Summary: | Add Cross-Origin-Opener-Policy support for Blob URLs | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Chris Dumez <cdumez> | ||||||
Component: | Page Loading | Assignee: | Chris Dumez <cdumez> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | achristensen, beidson, calvaris, changseok, darin, eric.carlson, esprehn+autocc, ews-watchlist, ggaren, glenn, gyuyoung.kim, japhet, jer.noble, kangil.han, philipj, rniwa, sam, sergio, webkit-bug-importer, youennf | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Bug Depends on: | 228923 | ||||||||
Bug Blocks: | 228755 | ||||||||
Attachments: |
|
Description
Chris Dumez
2021-08-09 14:02:26 PDT
Created attachment 435270 [details]
Patch
Created attachment 435284 [details]
Patch
Comment on attachment 435284 [details]
Patch
Why is it ok to have { } in registerBlobURLOptionallyFileBacked and Blob's DeserializationContructor?
Comment on attachment 435284 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=435284&action=review > Source/WebCore/fileapi/Blob.cpp:140 > + ThreadableBlobRegistry::registerBlobURL(nullptr, { }, m_internalURL, srcURL); Passing an empty coop is intentional here. Notice that we are also passing nullptr as the securityOrigin (first parameter). This is because this constructor is merely used when deserializing a Blob passed via SerializedScriptValue. Both srcURL and and m_internalURL are internal blob URLs here (no origin). COOP gets assigned when creating a *public* blob URL from a Blob (By calling URL.createObjectURL()). Blobs themselves don't have a COOP value but there is a COOP value associated with each public Blob URL for the blob in question. > Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:848 > + session->blobRegistry().registerBlobURLOptionallyFileBacked(url, srcURL, BlobDataFileReferenceWithSandboxExtension::create(fileBackedPath), contentType, { }); BlobRegistryImpl::registerBlobURL() calls BlobRegistryImpl::registerBlobURLOptionallyFileBacked() internally so I had to add a COOP parameter to BlobRegistryImpl::registerBlobURLOptionallyFileBacked(). However, ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked() is only called from the Blob deserialization constructor (discussed above) and only deals with internal blob URLs (not public ones with security origins). Also note that ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked() does not take a SecurityOrigin in parameter. Comment on attachment 435284 [details] Patch Clearing flags on attachment: 435284 Committed r280881 (240418@main): <https://commits.webkit.org/240418@main> All reviewed patches have been landed. Closing bug. |