RESOLVED FIXED293385
[Lockdown Mode] Make sure Accept Header matches LDM capabilities 
https://bugs.webkit.org/show_bug.cgi?id=293385
Summary [Lockdown Mode] Make sure Accept Header matches LDM capabilities
Brent Fulgham
Reported 2025-05-21 14:15:50 PDT
We recently discovered that in Lockdown Mode WebKit generates an AcceptHeader containing image types that are disabled. There is no security issue from this, but it's annoying to LDM users who may end up downloading unusable images, etc. This patch causes the Accept Header logic to check for Lockdown Mode state, and only emit relevant types.
Attachments
Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2025-05-21 14:16:07 PDT
<rdar://problem/151333451>
Brent Fulgham
Comment 2 2025-05-21 14:19:59 PDT
Pull request: https://github.com/WebKit/WebKit/pull/45722
EWS
Comment 3 2025-06-17 17:29:32 PDT
Committed 296345@main (f8332133a12b): <https://commits.webkit.org/296345@main> Reviewed commits have been landed. Closing PR #45722 and removing active labels.
WebKit Commit Bot
Comment 4 2025-06-17 22:37:53 PDT
Re-opened since this is blocked by bug 294656
Brent Fulgham
Comment 5 2025-06-18 09:50:47 PDT
Pull request: https://github.com/WebKit/WebKit/pull/46910
EWS
Comment 6 2025-06-18 13:01:33 PDT
Committed 296396@main (c78c210e4b41): <https://commits.webkit.org/296396@main> Reviewed commits have been landed. Closing PR #46910 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.