Bug 209893 - Add SPI to restrict loading to main resources or non-network loads
Summary: Add SPI to restrict loading to main resources or non-network loads
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-04-01 22:05 PDT by Alex Christensen
Modified: 2020-04-02 10:52 PDT (History)
8 users (show)

See Also:


Attachments
Patch (22.68 KB, patch)
2020-04-01 22:06 PDT, Alex Christensen
no flags Details | Formatted Diff | Diff
Patch (22.60 KB, patch)
2020-04-01 22:16 PDT, Alex Christensen
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Christensen 2020-04-01 22:05:15 PDT
Add SPI to restrict loading to main resources or non-network loads
Comment 1 Alex Christensen 2020-04-01 22:06:49 PDT
Created attachment 395242 [details]
Patch
Comment 2 Tim Horton 2020-04-01 22:13:36 PDT
Comment on attachment 395242 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=395242&action=review

Seems reasonable to me though I'd love a cdumez or bradee-oh review

> Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm:921
> +- (BOOL)_loadsFromNetwork

Is this a good name? It really means "allowsLoadingFromHTTPFamilySchemes", right? (what about web sockets, WKURLSchemeHandlers that happen to hit the network, etc...)

> Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm:931
> +- (BOOL)_loadsSubresources

Are we consistent in this capitalization of subresources?
Comment 3 Alex Christensen 2020-04-01 22:16:16 PDT
Created attachment 395243 [details]
Patch
Comment 4 Alex Christensen 2020-04-01 22:20:24 PDT
_loadsFromNetwork prevents http, https, ws, and wss loads.  This is to fix rdar://problem/19426383 which was fixed using bundle SPI that did not block web sockets.  This does block web sockets, as verified by the test, which counts the number of requests.  If it did not block web sockets, the server would see a "request" from the web socket.
We are quite consistent in our capitalization of Subresources.
Comment 5 Tim Horton 2020-04-01 22:23:53 PDT
Ah, I see the WebSocket change now.
Comment 6 EWS 2020-04-02 10:51:12 PDT
Committed r259392: <https://trac.webkit.org/changeset/259392>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 395243 [details].
Comment 7 Radar WebKit Bug Importer 2020-04-02 10:52:14 PDT
<rdar://problem/61215964>