Attachment 340128 Details for Bug 185412 – Patch

[patch] Patch

bug-185412-20180510141450.patch (text/plain), 23.24 KB, created by Daniel Bates on 2018-05-10 14:14:50 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Daniel Bates

Created: 2018-05-10 14:14:50 PDT

Size: 23.24 KB

patch

obsolete

>Subversion Revision: 231573
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index d68df7ab18ce5e457f1c4df982edc5ca3bb664a3..28e4613c7021adc34179cb39c52fca707166f600 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,45 @@
>+2018-05-10  Daniel Bates  <dabates@apple.com>
>+
>+        Use PlatformStrategies to switch between WebKit and WebKitLegacy checking of CSP frame-ancestors and X-Frame-Options
>+        https://bugs.webkit.org/show_bug.cgi?id=185412
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Consolidate the knowledge on how to determine whether security checks were performed on a ResourceResponse
>+        into LoaderStrategy::havePerformedSecurityChecks() (default implementation returns false) and query it
>+        to determine whether CSP frame-ancestors and X-Frame-Options need to be checked for a ResourceResponse.
>+
>+        Additionally, rename LoaderStrategy::isDoingLoadingSecurityChecks() to shouldPerformSecurityChecks()
>+        for consistency with havePerformedSecurityChecks(). Querying shouldPerformSecurityChecks() answers the
>+        question of whether the loader strategy is responsible for performing security checks when building up
>+        a ResourceRequest to have the loader strategy load. And LoaderStrategy::havePerformedSecurityChecks()
>+        is used to determine whether the loader strategy performed these security checks for a given ResourceResponse.
>+
>+        * inspector/agents/InspectorNetworkAgent.cpp:
>+        (WebCore::InspectorNetworkAgent::didReceiveResponse):
>+        (WebCore::InspectorNetworkAgent::didFinishLoading):
>+        (WebCore::isResponseProbablyComingFromNetworkProcess): Deleted.
>+        * loader/DocumentLoader.cpp:
>+        (WebCore::DocumentLoader::responseReceived):
>+        * loader/DocumentThreadableLoader.cpp:
>+        (WebCore::shouldPerformSecurityChecks):
>+        (WebCore::DocumentThreadableLoader::shouldSetHTTPHeadersToKeep const):
>+        (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
>+        (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
>+        (WebCore::DocumentThreadableLoader::redirectReceived):
>+        (WebCore::DocumentThreadableLoader::didFail):
>+        (WebCore::DocumentThreadableLoader::loadRequest):
>+        (WebCore::isDoingSecurityChecksInNetworkProcess): Deleted.
>+        (WebCore::isResponseComingFromNetworkProcess): Deleted.
>+        * loader/LoaderStrategy.cpp:
>+        * loader/LoaderStrategy.h:
>+        * page/Settings.yaml: Remove setting networkProcessCSPFrameAncestorsCheckingEnabled as we now make
>+        use of the loader strategy to determine whether to perform CSP frame-ancestors and X-Frame-Options
>+        checking in DocumentLoader.
>+        * platform/network/ResourceResponseBase.h:
>+        (WebCore::ResourceResponseBase::setSource): Added an ASSERT to catch the programming error of setting
>+        source to ResourceResponse::Source::Unknown. This source type represents an uninitialized ResourceResponse.
>+
> 2018-05-09  Daniel Bates  <dabates@apple.com>
> 
>         REGRESSION (r231479): http/tests/appcache/x-frame-options-prevents-framing.php is timing out
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index bcf69e87dbd90619248ecdc97662bfbf84a7c5c2..27812a9c628f4b8ed82747575e54d98819b3620a 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,24 @@
>+2018-05-10  Daniel Bates  <dabates@apple.com>
>+
>+        Use PlatformStrategies to switch between WebKit and WebKitLegacy checking of CSP frame-ancestors and X-Frame-Options
>+        https://bugs.webkit.org/show_bug.cgi?id=185412
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Update code for renaming and write in terms of WebLoaderStrategy::shouldPerformSecurityChecks()
>+        instead of explicitly querying RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess().
>+
>+        * WebProcess/Network/WebLoaderStrategy.cpp:
>+        (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
>+        (WebKit::WebLoaderStrategy::loadResourceSynchronously):
>+        (WebKit::WebLoaderStrategy::startPingLoad):
>+        (WebKit::WebLoaderStrategy::preconnectTo):
>+        (WebKit::WebLoaderStrategy::shouldPerformSecurityChecks const):
>+        (WebKit::WebLoaderStrategy::havePerformedSecurityChecks const):
>+        (WebKit::WebLoaderStrategy::isDoingLoadingSecurityChecks const): Deleted.
>+        * WebProcess/Network/WebLoaderStrategy.h:
>+        * WebProcess/WebPage/WebPage.cpp:
>+
> 2018-05-09  Andy Estes  <aestes@apple.com>
> 
>         [iOS] Tell PDFHostViewController when animated resizes begin and end
>diff --git a/Source/WebCore/inspector/agents/InspectorNetworkAgent.cpp b/Source/WebCore/inspector/agents/InspectorNetworkAgent.cpp
>index 46e4afe4cf08cc82e388ed794559624466a86948..c95397ae372a50ecff4e8533d97c4da90aff0064 100644
>--- a/Source/WebCore/inspector/agents/InspectorNetworkAgent.cpp
>+++ b/Source/WebCore/inspector/agents/InspectorNetworkAgent.cpp
>@@ -1,6 +1,6 @@
> /*
>  * Copyright (C) 2011 Google Inc. All rights reserved.
>- * Copyright (C) 2015 Apple Inc. All rights reserved.
>+ * Copyright (C) 2015-2018 Apple Inc. All rights reserved.
>  *
>  * Redistribution and use in source and binary forms, with or without
>  * modification, are permitted provided that the following conditions are
>@@ -421,23 +421,6 @@ void InspectorNetworkAgent::willSendRequestOfType(unsigned long identifier, Docu
>     willSendRequest(identifier, loader, request, ResourceResponse(), resourceTypeForLoadType(loadType));
> }
> 
>-static inline bool isResponseProbablyComingFromNetworkProcess(ResourceResponse::Source source)
>-{
>-    switch (source) {
>-    case ResourceResponse::Source::MemoryCache:
>-    case ResourceResponse::Source::MemoryCacheAfterValidation:
>-    case ResourceResponse::Source::ServiceWorker:
>-    case ResourceResponse::Source::ApplicationCache:
>-        return false;
>-    case ResourceResponse::Source::Unknown:
>-    case ResourceResponse::Source::Network:
>-    case ResourceResponse::Source::DiskCache:
>-    case ResourceResponse::Source::DiskCacheAfterValidation:
>-        return true;
>-    }
>-    return true;
>-}
>-
> void InspectorNetworkAgent::didReceiveResponse(unsigned long identifier, DocumentLoader* loader, const ResourceResponse& response, ResourceLoader* resourceLoader)
> {
>     if (m_hiddenRequestIdentifiers.contains(identifier))
>@@ -446,7 +429,7 @@ void InspectorNetworkAgent::didReceiveResponse(unsigned long identifier, Documen
>     String requestId = IdentifiersFactory::requestId(identifier);
> 
>     std::optional<ResourceResponse> realResponse;
>-    if (RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() && isResponseProbablyComingFromNetworkProcess(response.source())) {
>+    if (platformStrategies()->loaderStrategy()->havePerformedSecurityChecks(response)) {
>         callOnMainThreadAndWait([&] {
>             // We do not need to isolate response since it comes straight from IPC, but we might want to isolate it for extra safety.
>             auto response = platformStrategies()->loaderStrategy()->responseFromResourceLoadIdentifier(identifier);
>@@ -534,7 +517,7 @@ void InspectorNetworkAgent::didFinishLoading(unsigned long identifier, DocumentL
>         sourceMappingURL = InspectorPageAgent::sourceMapURLForResource(resourceData->cachedResource());
> 
>     std::optional<NetworkLoadMetrics> realMetrics;
>-    if (RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() && !networkLoadMetrics.isComplete()) {
>+    if (platformStrategies()->loaderStrategy()->shouldPerformSecurityChecks() && !networkLoadMetrics.isComplete()) {
>         callOnMainThreadAndWait([&] {
>             realMetrics = platformStrategies()->loaderStrategy()->networkMetricsFromResourceLoadIdentifier(identifier).isolatedCopy();
>         });
>diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp
>index 2e2b7638136722868421815b92c74e30c18af870..8352e95e678e41279fd686844d07678ddb431c53 100644
>--- a/Source/WebCore/loader/DocumentLoader.cpp
>+++ b/Source/WebCore/loader/DocumentLoader.cpp
>@@ -60,11 +60,13 @@
> #include "InspectorInstrumentation.h"
> #include "LinkIconCollector.h"
> #include "LinkIconType.h"
>+#include "LoaderStrategy.h"
> #include "Logging.h"
> #include "MemoryCache.h"
> #include "NetworkLoadMetrics.h"
> #include "Page.h"
> #include "PingLoader.h"
>+#include "PlatformStrategies.h"
> #include "PolicyChecker.h"
> #include "ProgressTracker.h"
> #include "ResourceHandle.h"
>@@ -768,7 +770,7 @@ void DocumentLoader::responseReceived(const ResourceResponse& response, Completi
>     unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : m_mainResource->identifier();
>     ASSERT(identifier);
> 
>-    if (m_substituteData.isValid() || !m_frame->settings().networkProcessCSPFrameAncestorsCheckingEnabled() || !RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()) {
>+    if (m_substituteData.isValid() || !platformStrategies()->loaderStrategy()->havePerformedSecurityChecks(response)) {
>         auto url = response.url();
>         ContentSecurityPolicy contentSecurityPolicy(URL { url }, this);
>         contentSecurityPolicy.didReceiveHeaders(ContentSecurityPolicyResponseHeaders { response }, m_request.httpReferrer());
>diff --git a/Source/WebCore/loader/DocumentThreadableLoader.cpp b/Source/WebCore/loader/DocumentThreadableLoader.cpp
>index 79ae616b8dc685f5946ef14348f261f1eb838d84..7e1b0d8fd6366488b1ba64e1b769ee46e25e2292 100644
>--- a/Source/WebCore/loader/DocumentThreadableLoader.cpp
>+++ b/Source/WebCore/loader/DocumentThreadableLoader.cpp
>@@ -89,14 +89,14 @@ RefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& docu
>     return create(document, client, WTFMove(request), options, nullptr, nullptr, WTFMove(referrer), ShouldLogError::Yes);
> }
> 
>-static inline bool isDoingSecurityChecksInNetworkProcess()
>+static inline bool shouldPerformSecurityChecks()
> {
>-    return platformStrategies()->loaderStrategy()->isDoingLoadingSecurityChecks();
>+    return platformStrategies()->loaderStrategy()->shouldPerformSecurityChecks();
> }
> 
> bool DocumentThreadableLoader::shouldSetHTTPHeadersToKeep() const
> {
>-    if (m_options.mode == FetchOptions::Mode::Cors && isDoingSecurityChecksInNetworkProcess())
>+    if (m_options.mode == FetchOptions::Mode::Cors && shouldPerformSecurityChecks())
>         return true;
> 
> #if ENABLE(SERVICE_WORKER)
>@@ -179,7 +179,7 @@ void DocumentThreadableLoader::makeCrossOriginAccessRequest(ResourceRequest&& re
> {
>     ASSERT(m_options.mode == FetchOptions::Mode::Cors);
> 
>-    if ((m_options.preflightPolicy == PreflightPolicy::Consider && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.preflightPolicy == PreflightPolicy::Prevent || isDoingSecurityChecksInNetworkProcess()) {
>+    if ((m_options.preflightPolicy == PreflightPolicy::Consider && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.preflightPolicy == PreflightPolicy::Prevent || shouldPerformSecurityChecks()) {
>         if (checkURLSchemeAsCORSEnabled(request.url()))
>             makeSimpleCrossOriginAccessRequest(WTFMove(request));
>     } else {
>@@ -207,8 +207,8 @@ void DocumentThreadableLoader::makeCrossOriginAccessRequest(ResourceRequest&& re
> 
> void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(ResourceRequest&& request)
> {
>-    ASSERT(m_options.preflightPolicy != PreflightPolicy::Force || isDoingSecurityChecksInNetworkProcess());
>-    ASSERT(m_options.preflightPolicy == PreflightPolicy::Prevent || isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields()) || isDoingSecurityChecksInNetworkProcess());
>+    ASSERT(m_options.preflightPolicy != PreflightPolicy::Force || shouldPerformSecurityChecks());
>+    ASSERT(m_options.preflightPolicy == PreflightPolicy::Prevent || isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields()) || shouldPerformSecurityChecks());
> 
>     updateRequestForAccessControl(request, securityOrigin(), m_options.storedCredentialsPolicy);
>     loadRequest(WTFMove(request), DoSecurityCheck);
>@@ -266,12 +266,6 @@ void DocumentThreadableLoader::clearResource()
>         m_preflightChecker = std::nullopt;
> }
> 
>-static inline bool isResponseComingFromNetworkProcess(const ResourceResponse& response)
>-{
>-    auto source = response.source();
>-    return source == ResourceResponse::Source::Network || source == ResourceResponse::Source::DiskCache || source == ResourceResponse::Source::DiskCacheAfterValidation;
>-}
>-
> void DocumentThreadableLoader::redirectReceived(CachedResource& resource, ResourceRequest&& request, const ResourceResponse& redirectResponse, CompletionHandler<void(ResourceRequest&&)>&& completionHandler)
> {
>     ASSERT(m_client);
>@@ -295,7 +289,7 @@ void DocumentThreadableLoader::redirectReceived(CachedResource& resource, Resour
>         return completionHandler(WTFMove(request));
>     }
> 
>-    if (isDoingSecurityChecksInNetworkProcess() && isResponseComingFromNetworkProcess(redirectResponse)) {
>+    if (platformStrategies()->loaderStrategy()->havePerformedSecurityChecks(redirectResponse)) {
>         completionHandler(WTFMove(request));
>         return;
>     }
>@@ -470,7 +464,7 @@ void DocumentThreadableLoader::didFail(unsigned long, const ResourceError& error
>     // NetworkProcess might return a CSP violation as an AccessControl error in case of redirection.
>     // Let's recheck CSP to generate the report if needed.
>     // FIXME: We should introduce an error dedicated to CSP violation.
>-    if (isDoingSecurityChecksInNetworkProcess() && error.isAccessControl() && error.failingURL().protocolIsInHTTPFamily() && !isAllowedByContentSecurityPolicy(error.failingURL(), ContentSecurityPolicy::RedirectResponseReceived::Yes)) {
>+    if (shouldPerformSecurityChecks() && error.isAccessControl() && error.failingURL().protocolIsInHTTPFamily() && !isAllowedByContentSecurityPolicy(error.failingURL(), ContentSecurityPolicy::RedirectResponseReceived::Yes)) {
>         reportContentSecurityPolicyError(m_resource->resourceRequest().url());
>         return;
>     }
>@@ -579,7 +573,7 @@ void DocumentThreadableLoader::loadRequest(ResourceRequest&& request, SecurityCh
>         return;
>     }
> 
>-    if (!isDoingSecurityChecksInNetworkProcess()) {
>+    if (!shouldPerformSecurityChecks()) {
>         // FIXME: FrameLoader::loadSynchronously() does not tell us whether a redirect happened or not, so we guess by comparing the
>         // request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was
>         // requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials.
>diff --git a/Source/WebCore/loader/LoaderStrategy.cpp b/Source/WebCore/loader/LoaderStrategy.cpp
>index 9af1cc30eb320bd1b4aeba01abc9910b939630ff..838642d9de6097f0d63d5ad48bbf55358adcb487 100644
>--- a/Source/WebCore/loader/LoaderStrategy.cpp
>+++ b/Source/WebCore/loader/LoaderStrategy.cpp
>@@ -27,7 +27,6 @@
> #include "LoaderStrategy.h"
> 
> #include "NetworkLoadMetrics.h"
>-#include "PlatformStrategies.h"
> #include "ResourceResponse.h"
> 
> namespace WebCore {
>diff --git a/Source/WebCore/loader/LoaderStrategy.h b/Source/WebCore/loader/LoaderStrategy.h
>index 2f5efeb6b86b8a0669e341eb5e46915911038044..f142b57727b3f598af1fa297e2d993bb3e156640 100644
>--- a/Source/WebCore/loader/LoaderStrategy.h
>+++ b/Source/WebCore/loader/LoaderStrategy.h
>@@ -81,7 +81,8 @@ public:
>     virtual bool isOnLine() const = 0;
>     virtual void addOnlineStateChangeListener(WTF::Function<void(bool)>&&) = 0;
> 
>-    virtual bool isDoingLoadingSecurityChecks() const { return false; }
>+    virtual bool shouldPerformSecurityChecks() const { return false; }
>+    virtual bool havePerformedSecurityChecks(const ResourceResponse&) const { return false; }
> 
>     virtual ResourceResponse responseFromResourceLoadIdentifier(uint64_t resourceLoadIdentifier);
>     virtual NetworkLoadMetrics networkMetricsFromResourceLoadIdentifier(uint64_t resourceLoadIdentifier);
>diff --git a/Source/WebCore/page/Settings.yaml b/Source/WebCore/page/Settings.yaml
>index 5a2ca70e7558e8768ed8d39bead100a4ec3fe1d2..e2e4c7cf92f428d7c80866b8c64f97a7612e1107 100644
>--- a/Source/WebCore/page/Settings.yaml
>+++ b/Source/WebCore/page/Settings.yaml
>@@ -313,8 +313,6 @@ forceUpdateScrollbarsOnMainThreadForPerformanceTesting:
>   initial: false
> notificationsEnabled:
>   initial: true
>-networkProcessCSPFrameAncestorsCheckingEnabled:
>-  initial: false
> 
> # Some apps needs isLoadingInAPISense to account for active subresource loaders.
> needsIsLoadingInAPISenseQuirk:
>diff --git a/Source/WebCore/platform/network/ResourceResponseBase.h b/Source/WebCore/platform/network/ResourceResponseBase.h
>index ebeb30b77f6b7f696ee54072af15d498c6925e23..0321767361303d75787ef5bbb68d0a05b0c8f690 100644
>--- a/Source/WebCore/platform/network/ResourceResponseBase.h
>+++ b/Source/WebCore/platform/network/ResourceResponseBase.h
>@@ -144,7 +144,11 @@ public:
> 
>     enum class Source { Unknown, Network, DiskCache, DiskCacheAfterValidation, MemoryCache, MemoryCacheAfterValidation, ServiceWorker, ApplicationCache };
>     WEBCORE_EXPORT Source source() const;
>-    void setSource(Source source) { m_source = source; }
>+    void setSource(Source source)
>+    {
>+        ASSERT(source != Source::Unknown);
>+        m_source = source;
>+    }
> 
>     const std::optional<SHA1::Digest>& cacheBodyKey() const { return m_cacheBodyKey; }
>     void setCacheBodyKey(const SHA1::Digest& key) { m_cacheBodyKey = key; }
>diff --git a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
>index 6c32406f306876912a261604234ed361bcc975bc..4f96d7c2c8597e3af7a58611b1109f5ca95ddaec 100644
>--- a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
>+++ b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
>@@ -59,6 +59,7 @@
> #include <WebCore/PlatformStrategies.h>
> #include <WebCore/ReferrerPolicy.h>
> #include <WebCore/ResourceLoader.h>
>+#include <WebCore/ResourceResponse.h>
> #include <WebCore/RuntimeEnabledFeatures.h>
> #include <WebCore/SecurityOrigin.h>
> #include <WebCore/Settings.h>
>@@ -322,7 +323,7 @@ void WebLoaderStrategy::scheduleLoadFromNetworkProcess(ResourceLoader& resourceL
>         }
>     }
> 
>-    loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
>+    loadParameters.shouldRestrictHTTPResponseAccess = shouldPerformSecurityChecks();
> 
>     loadParameters.isMainFrameNavigation = resourceLoader.frame() && resourceLoader.frame()->isMainFrame() && resourceLoader.options().mode == FetchOptions::Mode::Navigate;
> 
>@@ -493,7 +494,7 @@ void WebLoaderStrategy::loadResourceSynchronously(FrameLoader& frameLoader, unsi
>     loadParameters.storedCredentialsPolicy = options.credentials == FetchOptions::Credentials::Omit ? StoredCredentialsPolicy::DoNotUse : StoredCredentialsPolicy::Use;
>     loadParameters.clientCredentialPolicy = clientCredentialPolicy;
>     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(webFrame ? webFrame->coreFrame() : nullptr);
>-    loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
>+    loadParameters.shouldRestrictHTTPResponseAccess = shouldPerformSecurityChecks();
> 
>     loadParameters.options = options;
>     loadParameters.sourceOrigin = &document->securityOrigin();
>@@ -545,7 +546,7 @@ void WebLoaderStrategy::startPingLoad(Frame& frame, ResourceRequest& request, co
>     loadParameters.options = options;
>     loadParameters.originalRequestHeaders = originalRequestHeaders;
>     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(&frame);
>-    loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
>+    loadParameters.shouldRestrictHTTPResponseAccess = shouldPerformSecurityChecks();
>     if (!document->shouldBypassMainWorldContentSecurityPolicy()) {
>         if (auto * contentSecurityPolicy = document->contentSecurityPolicy())
>             loadParameters.cspResponseHeaders = contentSecurityPolicy->responseHeaders();
>@@ -602,7 +603,7 @@ void WebLoaderStrategy::preconnectTo(FrameLoader& frameLoader, const WebCore::UR
>     parameters.sessionID = webPage ? webPage->sessionID() : PAL::SessionID::defaultSessionID();
>     parameters.storedCredentialsPolicy = storedCredentialsPolicy;
>     parameters.shouldPreconnectOnly = PreconnectOnly::Yes;
>-    parameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
>+    parameters.shouldRestrictHTTPResponseAccess = shouldPerformSecurityChecks();
>     // FIXME: Use the proper destination once all fetch options are passed.
>     parameters.options.destination = FetchOptions::Destination::EmptyString;
> 
>@@ -662,9 +663,29 @@ NetworkLoadMetrics WebLoaderStrategy::networkMetricsFromResourceLoadIdentifier(u
>     return networkMetrics;
> }
> 
>-bool WebLoaderStrategy::isDoingLoadingSecurityChecks() const
>+bool WebLoaderStrategy::shouldPerformSecurityChecks() const
> {
>     return RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
> }
> 
>+bool WebLoaderStrategy::havePerformedSecurityChecks(const ResourceResponse& response) const
>+{
>+    if (!shouldPerformSecurityChecks())
>+        return false;
>+    switch (response.source()) {
>+    case ResourceResponse::Source::ApplicationCache:
>+    case ResourceResponse::Source::MemoryCache:
>+    case ResourceResponse::Source::MemoryCacheAfterValidation:
>+    case ResourceResponse::Source::ServiceWorker:
>+        return false;
>+    case ResourceResponse::Source::DiskCache:
>+    case ResourceResponse::Source::DiskCacheAfterValidation:
>+    case ResourceResponse::Source::Network:
>+    case ResourceResponse::Source::Unknown:
>+        return true;
>+    }
>+    ASSERT_NOT_REACHED();
>+    return false;
>+}
>+
> } // namespace WebKit
>diff --git a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h
>index 507216b4813d8cd9a04a3d6da7c0d54fd00f94f6..ed023fcb9f8b6c5b6d24f57abd1dd1893f300b08 100644
>--- a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h
>+++ b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h
>@@ -94,7 +94,8 @@ private:
>     WebCore::ResourceResponse responseFromResourceLoadIdentifier(uint64_t resourceLoadIdentifier) final;
>     WebCore::NetworkLoadMetrics networkMetricsFromResourceLoadIdentifier(uint64_t resourceLoadIdentifier) final;
> 
>-    bool isDoingLoadingSecurityChecks() const final;
>+    bool shouldPerformSecurityChecks() const final;
>+    bool havePerformedSecurityChecks(const WebCore::ResourceResponse&) const final;
> 
>     HashSet<RefPtr<WebCore::ResourceLoader>> m_internallyFailedResourceLoaders;
>     RunLoop::Timer<WebLoaderStrategy> m_internallyFailedLoadTimer;
>diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.cpp b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
>index fdd2056c2dba860b341af1ed1bf7633814f21ed2..19d427e62397191db4159bdbc93ebbc5517e729a 100644
>--- a/Source/WebKit/WebProcess/WebPage/WebPage.cpp
>+++ b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
>@@ -471,8 +471,6 @@ WebPage::WebPage(uint64_t pageID, WebPageCreationParameters&& parameters)
>     WebCore::provideUserMediaTo(m_page.get(), new WebUserMediaClient(*this));
> #endif
> 
>-    m_page->settings().setNetworkProcessCSPFrameAncestorsCheckingEnabled(true);
>-
>     m_page->setControlledByAutomation(parameters.controlledByAutomation);
> 
> #if ENABLE(REMOTE_INSPECTOR)

Actions: View | Formatted Diff | Diff

Attachments on bug 185412: 340128