Bug 158820 - Prevent refresh/redirect for some WebKit clients
Summary: Prevent refresh/redirect for some WebKit clients
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2016-06-15 17:02 PDT by Brent Fulgham
Modified: 2016-06-16 14:40 PDT (History)
12 users (show)

See Also:

Attachments
Patch (6.69 KB, patch)
2016-06-15 17:08 PDT, Brent Fulgham 		andersca: review-
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2016-06-15 17:02:47 PDT 
WebKit will terminate the WebProcess if it encounters an unexpected file URL.
Comment 1 Brent Fulgham 2016-06-15 17:05:48 PDT 
The termination happens for some WebKit clients that are only meant to render local content. If one of these clients (working with on-file content) is asked to redirect to a non-existing file URL, we shut down the WebProcess.

We should just prevent these clients from allowing a refresh/redirect at all, since we only want to render some local static content.
Comment 2 Brent Fulgham 2016-06-15 17:08:37 PDT 
Created attachment 281405 [details]
Patch
Comment 3 Brent Fulgham 2016-06-15 17:08:57 PDT 
Attached an initial idea that works for my specific error case.
Comment 4 Brent Fulgham 2016-06-15 17:09:14 PDT 
<rdar://problem/18783614>
Comment 5 Brent Fulgham 2016-06-15 17:10:26 PDT 
It might be better to create a specific setting for this that clients could use to control this behavior, rather than looking for specific keys in the user data dictionary.
Comment 6 Anders Carlsson 2016-06-16 13:42:36 PDT 
Comment on attachment 281405 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=281405&action=review

I don't think this is the right approach - it only closes one loophole from what I can tell.

> Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm:201
> +    if (auto* initializationUserData = parameters.initializationUserData.object()) {
> +        RetainPtr<id> objCInitializationUserData;
> +        if (initializationUserData->type() == API::Object::Type::ObjCObjectGraph) {
> +            objCInitializationUserData = static_cast<ObjCObjectGraph*>(initializationUserData)->rootObject();
> +            if (auto* dictionary = (NSDictionary *)objCInitializationUserData.get()) {
> +                if ([dictionary objectForKey: @"CanLoadRemoteResources"])
> +                    SecurityPolicy::setAllowRedirects(false);
> +            }
> +        }
> +    }

The user initialization data is not the right place for this.
Comment 7 Brent Fulgham 2016-06-16 14:11:18 PDT 
Comment on attachment 281405 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=281405&action=review

>> Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm:201
>> +    }
> 
> The user initialization data is not the right place for this.

We could add a WebProcess initialization flag to indicate this use case. Would that be reasonable?

The only negative with that approach is I would need to get the client application to modify their logic to set the flag properly.
Comment 8 Brent Fulgham 2016-06-16 14:40:23 PDT 
Actually, after talking to Anders about this, I realize that this is not needed at all.

The caller should be configuring their WebView using WKPreferencesSetHTTPEquivEnabled (false).