Add Cross-Origin-Opener-Policy support for Blob URLs.
Created attachment 435270 [details] Patch
Created attachment 435284 [details] Patch
Comment on attachment 435284 [details] Patch Why is it ok to have { } in registerBlobURLOptionallyFileBacked and Blob's DeserializationContructor?
Comment on attachment 435284 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=435284&action=review > Source/WebCore/fileapi/Blob.cpp:140 > + ThreadableBlobRegistry::registerBlobURL(nullptr, { }, m_internalURL, srcURL); Passing an empty coop is intentional here. Notice that we are also passing nullptr as the securityOrigin (first parameter). This is because this constructor is merely used when deserializing a Blob passed via SerializedScriptValue. Both srcURL and and m_internalURL are internal blob URLs here (no origin). COOP gets assigned when creating a *public* blob URL from a Blob (By calling URL.createObjectURL()). Blobs themselves don't have a COOP value but there is a COOP value associated with each public Blob URL for the blob in question. > Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:848 > + session->blobRegistry().registerBlobURLOptionallyFileBacked(url, srcURL, BlobDataFileReferenceWithSandboxExtension::create(fileBackedPath), contentType, { }); BlobRegistryImpl::registerBlobURL() calls BlobRegistryImpl::registerBlobURLOptionallyFileBacked() internally so I had to add a COOP parameter to BlobRegistryImpl::registerBlobURLOptionallyFileBacked(). However, ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked() is only called from the Blob deserialization constructor (discussed above) and only deals with internal blob URLs (not public ones with security origins). Also note that ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked() does not take a SecurityOrigin in parameter.
Comment on attachment 435284 [details] Patch Clearing flags on attachment: 435284 Committed r280881 (240418@main): <https://commits.webkit.org/240418@main>
All reviewed patches have been landed. Closing bug.
<rdar://problem/81773955>