Attachment 339695 Details for Bug 185367 – Patch

[patch] Patch

bug-185367-20180506163539.patch (text/plain), 20.62 KB, created by Daniel Bates on 2018-05-06 16:35:40 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Daniel Bates

Created: 2018-05-06 16:35:40 PDT

Size: 20.62 KB

patch

obsolete

>Subversion Revision: 231394
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index 40a821d6d7214302469f2c466666303b268af894..f11294077b085d89e0085195fd6996ce43ee6abc 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,36 @@
>+2018-05-06  Daniel Bates  <dabates@apple.com>
>+
>+        CSP should be passed the referrer
>+        https://bugs.webkit.org/show_bug.cgi?id=185367
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        As a step towards formalizing a CSP delegate object and removing the dependencies
>+        on ScriptExecutionContext and Frame, we should pass the document's referrer directly
>+        instead of indirectly obtaining it from the ScriptExecutionContext or Frame used
>+        to instantiate the ContentSecurityPolicy object.
>+
>+        * dom/Document.cpp:
>+        (WebCore::Document::processHttpEquiv): Pass the document's referrer.
>+        (WebCore::Document::initSecurityContext): Ditto.
>+        (WebCore::Document::applyQuickLookSandbox): Ditto.
>+        * loader/DocumentLoader.cpp:
>+        (WebCore::DocumentLoader::responseReceived): Ditto.
>+        * loader/FrameLoader.cpp:
>+        (WebCore::FrameLoader::didBeginDocument): Ditto.
>+        * page/csp/ContentSecurityPolicy.cpp:
>+        (WebCore::ContentSecurityPolicy::copyStateFrom): We pass a null string for the referrer
>+        to didReceiveHeader() as a placeholder since it requires the referrer be given to it. We
>+        fix up the referrer (m_referrer) after copying all the policy headers.
>+        (WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
>+        (WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take a referrer and WTFMove()s
>+        it into an instance variable (m_referrer).
>+        (WebCore::ContentSecurityPolicy::reportViolation const): Modified to use the stored referrer.
>+        * page/csp/ContentSecurityPolicy.h:
>+        * workers/WorkerGlobalScope.cpp:
>+        (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Pass a null string
>+        for the referrer as a worker does not have a referrer.
>+
> 2018-05-06  Daniel Bates  <dabates@apple.com>
> 
>         CSP should only notify Inspector to pause the debugger on the first policy to violate a directive
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index 6bc61b61b4fa0246738dc1fa2eae9f8e23d6f533..447c74f273b110e4f0bb6890e724312f46634523 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,22 @@
>+2018-05-06  Daniel Bates  <dabates@apple.com>
>+
>+        CSP should be passed the referrer
>+        https://bugs.webkit.org/show_bug.cgi?id=185367
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Pass the referrer through NetworkLoadChecker so that it can pass it to the ContentSecurityPolicy
>+        object it instantiates.
>+
>+        * NetworkProcess/NetworkLoadChecker.cpp:
>+        (WebKit::NetworkLoadChecker::NetworkLoadChecker):
>+        (WebKit::NetworkLoadChecker::contentSecurityPolicy const):
>+        * NetworkProcess/NetworkLoadChecker.h:
>+        (WebKit::NetworkLoadChecker::create):
>+        * NetworkProcess/NetworkResourceLoader.cpp:
>+        * NetworkProcess/PingLoad.cpp:
>+        (WebKit::PingLoad::PingLoad):
>+
> 2018-05-04  Tim Horton  <timothy_horton@apple.com>
> 
>         Shift to a lower-level framework for simplifying URLs
>diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
>index 7dc8907cf0c78e73dc2a17a6e01e1528afb739a1..9c61a95ddfa16c68c289f1a7e86f989488fa0935 100644
>--- a/Source/WebCore/dom/Document.cpp
>+++ b/Source/WebCore/dom/Document.cpp
>@@ -3384,12 +3384,12 @@ void Document::processHttpEquiv(const String& equiv, const String& content, bool
> 
>     case HTTPHeaderName::ContentSecurityPolicy:
>         if (isInDocumentHead)
>-            contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderType::Enforce, ContentSecurityPolicy::PolicyFrom::HTTPEquivMeta);
>+            contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderType::Enforce, ContentSecurityPolicy::PolicyFrom::HTTPEquivMeta, referrer());
>         break;
> 
>     case HTTPHeaderName::XWebKitCSP:
>         if (isInDocumentHead)
>-            contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderType::PrefixedEnforce, ContentSecurityPolicy::PolicyFrom::HTTPEquivMeta);
>+            contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderType::PrefixedEnforce, ContentSecurityPolicy::PolicyFrom::HTTPEquivMeta, referrer());
>         break;
> 
>     default:
>@@ -5522,7 +5522,7 @@ void Document::initSecurityContext()
> 
>     String overrideContentSecurityPolicy = m_frame->loader().client().overrideContentSecurityPolicy();
>     if (!overrideContentSecurityPolicy.isNull())
>-        contentSecurityPolicy()->didReceiveHeader(overrideContentSecurityPolicy, ContentSecurityPolicyHeaderType::Enforce, ContentSecurityPolicy::PolicyFrom::API);
>+        contentSecurityPolicy()->didReceiveHeader(overrideContentSecurityPolicy, ContentSecurityPolicyHeaderType::Enforce, ContentSecurityPolicy::PolicyFrom::API, referrer());
> 
> #if USE(QUICK_LOOK)
>     if (shouldEnforceQuickLookSandbox())
>@@ -7277,7 +7277,7 @@ void Document::applyQuickLookSandbox()
>     static NeverDestroyed<String> quickLookCSP = makeString("default-src ", QLPreviewProtocol(), ": 'unsafe-inline'; base-uri 'none'; sandbox allow-same-origin allow-scripts");
>     RELEASE_ASSERT(contentSecurityPolicy());
>     // The sandbox directive is only allowed if the policy is from an HTTP header.
>-    contentSecurityPolicy()->didReceiveHeader(quickLookCSP, ContentSecurityPolicyHeaderType::Enforce, ContentSecurityPolicy::PolicyFrom::HTTPHeader);
>+    contentSecurityPolicy()->didReceiveHeader(quickLookCSP, ContentSecurityPolicyHeaderType::Enforce, ContentSecurityPolicy::PolicyFrom::HTTPHeader, referrer());
> 
>     disableSandboxFlags(SandboxNavigation);
> 
>diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp
>index 4cc1b18449716049b412f3ac623ad110c91fa01f..8f5eec24af7db4e50af0d60e18ff71286085b0f2 100644
>--- a/Source/WebCore/loader/DocumentLoader.cpp
>+++ b/Source/WebCore/loader/DocumentLoader.cpp
>@@ -768,7 +768,7 @@ void DocumentLoader::responseReceived(const ResourceResponse& response, Completi
>     auto url = response.url();
> 
>     ContentSecurityPolicy contentSecurityPolicy(SecurityOrigin::create(url), m_frame);
>-    contentSecurityPolicy.didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response));
>+    contentSecurityPolicy.didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response), m_frame->loader().referrer());
>     if (!contentSecurityPolicy.allowFrameAncestors(*m_frame, url)) {
>         stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(identifier, response);
>         return;
>diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp
>index 606a0f19a86650b00c23c1cf2b9fda8d86730e13..8ef68f2237aee41a72e2a7890928bb467374b9d3 100644
>--- a/Source/WebCore/loader/FrameLoader.cpp
>+++ b/Source/WebCore/loader/FrameLoader.cpp
>@@ -732,7 +732,7 @@ void FrameLoader::didBeginDocument(bool dispatch)
>         if (!dnsPrefetchControl.isEmpty())
>             m_frame.document()->parseDNSPrefetchControlHeader(dnsPrefetchControl);
> 
>-        m_frame.document()->contentSecurityPolicy()->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(m_documentLoader->response()), ContentSecurityPolicy::ReportParsingErrors::No);
>+        m_frame.document()->contentSecurityPolicy()->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(m_documentLoader->response()), referrer(), ContentSecurityPolicy::ReportParsingErrors::No);
> 
>         String headerContentLanguage = m_documentLoader->response().httpHeaderField(HTTPHeaderName::ContentLanguage);
>         if (!headerContentLanguage.isEmpty()) {
>diff --git a/Source/WebCore/page/csp/ContentSecurityPolicy.cpp b/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
>index b579e96d22446ff83c2d48ef37b9d45f6cbc89f7..b03c2eb2237f63ab669a01fe45d92773692c6924 100644
>--- a/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
>+++ b/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
>@@ -111,7 +111,8 @@ void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other)
>         return;
>     ASSERT(m_policies.isEmpty());
>     for (auto& policy : other->m_policies)
>-        didReceiveHeader(policy->header(), policy->headerType(), ContentSecurityPolicy::PolicyFrom::Inherited);
>+        didReceiveHeader(policy->header(), policy->headerType(), ContentSecurityPolicy::PolicyFrom::Inherited, String { });
>+    m_referrer = other->m_referrer;
> }
> 
> void ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom(const ContentSecurityPolicy& other)
>@@ -171,18 +172,21 @@ ContentSecurityPolicyResponseHeaders ContentSecurityPolicy::responseHeaders() co
>     return *m_cachedResponseHeaders;
> }
> 
>-void ContentSecurityPolicy::didReceiveHeaders(const ContentSecurityPolicyResponseHeaders& headers, ReportParsingErrors reportParsingErrors)
>+void ContentSecurityPolicy::didReceiveHeaders(const ContentSecurityPolicyResponseHeaders& headers, String&& referrer, ReportParsingErrors reportParsingErrors)
> {
>     SetForScope<bool> isReportingEnabled(m_isReportingEnabled, reportParsingErrors == ReportParsingErrors::Yes);
>     for (auto& header : headers.m_headers)
>-        didReceiveHeader(header.first, header.second, ContentSecurityPolicy::PolicyFrom::HTTPHeader);
>+        didReceiveHeader(header.first, header.second, ContentSecurityPolicy::PolicyFrom::HTTPHeader, String { });
>+    m_referrer = WTFMove(referrer);
> }
> 
>-void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicy::PolicyFrom policyFrom)
>+void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicy::PolicyFrom policyFrom, String&& referrer)
> {
>     if (m_hasAPIPolicy)
>         return;
> 
>+    m_referrer = WTFMove(referrer);
>+
>     if (policyFrom == PolicyFrom::API) {
>         ASSERT(m_policies.isEmpty());
>         m_hasAPIPolicy = true;
>@@ -664,7 +668,6 @@ void ContentSecurityPolicy::reportViolation(const String& effectiveViolatedDirec
>     }
>     String violatedDirectiveText = violatedDirective;
>     String originalPolicy = violatedDirectiveList.header();
>-    String referrer = document.referrer();
>     ASSERT(document.loader());
>     // FIXME: Is it policy to not use the status code for HTTPS, or is that a bug?
>     unsigned short statusCode = document.url().protocolIs("http") && document.loader() ? document.loader()->response().httpStatusCode() : 0;
>@@ -683,7 +686,7 @@ void ContentSecurityPolicy::reportViolation(const String& effectiveViolatedDirec
>     // 1. Dispatch violation event.
>     bool canBubble = false;
>     bool cancelable = false;
>-    document.enqueueDocumentEvent(SecurityPolicyViolationEvent::create(eventNames().securitypolicyviolationEvent, canBubble, cancelable, documentURI, referrer, blockedURI, violatedDirectiveText, effectiveViolatedDirective, originalPolicy, sourceFile, statusCode, lineNumber, columnNumber));
>+    document.enqueueDocumentEvent(SecurityPolicyViolationEvent::create(eventNames().securitypolicyviolationEvent, canBubble, cancelable, documentURI, m_referrer, blockedURI, violatedDirectiveText, effectiveViolatedDirective, originalPolicy, sourceFile, statusCode, lineNumber, columnNumber));
> 
>     // 2. Send violation report (if applicable).
>     auto& reportURIs = violatedDirectiveList.reportURIs();
>@@ -702,7 +705,7 @@ void ContentSecurityPolicy::reportViolation(const String& effectiveViolatedDirec
> 
>     auto cspReport = JSON::Object::create();
>     cspReport->setString(ASCIILiteral("document-uri"), documentURI);
>-    cspReport->setString(ASCIILiteral("referrer"), referrer);
>+    cspReport->setString(ASCIILiteral("referrer"), m_referrer);
>     cspReport->setString(ASCIILiteral("violated-directive"), violatedDirectiveText);
>     cspReport->setString(ASCIILiteral("effective-directive"), effectiveViolatedDirective);
>     cspReport->setString(ASCIILiteral("original-policy"), originalPolicy);
>diff --git a/Source/WebCore/page/csp/ContentSecurityPolicy.h b/Source/WebCore/page/csp/ContentSecurityPolicy.h
>index 293d756b17ab6f06169c4f32d0780325b47e84cf..dcf484fc2ffecac6ed7bd06a12311c868bfca0fb 100644
>--- a/Source/WebCore/page/csp/ContentSecurityPolicy.h
>+++ b/Source/WebCore/page/csp/ContentSecurityPolicy.h
>@@ -81,8 +81,8 @@ public:
>     };
>     WEBCORE_EXPORT ContentSecurityPolicyResponseHeaders responseHeaders() const;
>     enum ReportParsingErrors { No, Yes };
>-    WEBCORE_EXPORT void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&, ReportParsingErrors = ReportParsingErrors::Yes);
>-    void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicy::PolicyFrom);
>+    WEBCORE_EXPORT void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&, String&& referrer, ReportParsingErrors = ReportParsingErrors::Yes);
>+    void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicy::PolicyFrom, String&& referrer);
> 
>     bool allowScriptWithNonce(const String& nonce, bool overrideContentSecurityPolicy = false) const;
>     bool allowStyleWithNonce(const String& nonce, bool overrideContentSecurityPolicy = false) const;
>@@ -211,6 +211,7 @@ private:
>     CSPDirectiveListVector m_policies;
>     String m_lastPolicyEvalDisabledErrorMessage;
>     String m_lastPolicyWebAssemblyDisabledErrorMessage;
>+    String m_referrer;
>     SandboxFlags m_sandboxFlags;
>     bool m_overrideInlineStyleAllowed { false };
>     bool m_isReportingEnabled { true };
>diff --git a/Source/WebCore/workers/WorkerGlobalScope.cpp b/Source/WebCore/workers/WorkerGlobalScope.cpp
>index ce125b7befc2f3d35c4648f448c38e40b242f757..eb2a7b6e21df2d89d2455160b118e6905d629397 100644
>--- a/Source/WebCore/workers/WorkerGlobalScope.cpp
>+++ b/Source/WebCore/workers/WorkerGlobalScope.cpp
>@@ -118,7 +118,7 @@ bool WorkerGlobalScope::isSecureContext() const
> 
> void WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders(const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders)
> {
>-    contentSecurityPolicy()->didReceiveHeaders(contentSecurityPolicyResponseHeaders);
>+    contentSecurityPolicy()->didReceiveHeaders(contentSecurityPolicyResponseHeaders, String { });
> }
> 
> URL WorkerGlobalScope::completeURL(const String& url) const
>diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
>index e93eb7b4af98488d0573bf1f88a4db367c4cd778..0190cd2826db574327e362f1e54358a02f482a79 100644
>--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
>+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
>@@ -48,13 +48,14 @@ static inline bool isSameOrigin(const URL& url, const SecurityOrigin* origin)
>     return url.protocolIsData() || url.protocolIsBlob() || !origin || origin->canRequest(url);
> }
> 
>-NetworkLoadChecker::NetworkLoadChecker(FetchOptions&& options, PAL::SessionID sessionID, HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin, PreflightPolicy preflightPolicy)
>+NetworkLoadChecker::NetworkLoadChecker(FetchOptions&& options, PAL::SessionID sessionID, HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin, PreflightPolicy preflightPolicy, String&& referrer)
>     : m_options(WTFMove(options))
>     , m_sessionID(sessionID)
>     , m_originalRequestHeaders(WTFMove(originalRequestHeaders))
>     , m_url(WTFMove(url))
>     , m_origin(WTFMove(sourceOrigin))
>     , m_preflightPolicy(preflightPolicy)
>+    , m_referrer(WTFMove(referrer))
> {
>     m_isSameOriginRequest = isSameOrigin(m_url, m_origin.get());
>     switch (options.credentials) {
>@@ -314,7 +315,7 @@ ContentSecurityPolicy* NetworkLoadChecker::contentSecurityPolicy() const
> {
>     if (!m_contentSecurityPolicy && m_cspResponseHeaders) {
>         m_contentSecurityPolicy = std::make_unique<ContentSecurityPolicy>(*m_origin);
>-        m_contentSecurityPolicy->didReceiveHeaders(*m_cspResponseHeaders, ContentSecurityPolicy::ReportParsingErrors::No);
>+        m_contentSecurityPolicy->didReceiveHeaders(*m_cspResponseHeaders, String { m_referrer }, ContentSecurityPolicy::ReportParsingErrors::No);
>     }
>     return m_contentSecurityPolicy.get();
> }
>diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.h b/Source/WebKit/NetworkProcess/NetworkLoadChecker.h
>index 654a38f2a9bfb40f454f69180ba92b5f46f443c7..910cf98c2d5887797b0e132c2b89ac52317b91bb 100644
>--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.h
>+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.h
>@@ -42,9 +42,9 @@ class NetworkCORSPreflightChecker;
> 
> class NetworkLoadChecker : public RefCounted<NetworkLoadChecker> {
> public:
>-    static Ref<NetworkLoadChecker> create(WebCore::FetchOptions&& options, PAL::SessionID sessionID, WebCore::HTTPHeaderMap&& originalHeaders, WebCore::URL&& url, RefPtr<WebCore::SecurityOrigin>&& sourceOrigin, WebCore::PreflightPolicy preflightPolicy)
>+    static Ref<NetworkLoadChecker> create(WebCore::FetchOptions&& options, PAL::SessionID sessionID, WebCore::HTTPHeaderMap&& originalHeaders, WebCore::URL&& url, RefPtr<WebCore::SecurityOrigin>&& sourceOrigin, WebCore::PreflightPolicy preflightPolicy, String&& referrer)
>     {
>-        return adoptRef(*new NetworkLoadChecker { WTFMove(options), sessionID, WTFMove(originalHeaders), WTFMove(url), WTFMove(sourceOrigin), preflightPolicy });
>+        return adoptRef(*new NetworkLoadChecker { WTFMove(options), sessionID, WTFMove(originalHeaders), WTFMove(url), WTFMove(sourceOrigin), preflightPolicy, WTFMove(referrer) });
>     }
>     ~NetworkLoadChecker();
> 
>@@ -69,7 +69,7 @@ public:
>     WebCore::StoredCredentialsPolicy storedCredentialsPolicy() const { return m_storedCredentialsPolicy; }
> 
> private:
>-    NetworkLoadChecker(WebCore::FetchOptions&&, PAL::SessionID, WebCore::HTTPHeaderMap&&, WebCore::URL&&, RefPtr<WebCore::SecurityOrigin>&&, WebCore::PreflightPolicy);
>+    NetworkLoadChecker(WebCore::FetchOptions&&, PAL::SessionID, WebCore::HTTPHeaderMap&&, WebCore::URL&&, RefPtr<WebCore::SecurityOrigin>&&, WebCore::PreflightPolicy, String&& referrer);
> 
>     WebCore::ContentSecurityPolicy* contentSecurityPolicy() const;
>     bool isChecking() const { return !!m_corsPreflightChecker; }
>@@ -111,6 +111,7 @@ private:
>     WebCore::URL m_previousURL;
>     WebCore::PreflightPolicy m_preflightPolicy;
>     String m_dntHeaderValue;
>+    String m_referrer;
> };
> 
> }
>diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
>index 9d78a44f5612ec6b32aa74a82ed03565d82d0c6b..1f7840372e9a6e3b1067bc054d048c1b6c254adb 100644
>--- a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
>+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
>@@ -111,7 +111,7 @@ NetworkResourceLoader::NetworkResourceLoader(NetworkResourceLoadParameters&& par
>     }
> 
>     if (synchronousReply || parameters.shouldRestrictHTTPResponseAccess) {
>-        m_networkLoadChecker = NetworkLoadChecker::create(FetchOptions { m_parameters.options }, m_parameters.sessionID, HTTPHeaderMap { m_parameters.originalRequestHeaders }, URL { m_parameters.request.url() }, m_parameters.sourceOrigin.copyRef(), m_parameters.preflightPolicy);
>+        m_networkLoadChecker = NetworkLoadChecker::create(FetchOptions { m_parameters.options }, m_parameters.sessionID, HTTPHeaderMap { m_parameters.originalRequestHeaders }, URL { m_parameters.request.url() }, m_parameters.sourceOrigin.copyRef(), m_parameters.preflightPolicy, originalRequest().httpReferrer());
>         if (m_parameters.cspResponseHeaders)
>             m_networkLoadChecker->setCSPResponseHeaders(ContentSecurityPolicyResponseHeaders { m_parameters.cspResponseHeaders.value() });
> #if ENABLE(CONTENT_EXTENSIONS)
>diff --git a/Source/WebKit/NetworkProcess/PingLoad.cpp b/Source/WebKit/NetworkProcess/PingLoad.cpp
>index cd86401b2406d134260ae50fc86f700520d849f5..35c7c0358e8caffc6e9b624ceb2fc9d43009c552 100644
>--- a/Source/WebKit/NetworkProcess/PingLoad.cpp
>+++ b/Source/WebKit/NetworkProcess/PingLoad.cpp
>@@ -42,7 +42,7 @@ PingLoad::PingLoad(NetworkResourceLoadParameters&& parameters, WTF::CompletionHa
>     : m_parameters(WTFMove(parameters))
>     , m_completionHandler(WTFMove(completionHandler))
>     , m_timeoutTimer(*this, &PingLoad::timeoutTimerFired)
>-    , m_networkLoadChecker(NetworkLoadChecker::create(FetchOptions { m_parameters.options}, m_parameters.sessionID, WTFMove(m_parameters.originalRequestHeaders), URL { m_parameters.request.url() }, m_parameters.sourceOrigin.copyRef(), m_parameters.preflightPolicy))
>+    , m_networkLoadChecker(NetworkLoadChecker::create(FetchOptions { m_parameters.options}, m_parameters.sessionID, WTFMove(m_parameters.originalRequestHeaders), URL { m_parameters.request.url() }, m_parameters.sourceOrigin.copyRef(), m_parameters.preflightPolicy, m_parameters.request.httpReferrer()))
> {
> 
>     if (m_parameters.cspResponseHeaders)

Actions: View | Formatted Diff | Diff

Attachments on bug 185367: 339695