Created attachment 323925 [details] Patch

Comment on attachment 323925 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=323925&action=review > Source/WebCore/loader/cache/CachedResourceLoader.cpp:770 > + if (frame() && m_documentLoader && !m_documentLoader->customHeaderFields().isEmpty()) { > + bool sameOriginRequest = false; > + auto requestedOrigin = SecurityOrigin::create(url); > + if (type == CachedResource::Type::MainResource) { > + if (frame()->isMainFrame()) > + sameOriginRequest = true; > + else if (auto* topDocument = frame()->mainFrame().document()) > + sameOriginRequest = topDocument->securityOrigin().isSameSchemeHostPort(requestedOrigin.get()); > + } else if (document()) { > + sameOriginRequest = document()->topDocument().securityOrigin().isSameSchemeHostPort(requestedOrigin.get()) > + && document()->securityOrigin().isSameSchemeHostPort(requestedOrigin.get()); > + } > + if (sameOriginRequest) { > + for (auto& field : m_documentLoader->customHeaderFields()) > + request.resourceRequest().addHTTPHeaderField(field.name(), field.value()); > + } > + } This does not seem like it will apply the custom headers to a subframe or child window navigated to about:blank or a blob URL (*) page or sub-resources loaded from them. Notice that about:blank inherits the security origin of its parent/opener frame. (*) with the same origin as the document that has custom headers

Created attachment 324566 [details] Patch

(In reply to Daniel Bates from comment #2) > This does not seem like it will apply the custom headers to a subframe or > child window navigated to about:blank or a blob URL (*) page or > sub-resources loaded from them. Notice that about:blank inherits the > security origin of its parent/opener frame. I added a test verifying that this case behaves correctly.

A few problems being fixed in https://bugs.webkit.org/show_bug.cgi?id=179064

<rdar://problem/35568718>