<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[230224] trunk</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/230224">230224</a></dd>
<dt>Author</dt> <dd>youenn@apple.com</dd>
<dt>Date</dt> <dd>2018-04-03 15:20:21 -0700 (Tue, 03 Apr 2018)</dd>
</dl>

<h3>Log Message</h3>
<pre>NetworkResourceLoader does not need to expose all redirect response headers
https://bugs.webkit.org/show_bug.cgi?id=184114
<rdar://problem/39010557>

Reviewed by Ryosuke Niwa.

Source/WebCore:

No JS observable change of behavior.
Behavior change is observable for injected bundles since they will no longer get access to the full response.
List of response headers correspond to the one currently being used/exposed for redirections.

Test: http/wpt/loading/redirect-headers.html

* page/RuntimeEnabledFeatures.h:
(WebCore::RuntimeEnabledFeatures::setRestrictedHTTPResponseAccess):
(WebCore::RuntimeEnabledFeatures::restrictedHTTPResponseAccess const):
* platform/network/ResourceResponseBase.cpp:
(WebCore::isSafeToKeepRedirectionHeader):
(WebCore::ResourceResponseBase::sanitizeRedirectionHTTPHeaderFields):
* platform/network/ResourceResponseBase.h:

Source/WebKit:

WebProcess instructs NetworkProcess whether to sanitize response headers based on a runtime flag.
We sanitize redirection response headers in case this is not related to a navigation load.
Navigation loads may currently require the full response for content blockers.

* NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):
* NetworkProcess/NetworkResourceLoadParameters.h:
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::willSendRedirectedRequest):
(WebKit::NetworkResourceLoader::sanitizeRedirectResponseIfPossible):
(WebKit::NetworkResourceLoader::dispatchWillSendRequestForCacheEntry):
* NetworkProcess/NetworkResourceLoader.h:
* Shared/WebPreferences.yaml:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetRestrictedHTTPResponseAccess):
(WKPreferencesGetRestrictedHTTPResponseAccess):
* UIProcess/API/C/WKPreferencesRef.h:
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
(WebKit::WebLoaderStrategy::loadResourceSynchronously):
(WebKit::WebLoaderStrategy::startPingLoad):
(WebKit::WebLoaderStrategy::preconnectTo):

Tools:

Add an option to dump the number of headers in a response.
This allows validating that filtering does happen or not.

* WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:
(WTR::dumpResponseDescriptionSuitableForTestResult):
(WTR::InjectedBundlePage::responseHeaderCount):
(WTR::InjectedBundlePage::willSendRequestForFrame):
* WebKitTestRunner/InjectedBundle/InjectedBundlePage.h:
* WebKitTestRunner/InjectedBundle/TestRunner.h:
(WTR::TestRunner::dumpAllHTTPRedirectedResponseHeaders):
(WTR::TestRunner::shouldDumpAllHTTPRedirectedResponseHeaders const):
* WebKitTestRunner/InjectedBundle/cocoa/InjectedBundlePageCocoa.mm:
(WTR::InjectedBundlePage::responseHeaderCount):
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::resetPreferencesToConsistentValues):

LayoutTests:

New test verifies that headers are filtered. Witout filtering, 9 headers would be visible to the injected bundle, while 6 headers reamin after filtering.

* http/wpt/loading/redirect-headers-expected.txt: Added.
* http/wpt/loading/redirect-headers.html: Added.
* platform/mac-wk1/TestExpectations: Skipped new test for WK1.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsplatformmacwk1TestExpectations">trunk/LayoutTests/platform/mac-wk1/TestExpectations</a></li>
<li><a href="#trunkLayoutTestsplatformwinTestExpectations">trunk/LayoutTests/platform/win/TestExpectations</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorepageRuntimeEnabledFeaturesh">trunk/Source/WebCore/page/RuntimeEnabledFeatures.h</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkResourceResponseBasecpp">trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkResourceResponseBaseh">trunk/Source/WebCore/platform/network/ResourceResponseBase.h</a></li>
<li><a href="#trunkSourceWebKitChangeLog">trunk/Source/WebKit/ChangeLog</a></li>
<li><a href="#trunkSourceWebKitNetworkProcessNetworkResourceLoadParameterscpp">trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp</a></li>
<li><a href="#trunkSourceWebKitNetworkProcessNetworkResourceLoadParametersh">trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h</a></li>
<li><a href="#trunkSourceWebKitNetworkProcessNetworkResourceLoadercpp">trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp</a></li>
<li><a href="#trunkSourceWebKitNetworkProcessNetworkResourceLoaderh">trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h</a></li>
<li><a href="#trunkSourceWebKitSharedWebPreferencesyaml">trunk/Source/WebKit/Shared/WebPreferences.yaml</a></li>
<li><a href="#trunkSourceWebKitUIProcessAPICWKPreferencescpp">trunk/Source/WebKit/UIProcess/API/C/WKPreferences.cpp</a></li>
<li><a href="#trunkSourceWebKitUIProcessAPICWKPreferencesRefh">trunk/Source/WebKit/UIProcess/API/C/WKPreferencesRef.h</a></li>
<li><a href="#trunkSourceWebKitWebProcessNetworkWebLoaderStrategycpp">trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp</a></li>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
<li><a href="#trunkToolsWebKitTestRunnerInjectedBundleBindingsTestRunneridl">trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl</a></li>
<li><a href="#trunkToolsWebKitTestRunnerInjectedBundleInjectedBundlePagecpp">trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp</a></li>
<li><a href="#trunkToolsWebKitTestRunnerInjectedBundleInjectedBundlePageh">trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.h</a></li>
<li><a href="#trunkToolsWebKitTestRunnerInjectedBundleTestRunnerh">trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h</a></li>
<li><a href="#trunkToolsWebKitTestRunnerInjectedBundlecocoaInjectedBundlePageCocoamm">trunk/Tools/WebKitTestRunner/InjectedBundle/cocoa/InjectedBundlePageCocoa.mm</a></li>
<li><a href="#trunkToolsWebKitTestRunnerTestControllercpp">trunk/Tools/WebKitTestRunner/TestController.cpp</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li>trunk/LayoutTests/http/wpt/loading/</li>
<li><a href="#trunkLayoutTestshttpwptloadingredirectheadersexpectedtxt">trunk/LayoutTests/http/wpt/loading/redirect-headers-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttpwptloadingredirectheadershtml">trunk/LayoutTests/http/wpt/loading/redirect-headers.html</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog      2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/LayoutTests/ChangeLog 2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2018-04-03  Youenn Fablet  <youenn@apple.com>
+
+        NetworkResourceLoader does not need to expose all redirect response headers
+        https://bugs.webkit.org/show_bug.cgi?id=184114
+        <rdar://problem/39010557>
+
+        Reviewed by Ryosuke Niwa.
+
+        New test verifies that headers are filtered. Witout filtering, 9 headers would be visible to the injected bundle, while 6 headers reamin after filtering.
+
+        * http/wpt/loading/redirect-headers-expected.txt: Added.
+        * http/wpt/loading/redirect-headers.html: Added.
+        * platform/mac-wk1/TestExpectations: Skipped new test for WK1.
+
</ins><span class="cx"> 2018-04-03  Ryan Haddad  <ryanhaddad@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Mark http/tests/appcache/interrupted-update.html as flaky.
</span></span></pre></div>
<a id="trunkLayoutTestshttpwptloadingredirectheadersexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/wpt/loading/redirect-headers-expected.txt (0 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/wpt/loading/redirect-headers-expected.txt                         (rev 0)
+++ trunk/LayoutTests/http/wpt/loading/redirect-headers-expected.txt    2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+http://localhost:8800/WebKit/beacon/resources/redirect.py?status=302&location=/ - willSendRequest <NSURLRequest URL http://localhost:8800/WebKit/beacon/resources/redirect.py?status=302&location=/, main document URL http://localhost:8800/WebKit/loading/redirect-headers.html, http method GET> redirectResponse (null)
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+http://localhost:8800/WebKit/loading/redirect-headers.html - didFinishLoading
+http://localhost:8800/WebKit/beacon/resources/redirect.py?status=302&location=/ - willSendRequest <NSURLRequest URL http://localhost:8800/?status=302&location=%2F&count=1, main document URL http://localhost:8800/WebKit/loading/redirect-headers.html, http method GET> redirectResponse <NSURLResponse http://localhost:8800/WebKit/beacon/resources/redirect.py?status=302&location=/, http status code 302, 6 headers>
+http://localhost:8800/WebKit/beacon/resources/redirect.py?status=302&location=/ - didReceiveResponse <NSURLResponse http://localhost:8800/?status=302&location=%2F&count=1, http status code 200>
+http://localhost:8800/WebKit/beacon/resources/redirect.py?status=302&location=/ - didFinishLoading
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttpwptloadingredirectheadershtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/wpt/loading/redirect-headers.html (0 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/wpt/loading/redirect-headers.html                         (rev 0)
+++ trunk/LayoutTests/http/wpt/loading/redirect-headers.html    2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+<html>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpResourceLoadCallbacks();
+    testRunner.dumpAllHTTPRedirectedResponseHeaders();
+    testRunner.waitUntilDone();
+}
+
+async function doTest()
+{
+    await fetch("../beacon/resources/redirect.py?status=302&location=/");
+    testRunner.notifyDone();
+}
+</script>
+<body onload="doTest();">
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk1TestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-wk1/TestExpectations (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk1/TestExpectations      2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/LayoutTests/platform/mac-wk1/TestExpectations 2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -133,6 +133,9 @@
</span><span class="cx"> http/tests/media/media-stream
</span><span class="cx"> http/tests/ssl/media-stream
</span><span class="cx"> 
</span><ins>+# WK1 does not filter response headers.
+http/wpt/loading/redirect-headers.html [ Skip ]
+
</ins><span class="cx"> # No service worker implementation for WK1
</span><span class="cx"> imported/w3c/web-platform-tests/service-workers [ Skip ]
</span><span class="cx"> http/wpt/service-workers [ Skip ]
</span></span></pre></div>
<a id="trunkLayoutTestsplatformwinTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/win/TestExpectations (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/win/TestExpectations  2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/LayoutTests/platform/win/TestExpectations     2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -3722,6 +3722,8 @@
</span><span class="cx"> http/wpt/cache-storage [ Skip ]
</span><span class="cx"> http/tests/appcache/main-resource-redirect-with-sw.html [ Skip ]
</span><span class="cx"> 
</span><ins>+# No header filtering for WK1
+http/wpt/loading/redirect-headers.html [ Skip ]
</ins><span class="cx"> 
</span><span class="cx"> # Flaky tests on Windows:
</span><span class="cx"> webkit.org/b/176564 http/tests/misc/delete-frame-during-readystatechange.html [ Pass Crash ]
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog   2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebCore/ChangeLog      2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -1,3 +1,25 @@
</span><ins>+2018-04-03  Youenn Fablet  <youenn@apple.com>
+
+        NetworkResourceLoader does not need to expose all redirect response headers
+        https://bugs.webkit.org/show_bug.cgi?id=184114
+        <rdar://problem/39010557>
+
+        Reviewed by Ryosuke Niwa.
+
+        No JS observable change of behavior.
+        Behavior change is observable for injected bundles since they will no longer get access to the full response.
+        List of response headers correspond to the one currently being used/exposed for redirections.
+
+        Test: http/wpt/loading/redirect-headers.html
+
+        * page/RuntimeEnabledFeatures.h:
+        (WebCore::RuntimeEnabledFeatures::setRestrictedHTTPResponseAccess):
+        (WebCore::RuntimeEnabledFeatures::restrictedHTTPResponseAccess const):
+        * platform/network/ResourceResponseBase.cpp:
+        (WebCore::isSafeToKeepRedirectionHeader):
+        (WebCore::ResourceResponseBase::sanitizeRedirectionHTTPHeaderFields):
+        * platform/network/ResourceResponseBase.h:
+
</ins><span class="cx"> 2018-04-03  Andy Estes  <aestes@apple.com>
</span><span class="cx"> 
</span><span class="cx">         [Mac] Prioritize file promises over filenames during drag and drop
</span></span></pre></div>
<a id="trunkSourceWebCorepageRuntimeEnabledFeaturesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/RuntimeEnabledFeatures.h (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/RuntimeEnabledFeatures.h       2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebCore/page/RuntimeEnabledFeatures.h  2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -245,6 +245,9 @@
</span><span class="cx">     void setResourceLoadStatisticsDebugMode(bool isEnabled) { m_resourceLoadStatisticsDebugMode = isEnabled; }
</span><span class="cx">     bool resourceLoadStatisticsDebugMode() const { return m_resourceLoadStatisticsDebugMode; }
</span><span class="cx"> 
</span><ins>+    void setRestrictedHTTPResponseAccess(bool isEnabled) { m_isRestrictedHTTPResponseAccess = isEnabled; }
+    bool restrictedHTTPResponseAccess() const { return m_isRestrictedHTTPResponseAccess; }
+
</ins><span class="cx">     WEBCORE_EXPORT static RuntimeEnabledFeatures& sharedFeatures();
</span><span class="cx"> 
</span><span class="cx"> private:
</span><span class="lines">@@ -375,6 +378,8 @@
</span><span class="cx">     bool m_mediaCapabilitiesEnabled { false };
</span><span class="cx"> 
</span><span class="cx">     bool m_resourceLoadStatisticsDebugMode { false };
</span><ins>+
+    bool m_isRestrictedHTTPResponseAccess { false };
</ins><span class="cx">     
</span><span class="cx">     friend class WTF::NeverDestroyed<RuntimeEnabledFeatures>;
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkResourceResponseBasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp   2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp      2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -317,6 +317,42 @@
</span><span class="cx">     // FIXME: Should invalidate or update platform response if present.
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+static bool isSafeToKeepRedirectionHeader(HTTPHeaderName name)
+{
+    // WebCore needs to keep location and cache related headers as it does caching.
+    // We also keep CORS/ReferrerPolicy headers until CORS checks/Referrer computation are done in NetworkProcess.
+    return name == HTTPHeaderName::Location
+        || name == HTTPHeaderName::ReferrerPolicy
+        || name == HTTPHeaderName::CacheControl
+        || name == HTTPHeaderName::Date
+        || name == HTTPHeaderName::Expires
+        || name == HTTPHeaderName::ETag
+        || name == HTTPHeaderName::LastModified
+        || name == HTTPHeaderName::Age
+        || name == HTTPHeaderName::Pragma
+        || name == HTTPHeaderName::Refresh
+        || name == HTTPHeaderName::Vary
+        || name == HTTPHeaderName::AccessControlAllowCredentials
+        || name == HTTPHeaderName::AccessControlAllowHeaders
+        || name == HTTPHeaderName::AccessControlAllowMethods
+        || name == HTTPHeaderName::AccessControlAllowOrigin
+        || name == HTTPHeaderName::AccessControlExposeHeaders
+        || name == HTTPHeaderName::AccessControlMaxAge
+        || name == HTTPHeaderName::TimingAllowOrigin;
+}
+
+void ResourceResponseBase::sanitizeRedirectionHTTPHeaderFields()
+{
+    lazyInit(AllFields);
+
+    auto commonHeaders = WTFMove(m_httpHeaderFields.commonHeaders());
+    for (auto& header : commonHeaders) {
+        if (isSafeToKeepRedirectionHeader(header.key))
+            m_httpHeaderFields.add(header.key, WTFMove(header.value));
+    }
+    m_httpHeaderFields.uncommonHeaders().clear();
+}
+
</ins><span class="cx"> bool ResourceResponseBase::isHTTP09() const
</span><span class="cx"> {
</span><span class="cx">     lazyInit(AllFields);
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkResourceResponseBaseh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.h (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/ResourceResponseBase.h     2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.h        2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -102,6 +102,7 @@
</span><span class="cx"> 
</span><span class="cx">     WEBCORE_EXPORT const HTTPHeaderMap& httpHeaderFields() const;
</span><span class="cx">     void setHTTPHeaderFields(HTTPHeaderMap&&);
</span><ins>+    WEBCORE_EXPORT void sanitizeRedirectionHTTPHeaderFields();
</ins><span class="cx"> 
</span><span class="cx">     String httpHeaderField(const String& name) const;
</span><span class="cx">     WEBCORE_EXPORT String httpHeaderField(HTTPHeaderName) const;
</span></span></pre></div>
<a id="trunkSourceWebKitChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/ChangeLog (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/ChangeLog    2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebKit/ChangeLog       2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -1,5 +1,37 @@
</span><span class="cx"> 2018-04-03  Youenn Fablet  <youenn@apple.com>
</span><span class="cx"> 
</span><ins>+        NetworkResourceLoader does not need to expose all redirect response headers
+        https://bugs.webkit.org/show_bug.cgi?id=184114
+        <rdar://problem/39010557>
+
+        Reviewed by Ryosuke Niwa.
+
+        WebProcess instructs NetworkProcess whether to sanitize response headers based on a runtime flag.
+        We sanitize redirection response headers in case this is not related to a navigation load.
+        Navigation loads may currently require the full response for content blockers.
+
+        * NetworkProcess/NetworkResourceLoadParameters.cpp:
+        (WebKit::NetworkResourceLoadParameters::encode const):
+        (WebKit::NetworkResourceLoadParameters::decode):
+        * NetworkProcess/NetworkResourceLoadParameters.h:
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::willSendRedirectedRequest):
+        (WebKit::NetworkResourceLoader::sanitizeRedirectResponseIfPossible):
+        (WebKit::NetworkResourceLoader::dispatchWillSendRequestForCacheEntry):
+        * NetworkProcess/NetworkResourceLoader.h:
+        * Shared/WebPreferences.yaml:
+        * UIProcess/API/C/WKPreferences.cpp:
+        (WKPreferencesSetRestrictedHTTPResponseAccess):
+        (WKPreferencesGetRestrictedHTTPResponseAccess):
+        * UIProcess/API/C/WKPreferencesRef.h:
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
+        (WebKit::WebLoaderStrategy::loadResourceSynchronously):
+        (WebKit::WebLoaderStrategy::startPingLoad):
+        (WebKit::WebLoaderStrategy::preconnectTo):
+
+2018-04-03  Youenn Fablet  <youenn@apple.com>
+
</ins><span class="cx">         Make NetworkProcess get ContentBlocker information from UIProcess
</span><span class="cx">         https://bugs.webkit.org/show_bug.cgi?id=184205
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebKitNetworkProcessNetworkResourceLoadParameterscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp     2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp        2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -95,6 +95,8 @@
</span><span class="cx">     encoder << mainDocumentURL;
</span><span class="cx">     encoder << userContentControllerIdentifier;
</span><span class="cx"> #endif
</span><ins>+
+    encoder << shouldRestrictHTTPResponseAccess;
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> bool NetworkResourceLoadParameters::decode(IPC::Decoder& decoder, NetworkResourceLoadParameters& result)
</span><span class="lines">@@ -191,6 +193,12 @@
</span><span class="cx">     result.userContentControllerIdentifier = *userContentControllerIdentifier;
</span><span class="cx"> #endif
</span><span class="cx"> 
</span><ins>+    std::optional<bool> shouldRestrictHTTPResponseAccess;
+    decoder >> shouldRestrictHTTPResponseAccess;
+    if (!shouldRestrictHTTPResponseAccess)
+        return false;
+    result.shouldRestrictHTTPResponseAccess = *shouldRestrictHTTPResponseAccess;
+
</ins><span class="cx">     return true;
</span><span class="cx"> }
</span><span class="cx">     
</span></span></pre></div>
<a id="trunkSourceWebKitNetworkProcessNetworkResourceLoadParametersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h       2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h  2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -58,6 +58,7 @@
</span><span class="cx">     RefPtr<WebCore::SecurityOrigin> sourceOrigin;
</span><span class="cx">     WebCore::FetchOptions::Mode mode;
</span><span class="cx">     std::optional<WebCore::ContentSecurityPolicyResponseHeaders> cspResponseHeaders;
</span><ins>+    bool shouldRestrictHTTPResponseAccess { false };
</ins><span class="cx"> 
</span><span class="cx"> #if ENABLE(CONTENT_EXTENSIONS)
</span><span class="cx">     WebCore::URL mainDocumentURL;
</span></span></pre></div>
<a id="trunkSourceWebKitNetworkProcessNetworkResourceLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp     2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp        2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -456,12 +456,19 @@
</span><span class="cx">         continueWillSendRequest(WTFMove(overridenRequest), false);
</span><span class="cx">         return;
</span><span class="cx">     }
</span><del>-    send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, redirectResponse));
-
</del><span class="cx">     if (canUseCachedRedirect(request))
</span><span class="cx">         m_cache->storeRedirect(request, redirectResponse, redirectRequest);
</span><ins>+
+    send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, sanitizeRedirectResponseIfPossible(WTFMove(redirectResponse))));
</ins><span class="cx"> }
</span><span class="cx"> 
</span><ins>+ResourceResponse NetworkResourceLoader::sanitizeRedirectResponseIfPossible(ResourceResponse&& response)
+{
+    if (m_parameters.shouldRestrictHTTPResponseAccess)
+        response.sanitizeRedirectionHTTPHeaderFields();
+    return WTFMove(response);
+}
+
</ins><span class="cx"> void NetworkResourceLoader::continueWillSendRequest(ResourceRequest&& newRequest, bool isAllowedToAskUserForCredentials)
</span><span class="cx"> {
</span><span class="cx">     RELEASE_LOG_IF_ALLOWED("continueWillSendRequest: (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ")", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier);
</span><span class="lines">@@ -665,7 +672,7 @@
</span><span class="cx">     LOG(NetworkCache, "(NetworkProcess) Executing cached redirect");
</span><span class="cx"> 
</span><span class="cx">     ++m_redirectCount;
</span><del>-    send(Messages::WebResourceLoader::WillSendRequest(*entry->redirectRequest(), entry->response()));
</del><ins>+    send(Messages::WebResourceLoader::WillSendRequest { *entry->redirectRequest(), sanitizeRedirectResponseIfPossible(ResourceResponse { entry->response() }) });
</ins><span class="cx">     m_isWaitingContinueWillSendRequestForCachedRedirect = true;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebKitNetworkProcessNetworkResourceLoaderh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h       2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h  2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -146,6 +146,8 @@
</span><span class="cx">     void logCookieInformation() const;
</span><span class="cx"> #endif
</span><span class="cx"> 
</span><ins>+    WebCore::ResourceResponse sanitizeRedirectResponseIfPossible(WebCore::ResourceResponse&&);
+
</ins><span class="cx">     const NetworkResourceLoadParameters m_parameters;
</span><span class="cx"> 
</span><span class="cx">     Ref<NetworkConnectionToWebProcess> m_connection;
</span></span></pre></div>
<a id="trunkSourceWebKitSharedWebPreferencesyaml"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/Shared/WebPreferences.yaml (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/Shared/WebPreferences.yaml   2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebKit/Shared/WebPreferences.yaml      2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -1213,3 +1213,10 @@
</span><span class="cx">   category: experimental
</span><span class="cx">   webcoreBinding: RuntimeEnabledFeatures
</span><span class="cx"> 
</span><ins>+RestrictedHTTPResponseAccess:
+    type: bool
+    defaultValue: true
+    humanReadableName: "Restricted HTTP Response Access to Web Process"
+    humanReadableDescription: "Restricted HTTP Response Access to Web Process"
+    category: experimental
+    webcoreBinding: RuntimeEnabledFeatures
</ins></span></pre></div>
<a id="trunkSourceWebKitUIProcessAPICWKPreferencescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/API/C/WKPreferences.cpp (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/API/C/WKPreferences.cpp    2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebKit/UIProcess/API/C/WKPreferences.cpp       2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -1953,3 +1953,13 @@
</span><span class="cx"> {
</span><span class="cx">     return toImpl(preferencesRef)->allowCrossOriginSubresourcesToAskForCredentials();
</span><span class="cx"> }
</span><ins>+
+void WKPreferencesSetRestrictedHTTPResponseAccess(WKPreferencesRef preferencesRef, bool flag)
+{
+    toImpl(preferencesRef)->setRestrictedHTTPResponseAccess(flag);
+}
+
+bool WKPreferencesGetRestrictedHTTPResponseAccess(WKPreferencesRef preferencesRef)
+{
+    return toImpl(preferencesRef)->restrictedHTTPResponseAccess();
+}
</ins></span></pre></div>
<a id="trunkSourceWebKitUIProcessAPICWKPreferencesRefh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/API/C/WKPreferencesRef.h (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/API/C/WKPreferencesRef.h   2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebKit/UIProcess/API/C/WKPreferencesRef.h      2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -307,6 +307,10 @@
</span><span class="cx"> WK_EXPORT bool WKPreferencesGetMediaCapabilitiesEnabled(WKPreferencesRef preferencesRef);
</span><span class="cx"> WK_EXPORT void WKPreferencesSetMediaCapabilitiesEnabled(WKPreferencesRef preferencesRef, bool enabled);
</span><span class="cx"> 
</span><ins>+// Defaults to false.
+WK_EXPORT bool WKPreferencesGetRestrictedHTTPResponseAccess(WKPreferencesRef preferencesRef);
+WK_EXPORT void WKPreferencesSetRestrictedHTTPResponseAccess(WKPreferencesRef preferencesRef, bool allow);
+
</ins><span class="cx"> #ifdef __cplusplus
</span><span class="cx"> }
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="trunkSourceWebKitWebProcessNetworkWebLoaderStrategycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp     2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp        2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -59,6 +59,7 @@
</span><span class="cx"> #include <WebCore/PlatformStrategies.h>
</span><span class="cx"> #include <WebCore/ReferrerPolicy.h>
</span><span class="cx"> #include <WebCore/ResourceLoader.h>
</span><ins>+#include <WebCore/RuntimeEnabledFeatures.h>
</ins><span class="cx"> #include <WebCore/SecurityOrigin.h>
</span><span class="cx"> #include <WebCore/Settings.h>
</span><span class="cx"> #include <WebCore/SubresourceLoader.h>
</span><span class="lines">@@ -273,6 +274,9 @@
</span><span class="cx">     loadParameters.maximumBufferingTime = maximumBufferingTime;
</span><span class="cx">     loadParameters.derivedCachedDataTypesToRetrieve = resourceLoader.options().derivedCachedDataTypesToRetrieve;
</span><span class="cx"> 
</span><ins>+    // FIXME: We should also sanitize redirect response for navigations.
+    loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() && resourceLoader.options().mode != FetchOptions::Mode::Navigate;
+
</ins><span class="cx">     ASSERT((loadParameters.webPageID && loadParameters.webFrameID) || loadParameters.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials);
</span><span class="cx"> 
</span><span class="cx">     RELEASE_LOG_IF_ALLOWED(resourceLoader, "scheduleLoad: Resource is being scheduled with the NetworkProcess (frame = %p, priority = %d, pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ")", resourceLoader.frame(), static_cast<int>(resourceLoader.request().priority()), loadParameters.webPageID, loadParameters.webFrameID, loadParameters.identifier);
</span><span class="lines">@@ -427,6 +431,7 @@
</span><span class="cx">     loadParameters.storedCredentialsPolicy = storedCredentialsPolicy;
</span><span class="cx">     loadParameters.clientCredentialPolicy = clientCredentialPolicy;
</span><span class="cx">     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(webFrame ? webFrame->coreFrame() : nullptr);
</span><ins>+    loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
</ins><span class="cx"> 
</span><span class="cx">     data.shrink(0);
</span><span class="cx"> 
</span><span class="lines">@@ -465,6 +470,7 @@
</span><span class="cx">     loadParameters.mode = options.mode;
</span><span class="cx">     loadParameters.shouldFollowRedirects = options.redirect == FetchOptions::Redirect::Follow;
</span><span class="cx">     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(&frame);
</span><ins>+    loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
</ins><span class="cx">     if (!document->shouldBypassMainWorldContentSecurityPolicy()) {
</span><span class="cx">         if (auto * contentSecurityPolicy = document->contentSecurityPolicy())
</span><span class="cx">             loadParameters.cspResponseHeaders = contentSecurityPolicy->responseHeaders();
</span><span class="lines">@@ -521,6 +527,7 @@
</span><span class="cx">     parameters.sessionID = webPage ? webPage->sessionID() : PAL::SessionID::defaultSessionID();
</span><span class="cx">     parameters.storedCredentialsPolicy = storedCredentialsPolicy;
</span><span class="cx">     parameters.shouldPreconnectOnly = PreconnectOnly::Yes;
</span><ins>+    parameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
</ins><span class="cx"> 
</span><span class="cx">     WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::PreconnectTo(preconnectionIdentifier, WTFMove(parameters)), 0);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog    2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Tools/ChangeLog       2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -1,3 +1,28 @@
</span><ins>+2018-04-03  Youenn Fablet  <youenn@apple.com>
+
+        NetworkResourceLoader does not need to expose all redirect response headers
+        https://bugs.webkit.org/show_bug.cgi?id=184114
+        <rdar://problem/39010557>
+
+        Reviewed by Ryosuke Niwa.
+
+        Add an option to dump the number of headers in a response.
+        This allows validating that filtering does happen or not.
+
+        * WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
+        * WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:
+        (WTR::dumpResponseDescriptionSuitableForTestResult):
+        (WTR::InjectedBundlePage::responseHeaderCount):
+        (WTR::InjectedBundlePage::willSendRequestForFrame):
+        * WebKitTestRunner/InjectedBundle/InjectedBundlePage.h:
+        * WebKitTestRunner/InjectedBundle/TestRunner.h:
+        (WTR::TestRunner::dumpAllHTTPRedirectedResponseHeaders):
+        (WTR::TestRunner::shouldDumpAllHTTPRedirectedResponseHeaders const):
+        * WebKitTestRunner/InjectedBundle/cocoa/InjectedBundlePageCocoa.mm:
+        (WTR::InjectedBundlePage::responseHeaderCount):
+        * WebKitTestRunner/TestController.cpp:
+        (WTR::TestController::resetPreferencesToConsistentValues):
+
</ins><span class="cx"> 2018-04-03  Andy Estes  <aestes@apple.com>
</span><span class="cx"> 
</span><span class="cx">         [Mac] Prioritize file promises over filenames during drag and drop
</span></span></pre></div>
<a id="trunkToolsWebKitTestRunnerInjectedBundleBindingsTestRunneridl"></a>
<div class="modfile"><h4>Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl      2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl 2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -116,6 +116,8 @@
</span><span class="cx">     // Printing
</span><span class="cx">     boolean isPageBoxVisible(long pageIndex);
</span><span class="cx"> 
</span><ins>+    void dumpAllHTTPRedirectedResponseHeaders();
+
</ins><span class="cx">     [PassContext] void setValueForUser(object element, DOMString value);
</span><span class="cx"> 
</span><span class="cx">     // UserContent testing.
</span></span></pre></div>
<a id="trunkToolsWebKitTestRunnerInjectedBundleInjectedBundlePagecpp"></a>
<div class="modfile"><h4>Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp       2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp  2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -499,7 +499,7 @@
</span><span class="cx">     stringBuilder.append('>');
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-static inline void dumpResponseDescriptionSuitableForTestResult(WKURLResponseRef response, StringBuilder& stringBuilder)
</del><ins>+static inline void dumpResponseDescriptionSuitableForTestResult(WKURLResponseRef response, StringBuilder& stringBuilder, bool shouldDumpResponseHeaders = false)
</ins><span class="cx"> {
</span><span class="cx">     WKRetainPtr<WKURLRef> url = adoptWK(WKURLResponseCopyURL(response));
</span><span class="cx">     if (!url) {
</span><span class="lines">@@ -510,9 +510,23 @@
</span><span class="cx">     stringBuilder.append(pathSuitableForTestResult(url.get()));
</span><span class="cx">     stringBuilder.appendLiteral(", http status code ");
</span><span class="cx">     stringBuilder.appendNumber(WKURLResponseHTTPStatusCode(response));
</span><ins>+
+    if (shouldDumpResponseHeaders) {
+        stringBuilder.appendLiteral(", ");
+        stringBuilder.appendNumber(InjectedBundlePage::responseHeaderCount(response));
+        stringBuilder.appendLiteral(" headers");
+    }
</ins><span class="cx">     stringBuilder.append('>');
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+#if !PLATFORM(COCOA)
+// FIXME: Implement this for non cocoa ports.
+uint64_t InjectedBundlePage::responseHeaderCount(WKURLResponseRef response)
+{
+    return 0;
+}
+#endif
+
</ins><span class="cx"> static inline void dumpErrorDescriptionSuitableForTestResult(WKErrorRef error, StringBuilder& stringBuilder)
</span><span class="cx"> {
</span><span class="cx">     WKRetainPtr<WKStringRef> errorDomain = adoptWK(WKErrorCopyDomain(error));
</span><span class="lines">@@ -1133,7 +1147,7 @@
</span><span class="cx">         stringBuilder.appendLiteral(" - willSendRequest ");
</span><span class="cx">         dumpRequestDescriptionSuitableForTestResult(request, stringBuilder);
</span><span class="cx">         stringBuilder.appendLiteral(" redirectResponse ");
</span><del>-        dumpResponseDescriptionSuitableForTestResult(response, stringBuilder);
</del><ins>+        dumpResponseDescriptionSuitableForTestResult(response, stringBuilder, injectedBundle.testRunner()->shouldDumpAllHTTPRedirectedResponseHeaders());
</ins><span class="cx">         stringBuilder.append('\n');
</span><span class="cx">         injectedBundle.outputText(stringBuilder.toString());
</span><span class="cx">     }
</span></span></pre></div>
<a id="trunkToolsWebKitTestRunnerInjectedBundleInjectedBundlePageh"></a>
<div class="modfile"><h4>Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.h (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.h 2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.h    2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -49,6 +49,8 @@
</span><span class="cx"> 
</span><span class="cx">     void dumpBackForwardList(WTF::StringBuilder&);
</span><span class="cx"> 
</span><ins>+    static uint64_t responseHeaderCount(WKURLResponseRef);
+
</ins><span class="cx"> private:
</span><span class="cx">     // Loader Client
</span><span class="cx">     static void didStartProvisionalLoadForFrame(WKBundlePageRef, WKBundleFrameRef, WKTypeRef*, const void*);
</span></span></pre></div>
<a id="trunkToolsWebKitTestRunnerInjectedBundleTestRunnerh"></a>
<div class="modfile"><h4>Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h 2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h    2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -431,6 +431,9 @@
</span><span class="cx"> 
</span><span class="cx">     void installFakeHelvetica(JSStringRef configuration);
</span><span class="cx"> 
</span><ins>+    void dumpAllHTTPRedirectedResponseHeaders() { m_dumpAllHTTPRedirectedResponseHeaders = true; }
+    bool shouldDumpAllHTTPRedirectedResponseHeaders() const { return m_dumpAllHTTPRedirectedResponseHeaders; }
+
</ins><span class="cx"> private:
</span><span class="cx">     TestRunner();
</span><span class="cx"> 
</span><span class="lines">@@ -495,6 +498,8 @@
</span><span class="cx">     size_t m_userMediaPermissionRequestCount { 0 };
</span><span class="cx"> 
</span><span class="cx">     PlatformTimerRef m_waitToDumpWatchdogTimer;
</span><ins>+
+    bool m_dumpAllHTTPRedirectedResponseHeaders { false };
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> } // namespace WTR
</span></span></pre></div>
<a id="trunkToolsWebKitTestRunnerInjectedBundlecocoaInjectedBundlePageCocoamm"></a>
<div class="modfile"><h4>Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/cocoa/InjectedBundlePageCocoa.mm (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/WebKitTestRunner/InjectedBundle/cocoa/InjectedBundlePageCocoa.mm     2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/cocoa/InjectedBundlePageCocoa.mm        2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -53,4 +53,14 @@
</span><span class="cx">     return [nsURLResponse.get() MIMEType];
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+uint64_t InjectedBundlePage::responseHeaderCount(WKURLResponseRef response)
+{
+    RetainPtr<NSURLResponse> nsURLResponse = adoptNS(WKURLResponseCopyNSURLResponse(response));
+    if (![nsURLResponse isKindOfClass:[NSHTTPURLResponse class]])
+        return { };
+
+    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *)nsURLResponse.get();
+    return [[httpResponse allHeaderFields] count];
+}
+
</ins><span class="cx"> } // namespace WTR
</span></span></pre></div>
<a id="trunkToolsWebKitTestRunnerTestControllercpp"></a>
<div class="modfile"><h4>Modified: trunk/Tools/WebKitTestRunner/TestController.cpp (230223 => 230224)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/WebKitTestRunner/TestController.cpp  2018-04-03 21:33:54 UTC (rev 230223)
+++ trunk/Tools/WebKitTestRunner/TestController.cpp     2018-04-03 22:20:21 UTC (rev 230224)
</span><span class="lines">@@ -751,6 +751,8 @@
</span><span class="cx">     WKPreferencesSetAccessibilityObjectModelEnabled(preferences, true);
</span><span class="cx">     WKPreferencesSetMediaCapabilitiesEnabled(preferences, true);
</span><span class="cx"> 
</span><ins>+    WKPreferencesSetRestrictedHTTPResponseAccess(preferences, true);
+
</ins><span class="cx">     platformResetPreferencesToConsistentValues();
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>