Bug 229041

Summary: Add Cross-Origin-Embedder-Policy support for Blob URLs
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Page LoadingAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, annulen, beidson, calvaris, changseok, darin, eric.carlson, esprehn+autocc, ews-watchlist, ggaren, glenn, gyuyoung.kim, japhet, jer.noble, kangil.han, philipj, rniwa, ryuan.choi, sam, sergio, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
URL: https://github.com/whatwg/html/issues/5198
Bug Depends on:    
Bug Blocks: 228755    
Attachments:
Description Flags
WIP patch
none
Patch
none
Patch
none
Patch none

Chris Dumez
Reported 2021-08-12 09:25:11 PDT
Add Cross-Origin-Embedder-Policy support for Blob URLs.
Attachments
WIP patch (38.56 KB, patch)
2021-08-12 09:52 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (52.11 KB, patch)
2021-08-13 15:19 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (62.19 KB, patch)
2021-08-13 17:17 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (62.54 KB, patch)
2021-08-13 17:51 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2021-08-12 09:52:25 PDT
Created attachment 435430 [details] WIP patch
Chris Dumez
Comment 2 2021-08-12 10:07:14 PDT
imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/blob.https.html is completely failing still, even though html/cross-origin-opener-policy/coep-blob-popup.https.html is fully passing :/ Investigating...
Chris Dumez
Comment 3 2021-08-13 15:19:06 PDT
Created attachment 435521 [details] Patch
Alex Christensen
Comment 4 2021-08-13 16:28:23 PDT
Comment on attachment 435521 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=435521&action=review > Source/WebKitLegacy/win/WebCoreSupport/WebPlatformStrategies.cpp:84 > + void registerBlobURL(const URL& url, const URL& srcURL, const CrossOriginOpenerPolicy& coop, const CrossOriginEmbedderPolicy& coep) final { m_blobRegistry.registerBlobURL(url, srcURL, coop, coep); } Should we make a struct that contains both and call it CrossOriginPolicies? > LayoutTests/platform/mac-wk1/TestExpectations:376 > +imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coep-blob-popup.https.html [ Skip ] Why not skip the whole directory? > LayoutTests/platform/win/TestExpectations:3728 > +imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coep-blob-popup.https.html [ Skip ] ditto
Chris Dumez
Comment 5 2021-08-13 16:30:02 PDT
(In reply to Alex Christensen from comment #4) > Comment on attachment 435521 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=435521&action=review > > > Source/WebKitLegacy/win/WebCoreSupport/WebPlatformStrategies.cpp:84 > > + void registerBlobURL(const URL& url, const URL& srcURL, const CrossOriginOpenerPolicy& coop, const CrossOriginEmbedderPolicy& coep) final { m_blobRegistry.registerBlobURL(url, srcURL, coop, coep); } > > Should we make a struct that contains both and call it CrossOriginPolicies? Sure, why not. > > > LayoutTests/platform/mac-wk1/TestExpectations:376 > > +imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coep-blob-popup.https.html [ Skip ] > > Why not skip the whole directory? > > > LayoutTests/platform/win/TestExpectations:3728 > > +imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coep-blob-popup.https.html [ Skip ] > > ditto I guess we could. I don't really care about COOP for WK1. That said, COOP is implemented and working in WebKit1. The only reason this test fails on WK1 is because the test relies on COEP in addition to COOP (and COEP is unimplemented in WK1).
Chris Dumez
Comment 6 2021-08-13 17:17:04 PDT
Created attachment 435529 [details] Patch
Darin Adler
Comment 7 2021-08-13 17:21:42 PDT
Comment on attachment 435529 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=435529&action=review > Source/WebCore/dom/SecurityContext.h:30 > +#include "PolicyContainer.h" Typically we don’t need to include a header just to declare a function with that type as a return value. It can be a forward declaration.
Chris Dumez
Comment 8 2021-08-13 17:51:38 PDT
Created attachment 435530 [details] Patch
EWS
Comment 9 2021-08-13 19:28:27 PDT
Committed r281055 (240518@main): <https://commits.webkit.org/240518@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 435530 [details].
Radar WebKit Bug Importer
Comment 10 2021-08-13 19:29:16 PDT
<rdar://problem/81925692>
Note You need to log in before you can comment on or make changes to this bug.