WebKit Bugzilla
Attachment 340113 Details for
Bug 185520
: 'Cross-Origin-Options header implementation follow-up
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185520-20180510115135.patch (text/plain), 16.60 KB, created by
Chris Dumez
on 2018-05-10 11:51:35 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Chris Dumez
Created:
2018-05-10 11:51:35 PDT
Size:
16.60 KB
patch
obsolete
>Subversion Revision: 231638 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 3c62ace5e5176803c5b41f9890763cc5486253b1..f4ff60801808a3feac1e87379baee0b5fe2c13b2 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,36 @@ >+2018-05-10 Chris Dumez <cdumez@apple.com> >+ >+ 'Cross-Origin-Options header implementation follow-up >+ https://bugs.webkit.org/show_bug.cgi?id=185520 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * dom/Document.cpp: >+ * dom/Document.h: >+ * loader/FrameLoader.cpp: >+ (WebCore::FrameLoader::didBeginDocument): >+ Using isNull() check is sufficient here as the header parsing >+ function will do the right thing when passed the empty string. >+ Also set the options directly on the window instead of the >+ document. The window is guaranteed to have been constructed >+ by then because didBeginDocument() is called DocumentWriter::begin() >+ which calls Document::createDOMWindow() or Document::takeDOMWindowFrom(). >+ >+ * page/AbstractDOMWindow.cpp: >+ (WebCore::AbstractDOMWindow::AbstractDOMWindow): >+ * page/AbstractDOMWindow.h: >+ * page/DOMWindow.cpp: >+ (WebCore::DOMWindow::DOMWindow): >+ (WebCore::DOMWindow::didSecureTransitionTo): >+ * page/RemoteDOMWindow.cpp: >+ (WebCore::RemoteDOMWindow::RemoteDOMWindow): >+ * page/RemoteDOMWindow.h: >+ CrossOriginOptions are now stored only on the Window, not the Document. >+ >+ * platform/network/HTTPParsers.cpp: >+ (WebCore::parseCrossOriginOptionsHeader): >+ Drop strippedHeader local variable as it is not strictly needed. >+ > 2018-05-10 Thibault Saunier <tsaunier@igalia.com> > > [GTK] Implement ImageBuffer::toBGRAData >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 90ca7af004f6cde3f5acc81490d1e2893f71aac9..bbda51982da4945ed766b619a9eceda6f86d1435 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,13 @@ >+2018-05-10 Chris Dumez <cdumez@apple.com> >+ >+ 'Cross-Origin-Options header implementation follow-up >+ https://bugs.webkit.org/show_bug.cgi?id=185520 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WebProcess/WebPage/WebPage.cpp: >+ (WebKit::WebPage::frameBecameRemote): >+ > 2018-05-09 Carlos Garcia Campos <cgarcia@igalia.com> > > WebDriver: implement advance user interactions >diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp >index f8c3d9c7aad79ea73d70cb45173dba51cca40d9e..95a3033408177ab8d2f4b3bd9bd5b7cac39aa12a 100644 >--- a/Source/WebCore/dom/Document.cpp >+++ b/Source/WebCore/dom/Document.cpp >@@ -517,7 +517,6 @@ Document::Document(Frame* frame, const URL& url, unsigned documentClasses, unsig > , m_didAssociateFormControlsTimer(*this, &Document::didAssociateFormControlsTimerFired) > , m_cookieCacheExpiryTimer(*this, &Document::invalidateDOMCookieCache) > , m_socketProvider(page() ? &page()->socketProvider() : nullptr) >- , m_crossOriginOptions { CrossOriginOptions::Allow } > , m_isSynthesized(constructionFlags & Synthesized) > , m_isNonRenderedPlaceholder(constructionFlags & NonRenderedPlaceholder) > , m_orientationNotifier(currentOrientation(frame)) >@@ -7807,11 +7806,4 @@ String Document::signedPublicKeyAndChallengeString(unsigned keySizeIndex, const > return page->chrome().client().signedPublicKeyAndChallengeString(keySizeIndex, challengeString, url); > } > >-void Document::setCrossOriginOptions(CrossOriginOptions value) >-{ >- m_crossOriginOptions = value; >- if (auto* window = domWindow()) >- window->setCrossOriginOptions(value); >-} >- > } // namespace WebCore >diff --git a/Source/WebCore/dom/Document.h b/Source/WebCore/dom/Document.h >index 6d7c525ee887ee6f65cbd5d6437202c015141d99..b9eff10963e4b428e0ed238c93c5babc541b9a58 100644 >--- a/Source/WebCore/dom/Document.h >+++ b/Source/WebCore/dom/Document.h >@@ -194,7 +194,6 @@ class XPathResult; > template<typename> class ExceptionOr; > > enum CollectionType; >-enum class CrossOriginOptions; > enum class ShouldOpenExternalURLsPolicy; > > enum class RouteSharingPolicy; >@@ -1431,9 +1430,6 @@ public: > > String signedPublicKeyAndChallengeString(unsigned keySizeIndex, const String& challengeString, const URL&); > >- CrossOriginOptions crossOriginOptions() const { return m_crossOriginOptions; } >- void setCrossOriginOptions(CrossOriginOptions value); >- > protected: > enum ConstructionFlags { Synthesized = 1, NonRenderedPlaceholder = 1 << 1 }; > Document(Frame*, const URL&, unsigned = DefaultDocumentClass, unsigned constructionFlags = 0); >@@ -1819,8 +1815,6 @@ private: > > unsigned m_writeRecursionDepth { 0 }; > >- CrossOriginOptions m_crossOriginOptions; >- > InheritedBool m_designMode { inherit }; > MediaProducer::MediaStateFlags m_mediaState { MediaProducer::IsNotPlaying }; > bool m_userHasInteractedWithMediaElement { false }; >diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp >index 729f25389c64690f08eb60d56215349e84881b53..1b7a099307317386aeb57219a74d76a0156988d4 100644 >--- a/Source/WebCore/loader/FrameLoader.cpp >+++ b/Source/WebCore/loader/FrameLoader.cpp >@@ -745,8 +745,10 @@ void FrameLoader::didBeginDocument(bool dispatch) > > if (m_frame.settings().crossOriginOptionsSupportEnabled()) { > String crossOriginOptionsHeader = m_documentLoader->response().httpHeaderField(HTTPHeaderName::CrossOriginOptions); >- if (!crossOriginOptionsHeader.isEmpty()) >- m_frame.document()->setCrossOriginOptions(parseCrossOriginOptionsHeader(crossOriginOptionsHeader)); >+ if (!crossOriginOptionsHeader.isNull()) { >+ ASSERT(m_frame.window()); >+ m_frame.window()->setCrossOriginOptions(parseCrossOriginOptionsHeader(crossOriginOptionsHeader)); >+ } > } > } > >diff --git a/Source/WebCore/page/AbstractDOMWindow.cpp b/Source/WebCore/page/AbstractDOMWindow.cpp >index 582668f753deceafca5cbae3645a917c781081f9..60118dd92062d0898f57849f715152aa52b31d87 100644 >--- a/Source/WebCore/page/AbstractDOMWindow.cpp >+++ b/Source/WebCore/page/AbstractDOMWindow.cpp >@@ -26,6 +26,7 @@ > #include "config.h" > #include "AbstractDOMWindow.h" > >+#include "HTTPParsers.h" > #include <wtf/NeverDestroyed.h> > > namespace WebCore { >@@ -37,9 +38,9 @@ HashMap<GlobalWindowIdentifier, AbstractDOMWindow*>& AbstractDOMWindow::allWindo > return map; > } > >-AbstractDOMWindow::AbstractDOMWindow(GlobalWindowIdentifier&& identifier, CrossOriginOptions crossOriginOptions) >+AbstractDOMWindow::AbstractDOMWindow(GlobalWindowIdentifier&& identifier) > : m_identifier(WTFMove(identifier)) >- , m_crossOriginOptions(crossOriginOptions) >+ , m_crossOriginOptions(CrossOriginOptions::Allow) > { > ASSERT(!allWindows().contains(identifier)); > allWindows().add(identifier, this); >diff --git a/Source/WebCore/page/AbstractDOMWindow.h b/Source/WebCore/page/AbstractDOMWindow.h >index e26c2b78ae473d5a8fcf11e8e0c355ef899dbef2..64d45a8cacbc0ead0c71d6e404c4023be5d5f998 100644 >--- a/Source/WebCore/page/AbstractDOMWindow.h >+++ b/Source/WebCore/page/AbstractDOMWindow.h >@@ -58,7 +58,7 @@ public: > void setCrossOriginOptions(CrossOriginOptions value) { m_crossOriginOptions = value; } > > protected: >- AbstractDOMWindow(GlobalWindowIdentifier&&, CrossOriginOptions); >+ explicit AbstractDOMWindow(GlobalWindowIdentifier&&); > > EventTargetInterface eventTargetInterface() const final { return DOMWindowEventTargetInterfaceType; } > void refEventTarget() final { ref(); } >diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp >index f4249d35c40b56a2850f4283cf81371892911990..ffb07b8232278c340ae23b617b5f2435513d1cbf 100644 >--- a/Source/WebCore/page/DOMWindow.cpp >+++ b/Source/WebCore/page/DOMWindow.cpp >@@ -63,6 +63,7 @@ > #include "FrameLoaderClient.h" > #include "FrameTree.h" > #include "FrameView.h" >+#include "HTTPParsers.h" > #include "History.h" > #include "InspectorInstrumentation.h" > #include "JSDOMWindowBase.h" >@@ -402,7 +403,7 @@ void DOMWindow::setCanShowModalDialogOverride(bool allow) > } > > DOMWindow::DOMWindow(Document& document) >- : AbstractDOMWindow(GlobalWindowIdentifier { Process::identifier(), generateObjectIdentifier<WindowIdentifierType>() }, document.crossOriginOptions()) >+ : AbstractDOMWindow(GlobalWindowIdentifier { Process::identifier(), generateObjectIdentifier<WindowIdentifierType>() }) > , ContextDestructionObserver(&document) > , FrameDestructionObserver(document.frame()) > { >@@ -413,7 +414,6 @@ DOMWindow::DOMWindow(Document& document) > void DOMWindow::didSecureTransitionTo(Document& document) > { > observeContext(&document); >- setCrossOriginOptions(document.crossOriginOptions()); > } > > DOMWindow::~DOMWindow() >diff --git a/Source/WebCore/page/RemoteDOMWindow.cpp b/Source/WebCore/page/RemoteDOMWindow.cpp >index 03a925dec62003b41575604e69485f82b069e5cd..92f77936dad59441b832d7a76259fd70315c2ac2 100644 >--- a/Source/WebCore/page/RemoteDOMWindow.cpp >+++ b/Source/WebCore/page/RemoteDOMWindow.cpp >@@ -32,8 +32,8 @@ > > namespace WebCore { > >-RemoteDOMWindow::RemoteDOMWindow(Ref<RemoteFrame>&& frame, GlobalWindowIdentifier&& identifier, CrossOriginOptions crossOriginOptions) >- : AbstractDOMWindow(WTFMove(identifier), crossOriginOptions) >+RemoteDOMWindow::RemoteDOMWindow(Ref<RemoteFrame>&& frame, GlobalWindowIdentifier&& identifier) >+ : AbstractDOMWindow(WTFMove(identifier)) > , m_frame(WTFMove(frame)) > { > m_frame->setWindow(this); >diff --git a/Source/WebCore/page/RemoteDOMWindow.h b/Source/WebCore/page/RemoteDOMWindow.h >index ede2a75d17c0edb2bb7c69c2c2003d25d23112db..cb8611c5d035c709bab483e473648b83ff87b4c0 100644 >--- a/Source/WebCore/page/RemoteDOMWindow.h >+++ b/Source/WebCore/page/RemoteDOMWindow.h >@@ -44,9 +44,9 @@ class Location; > > class RemoteDOMWindow final : public AbstractDOMWindow { > public: >- static Ref<RemoteDOMWindow> create(Ref<RemoteFrame>&& frame, GlobalWindowIdentifier&& identifier, CrossOriginOptions crossOriginOptions) >+ static Ref<RemoteDOMWindow> create(Ref<RemoteFrame>&& frame, GlobalWindowIdentifier&& identifier) > { >- return adoptRef(*new RemoteDOMWindow(WTFMove(frame), WTFMove(identifier), crossOriginOptions)); >+ return adoptRef(*new RemoteDOMWindow(WTFMove(frame), WTFMove(identifier))); > } > > ~RemoteDOMWindow() final; >@@ -68,7 +68,7 @@ public: > void postMessage(JSC::ExecState&, DOMWindow& incumbentWindow, JSC::JSValue message, const String& targetOrigin, Vector<JSC::Strong<JSC::JSObject>>&&); > > private: >- WEBCORE_EXPORT RemoteDOMWindow(Ref<RemoteFrame>&&, GlobalWindowIdentifier&&, CrossOriginOptions); >+ WEBCORE_EXPORT RemoteDOMWindow(Ref<RemoteFrame>&&, GlobalWindowIdentifier&&); > > bool isRemoteDOMWindow() const final { return true; } > bool isLocalDOMWindow() const final { return false; } >diff --git a/Source/WebCore/platform/network/HTTPParsers.cpp b/Source/WebCore/platform/network/HTTPParsers.cpp >index cf1432204e69feb64c604a695ed2994b79221783..893905f1f6f80e275d1a9a1705e1c935f469d419 100644 >--- a/Source/WebCore/platform/network/HTTPParsers.cpp >+++ b/Source/WebCore/platform/network/HTTPParsers.cpp >@@ -915,14 +915,14 @@ FromOriginDisposition parseFromOriginHeader(const String& header) > > CrossOriginOptions parseCrossOriginOptionsHeader(StringView header) > { >- auto strippedHeader = stripLeadingAndTrailingHTTPSpaces(header); >- if (strippedHeader.isEmpty()) >+ header = stripLeadingAndTrailingHTTPSpaces(header); >+ if (header.isEmpty()) > return CrossOriginOptions::Allow; > >- if (equalLettersIgnoringASCIICase(strippedHeader, "deny")) >+ if (equalLettersIgnoringASCIICase(header, "deny")) > return CrossOriginOptions::Deny; > >- if (equalLettersIgnoringASCIICase(strippedHeader, "allow-postmessage")) >+ if (equalLettersIgnoringASCIICase(header, "allow-postmessage")) > return CrossOriginOptions::AllowPostMessage; > > return CrossOriginOptions::Allow; >diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.cpp b/Source/WebKit/WebProcess/WebPage/WebPage.cpp >index f5d55ef9f591586b80c53ae17de2caab183ed3d9..788aa6f90b90fae021b3158d9906db1ff63606a3 100644 >--- a/Source/WebKit/WebProcess/WebPage/WebPage.cpp >+++ b/Source/WebKit/WebProcess/WebPage/WebPage.cpp >@@ -5911,8 +5911,8 @@ void WebPage::frameBecameRemote(uint64_t frameID, GlobalFrameIdentifier&& remote > return; > > auto remoteFrame = RemoteFrame::create(WTFMove(remoteFrameIdentifier)); >- auto remoteWindow = RemoteDOMWindow::create(remoteFrame.copyRef(), WTFMove(remoteWindowIdentifier), previousWindow->crossOriginOptions()); >- UNUSED_PARAM(remoteWindow); >+ auto remoteWindow = RemoteDOMWindow::create(remoteFrame.copyRef(), WTFMove(remoteWindowIdentifier)); >+ remoteWindow->setCrossOriginOptions(previousWindow->crossOriginOptions()); > > remoteFrame->setOpener(frame->coreFrame()->loader().opener()); > >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 1da4521785c36dd2e60117a8de87c2be6f950d02..19ca1f0a88c41a04ef989acb0c3f58114d3f3be1 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,15 @@ >+2018-05-10 Chris Dumez <cdumez@apple.com> >+ >+ 'Cross-Origin-Options header implementation follow-up >+ https://bugs.webkit.org/show_bug.cgi?id=185520 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Extend layout testing to cover mixed case, multiple values and no value. >+ >+ * http/wpt/cross-origin-options/cross-origin-options-header-expected.txt: >+ * http/wpt/cross-origin-options/cross-origin-options-header.html: >+ > 2018-05-10 Yacine Bandou <yacine.bandou_ext@softathome.com> > > [wpe] update the TestExpectations for encrypted-media after some fixes >diff --git a/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header-expected.txt b/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header-expected.txt >index fb310842fe451eb2b6e790da6dda5d6f2da1e757..a03b128eadfe3bc6bd998eb6133fe882a8af8e55 100644 >--- a/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header-expected.txt >+++ b/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header-expected.txt >@@ -2,6 +2,9 @@ > > PASS Cross-origin iframe with 'Cross-Origin-Options: deny' HTTP header > PASS Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header >+PASS Cross-origin iframe with 'Cross-Origin-Options: alLoW-postMessAgE' HTTP header (mixed case) >+PASS Cross-origin iframe with 'Cross-Origin-Options: deny,allow' HTTP header (multiple values is invalid) >+PASS Cross-origin iframe with 'Cross-Origin-Options:' HTTP header (empty value) > PASS Cross-origin iframe with 'Cross-Origin-Options: allow' HTTP header > PASS Cross-origin iframe with 'Cross-Origin-Options: invalid' HTTP header > PASS Same-origin iframe with 'Cross-Origin-Options: deny' HTTP header >diff --git a/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html b/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html >index 2215d0fd7284c28f2af5a9453bc9481f7548d08e..ffad3b341fb72bd4ea9500f7bd4604f89080496b 100644 >--- a/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html >+++ b/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html >@@ -47,6 +47,32 @@ promise_test(function(test) { > }); > }, "Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header"); > >+promise_test(function(test) { >+ return withIframe("serve-cross-origin-options-header.py?value=alLoW-postMessAgE", true /* isCrossOrigin */).then((f) => { >+ testCrossOriginOption(f.contentWindow, "allow-postmessage", true /* isCrossOrigin */); >+ }); >+}, "Cross-origin iframe with 'Cross-Origin-Options: alLoW-postMessAgE' HTTP header (mixed case)"); >+ >+promise_test(function(test) { >+ return withIframe("serve-cross-origin-options-header.py?value=deny,allow", true /* isCrossOrigin */).then((f) => { >+ const w = f.contentWindow; >+ // Invalid input: should be treated as "allow". >+ testCrossOriginOption(w, "allow", true /* isCrossOrigin */); >+ >+ checkIframePropertyValues(w); >+ }); >+}, "Cross-origin iframe with 'Cross-Origin-Options: deny,allow' HTTP header (multiple values is invalid)"); >+ >+promise_test(function(test) { >+ return withIframe("serve-cross-origin-options-header.py?value=", true /* isCrossOrigin */).then((f) => { >+ const w = f.contentWindow; >+ // Empty value: should be treated as "allow". >+ testCrossOriginOption(w, "allow", true /* isCrossOrigin */); >+ >+ checkIframePropertyValues(w); >+ }); >+}, "Cross-origin iframe with 'Cross-Origin-Options:' HTTP header (empty value)"); >+ > promise_test(function(test) { > return withIframe("serve-cross-origin-options-header.py?value=allow", true /* isCrossOrigin */).then((f) => { > const w = f.contentWindow;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=340113">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185520
: 340113