Bug 229203

Summary: [WK2] Implement process-swapping based on Cross-Origin-Opener-Policy HTTP header
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ayumi_kojima, beidson, darin, ews-watchlist, ggaren, japhet, kkinnunen, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=229532
Bug Depends on:    
Bug Blocks: 228755, 229465    
Attachments:
Description Flags
WIP patch
ews-feeder: commit-queue-
WIP patch
ews-feeder: commit-queue-
Patch
none
Patch
none
Patch
none
Patch
none
Patch
none
Patch
ews-feeder: commit-queue-
Patch
none
Patch
none
Patch
none
Patch
none
Patch ews-feeder: commit-queue-

Description Chris Dumez 2021-08-17 14:22:57 PDT 
Implement process-swapping based on Cross-Origin-Opener-Policy HTTP header to improve security.
Comment 1 Radar WebKit Bug Importer 2021-08-17 14:46:47 PDT 
<rdar://problem/82047686>
Comment 2 Chris Dumez 2021-08-17 16:38:58 PDT 
Created attachment 435727 [details]
WIP patch
Comment 3 Chris Dumez 2021-08-17 17:16:55 PDT 
Created attachment 435729 [details]
WIP patch
Comment 4 Chris Dumez 2021-08-18 09:40:50 PDT 
Created attachment 435776 [details]
Patch
Comment 5 Chris Dumez 2021-08-18 09:48:01 PDT 
Created attachment 435778 [details]
Patch
Comment 6 Chris Dumez 2021-08-18 10:57:46 PDT 
Created attachment 435785 [details]
Patch
Comment 7 Alex Christensen 2021-08-19 11:26:24 PDT 
Comment on attachment 435785 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=435785&action=review

> Source/WebCore/loader/DocumentLoader.cpp:1042
> +    if (m_isContinuingLoadAfterResponsePolicyCheck) {

Should this be std::exchange(m_isContinuingLoadAfterResponsePolicyCheck, false)?

> Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:233
> +    auto* previousMainFrame = m_page.mainFrame();

May as well use a RefPtr here.

> Source/WebKit/UIProcess/ProvisionalPageProxy.h:131
> +        uint64_t listenerID, const UserData&);

Can we keep all the parameters on one line?

> Source/WebKit/UIProcess/WebPageProxy.cpp:5638
> +    if (!navigation) {

Why is this needed now but wasn't before?

> Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:1221
> +    [webViewConfiguration preferences].javaScriptCanOpenWindowsAutomatically = YES;

Is this only needed on iOS?  Could we only do it on iOS if it is?
setJavaScriptCanOpenWindowsAutomaticallyIfNecessary(webViewConfiguration)

> Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:7226
> +    // When the provisional load starts in the provisional process, kill the WebView's processes.

I don't understand this comment.
Comment 8 Chris Dumez 2021-08-19 11:40:22 PDT 
Comment on attachment 435785 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=435785&action=review

>> Source/WebCore/loader/DocumentLoader.cpp:1042
>> +    if (m_isContinuingLoadAfterResponsePolicyCheck) {
> 
> Should this be std::exchange(m_isContinuingLoadAfterResponsePolicyCheck, false)?

I doesn't hurt. I will make the change.

>> Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:233
>> +    auto* previousMainFrame = m_page.mainFrame();
> 
> May as well use a RefPtr here.

OK

>> Source/WebKit/UIProcess/ProvisionalPageProxy.h:131
>> +        uint64_t listenerID, const UserData&);
> 
> Can we keep all the parameters on one line?

Not new but OK.

>> Source/WebKit/UIProcess/WebPageProxy.cpp:5638
>> +    if (!navigation) {
> 
> Why is this needed now but wasn't before?

I'll double check if this is still needed. It might be a reminiscence of an earlier iteration. Basically, the issue is that we need a NavigationAction object to do process-swapping. We have the same logic in decidePolicyForNavigationAction, for the same reason.

>> Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:1221
>> +    [webViewConfiguration preferences].javaScriptCanOpenWindowsAutomatically = YES;
> 
> Is this only needed on iOS?  Could we only do it on iOS if it is?
> setJavaScriptCanOpenWindowsAutomaticallyIfNecessary(webViewConfiguration)

Yes, only iOS requires it but I didn't feel adding #ifdefs was worth it?

>> Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:7226
>> +    // When the provisional load starts in the provisional process, kill the WebView's processes.
> 
> I don't understand this comment.

Oops, looks like a bad copy/paste. Will drop.
Comment 9 Chris Dumez 2021-08-19 11:49:31 PDT 
Comment on attachment 435785 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=435785&action=review

>>> Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:1221
>>> +    [webViewConfiguration preferences].javaScriptCanOpenWindowsAutomatically = YES;
>> 
>> Is this only needed on iOS?  Could we only do it on iOS if it is?
>> setJavaScriptCanOpenWindowsAutomaticallyIfNecessary(webViewConfiguration)
> 
> Yes, only iOS requires it but I didn't feel adding #ifdefs was worth it?

From our API:
/*! @abstract A Boolean value indicating whether JavaScript can open
 windows without user interaction.
 @discussion The default value is NO in iOS and YES in OS X.
 */
@property (nonatomic) BOOL javaScriptCanOpenWindowsAutomatically;

So this is the reason we need to set it to YES only on iOS: It is already YES on macOS by default. Therefore, it doesn't hurt to set it to YES no matter what.
Comment 10 Chris Dumez 2021-08-19 12:08:30 PDT 
Created attachment 435892 [details]
Patch
Comment 11 Chris Dumez 2021-08-19 14:18:39 PDT 
Comment on attachment 435892 [details]
Patch

I think the imported/w3c/web-platform-tests/IndexedDB/serialize-sharedarraybuffer-throws.https.html flakiness may be a regression from this patch. I'll investigate.
Comment 12 Chris Dumez 2021-08-23 10:26:46 PDT 
Created attachment 436208 [details]
Patch
Comment 13 Chris Dumez 2021-08-23 12:18:49 PDT 
Created attachment 436222 [details]
Patch
Comment 14 Chris Dumez 2021-08-23 15:56:34 PDT 
Created attachment 436244 [details]
Patch
Comment 15 Chris Dumez 2021-08-23 16:14:14 PDT 
Created attachment 436246 [details]
Patch
Comment 16 Chris Dumez 2021-08-24 07:38:53 PDT 
Created attachment 436285 [details]
Patch
Comment 17 Chris Dumez 2021-08-24 11:24:01 PDT 
Created attachment 436311 [details]
Patch
Comment 18 Chris Dumez 2021-08-24 12:19:53 PDT 
Created attachment 436319 [details]
Patch
Comment 19 EWS 2021-08-24 14:11:48 PDT 
Committed r281516 (240889@main): <https://commits.webkit.org/240889@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 436319 [details].
Comment 20 ayumi_kojima 2021-08-25 09:55:39 PDT 
imported/w3c/web-platform-tests/IndexedDB/serialize-sharedarraybuffer-throws.https.html still shows up as a flaky test on EWS. I will create a new bug for this.
Comment 21 Chris Dumez 2021-08-26 12:30:47 PDT 
Follow-up in https://trac.webkit.org/changeset/281632/webkit to fix fast/loader/reload-zero-byte-plugin.html.