<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[211751] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/211751">211751</a></dd>
<dt>Author</dt> <dd>achristensen@apple.com</dd>
<dt>Date</dt> <dd>2017-02-06 14:45:23 -0800 (Mon, 06 Feb 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>credentials should be partitioned by main document domain
https://bugs.webkit.org/show_bug.cgi?id=166998
Source/WebCore:
rdar://problem/22901123
Reviewed by Brady Eidson.
Covered by http/tests/security/credentials-iframes.html
Also added http/tests/security/credentials-from-different-domains.html to verify existing behavior without iframes.
* Modules/websockets/WebSocketChannel.cpp:
(WebCore::WebSocketChannel::connect):
* dom/Document.h:
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::domainForCachePartition):
Return emptyString instead of a null String because it is used as a key in a HashMap, and hashing null strings dereferences null.
* page/SocketProvider.cpp:
(WebCore::SocketProvider::createSocketStreamHandle):
* page/SocketProvider.h:
* platform/network/CredentialStorage.cpp:
(WebCore::CredentialStorage::set):
(WebCore::CredentialStorage::get):
(WebCore::CredentialStorage::remove):
* platform/network/CredentialStorage.h:
Partition credentials.
* platform/network/ResourceHandleInternal.h:
(WebCore::ResourceHandleInternal::ResourceHandleInternal):
* platform/network/cf/SocketStreamHandleImpl.h:
(WebCore::SocketStreamHandleImpl::create):
* platform/network/cf/SocketStreamHandleImplCFNet.cpp:
(WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl):
(WebCore::SocketStreamHandleImpl::getStoredCONNECTProxyCredentials):
* platform/network/curl/SocketStreamHandleImpl.h:
(WebCore::SocketStreamHandleImpl::create):
* platform/network/mac/ResourceHandleMac.mm:
(WebCore::ResourceHandle::createNSURLConnection):
(WebCore::ResourceHandle::willSendRequest):
(WebCore::ResourceHandle::tryHandlePasswordBasedAuthentication):
(WebCore::ResourceHandle::receivedCredential):
* platform/network/soup/SocketStreamHandleImpl.h:
Source/WebKit/mac:
rdar://problem/22901123
Reviewed by Brady Eidson.
* Misc/WebDownload.mm:
* Plugins/WebBaseNetscapePluginView.mm:
(WebKit::getAuthenticationInfo):
Don't use partitioned credentials for WebKit1 plugins or downloads.
Downloads should be authenticated before becoming a download anyways.
Source/WebKit2:
rdar://problem/22901123
Reviewed by Brady Eidson.
* NetworkProcess/NetworkDataTask.cpp:
(WebKit::NetworkDataTask::NetworkDataTask):
* NetworkProcess/NetworkDataTask.h:
(WebKit::NetworkDataTask::partition):
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
(WebKit::NetworkDataTaskCocoa::tryPasswordBasedAuthentication):
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
* WebProcess/Network/WebSocketProvider.cpp:
(WebKit::WebSocketProvider::createSocketStreamHandle):
* WebProcess/Network/WebSocketProvider.h:
* WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::getAuthenticationInfo):
LayoutTests:
<rdar://problem/22901123>
Reviewed by Brady Eidson.
* http/tests/security/credentials-from-different-domains-expected.txt: Added.
* http/tests/security/credentials-from-different-domains.html: Added.
* http/tests/security/credentials-iframes-expected.txt: Added.
* http/tests/security/credentials-iframes.html: Added.
* http/tests/security/resources/cors-basic-auth.php: Added.
* http/tests/security/resources/credentials-from-different-domains-continued-1.html: Added.
* http/tests/security/resources/credentials-from-different-domains-continued-2.html: Added.
* http/tests/security/resources/credentials-iframes-continued.html: Added.
* http/tests/security/resources/credentials-iframes-different-domain.html: Added.
* http/tests/security/resources/credentials-iframes-same-domain.html: Added.
* platform/mac-wk1/http: Added.
* platform/mac-wk1/http/security: Added.
* platform/mac-wk1/http/security/credentials-iframes-expected.txt: Added.
DumpRenderTree prints out the entire URL of the authentication challenge.
WebKitTestRunner only prints out the host and port.
Both results show the fact that no credentials were sent on the second request.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreModuleswebsocketsWebSocketChannelcpp">trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp</a></li>
<li><a href="#trunkSourceWebCorepageSecurityOrigincpp">trunk/Source/WebCore/page/SecurityOrigin.cpp</a></li>
<li><a href="#trunkSourceWebCorepageSocketProvidercpp">trunk/Source/WebCore/page/SocketProvider.cpp</a></li>
<li><a href="#trunkSourceWebCorepageSocketProviderh">trunk/Source/WebCore/page/SocketProvider.h</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkCredentialStoragecpp">trunk/Source/WebCore/platform/network/CredentialStorage.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkCredentialStorageh">trunk/Source/WebCore/platform/network/CredentialStorage.h</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkResourceHandleInternalh">trunk/Source/WebCore/platform/network/ResourceHandleInternal.h</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkcfSocketStreamHandleImplh">trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImpl.h</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkcfSocketStreamHandleImplCFNetcpp">trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkcurlSocketStreamHandleImplh">trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkmacResourceHandleMacmm">trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworksoupSocketStreamHandleImplh">trunk/Source/WebCore/platform/network/soup/SocketStreamHandleImpl.h</a></li>
<li><a href="#trunkSourceWebKitmacChangeLog">trunk/Source/WebKit/mac/ChangeLog</a></li>
<li><a href="#trunkSourceWebKitmacMiscWebDownloadmm">trunk/Source/WebKit/mac/Misc/WebDownload.mm</a></li>
<li><a href="#trunkSourceWebKitmacPluginsWebBaseNetscapePluginViewmm">trunk/Source/WebKit/mac/Plugins/WebBaseNetscapePluginView.mm</a></li>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2NetworkProcessNetworkDataTaskcpp">trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.cpp</a></li>
<li><a href="#trunkSourceWebKit2NetworkProcessNetworkDataTaskh">trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h</a></li>
<li><a href="#trunkSourceWebKit2NetworkProcesscocoaNetworkDataTaskCocoamm">trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm</a></li>
<li><a href="#trunkSourceWebKit2NetworkProcesscocoaNetworkSessionCocoamm">trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm</a></li>
<li><a href="#trunkSourceWebKit2WebProcessNetworkWebSocketProvidercpp">trunk/Source/WebKit2/WebProcess/Network/WebSocketProvider.cpp</a></li>
<li><a href="#trunkSourceWebKit2WebProcessNetworkWebSocketProviderh">trunk/Source/WebKit2/WebProcess/Network/WebSocketProvider.h</a></li>
<li><a href="#trunkSourceWebKit2WebProcessPluginsPluginViewcpp">trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecuritycredentialsfromdifferentdomainsexpectedtxt">trunk/LayoutTests/http/tests/security/credentials-from-different-domains-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycredentialsfromdifferentdomainshtml">trunk/LayoutTests/http/tests/security/credentials-from-different-domains.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycredentialsiframesexpectedtxt">trunk/LayoutTests/http/tests/security/credentials-iframes-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycredentialsiframeshtml">trunk/LayoutTests/http/tests/security/credentials-iframes.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcescorsbasicauthphp">trunk/LayoutTests/http/tests/security/resources/cors-basic-auth.php</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcescredentialsfromdifferentdomainscontinued1html">trunk/LayoutTests/http/tests/security/resources/credentials-from-different-domains-continued-1.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcescredentialsfromdifferentdomainscontinued2html">trunk/LayoutTests/http/tests/security/resources/credentials-from-different-domains-continued-2.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcescredentialsiframescontinuedhtml">trunk/LayoutTests/http/tests/security/resources/credentials-iframes-continued.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcescredentialsiframesdifferentdomainhtml">trunk/LayoutTests/http/tests/security/resources/credentials-iframes-different-domain.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityresourcescredentialsiframessamedomainhtml">trunk/LayoutTests/http/tests/security/resources/credentials-iframes-same-domain.html</a></li>
<li>trunk/LayoutTests/platform/mac-wk1/http/</li>
<li>trunk/LayoutTests/platform/mac-wk1/http/tests/</li>
<li>trunk/LayoutTests/platform/mac-wk1/http/tests/security/</li>
<li><a href="#trunkLayoutTestsplatformmacwk1httptestssecuritycredentialsiframesexpectedtxt">trunk/LayoutTests/platform/mac-wk1/http/tests/security/credentials-iframes-expected.txt</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/LayoutTests/ChangeLog 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -1,3 +1,28 @@
</span><ins>+2017-02-06 Alex Christensen <achristensen@webkit.org>
+
+ credentials should be partitioned by main document domain
+ https://bugs.webkit.org/show_bug.cgi?id=166998
+ <rdar://problem/22901123>
+
+ Reviewed by Brady Eidson.
+
+ * http/tests/security/credentials-from-different-domains-expected.txt: Added.
+ * http/tests/security/credentials-from-different-domains.html: Added.
+ * http/tests/security/credentials-iframes-expected.txt: Added.
+ * http/tests/security/credentials-iframes.html: Added.
+ * http/tests/security/resources/cors-basic-auth.php: Added.
+ * http/tests/security/resources/credentials-from-different-domains-continued-1.html: Added.
+ * http/tests/security/resources/credentials-from-different-domains-continued-2.html: Added.
+ * http/tests/security/resources/credentials-iframes-continued.html: Added.
+ * http/tests/security/resources/credentials-iframes-different-domain.html: Added.
+ * http/tests/security/resources/credentials-iframes-same-domain.html: Added.
+ * platform/mac-wk1/http: Added.
+ * platform/mac-wk1/http/security: Added.
+ * platform/mac-wk1/http/security/credentials-iframes-expected.txt: Added.
+ DumpRenderTree prints out the entire URL of the authentication challenge.
+ WebKitTestRunner only prints out the host and port.
+ Both results show the fact that no credentials were sent on the second request.
+
</ins><span class="cx"> 2017-02-06 Simon Fraser <simon.fraser@apple.com>
</span><span class="cx">
</span><span class="cx"> Safari pages are blank sometimes (missing tiles)
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycredentialsfromdifferentdomainsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/credentials-from-different-domains-expected.txt (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/credentials-from-different-domains-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/credentials-from-different-domains-expected.txt 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,5 @@
</span><ins>+ALERT: Verifying credentials are used when given: User: user, password: pass.
+ALERT: Verifying credentials are preemptively set when they have been given: User: user, password: pass.
+ALERT: Verifying credentials are used after navigating within the same domain: User: user, password: pass.
+ALERT: Verifying authentication fails from another domain: Authentication canceled
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycredentialsfromdifferentdomainshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/credentials-from-different-domains.html (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/credentials-from-different-domains.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/credentials-from-different-domains.html 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,30 @@
</span><ins>+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ testRunner.setCanOpenWindows();
+}
+
+var request1 = new XMLHttpRequest();
+request1.onreadystatechange = function () {
+ if (request1.readyState === 4){
+ alert("Verifying credentials are used when given: " + request1.responseText);
+
+ // Verify that credentials are preemptively sent to the same realm, even when not explicitly given.
+ var request2 = new XMLHttpRequest();
+ request2.onreadystatechange = function () {
+ if (request2.readyState === 4){
+ alert("Verifying credentials are preemptively set when they have been given: " + request2.responseText);
+
+ // Open the rest of the test in the same domain and verify that the credentials are used.
+ window.open('http://127.0.0.1:8000/security/resources/credentials-from-different-domains-continued-1.html');
+ }
+ }
+ request2.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php');
+ request2.send();
+ }
+};
+request1.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true, "user", "pass");
+request1.send();
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycredentialsiframesexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/credentials-iframes-expected.txt (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/credentials-iframes-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/credentials-iframes-expected.txt 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password.
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycredentialsiframeshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/credentials-iframes.html (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/credentials-iframes.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/credentials-iframes.html 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ testRunner.setCanOpenWindows();
+ internals.settings.setStorageBlockingPolicy('BlockThirdParty');
+}
+
+window.addEventListener("message", function (event) {
+ alert("parent host: " + window.location.hostname + event.data);
+ window.open("http://localhost:8000/security/resources/credentials-iframes-continued.html");
+}, false);
+</script>
+<iframe src="resources/credentials-iframes-same-domain.html"></iframe>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcescorsbasicauthphp"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/resources/cors-basic-auth.php (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/resources/cors-basic-auth.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/cors-basic-auth.php 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+<?php
+ header('Access-Control-Allow-Origin: *');
+ if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
+ header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Authentication canceled';
+ exit;
+ } else {
+ echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+ }
+?>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcescredentialsfromdifferentdomainscontinued1html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/resources/credentials-from-different-domains-continued-1.html (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/resources/credentials-from-different-domains-continued-1.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/credentials-from-different-domains-continued-1.html 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,13 @@
</span><ins>+<script>
+var request = new XMLHttpRequest();
+request.onreadystatechange = function () {
+ if (this.readyState === 4){
+ alert("Verifying credentials are used after navigating within the same domain: " + this.responseText);
+
+ // Open the rest of the test in a different domain and verify that the credentials are not used.
+ window.open('http://localhost:8000/security/resources/credentials-from-different-domains-continued-2.html');
+ }
+};
+request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true);
+request.send();
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcescredentialsfromdifferentdomainscontinued2html"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/resources/credentials-from-different-domains-continued-2.html (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/resources/credentials-from-different-domains-continued-2.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/credentials-from-different-domains-continued-2.html 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<script>
+var request = new XMLHttpRequest();
+request.onreadystatechange = function () {
+ if (this.readyState === 4){
+ alert("Verifying authentication fails from another domain: " + this.responseText);
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+};
+request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true);
+request.send();
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcescredentialsiframescontinuedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/resources/credentials-iframes-continued.html (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/resources/credentials-iframes-continued.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/credentials-iframes-continued.html 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+<script>
+window.addEventListener("message", function(event) {
+ alert("parent host: " + window.location.hostname + event.data);
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+</script>
+<iframe src="http://127.0.0.1:8000/security/resources/credentials-iframes-different-domain.html"></iframe>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcescredentialsiframesdifferentdomainhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/resources/credentials-iframes-different-domain.html (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/resources/credentials-iframes-different-domain.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/credentials-iframes-different-domain.html 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,9 @@
</span><ins>+<script>
+var request = new XMLHttpRequest();
+request.onreadystatechange = function () {
+ if (this.readyState === 4)
+ window.parent.postMessage(" iframe host: " + window.location.hostname + " credentials:" + this.responseText, "*");
+};
+request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true); // no credentials
+request.send();
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityresourcescredentialsiframessamedomainhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/resources/credentials-iframes-same-domain.html (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/resources/credentials-iframes-same-domain.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/credentials-iframes-same-domain.html 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,9 @@
</span><ins>+<script>
+var request = new XMLHttpRequest();
+request.onreadystatechange = function () {
+ if (this.readyState === 4)
+ window.parent.postMessage(" iframe host: " + window.location.hostname + " credentials:" + this.responseText, "*");
+};
+request.open('GET', 'http://127.0.0.1:8000/security/resources/cors-basic-auth.php', true, "same-domain-user", "same-domain-password");
+request.send();
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk1httptestssecuritycredentialsiframesexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/platform/mac-wk1/http/tests/security/credentials-iframes-expected.txt (0 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk1/http/tests/security/credentials-iframes-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/security/credentials-iframes-expected.txt 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password.
+http://127.0.0.1:8000/security/resources/cors-basic-auth.php - didReceiveAuthenticationChallenge - Simulating cancelled authentication sheet
+ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled
+
</ins></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/ChangeLog 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -1,3 +1,45 @@
</span><ins>+2017-02-06 Alex Christensen <achristensen@webkit.org>
+
+ credentials should be partitioned by main document domain
+ https://bugs.webkit.org/show_bug.cgi?id=166998
+ rdar://problem/22901123
+
+ Reviewed by Brady Eidson.
+
+ Covered by http/tests/security/credentials-iframes.html
+ Also added http/tests/security/credentials-from-different-domains.html to verify existing behavior without iframes.
+
+ * Modules/websockets/WebSocketChannel.cpp:
+ (WebCore::WebSocketChannel::connect):
+ * dom/Document.h:
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::domainForCachePartition):
+ Return emptyString instead of a null String because it is used as a key in a HashMap, and hashing null strings dereferences null.
+ * page/SocketProvider.cpp:
+ (WebCore::SocketProvider::createSocketStreamHandle):
+ * page/SocketProvider.h:
+ * platform/network/CredentialStorage.cpp:
+ (WebCore::CredentialStorage::set):
+ (WebCore::CredentialStorage::get):
+ (WebCore::CredentialStorage::remove):
+ * platform/network/CredentialStorage.h:
+ Partition credentials.
+ * platform/network/ResourceHandleInternal.h:
+ (WebCore::ResourceHandleInternal::ResourceHandleInternal):
+ * platform/network/cf/SocketStreamHandleImpl.h:
+ (WebCore::SocketStreamHandleImpl::create):
+ * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
+ (WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl):
+ (WebCore::SocketStreamHandleImpl::getStoredCONNECTProxyCredentials):
+ * platform/network/curl/SocketStreamHandleImpl.h:
+ (WebCore::SocketStreamHandleImpl::create):
+ * platform/network/mac/ResourceHandleMac.mm:
+ (WebCore::ResourceHandle::createNSURLConnection):
+ (WebCore::ResourceHandle::willSendRequest):
+ (WebCore::ResourceHandle::tryHandlePasswordBasedAuthentication):
+ (WebCore::ResourceHandle::receivedCredential):
+ * platform/network/soup/SocketStreamHandleImpl.h:
+
</ins><span class="cx"> 2017-02-06 Simon Fraser <simon.fraser@apple.com>
</span><span class="cx">
</span><span class="cx"> Safari pages are blank sometimes (missing tiles)
</span></span></pre></div>
<a id="trunkSourceWebCoreModuleswebsocketsWebSocketChannelcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/Modules/websockets/WebSocketChannel.cpp 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -124,7 +124,12 @@
</span><span class="cx"> ref();
</span><span class="cx"> Page* page = frame->page();
</span><span class="cx"> SessionID sessionID = page ? page->sessionID() : SessionID::defaultSessionID();
</span><del>- m_handle = m_socketProvider->createSocketStreamHandle(m_handshake->url(), *this, sessionID);
</del><ins>+#if ENABLE(CACHE_PARTITIONING)
+ String partition = m_document->topDocument().securityOrigin().domainForCachePartition();
+#else
+ String partition = emptyString();
+#endif
+ m_handle = m_socketProvider->createSocketStreamHandle(m_handshake->url(), *this, sessionID, partition);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorepageSecurityOrigincpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -399,7 +399,7 @@
</span><span class="cx"> String SecurityOrigin::domainForCachePartition() const
</span><span class="cx"> {
</span><span class="cx"> if (m_storageBlockingPolicy != BlockThirdPartyStorage)
</span><del>- return String();
</del><ins>+ return emptyString();
</ins><span class="cx">
</span><span class="cx"> if (isHTTPFamily())
</span><span class="cx"> return host();
</span><span class="lines">@@ -407,7 +407,7 @@
</span><span class="cx"> if (SchemeRegistry::shouldPartitionCacheForURLScheme(m_protocol))
</span><span class="cx"> return host();
</span><span class="cx">
</span><del>- return String();
</del><ins>+ return emptyString();
</ins><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorepageSocketProvidercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/SocketProvider.cpp (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/SocketProvider.cpp 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/page/SocketProvider.cpp 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -32,9 +32,9 @@
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><del>-Ref<SocketStreamHandle> SocketProvider::createSocketStreamHandle(const URL& url, SocketStreamHandleClient& client, SessionID sessionID)
</del><ins>+Ref<SocketStreamHandle> SocketProvider::createSocketStreamHandle(const URL& url, SocketStreamHandleClient& client, SessionID sessionID, const String& credentialPartition)
</ins><span class="cx"> {
</span><del>- return SocketStreamHandleImpl::create(url, client, sessionID);
</del><ins>+ return SocketStreamHandleImpl::create(url, client, sessionID, credentialPartition);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebCorepageSocketProviderh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/SocketProvider.h (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/SocketProvider.h 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/page/SocketProvider.h 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx">
</span><span class="cx"> #include "SessionID.h"
</span><span class="cx"> #include <wtf/ThreadSafeRefCounted.h>
</span><ins>+#include <wtf/text/WTFString.h>
</ins><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><span class="lines">@@ -39,7 +40,7 @@
</span><span class="cx"> public:
</span><span class="cx"> static Ref<SocketProvider> create() { return adoptRef(*new SocketProvider); }
</span><span class="cx"> #if ENABLE(WEB_SOCKETS)
</span><del>- virtual Ref<SocketStreamHandle> createSocketStreamHandle(const URL&, SocketStreamHandleClient&, SessionID);
</del><ins>+ virtual Ref<SocketStreamHandle> createSocketStreamHandle(const URL&, SocketStreamHandleClient&, SessionID, const String& credentialPartition);
</ins><span class="cx"> #endif
</span><span class="cx"> virtual ~SocketProvider() { };
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkCredentialStoragecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/CredentialStorage.cpp (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/CredentialStorage.cpp 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/platform/network/CredentialStorage.cpp 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -63,12 +63,12 @@
</span><span class="cx"> return directoryURL;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void CredentialStorage::set(const Credential& credential, const ProtectionSpace& protectionSpace, const URL& url)
</del><ins>+void CredentialStorage::set(const String& partitionName, const Credential& credential, const ProtectionSpace& protectionSpace, const URL& url)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(protectionSpace.isProxy() || protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested || url.protocolIsInHTTPFamily());
</span><span class="cx"> ASSERT(protectionSpace.isProxy() || protectionSpace.authenticationScheme() == ProtectionSpaceAuthenticationSchemeClientCertificateRequested || url.isValid());
</span><span class="cx">
</span><del>- m_protectionSpaceToCredentialMap.set(protectionSpace, credential);
</del><ins>+ m_protectionSpaceToCredentialMap.set(std::make_pair(partitionName, protectionSpace), credential);
</ins><span class="cx">
</span><span class="cx"> #if PLATFORM(IOS)
</span><span class="cx"> if (protectionSpace.authenticationScheme() != ProtectionSpaceAuthenticationSchemeClientCertificateRequested)
</span><span class="lines">@@ -86,14 +86,14 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>-Credential CredentialStorage::get(const ProtectionSpace& protectionSpace)
</del><ins>+Credential CredentialStorage::get(const String& partitionName, const ProtectionSpace& protectionSpace)
</ins><span class="cx"> {
</span><del>- return m_protectionSpaceToCredentialMap.get(protectionSpace);
</del><ins>+ return m_protectionSpaceToCredentialMap.get(std::make_pair(partitionName, protectionSpace));
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void CredentialStorage::remove(const ProtectionSpace& protectionSpace)
</del><ins>+void CredentialStorage::remove(const String& partitionName, const ProtectionSpace& protectionSpace)
</ins><span class="cx"> {
</span><del>- m_protectionSpaceToCredentialMap.remove(protectionSpace);
</del><ins>+ m_protectionSpaceToCredentialMap.remove(std::make_pair(partitionName, protectionSpace));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> HashMap<String, ProtectionSpace>::iterator CredentialStorage::findDefaultProtectionSpaceForURL(const URL& url)
</span><span class="lines">@@ -122,7 +122,7 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool CredentialStorage::set(const Credential& credential, const URL& url)
</del><ins>+bool CredentialStorage::set(const String& partitionName, const Credential& credential, const URL& url)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(url.protocolIsInHTTPFamily());
</span><span class="cx"> ASSERT(url.isValid());
</span><span class="lines">@@ -130,16 +130,16 @@
</span><span class="cx"> if (iter == m_pathToDefaultProtectionSpaceMap.end())
</span><span class="cx"> return false;
</span><span class="cx"> ASSERT(m_originsWithCredentials.contains(originStringFromURL(url)));
</span><del>- m_protectionSpaceToCredentialMap.set(iter->value, credential);
</del><ins>+ m_protectionSpaceToCredentialMap.set(std::make_pair(partitionName, iter->value), credential);
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-Credential CredentialStorage::get(const URL& url)
</del><ins>+Credential CredentialStorage::get(const String& partitionName, const URL& url)
</ins><span class="cx"> {
</span><span class="cx"> PathToDefaultProtectionSpaceMap::iterator iter = findDefaultProtectionSpaceForURL(url);
</span><span class="cx"> if (iter == m_pathToDefaultProtectionSpaceMap.end())
</span><span class="cx"> return Credential();
</span><del>- return m_protectionSpaceToCredentialMap.get(iter->value);
</del><ins>+ return m_protectionSpaceToCredentialMap.get(std::make_pair(partitionName, iter->value));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void CredentialStorage::clearCredentials()
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkCredentialStorageh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/CredentialStorage.h (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/CredentialStorage.h 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/platform/network/CredentialStorage.h 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -43,9 +43,9 @@
</span><span class="cx"> WEBCORE_EXPORT static CredentialStorage& defaultCredentialStorage();
</span><span class="cx">
</span><span class="cx"> // WebCore session credential storage.
</span><del>- WEBCORE_EXPORT void set(const Credential&, const ProtectionSpace&, const URL&);
- WEBCORE_EXPORT Credential get(const ProtectionSpace&);
- WEBCORE_EXPORT void remove(const ProtectionSpace&);
</del><ins>+ WEBCORE_EXPORT void set(const String&, const Credential&, const ProtectionSpace&, const URL&);
+ WEBCORE_EXPORT Credential get(const String&, const ProtectionSpace&);
+ WEBCORE_EXPORT void remove(const String&, const ProtectionSpace&);
</ins><span class="cx">
</span><span class="cx"> // OS persistent storage.
</span><span class="cx"> WEBCORE_EXPORT Credential getFromPersistentStorage(const ProtectionSpace&);
</span><span class="lines">@@ -58,11 +58,11 @@
</span><span class="cx">
</span><span class="cx"> // These methods work for authentication schemes that support sending credentials without waiting for a request. E.g., for HTTP Basic authentication scheme
</span><span class="cx"> // a client should assume that all paths at or deeper than the depth of a known protected resource share are within the same protection space.
</span><del>- WEBCORE_EXPORT bool set(const Credential&, const URL&); // Returns true if the URL corresponds to a known protection space, so credentials could be updated.
- WEBCORE_EXPORT Credential get(const URL&);
</del><ins>+ WEBCORE_EXPORT bool set(const String&, const Credential&, const URL&); // Returns true if the URL corresponds to a known protection space, so credentials could be updated.
+ WEBCORE_EXPORT Credential get(const String&, const URL&);
</ins><span class="cx">
</span><span class="cx"> private:
</span><del>- HashMap<ProtectionSpace, Credential> m_protectionSpaceToCredentialMap;
</del><ins>+ HashMap<std::pair<String /* partitionName */, ProtectionSpace>, Credential> m_protectionSpaceToCredentialMap;
</ins><span class="cx"> HashSet<String> m_originsWithCredentials;
</span><span class="cx">
</span><span class="cx"> typedef HashMap<String, ProtectionSpace> PathToDefaultProtectionSpaceMap;
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkResourceHandleInternalh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/ResourceHandleInternal.h (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/ResourceHandleInternal.h 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/platform/network/ResourceHandleInternal.h 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -79,6 +79,11 @@
</span><span class="cx"> , m_client(client)
</span><span class="cx"> , m_firstRequest(request)
</span><span class="cx"> , m_lastHTTPMethod(request.httpMethod())
</span><ins>+#if ENABLE(CACHE_PARTITIONING)
+ , m_partition(request.cachePartition())
+#else
+ , m_partition(emptyString())
+#endif
</ins><span class="cx"> , m_defersLoading(defersLoading)
</span><span class="cx"> , m_shouldContentSniff(shouldContentSniff)
</span><span class="cx"> , m_usesAsyncCallbacks(client && client->usesAsyncCallbacks())
</span><span class="lines">@@ -107,6 +112,7 @@
</span><span class="cx"> ResourceHandleClient* m_client;
</span><span class="cx"> ResourceRequest m_firstRequest;
</span><span class="cx"> String m_lastHTTPMethod;
</span><ins>+ String m_partition;
</ins><span class="cx">
</span><span class="cx"> // Suggested credentials for the current redirection step.
</span><span class="cx"> String m_user;
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkcfSocketStreamHandleImplh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImpl.h (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImpl.h 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImpl.h 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -45,7 +45,7 @@
</span><span class="cx">
</span><span class="cx"> class SocketStreamHandleImpl : public SocketStreamHandle {
</span><span class="cx"> public:
</span><del>- static Ref<SocketStreamHandleImpl> create(const URL& url, SocketStreamHandleClient& client, SessionID sessionID) { return adoptRef(*new SocketStreamHandleImpl(url, client, sessionID)); }
</del><ins>+ static Ref<SocketStreamHandleImpl> create(const URL& url, SocketStreamHandleClient& client, SessionID sessionID, const String& credentialPartition) { return adoptRef(*new SocketStreamHandleImpl(url, client, sessionID, credentialPartition)); }
</ins><span class="cx">
</span><span class="cx"> virtual ~SocketStreamHandleImpl();
</span><span class="cx">
</span><span class="lines">@@ -53,7 +53,7 @@
</span><span class="cx"> virtual std::optional<size_t> platformSend(const char* data, size_t length);
</span><span class="cx"> virtual void platformClose();
</span><span class="cx">
</span><del>- WEBCORE_EXPORT SocketStreamHandleImpl(const URL&, SocketStreamHandleClient&, SessionID);
</del><ins>+ WEBCORE_EXPORT SocketStreamHandleImpl(const URL&, SocketStreamHandleClient&, SessionID, const String& credentialPartition);
</ins><span class="cx"> void createStreams();
</span><span class="cx"> void scheduleStreams();
</span><span class="cx"> void chooseProxy();
</span><span class="lines">@@ -96,6 +96,7 @@
</span><span class="cx">
</span><span class="cx"> RetainPtr<CFURLRef> m_httpsURL; // ws(s): replaced with https:
</span><span class="cx"> SessionID m_sessionID;
</span><ins>+ String m_credentialPartition;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace WebCore
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkcfSocketStreamHandleImplCFNetcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -63,12 +63,13 @@
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><del>-SocketStreamHandleImpl::SocketStreamHandleImpl(const URL& url, SocketStreamHandleClient& client, SessionID sessionID)
</del><ins>+SocketStreamHandleImpl::SocketStreamHandleImpl(const URL& url, SocketStreamHandleClient& client, SessionID sessionID, const String& credentialPartition)
</ins><span class="cx"> : SocketStreamHandle(url, client)
</span><span class="cx"> , m_connectingSubstate(New)
</span><span class="cx"> , m_connectionType(Unknown)
</span><span class="cx"> , m_sentStoredCredentials(false)
</span><span class="cx"> , m_sessionID(sessionID)
</span><ins>+ , m_credentialPartition(credentialPartition)
</ins><span class="cx"> {
</span><span class="cx"> LOG(Network, "SocketStreamHandle %p new client %p", this, &m_client);
</span><span class="cx">
</span><span class="lines">@@ -359,7 +360,7 @@
</span><span class="cx"> if (auto* storageSession = NetworkStorageSession::storageSession(m_sessionID)) {
</span><span class="cx"> storedCredential = storageSession->credentialStorage().getFromPersistentStorage(protectionSpace);
</span><span class="cx"> if (storedCredential.isEmpty())
</span><del>- storedCredential = storageSession->credentialStorage().get(protectionSpace);
</del><ins>+ storedCredential = storageSession->credentialStorage().get(m_credentialPartition, protectionSpace);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (storedCredential.isEmpty())
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkcurlSocketStreamHandleImplh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -50,7 +50,7 @@
</span><span class="cx">
</span><span class="cx"> class SocketStreamHandleImpl : public SocketStreamHandle {
</span><span class="cx"> public:
</span><del>- static Ref<SocketStreamHandleImpl> create(const URL& url, SocketStreamHandleClient& client, SessionID) { return adoptRef(*new SocketStreamHandleImpl(url, client)); }
</del><ins>+ static Ref<SocketStreamHandleImpl> create(const URL& url, SocketStreamHandleClient& client, SessionID, const String&) { return adoptRef(*new SocketStreamHandleImpl(url, client)); }
</ins><span class="cx">
</span><span class="cx"> virtual ~SocketStreamHandleImpl();
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkmacResourceHandleMacmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -146,12 +146,17 @@
</span><span class="cx"> if (d->m_user.isEmpty() && d->m_pass.isEmpty()) {
</span><span class="cx"> // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication,
</span><span class="cx"> // try and reuse the credential preemptively, as allowed by RFC 2617.
</span><del>- d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(firstRequest().url());
</del><ins>+#if ENABLE(CACHE_PARTITIONING)
+ String partition = firstRequest().cachePartition();
+#else
+ String partition = emptyString();
+#endif
+ d->m_initialCredential = d->m_context->storageSession().credentialStorage().get(partition, firstRequest().url());
</ins><span class="cx"> } else {
</span><span class="cx"> // If there is already a protection space known for the URL, update stored credentials before sending a request.
</span><span class="cx"> // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately
</span><span class="cx"> // (so that an authentication dialog doesn't pop up).
</span><del>- d->m_context->storageSession().credentialStorage().set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
</del><ins>+ d->m_context->storageSession().credentialStorage().set(firstRequest().cachePartition(), Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url());
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -477,7 +482,7 @@
</span><span class="cx"> // Only consider applying authentication credentials if this is actually a redirect and the redirect
</span><span class="cx"> // URL didn't include credentials of its own.
</span><span class="cx"> if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) {
</span><del>- Credential credential = d->m_context->storageSession().credentialStorage().get(request.url());
</del><ins>+ Credential credential = d->m_context->storageSession().credentialStorage().get(request.cachePartition(), request.url());
</ins><span class="cx"> if (!credential.isEmpty()) {
</span><span class="cx"> d->m_initialCredential = credential;
</span><span class="cx">
</span><span class="lines">@@ -596,16 +601,16 @@
</span><span class="cx"> // The stored credential wasn't accepted, stop using it.
</span><span class="cx"> // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
</span><span class="cx"> // but the observable effect should be very minor, if any.
</span><del>- d->m_context->storageSession().credentialStorage().remove(challenge.protectionSpace());
</del><ins>+ d->m_context->storageSession().credentialStorage().remove(d->m_partition, challenge.protectionSpace());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (!challenge.previousFailureCount()) {
</span><del>- Credential credential = d->m_context->storageSession().credentialStorage().get(challenge.protectionSpace());
</del><ins>+ Credential credential = d->m_context->storageSession().credentialStorage().get(d->m_partition, challenge.protectionSpace());
</ins><span class="cx"> if (!credential.isEmpty() && credential != d->m_initialCredential) {
</span><span class="cx"> ASSERT(credential.persistence() == CredentialPersistenceNone);
</span><span class="cx"> if (challenge.failureResponse().httpStatusCode() == 401) {
</span><span class="cx"> // Store the credential back, possibly adding it as a default for this directory.
</span><del>- d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
</del><ins>+ d->m_context->storageSession().credentialStorage().set(d->m_partition, credential, challenge.protectionSpace(), challenge.failureResponse().url());
</ins><span class="cx"> }
</span><span class="cx"> [challenge.sender() useCredential:credential.nsCredential() forAuthenticationChallenge:mac(challenge)];
</span><span class="cx"> return true;
</span><span class="lines">@@ -660,7 +665,7 @@
</span><span class="cx"> URL urlToStore;
</span><span class="cx"> if (challenge.failureResponse().httpStatusCode() == 401)
</span><span class="cx"> urlToStore = challenge.failureResponse().url();
</span><del>- d->m_context->storageSession().credentialStorage().set(webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
</del><ins>+ d->m_context->storageSession().credentialStorage().set(d->m_partition, webCredential, ProtectionSpace([d->m_currentMacChallenge protectionSpace]), urlToStore);
</ins><span class="cx"> [[d->m_currentMacChallenge sender] useCredential:webCredential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
</span><span class="cx"> } else
</span><span class="cx"> [[d->m_currentMacChallenge sender] useCredential:credential.nsCredential() forAuthenticationChallenge:d->m_currentMacChallenge];
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworksoupSocketStreamHandleImplh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/soup/SocketStreamHandleImpl.h (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/soup/SocketStreamHandleImpl.h 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebCore/platform/network/soup/SocketStreamHandleImpl.h 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -47,7 +47,7 @@
</span><span class="cx">
</span><span class="cx"> class SocketStreamHandleImpl final : public SocketStreamHandle {
</span><span class="cx"> public:
</span><del>- static Ref<SocketStreamHandleImpl> create(const URL&, SocketStreamHandleClient&, SessionID);
</del><ins>+ static Ref<SocketStreamHandleImpl> create(const URL&, SocketStreamHandleClient&, SessionID, const String&);
</ins><span class="cx"> static Ref<SocketStreamHandle> create(GSocketConnection*, SocketStreamHandleClient&);
</span><span class="cx">
</span><span class="cx"> virtual ~SocketStreamHandleImpl();
</span></span></pre></div>
<a id="trunkSourceWebKitmacChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/ChangeLog (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/ChangeLog 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit/mac/ChangeLog 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2017-02-06 Alex Christensen <achristensen@webkit.org>
+
+ credentials should be partitioned by main document domain
+ https://bugs.webkit.org/show_bug.cgi?id=166998
+ rdar://problem/22901123
+
+ Reviewed by Brady Eidson.
+
+ * Misc/WebDownload.mm:
+ * Plugins/WebBaseNetscapePluginView.mm:
+ (WebKit::getAuthenticationInfo):
+ Don't use partitioned credentials for WebKit1 plugins or downloads.
+ Downloads should be authenticated before becoming a download anyways.
+
</ins><span class="cx"> 2017-02-06 Said Abou-Hallawa <sabouhallawa@apple.com>
</span><span class="cx">
</span><span class="cx"> Rename AnimationController to CSSAnimationController
</span></span></pre></div>
<a id="trunkSourceWebKitmacMiscWebDownloadmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/Misc/WebDownload.mm (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/Misc/WebDownload.mm 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit/mac/Misc/WebDownload.mm 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -124,7 +124,7 @@
</span><span class="cx"> #if !PLATFORM(IOS)
</span><span class="cx"> // Try previously stored credential first.
</span><span class="cx"> if (![challenge previousFailureCount]) {
</span><del>- NSURLCredential *credential = CredentialStorage::defaultCredentialStorage().get(ProtectionSpace([challenge protectionSpace])).nsCredential();
</del><ins>+ NSURLCredential *credential = CredentialStorage::defaultCredentialStorage().get(emptyString(), ProtectionSpace([challenge protectionSpace])).nsCredential();
</ins><span class="cx"> if (credential) {
</span><span class="cx"> [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
</span><span class="cx"> return;
</span></span></pre></div>
<a id="trunkSourceWebKitmacPluginsWebBaseNetscapePluginViewmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/Plugins/WebBaseNetscapePluginView.mm (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/Plugins/WebBaseNetscapePluginView.mm 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit/mac/Plugins/WebBaseNetscapePluginView.mm 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -893,7 +893,7 @@
</span><span class="cx">
</span><span class="cx"> RetainPtr<NSURLProtectionSpace> protectionSpace = adoptNS([[NSURLProtectionSpace alloc] initWithHost:host port:port protocol:protocol realm:realm authenticationMethod:authenticationMethod]);
</span><span class="cx">
</span><del>- NSURLCredential *credential = CredentialStorage::defaultCredentialStorage().get(ProtectionSpace(protectionSpace.get())).nsCredential();
</del><ins>+ NSURLCredential *credential = CredentialStorage::defaultCredentialStorage().get(emptyString(), ProtectionSpace(protectionSpace.get())).nsCredential();
</ins><span class="cx"> if (!credential)
</span><span class="cx"> credential = [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:protectionSpace.get()];
</span><span class="cx"> if (!credential)
</span><span class="lines">@@ -907,7 +907,7 @@
</span><span class="cx">
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> } // namespace WebKit
</span><span class="cx">
</span><span class="cx"> #endif // ENABLE(NETSCAPE_PLUGIN_API)
</span></span></pre></div>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit2/ChangeLog 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -1,3 +1,27 @@
</span><ins>+2017-02-06 Alex Christensen <achristensen@webkit.org>
+
+ credentials should be partitioned by main document domain
+ https://bugs.webkit.org/show_bug.cgi?id=166998
+ rdar://problem/22901123
+
+ Reviewed by Brady Eidson.
+
+ * NetworkProcess/NetworkDataTask.cpp:
+ (WebKit::NetworkDataTask::NetworkDataTask):
+ * NetworkProcess/NetworkDataTask.h:
+ (WebKit::NetworkDataTask::partition):
+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+ (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
+ (WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
+ (WebKit::NetworkDataTaskCocoa::tryPasswordBasedAuthentication):
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
+ * WebProcess/Network/WebSocketProvider.cpp:
+ (WebKit::WebSocketProvider::createSocketStreamHandle):
+ * WebProcess/Network/WebSocketProvider.h:
+ * WebProcess/Plugins/PluginView.cpp:
+ (WebKit::PluginView::getAuthenticationInfo):
+
</ins><span class="cx"> 2017-02-06 Anders Carlsson <andersca@apple.com>
</span><span class="cx">
</span><span class="cx"> Crash child processes if they receive an invalid message
</span></span></pre></div>
<a id="trunkSourceWebKit2NetworkProcessNetworkDataTaskcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.cpp (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.cpp 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.cpp 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -63,6 +63,11 @@
</span><span class="cx"> : m_failureTimer(*this, &NetworkDataTask::failureTimerFired)
</span><span class="cx"> , m_session(session)
</span><span class="cx"> , m_client(&client)
</span><ins>+#if ENABLE(CACHE_PARTITIONING)
+ , m_partition(requestWithCredentials.cachePartition())
+#else
+ , m_partition(emptyString())
+#endif
</ins><span class="cx"> , m_storedCredentials(storedCredentials)
</span><span class="cx"> , m_lastHTTPMethod(requestWithCredentials.httpMethod())
</span><span class="cx"> , m_firstRequest(requestWithCredentials)
</span></span></pre></div>
<a id="trunkSourceWebKit2NetworkProcessNetworkDataTaskh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -117,6 +117,7 @@
</span><span class="cx"> virtual String suggestedFilename() const { return String(); }
</span><span class="cx"> void setSuggestedFilename(const String& suggestedName) { m_suggestedFilename = suggestedName; }
</span><span class="cx"> virtual bool allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge&) { return false; }
</span><ins>+ const String& partition() { return m_partition; }
</ins><span class="cx">
</span><span class="cx"> protected:
</span><span class="cx"> NetworkDataTask(NetworkSession&, NetworkDataTaskClient&, const WebCore::ResourceRequest&, WebCore::StoredCredentials, bool shouldClearReferrerOnHTTPSToHTTPRedirect);
</span><span class="lines">@@ -137,6 +138,7 @@
</span><span class="cx"> DownloadID m_pendingDownloadID;
</span><span class="cx"> String m_user;
</span><span class="cx"> String m_password;
</span><ins>+ String m_partition;
</ins><span class="cx"> #if USE(CREDENTIAL_STORAGE_WITH_NETWORK_SESSION)
</span><span class="cx"> WebCore::Credential m_initialCredential;
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="trunkSourceWebKit2NetworkProcesscocoaNetworkDataTaskCocoamm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -70,9 +70,9 @@
</span><span class="cx">
</span><span class="cx"> #if USE(CREDENTIAL_STORAGE_WITH_NETWORK_SESSION)
</span><span class="cx"> if (m_user.isEmpty() && m_password.isEmpty())
</span><del>- m_initialCredential = m_session->networkStorageSession().credentialStorage().get(url);
</del><ins>+ m_initialCredential = m_session->networkStorageSession().credentialStorage().get(m_partition, url);
</ins><span class="cx"> else
</span><del>- m_session->networkStorageSession().credentialStorage().set(WebCore::Credential(m_user, m_password, WebCore::CredentialPersistenceNone), url);
</del><ins>+ m_session->networkStorageSession().credentialStorage().set(m_partition, WebCore::Credential(m_user, m_password, WebCore::CredentialPersistenceNone), url);
</ins><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -195,7 +195,7 @@
</span><span class="cx"> // Only consider applying authentication credentials if this is actually a redirect and the redirect
</span><span class="cx"> // URL didn't include credentials of its own.
</span><span class="cx"> if (m_user.isEmpty() && m_password.isEmpty() && !redirectResponse.isNull()) {
</span><del>- auto credential = m_session->networkStorageSession().credentialStorage().get(request.url());
</del><ins>+ auto credential = m_session->networkStorageSession().credentialStorage().get(m_partition, request.url());
</ins><span class="cx"> if (!credential.isEmpty()) {
</span><span class="cx"> m_initialCredential = credential;
</span><span class="cx">
</span><span class="lines">@@ -248,16 +248,16 @@
</span><span class="cx"> // The stored credential wasn't accepted, stop using it.
</span><span class="cx"> // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
</span><span class="cx"> // but the observable effect should be very minor, if any.
</span><del>- m_session->networkStorageSession().credentialStorage().remove(challenge.protectionSpace());
</del><ins>+ m_session->networkStorageSession().credentialStorage().remove(m_partition, challenge.protectionSpace());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (!challenge.previousFailureCount()) {
</span><del>- auto credential = m_session->networkStorageSession().credentialStorage().get(challenge.protectionSpace());
</del><ins>+ auto credential = m_session->networkStorageSession().credentialStorage().get(m_partition, challenge.protectionSpace());
</ins><span class="cx"> if (!credential.isEmpty() && credential != m_initialCredential) {
</span><span class="cx"> ASSERT(credential.persistence() == WebCore::CredentialPersistenceNone);
</span><span class="cx"> if (challenge.failureResponse().httpStatusCode() == 401) {
</span><span class="cx"> // Store the credential back, possibly adding it as a default for this directory.
</span><del>- m_session->networkStorageSession().credentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
</del><ins>+ m_session->networkStorageSession().credentialStorage().set(m_partition, credential, challenge.protectionSpace(), challenge.failureResponse().url());
</ins><span class="cx"> }
</span><span class="cx"> completionHandler(AuthenticationChallengeDisposition::UseCredential, credential);
</span><span class="cx"> return true;
</span></span></pre></div>
<a id="trunkSourceWebKit2NetworkProcesscocoaNetworkSessionCocoamm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -174,7 +174,7 @@
</span><span class="cx"> WebCore::AuthenticationChallenge authenticationChallenge(challenge);
</span><span class="cx"> auto completionHandlerCopy = Block_copy(completionHandler);
</span><span class="cx"> auto sessionID = _session->sessionID();
</span><del>- auto challengeCompletionHandler = [completionHandlerCopy, sessionID, authenticationChallenge, taskIdentifier](WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential)
</del><ins>+ auto challengeCompletionHandler = [completionHandlerCopy, sessionID, authenticationChallenge, taskIdentifier, partition = networkDataTask->partition()](WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential)
</ins><span class="cx"> {
</span><span class="cx"> LOG(NetworkSession, "%llu didReceiveChallenge completionHandler %d", taskIdentifier, disposition);
</span><span class="cx"> #if !USE(CREDENTIAL_STORAGE_WITH_NETWORK_SESSION)
</span><span class="lines">@@ -188,7 +188,7 @@
</span><span class="cx"> if (authenticationChallenge.failureResponse().httpStatusCode() == 401)
</span><span class="cx"> urlToStore = authenticationChallenge.failureResponse().url();
</span><span class="cx"> if (auto storageSession = WebCore::NetworkStorageSession::storageSession(sessionID))
</span><del>- storageSession->credentialStorage().set(nonPersistentCredential, authenticationChallenge.protectionSpace(), urlToStore);
</del><ins>+ storageSession->credentialStorage().set(partition, nonPersistentCredential, authenticationChallenge.protectionSpace(), urlToStore);
</ins><span class="cx"> else
</span><span class="cx"> ASSERT_NOT_REACHED();
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcessNetworkWebSocketProvidercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/Network/WebSocketProvider.cpp (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/Network/WebSocketProvider.cpp 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit2/WebProcess/Network/WebSocketProvider.cpp 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -39,10 +39,10 @@
</span><span class="cx">
</span><span class="cx"> namespace WebKit {
</span><span class="cx">
</span><del>-Ref<SocketStreamHandle> WebSocketProvider::createSocketStreamHandle(const URL& url, SocketStreamHandleClient& client, SessionID sessionID)
</del><ins>+Ref<SocketStreamHandle> WebSocketProvider::createSocketStreamHandle(const URL& url, SocketStreamHandleClient& client, SessionID sessionID, const String& credentialPartition)
</ins><span class="cx"> {
</span><span class="cx"> // FIXME: This should return a proxy so we can do the actual network interactions in the NetworkProcess.
</span><del>- return SocketStreamHandleImpl::create(url, client, sessionID);
</del><ins>+ return SocketStreamHandleImpl::create(url, client, sessionID, credentialPartition);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace WebKit
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcessNetworkWebSocketProviderh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/Network/WebSocketProvider.h (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/Network/WebSocketProvider.h 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit2/WebProcess/Network/WebSocketProvider.h 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -33,7 +33,7 @@
</span><span class="cx"> public:
</span><span class="cx"> static Ref<WebSocketProvider> create() { return adoptRef(*new WebSocketProvider); }
</span><span class="cx"> #if ENABLE(WEB_SOCKETS)
</span><del>- Ref<WebCore::SocketStreamHandle> createSocketStreamHandle(const WebCore::URL&, WebCore::SocketStreamHandleClient&, WebCore::SessionID) final;
</del><ins>+ Ref<WebCore::SocketStreamHandle> createSocketStreamHandle(const WebCore::URL&, WebCore::SocketStreamHandleClient&, WebCore::SessionID, const String& credentialPartition) final;
</ins><span class="cx"> #endif
</span><span class="cx"> virtual ~WebSocketProvider() { }
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcessPluginsPluginViewcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp (211750 => 211751)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp 2017-02-06 22:33:42 UTC (rev 211750)
+++ trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp 2017-02-06 22:45:23 UTC (rev 211751)
</span><span class="lines">@@ -1589,7 +1589,12 @@
</span><span class="cx">
</span><span class="cx"> bool PluginView::getAuthenticationInfo(const ProtectionSpace& protectionSpace, String& username, String& password)
</span><span class="cx"> {
</span><del>- Credential credential = CredentialStorage::defaultCredentialStorage().get(protectionSpace);
</del><ins>+#if ENABLE(CACHE_PARTITIONING)
+ String partitionName = m_pluginElement->contentDocument()->topDocument().securityOrigin().domainForCachePartition();
+#else
+ String partitionName = emptyString();
+#endif
+ Credential credential = CredentialStorage::defaultCredentialStorage().get(partitionName, protectionSpace);
</ins><span class="cx"> if (credential.isEmpty())
</span><span class="cx"> credential = CredentialStorage::defaultCredentialStorage().getFromPersistentStorage(protectionSpace);
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>