Bug 293385

Summary:	[Lockdown Mode] Make sure Accept Header matches LDM capabilities
Product:	WebKit	Reporter:	Brent Fulgham <bfulgham>
Component:	New Bugs	Assignee:	Brent Fulgham <bfulgham>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	commit-queue, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
Bug Depends on:	294656
Bug Blocks:

Brent Fulgham

Reported 2025-05-21 14:15:50 PDT

We recently discovered that in Lockdown Mode WebKit generates an AcceptHeader containing image types that are disabled. There is no security issue from this, but it's annoying to LDM users who may end up downloading unusable images, etc. This patch causes the Accept Header logic to check for Lockdown Mode state, and only emit relevant types.

Attachments
Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2025-05-21 14:16:07 PDT

<rdar://problem/151333451>

Brent Fulgham

Comment 2 2025-05-21 14:19:59 PDT

Pull request: https://github.com/WebKit/WebKit/pull/45722

EWS

Comment 3 2025-06-17 17:29:32 PDT

Committed 296345@main (f8332133a12b): <https://commits.webkit.org/296345@main> Reviewed commits have been landed. Closing PR #45722 and removing active labels.

WebKit Commit Bot

Comment 4 2025-06-17 22:37:53 PDT

Re-opened since this is blocked by bug 294656

Brent Fulgham

Comment 5 2025-06-18 09:50:47 PDT

Pull request: https://github.com/WebKit/WebKit/pull/46910

EWS

Comment 6 2025-06-18 13:01:33 PDT

Committed 296396@main (c78c210e4b41): <https://commits.webkit.org/296396@main> Reviewed commits have been landed. Closing PR #46910 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.