSecurityPolicy.
+ (-[WKWebViewConfiguration _overrideContentSecurityPolicy]): Added.
+ (-[WKWebViewConfiguration _setOverrideContentSecurityPolicy:]): Added.
+ * UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h: Define SPI property _overrideContentSecurityPolicy.
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::WebPageProxy): Initialize m_overrideContentSecurityPolicy from the passed
+ page configuration.
+ (WebKit::WebPageProxy::creationParameters): Set WebPageCreationParameters::overrideContentSecurityPolicy
+ so that the WebPage object (in the WebProcess) will know the overridden Content Security Policy
+ to apply to the document.
+ * UIProcess/WebPageProxy.h:
+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+ (WebKit::WebFrameLoaderClient::overrideContentSecurityPolicy): Added. Returns the custom Content
+ Security Policy to apply to a new document.
+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
+ * WebProcess/WebPage/WebPage.cpp:
+ * WebProcess/WebPage/WebPage.h:
+ (WebKit::WebPage::overrideContentSecurityPolicy): Added.
+
</ins><span class="cx"> 2017-02-02 Matthew Hanson <matthew_hanson@apple.com>
</span><span class="cx">
</span><span class="cx"> Merge r211541. rdar://problem/30100286
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2SharedWebPageCreationParameterscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/Shared/WebPageCreationParameters.cpp (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/Shared/WebPageCreationParameters.cpp        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/Shared/WebPageCreationParameters.cpp        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -89,6 +89,7 @@
</span><span class="cx"> encoder << shouldScaleViewToFitDocument;
</span><span class="cx"> encoder.encodeEnum(userInterfaceLayoutDirection);
</span><span class="cx"> encoder.encodeEnum(observedLayoutMilestones);
</span><ins>+ encoder << overrideContentSecurityPolicy;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool WebPageCreationParameters::decode(IPC::Decoder& decoder, WebPageCreationParameters& parameters)
</span><span class="lines">@@ -204,6 +205,9 @@
</span><span class="cx"> if (!decoder.decodeEnum(parameters.observedLayoutMilestones))
</span><span class="cx"> return false;
</span><span class="cx">
</span><ins>+ if (!decoder.decode(parameters.overrideContentSecurityPolicy))
+ return false;
+
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2SharedWebPageCreationParametersh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/Shared/WebPageCreationParameters.h (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/Shared/WebPageCreationParameters.h        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/Shared/WebPageCreationParameters.h        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -140,6 +140,8 @@
</span><span class="cx">
</span><span class="cx"> WebCore::UserInterfaceLayoutDirection userInterfaceLayoutDirection;
</span><span class="cx"> WebCore::LayoutMilestones observedLayoutMilestones;
</span><ins>+
+ String overrideContentSecurityPolicy;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace WebKit
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2UIProcessAPIAPIPageConfigurationcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/UIProcess/API/APIPageConfiguration.cpp (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/UIProcess/API/APIPageConfiguration.cpp        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/UIProcess/API/APIPageConfiguration.cpp        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -69,6 +69,7 @@
</span><span class="cx"> #endif
</span><span class="cx"> copy->m_initialCapitalizationEnabled = this->m_initialCapitalizationEnabled;
</span><span class="cx"> copy->m_controlledByAutomation = this->m_controlledByAutomation;
</span><ins>+ copy->m_overrideContentSecurityPolicy = this->m_overrideContentSecurityPolicy;
</ins><span class="cx">
</span><span class="cx"> return copy;
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2UIProcessAPIAPIPageConfigurationh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/UIProcess/API/APIPageConfiguration.h (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/UIProcess/API/APIPageConfiguration.h        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/UIProcess/API/APIPageConfiguration.h        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #include "APIObject.h"
</span><span class="cx"> #include "WebPreferencesStore.h"
</span><span class="cx"> #include <WebCore/SessionID.h>
</span><ins>+#include <wtf/Forward.h>
</ins><span class="cx"> #include <wtf/GetPtr.h>
</span><span class="cx">
</span><span class="cx"> namespace WebKit {
</span><span class="lines">@@ -98,6 +99,9 @@
</span><span class="cx"> bool isControlledByAutomation() const { return m_controlledByAutomation; }
</span><span class="cx"> void setControlledByAutomation(bool controlledByAutomation) { m_controlledByAutomation = controlledByAutomation; }
</span><span class="cx">
</span><ins>+ const WTF::String& overrideContentSecurityPolicy() const { return m_overrideContentSecurityPolicy; }
+ void setOverrideContentSecurityPolicy(const WTF::String& overrideContentSecurityPolicy) { m_overrideContentSecurityPolicy = overrideContentSecurityPolicy; }
+
</ins><span class="cx"> private:
</span><span class="cx">
</span><span class="cx"> RefPtr<WebKit::WebProcessPool> m_processPool;
</span><span class="lines">@@ -120,6 +124,8 @@
</span><span class="cx"> bool m_initialCapitalizationEnabled = true;
</span><span class="cx"> bool m_waitsForPaintAfterViewDidMoveToWindow = true;
</span><span class="cx"> bool m_controlledByAutomation = false;
</span><ins>+
+ WTF::String m_overrideContentSecurityPolicy;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace API
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2UIProcessAPICocoaWKWebViewmm"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -433,6 +433,9 @@
</span><span class="cx"> pageConfiguration->setWebsiteDataStore([_configuration websiteDataStore]->_websiteDataStore.get());
</span><span class="cx"> pageConfiguration->setTreatsSHA1SignedCertificatesAsInsecure([_configuration _treatsSHA1SignedCertificatesAsInsecure]);
</span><span class="cx">
</span><ins>+ if (NSString *overrideContentSecurityPolicy = configuration._overrideContentSecurityPolicy)
+ pageConfiguration->setOverrideContentSecurityPolicy(overrideContentSecurityPolicy);
+
</ins><span class="cx"> RefPtr<WebKit::WebPageGroup> pageGroup;
</span><span class="cx"> NSString *groupIdentifier = configuration._groupIdentifier;
</span><span class="cx"> if (groupIdentifier.length) {
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2UIProcessAPICocoaWKWebViewConfigurationmm"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfiguration.mm (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfiguration.mm        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfiguration.mm        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -130,6 +130,8 @@
</span><span class="cx"> BOOL _applePayEnabled;
</span><span class="cx"> #endif
</span><span class="cx"> BOOL _needsStorageAccessFromFileURLsQuirk;
</span><ins>+
+ NSString *_overrideContentSecurityPolicy;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> - (instancetype)init
</span><span class="lines">@@ -318,6 +320,7 @@
</span><span class="cx"> configuration->_applePayEnabled = self->_applePayEnabled;
</span><span class="cx"> #endif
</span><span class="cx"> configuration->_needsStorageAccessFromFileURLsQuirk = self->_needsStorageAccessFromFileURLsQuirk;
</span><ins>+ configuration->_overrideContentSecurityPolicy = self->_overrideContentSecurityPolicy;
</ins><span class="cx">
</span><span class="cx"> return configuration;
</span><span class="cx"> }
</span><span class="lines">@@ -752,6 +755,16 @@
</span><span class="cx"> _needsStorageAccessFromFileURLsQuirk = needsLocalStorageQuirk;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+- (NSString *)_overrideContentSecurityPolicy
+{
+ return _overrideContentSecurityPolicy;
+}
+
+- (void)_setOverrideContentSecurityPolicy:(NSString *)overrideContentSecurityPolicy
+{
+ _overrideContentSecurityPolicy = overrideContentSecurityPolicy;
+}
+
</ins><span class="cx"> @end
</span><span class="cx">
</span><span class="cx"> @implementation WKWebViewConfiguration (WKDeprecated)
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2UIProcessAPICocoaWKWebViewConfigurationPrivateh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -74,6 +74,8 @@
</span><span class="cx"> @property (nonatomic, setter=_setRequiresUserActionForAudioPlayback:) BOOL _requiresUserActionForAudioPlayback WK_API_DEPRECATED_WITH_REPLACEMENT("mediaTypesRequiringUserActionForPlayback", macosx(10.12, 10.12), ios(10.0, 10.0));
</span><span class="cx"> @property (nonatomic, setter=_setRequiresUserActionForVideoPlayback:) BOOL _requiresUserActionForVideoPlayback WK_API_DEPRECATED_WITH_REPLACEMENT("mediaTypesRequiringUserActionForPlayback", macosx(10.12, 10.12), ios(10.0, 10.0));
</span><span class="cx">
</span><ins>+@property (nonatomic, setter=_setOverrideContentSecurityPolicy:) NSString *_overrideContentSecurityPolicy WK_API_AVAILABLE(macosx(WK_MAC_TBA), ios(WK_IOS_TBA));
+
</ins><span class="cx"> @end
</span><span class="cx">
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2UIProcessWebPageProxycpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/UIProcess/WebPageProxy.cpp (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/UIProcess/WebPageProxy.cpp        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/UIProcess/WebPageProxy.cpp        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -342,6 +342,7 @@
</span><span class="cx"> , m_websiteDataStore(m_configuration->websiteDataStore()->websiteDataStore())
</span><span class="cx"> , m_mainFrame(nullptr)
</span><span class="cx"> , m_userAgent(standardUserAgent())
</span><ins>+ , m_overrideContentSecurityPolicy { m_configuration->overrideContentSecurityPolicy() }
</ins><span class="cx"> , m_treatsSHA1CertificatesAsInsecure(m_configuration->treatsSHA1SignedCertificatesAsInsecure())
</span><span class="cx"> #if ENABLE(FULLSCREEN_API)
</span><span class="cx"> , m_fullscreenClient(std::make_unique<API::FullscreenClient>())
</span><span class="lines">@@ -5573,6 +5574,7 @@
</span><span class="cx"> parameters.shouldScaleViewToFitDocument = m_shouldScaleViewToFitDocument;
</span><span class="cx"> parameters.userInterfaceLayoutDirection = m_pageClient.userInterfaceLayoutDirection();
</span><span class="cx"> parameters.observedLayoutMilestones = m_observedLayoutMilestones;
</span><ins>+ parameters.overrideContentSecurityPolicy = m_overrideContentSecurityPolicy;
</ins><span class="cx">
</span><span class="cx"> return parameters;
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2UIProcessWebPageProxyh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/UIProcess/WebPageProxy.h (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/UIProcess/WebPageProxy.h        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/UIProcess/WebPageProxy.h        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -1651,6 +1651,7 @@
</span><span class="cx"> String m_applicationNameForUserAgent;
</span><span class="cx"> String m_customUserAgent;
</span><span class="cx"> String m_customTextEncodingName;
</span><ins>+ String m_overrideContentSecurityPolicy;
</ins><span class="cx">
</span><span class="cx"> bool m_treatsSHA1CertificatesAsInsecure;
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2WebProcessWebCoreSupportWebFrameLoaderClientcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -1287,6 +1287,15 @@
</span><span class="cx"> return webPage->userAgent(m_frame, url);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+String WebFrameLoaderClient::overrideContentSecurityPolicy() const
+{
+ WebPage* webPage = m_frame->page();
+ if (!webPage)
+ return String();
+
+ return webPage->overrideContentSecurityPolicy();
+}
+
</ins><span class="cx"> void WebFrameLoaderClient::savePlatformDataToCachedFrame(CachedFrame* cachedFrame)
</span><span class="cx"> {
</span><span class="cx"> WebPage* webPage = m_frame->page();
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2WebProcessWebCoreSupportWebFrameLoaderClienth"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.h (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.h        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.h        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -182,6 +182,9 @@
</span><span class="cx">
</span><span class="cx"> void savePlatformDataToCachedFrame(WebCore::CachedFrame*) override;
</span><span class="cx"> void transitionToCommittedFromCachedFrame(WebCore::CachedFrame*) override;
</span><ins>+
+ String overrideContentSecurityPolicy() const final;
+
</ins><span class="cx"> #if PLATFORM(IOS)
</span><span class="cx"> void didRestoreFrameHierarchyForCachedFrame() override;
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2WebProcessWebPageWebPagecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -364,6 +364,7 @@
</span><span class="cx"> , m_userActivity("Process suppression disabled for page.")
</span><span class="cx"> , m_userActivityHysteresis([this](HysteresisState) { updateUserActivity(); })
</span><span class="cx"> , m_userInterfaceLayoutDirection(parameters.userInterfaceLayoutDirection)
</span><ins>+ , m_overrideContentSecurityPolicy { parameters.overrideContentSecurityPolicy }
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(m_pageID);
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari603branchSourceWebKit2WebProcessWebPageWebPageh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WebKit2/WebProcess/WebPage/WebPage.h (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WebKit2/WebProcess/WebPage/WebPage.h        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Source/WebKit2/WebProcess/WebPage/WebPage.h        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -293,6 +293,8 @@
</span><span class="cx"> String platformUserAgent(const WebCore::URL&) const;
</span><span class="cx"> WebCore::KeyboardUIMode keyboardUIMode();
</span><span class="cx">
</span><ins>+ const String& overrideContentSecurityPolicy() const { return m_overrideContentSecurityPolicy; }
+
</ins><span class="cx"> WebUndoStep* webUndoStep(uint64_t);
</span><span class="cx"> void addWebUndoStep(uint64_t, WebUndoStep*);
</span><span class="cx"> void removeWebEditCommand(uint64_t);
</span><span class="lines">@@ -1527,6 +1529,8 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> WebCore::UserInterfaceLayoutDirection m_userInterfaceLayoutDirection { WebCore::UserInterfaceLayoutDirection::LTR };
</span><ins>+
+ const String m_overrideContentSecurityPolicy;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace WebKit
</span></span></pre></div>
<a id="branchessafari603branchToolsChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Tools/ChangeLog (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Tools/ChangeLog        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Tools/ChangeLog        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -1,5 +1,27 @@
</span><span class="cx"> 2017-02-05 Matthew Hanson <matthew_hanson@apple.com>
</span><span class="cx">
</span><ins>+ Merge r211656. rdar://problem/30102568
+
+ 2017-02-03 Daniel Bates <dabates@apple.com>
+
+ [Mac][WK2] Add SPI to override the Content Security Policy of a page
+ https://bugs.webkit.org/show_bug.cgi?id=167810
+ <rdar://problem/30102568>
+
+ Reviewed by Anders Carlsson.
+
+ Add tests to ensure that we do not regress -[WKWebView _setOverrideContentSecurityPolicy:].
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKit2Cocoa/OverrideContentSecurityPolicy.mm: Added.
+ (TEST):
+ * TestWebKitAPI/Tests/WebKit2Cocoa/page-with-csp-iframe.html: Added.
+ * TestWebKitAPI/Tests/WebKit2Cocoa/page-with-csp.html: Added.
+ * TestWebKitAPI/Tests/WebKit2Cocoa/page-without-csp-iframe.html: Added.
+ * TestWebKitAPI/Tests/WebKit2Cocoa/page-without-csp.html: Added.
+
+2017-02-05 Matthew Hanson <matthew_hanson@apple.com>
+
</ins><span class="cx"> Merge r211207. rdar://problem/30154036
</span><span class="cx">
</span><span class="cx"> 2017-01-26 Per Arne Vollan <pvollan@apple.com>
</span></span></pre></div>
<a id="branchessafari603branchToolsTestWebKitAPITestWebKitAPIxcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (211700 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj        2017-02-06 05:25:14 UTC (rev 211700)
+++ branches/safari-603-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -523,6 +523,11 @@
</span><span class="cx">                 CE3524FA1B1443890028A7C5 /* input-focus-blur.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = CE3524F51B142BBB0028A7C5 /* input-focus-blur.html */; };
</span><span class="cx">                 CEA6CF2819CCF69D0064F5A7 /* open-and-close-window.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = CEA6CF2719CCF69D0064F5A7 /* open-and-close-window.html */; };
</span><span class="cx">                 CEBABD491B71687C0051210A /* should-open-external-schemes.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = CEBABD481B71687C0051210A /* should-open-external-schemes.html */; };
</span><ins>+                CEBCA12F1E3A660100C73293 /* OverrideContentSecurityPolicy.mm in Sources */ = {isa = PBXBuildFile; fileRef = CEBCA12E1E3A660100C73293 /* OverrideContentSecurityPolicy.mm */; };
+                CEBCA1381E3A807A00C73293 /* page-with-csp.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = CEBCA1351E3A803400C73293 /* page-with-csp.html */; };
+                CEBCA1391E3A807A00C73293 /* page-with-csp-iframe.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = CEBCA1341E3A803400C73293 /* page-with-csp-iframe.html */; };
+                CEBCA13A1E3A807A00C73293 /* page-without-csp.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = CEBCA1371E3A803400C73293 /* page-without-csp.html */; };
+                CEBCA13B1E3A807A00C73293 /* page-without-csp-iframe.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = CEBCA1361E3A803400C73293 /* page-without-csp-iframe.html */; };
</ins><span class="cx">                 E1220DCA155B28AA0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = E1220DC9155B287D0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html */; };
</span><span class="cx">                 E194E1BD177E53C7009C4D4E /* StopLoadingFromDidReceiveResponse.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = E194E1BC177E534A009C4D4E /* StopLoadingFromDidReceiveResponse.html */; };
</span><span class="cx">                 F415086D1DA040C50044BE9B /* play-audio-on-click.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = F415086C1DA040C10044BE9B /* play-audio-on-click.html */; };
</span><span class="lines">@@ -724,6 +729,10 @@
</span><span class="cx">                                 290A9BB91735F63800D71BBC /* OpenNewWindow.html in Copy Resources */,
</span><span class="cx">                                 A1C4FB731BACD1CA003742D0 /* pages.pages in Copy Resources */,
</span><span class="cx">                                 A57A34F216AF6B2B00C2501F /* PageVisibilityStateWithWindowChanges.html in Copy Resources */,
</span><ins>+                                CEBCA1381E3A807A00C73293 /* page-with-csp.html in Copy Resources */,
+                                CEBCA1391E3A807A00C73293 /* page-with-csp-iframe.html in Copy Resources */,
+                                CEBCA13A1E3A807A00C73293 /* page-without-csp.html in Copy Resources */,
+                                CEBCA13B1E3A807A00C73293 /* page-without-csp-iframe.html in Copy Resources */,
</ins><span class="cx">                                 F6FDDDD614241C6F004F1729 /* push-state.html in Copy Resources */,
</span><span class="cx">                                 52B8CF9815868D9100281053 /* SetDocumentURI.html in Copy Resources */,
</span><span class="cx">                                 CEBABD491B71687C0051210A /* should-open-external-schemes.html in Copy Resources */,
</span><span class="lines">@@ -1291,6 +1300,11 @@
</span><span class="cx">                 CEA6CF2219CCF5BD0064F5A7 /* OpenAndCloseWindow.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = OpenAndCloseWindow.mm; sourceTree = "<group>"; };
</span><span class="cx">                 CEA6CF2719CCF69D0064F5A7 /* open-and-close-window.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "open-and-close-window.html"; sourceTree = "<group>"; };
</span><span class="cx">                 CEBABD481B71687C0051210A /* should-open-external-schemes.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "should-open-external-schemes.html"; sourceTree = "<group>"; };
</span><ins>+                CEBCA12E1E3A660100C73293 /* OverrideContentSecurityPolicy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = OverrideContentSecurityPolicy.mm; sourceTree = "<group>"; };
+                CEBCA1341E3A803400C73293 /* page-with-csp-iframe.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "page-with-csp-iframe.html"; sourceTree = "<group>"; };
+                CEBCA1351E3A803400C73293 /* page-with-csp.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "page-with-csp.html"; sourceTree = "<group>"; };
+                CEBCA1361E3A803400C73293 /* page-without-csp-iframe.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "page-without-csp-iframe.html"; sourceTree = "<group>"; };
+                CEBCA1371E3A803400C73293 /* page-without-csp.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "page-without-csp.html"; sourceTree = "<group>"; };
</ins><span class="cx">                 DC69AA621CF77C6500C6272F /* ScopedLambda.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScopedLambda.cpp; sourceTree = "<group>"; };
</span><span class="cx">                 E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MemoryCacheDisableWithinResourceLoadDelegate.mm; sourceTree = "<group>"; };
</span><span class="cx">                 E1220DC9155B287D0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = MemoryCacheDisableWithinResourceLoadDelegate.html; sourceTree = "<group>"; };
</span><span class="lines">@@ -1500,6 +1514,7 @@
</span><span class="cx">                                 2ECFF5541D9B12F800B55394 /* NowPlayingControlsTests.mm */,
</span><span class="cx">                                 37A22AA51DCAA27200AFBFC4 /* ObservedRenderingProgressEventsAfterCrash.mm */,
</span><span class="cx">                                 CEA6CF2219CCF5BD0064F5A7 /* OpenAndCloseWindow.mm */,
</span><ins>+                                CEBCA12E1E3A660100C73293 /* OverrideContentSecurityPolicy.mm */,
</ins><span class="cx">                                 C95501BE19AD2FAF0049BE3E /* Preferences.mm */,
</span><span class="cx">                                 5798E2AF1CAF5C2800C5CBA0 /* ProvisionalURLNotChange.mm */,
</span><span class="cx">                                 A1C4FB6C1BACCE50003742D0 /* QuickLook.mm */,
</span><span class="lines">@@ -1678,6 +1693,10 @@
</span><span class="cx">                                 46C519E31D35629600DAA51A /* LocalStorageNullEntries.localstorage */,
</span><span class="cx">                                 46C519E41D35629600DAA51A /* LocalStorageNullEntries.localstorage-shm */,
</span><span class="cx">                                 7CCB99221D3B44E7003922F6 /* open-multiple-external-url.html */,
</span><ins>+                                CEBCA1351E3A803400C73293 /* page-with-csp.html */,
+                                CEBCA1341E3A803400C73293 /* page-with-csp-iframe.html */,
+                                CEBCA1371E3A803400C73293 /* page-without-csp.html */,
+                                CEBCA1361E3A803400C73293 /* page-without-csp-iframe.html */,
</ins><span class="cx">                                 F4F405BB1D4C0CF8007A9707 /* skinny-autoplaying-video-with-audio.html */,
</span><span class="cx">                                 515BE16E1D4288FF00DD7C68 /* StoreBlobToBeDeleted.html */,
</span><span class="cx">                                 51714EB21CF8C761004723C4 /* WebProcessKillIDBCleanup-1.html */,
</span><span class="lines">@@ -2586,6 +2605,7 @@
</span><span class="cx">                                 376C8C061D6E197C007D2BB9 /* FrameHandle.cpp in Sources */,
</span><span class="cx">                                 7CCE7F051A411AE600447C4C /* NewFirstVisuallyNonEmptyLayoutFrames.cpp in Sources */,
</span><span class="cx">                                 7CCE7F251A411AF600447C4C /* OpenAndCloseWindow.mm in Sources */,
</span><ins>+                                CEBCA12F1E3A660100C73293 /* OverrideContentSecurityPolicy.mm in Sources */,
</ins><span class="cx">                                 7CCB4DA91C83AE7300CC6918 /* PageGroup.cpp in Sources */,
</span><span class="cx">                                 5769C50B1D9B0002000847FB /* SerializedCryptoKeyWrap.mm in Sources */,
</span><span class="cx">                                 7CCE7F071A411AE600447C4C /* PageLoadBasic.cpp in Sources */,
</span></span></pre></div>
<a id="branchessafari603branchToolsTestWebKitAPITestsWebKit2CocoaOverrideContentSecurityPolicymm"></a>
<div class="addfile"><h4>Added: branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/OverrideContentSecurityPolicy.mm (0 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/OverrideContentSecurityPolicy.mm         (rev 0)
+++ branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/OverrideContentSecurityPolicy.mm        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -0,0 +1,81 @@
</span><ins>+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "TestWKWebView.h"
+#import <WebKit/WKWebViewConfigurationPrivate.h>
+#import <wtf/RetainPtr.h>
+
+#if WK_API_ENABLED
+
+TEST(WKWebView, SetOverrideContentSecurityPolicyWithEmptyStringForPageWithCSP)
+{
+ @autoreleasepool {
+ RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ [configuration _setOverrideContentSecurityPolicy:@""];
+
+ RetainPtr<TestWKWebView> webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+ NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"page-with-csp" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+ [webView loadRequest:request];
+
+ [webView waitForMessage:@"MainFrame: A"];
+ [webView waitForMessage:@"MainFrame: B"];
+ [webView waitForMessage:@"Subframe: A"];
+ [webView waitForMessage:@"Subframe: B"];
+ }
+}
+
+TEST(WKWebView, SetOverrideContentSecurityPolicyForPageWithCSP)
+{
+ @autoreleasepool {
+ RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ [configuration _setOverrideContentSecurityPolicy:@"script-src 'nonce-b'"];
+
+ RetainPtr<TestWKWebView> webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+ NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"page-with-csp" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+ [webView loadRequest:request];
+
+ [webView waitForMessage:@"MainFrame: B"];
+ [webView waitForMessage:@"Subframe: B"];
+ }
+}
+
+TEST(WKWebView, SetOverrideContentSecurityPolicyForPageWithoutCSP)
+{
+ @autoreleasepool {
+ RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ [configuration _setOverrideContentSecurityPolicy:@"script-src 'nonce-b'"];
+
+ RetainPtr<TestWKWebView> webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+ NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"page-without-csp" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+ [webView loadRequest:request];
+
+ [webView waitForMessage:@"MainFrame: B"];
+ [webView waitForMessage:@"Subframe: B"];
+ }
+}
+
+#endif
</ins></span></pre></div>
<a id="branchessafari603branchToolsTestWebKitAPITestsWebKit2Cocoapagewithcspiframehtml"></a>
<div class="addfile"><h4>Added: branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-with-csp-iframe.html (0 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-with-csp-iframe.html         (rev 0)
+++ branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-with-csp-iframe.html        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'none'">
+</head>
+<body>
+<script nonce="a">
+window.webkit.messageHandlers.testHandler.postMessage("Subframe: A");
+</script>
+<script nonce="b">
+window.webkit.messageHandlers.testHandler.postMessage("Subframe: B");
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari603branchToolsTestWebKitAPITestsWebKit2Cocoapagewithcsphtml"></a>
<div class="addfile"><h4>Added: branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-with-csp.html (0 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-with-csp.html         (rev 0)
+++ branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-with-csp.html        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'none'">
+</head>
+<body>
+<script nonce="a">
+window.webkit.messageHandlers.testHandler.postMessage("MainFrame: A");
+</script>
+<script nonce="b">
+window.webkit.messageHandlers.testHandler.postMessage("MainFrame: B");
+</script>
+<iframe id="iframe" src="page-with-csp-iframe.html"></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari603branchToolsTestWebKitAPITestsWebKit2Cocoapagewithoutcspiframehtml"></a>
<div class="addfile"><h4>Added: branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-without-csp-iframe.html (0 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-without-csp-iframe.html         (rev 0)
+++ branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-without-csp-iframe.html        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<script nonce="a">
+window.webkit.messageHandlers.testHandler.postMessage("Subframe: A");
+</script>
+<script nonce="b">
+window.webkit.messageHandlers.testHandler.postMessage("Subframe: B");
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari603branchToolsTestWebKitAPITestsWebKit2Cocoapagewithoutcsphtml"></a>
<div class="addfile"><h4>Added: branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-without-csp.html (0 => 211701)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-without-csp.html         (rev 0)
+++ branches/safari-603-branch/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/page-without-csp.html        2017-02-06 05:25:23 UTC (rev 211701)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<script nonce="a">
+window.webkit.messageHandlers.testHandler.postMessage("MainFrame: A");
+</script>
+<script nonce="b">
+window.webkit.messageHandlers.testHandler.postMessage("MainFrame: B");
+</script>
+<iframe id="iframe" src="page-without-csp-iframe.html"></iframe>
+</body>
+</html>
</ins></span></pre>
</div>
</div>
</body>
</html>