WebKit Bugzilla
Attachment 349895 Details for
Bug 189602
: PSON: window.open() with 'noopener' should only process-swap cross-site, not cross-origin
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-189602-20180917095122.patch (text/plain), 47.83 KB, created by
Chris Dumez
on 2018-09-17 09:51:23 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Chris Dumez
Created:
2018-09-17 09:51:23 PDT
Size:
47.83 KB
patch
obsolete
>Subversion Revision: 236064 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 82ada9d39001111836889c5c258e47d82a20a87b..f770b2bca507dc64b912f90598529429616fb859 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,35 @@ >+2018-09-14 Chris Dumez <cdumez@apple.com> >+ >+ PSON: window.open() with 'noopener' should only process-swap cross-site, not cross-origin >+ https://bugs.webkit.org/show_bug.cgi?id=189602 >+ <rdar://problem/44430549> >+ >+ Reviewed by Geoff Garen. >+ >+ * loader/DocumentLoader.cpp: >+ (WebCore::DocumentLoader::setTriggeringAction): >+ * loader/DocumentLoader.h: >+ * loader/FrameLoadRequest.h: >+ * loader/FrameLoader.cpp: >+ (WebCore::FrameLoader::loadURL): >+ (WebCore::FrameLoader::loadWithNavigationAction): >+ (WebCore::FrameLoader::loadWithDocumentLoader): >+ (WebCore::FrameLoader::loadPostRequest): >+ (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy): >+ (WebCore::FrameLoader::loadDifferentDocumentItem): >+ Move NavigationAction's opener setting to loadWithNavigationAction() as this is a better bottleneck. >+ Otherwise, we'd have to set it at several call sites. Also move the NavigationAction around instead >+ of copying it. >+ >+ * loader/FrameLoader.h: >+ (WebCore::FrameLoader::loadWithNavigationAction): >+ * loader/NavigationAction.h: >+ (WebCore::NavigationAction::setShouldOpenExternalURLsPolicy): >+ * loader/PolicyChecker.cpp: >+ (WebCore::PolicyChecker::checkNavigationPolicy): >+ * page/DOMWindow.cpp: >+ (WebCore::DOMWindow::createWindow): >+ > 2018-09-08 Darin Adler <darin@apple.com> > > Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 9eecaf4d9880645ad0b1a7fde928d6f8ac2cc50d..8750c7b32fc5c7fb5ce50515e1f8fca27a73e3de 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,51 @@ >+2018-09-14 Chris Dumez <cdumez@apple.com> >+ >+ PSON: window.open() with 'noopener' should only process-swap cross-site, not cross-origin >+ https://bugs.webkit.org/show_bug.cgi?id=189602 >+ <rdar://problem/44430549> >+ >+ Reviewed by Geoff Garen. >+ >+ The following fixes were made to our process swap on navigation logic: >+ - Browsing contexts opened via window.open() with 'noopener' option now only same if >+ they are cross-site, instead of doing a stricter cross-origin check. >+ - Support process swapping when opening a new window via <a target="_blank" rel="noopener"> >+ that is cross-site. >+ >+ In order to support this, the following changes were made: >+ - Stop passing a 'isCrossOriginWindowOpenNavigation' flag to the UIProcess when navigating because: >+ - This is specific to window.open() and does not apply to other windows opened by DOM >+ - This forces the origin check to happens on WebContent process side instead of relying on the >+ one in WebProcessPool in the UIProcess >+ - Pass the origin of the requester to the UIProcess when navigating, so that the WebProcessPool >+ can use the requester's host for the cross-site check for the initial navigation in a new window >+ created by DOM. >+ - Add 2 flags to WebPageProxy which indicate if the page was created by the DOM and if any provisional >+ loads have been committed. The WebProcessPool uses theses flags to recognize initial loads in >+ new windows created by the DOM, so that it uses the requester's origin for the cross-site check. >+ >+ * Shared/NavigationActionData.cpp: >+ (WebKit::NavigationActionData::encode const): >+ (WebKit::NavigationActionData::decode): >+ * Shared/NavigationActionData.h: >+ * UIProcess/API/APINavigation.h: >+ (API::Navigation::setRequesterOrigin): >+ (API::Navigation::requesterOrigin const): >+ * UIProcess/WebPageProxy.cpp: >+ (WebKit::WebPageProxy::continueNavigationInNewProcess): >+ (WebKit::WebPageProxy::didCommitLoadForFrame): >+ (WebKit::WebPageProxy::decidePolicyForNavigationAction): >+ (WebKit::WebPageProxy::createNewPage): >+ * UIProcess/WebPageProxy.h: >+ (WebKit::WebPageProxy::setOpenedByDOM): >+ (WebKit::WebPageProxy::openedByDOM const): >+ (WebKit::WebPageProxy::hasCommittedAnyProvisionalLoads const): >+ * UIProcess/WebProcessPool.cpp: >+ (WebKit::shouldUseSameProcessBasedOnURLs): >+ (WebKit::WebProcessPool::processForNavigationInternal): >+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: >+ (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction): >+ > 2018-09-17 Michael Catanzaro <mcatanzaro@igalia.com> > > Unreviewed, fix incorrect WPE build fix made in r236009 >diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp >index 43060692cdb60e72e88c941ad488b278f59431fc..2453a7190b62c9dfb35b1e38ec9be688483e760d 100644 >--- a/Source/WebCore/loader/DocumentLoader.cpp >+++ b/Source/WebCore/loader/DocumentLoader.cpp >@@ -1980,9 +1980,10 @@ void DocumentLoader::dispatchOnloadEvents() > m_applicationCacheHost->stopDeferringEvents(); > } > >-void DocumentLoader::setTriggeringAction(const NavigationAction& action) >+void DocumentLoader::setTriggeringAction(NavigationAction&& action) > { >- m_triggeringAction = action.copyWithShouldOpenExternalURLsPolicy(m_frame ? shouldOpenExternalURLsPolicyToPropagate() : m_shouldOpenExternalURLsPolicy); >+ m_triggeringAction = WTFMove(action); >+ m_triggeringAction.setShouldOpenExternalURLsPolicy(m_frame ? shouldOpenExternalURLsPolicyToPropagate() : m_shouldOpenExternalURLsPolicy); > } > > ShouldOpenExternalURLsPolicy DocumentLoader::shouldOpenExternalURLsPolicyToPropagate() const >diff --git a/Source/WebCore/loader/DocumentLoader.h b/Source/WebCore/loader/DocumentLoader.h >index 9f9a8221ad8a3fd2f9be3cc502d5a6ec858e39e6..ac948ccdadd0aa1c5e1be7a01ea160901c1fa374 100644 >--- a/Source/WebCore/loader/DocumentLoader.h >+++ b/Source/WebCore/loader/DocumentLoader.h >@@ -214,7 +214,7 @@ public: > const Vector<ResourceResponse>& responses() const { return m_responses; } > > const NavigationAction& triggeringAction() const { return m_triggeringAction; } >- void setTriggeringAction(const NavigationAction&); >+ void setTriggeringAction(NavigationAction&&); > void setOverrideEncoding(const String& encoding) { m_overrideEncoding = encoding; } > void setLastCheckedRequest(ResourceRequest&& request) { m_lastCheckedRequest = WTFMove(request); } > const ResourceRequest& lastCheckedRequest() { return m_lastCheckedRequest; } >diff --git a/Source/WebCore/loader/FrameLoadRequest.h b/Source/WebCore/loader/FrameLoadRequest.h >index 03177d38c606cdb802897a0b71da6d91c1d037d4..3970ab995eed0d2f9e998d92835876a753556539 100644 >--- a/Source/WebCore/loader/FrameLoadRequest.h >+++ b/Source/WebCore/loader/FrameLoadRequest.h >@@ -88,9 +88,6 @@ public: > > InitiatedByMainFrame initiatedByMainFrame() const { return m_initiatedByMainFrame; } > >- void setIsCrossOriginWindowOpenNavigation(bool value) { m_isCrossOriginWindowOpenNavigation = value; } >- bool isCrossOriginWindowOpenNavigation() const { return m_isCrossOriginWindowOpenNavigation; } >- > bool isSystemPreview() const { return m_systemPreviewInfo.isSystemPreview; } > const IntRect& systemPreviewRect() const { return m_systemPreviewInfo.systemPreviewRect; } > >@@ -112,7 +109,6 @@ private: > ShouldOpenExternalURLsPolicy m_shouldOpenExternalURLsPolicy { ShouldOpenExternalURLsPolicy::ShouldNotAllow }; > AtomicString m_downloadAttribute; > InitiatedByMainFrame m_initiatedByMainFrame { InitiatedByMainFrame::Unknown }; >- bool m_isCrossOriginWindowOpenNavigation { false }; > SystemPreviewInfo m_systemPreviewInfo; > ShouldSkipSafeBrowsingCheck m_shouldSkipSafeBrowsingCheck { ShouldSkipSafeBrowsingCheck::No }; > }; >diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp >index 20a1f784f0d04a2ec1962cee503e0847f8225a06..e76d0db7c327b78887e2033a9be3c1679559a431 100644 >--- a/Source/WebCore/loader/FrameLoader.cpp >+++ b/Source/WebCore/loader/FrameLoader.cpp >@@ -1363,16 +1363,9 @@ void FrameLoader::loadURL(FrameLoadRequest&& frameLoadRequest, const String& ref > return; > > NavigationAction action { frameLoadRequest.requester(), request, frameLoadRequest.initiatedByMainFrame(), newLoadType, isFormSubmission, event, frameLoadRequest.shouldOpenExternalURLsPolicy(), frameLoadRequest.downloadAttribute() }; >- action.setIsCrossOriginWindowOpenNavigation(frameLoadRequest.isCrossOriginWindowOpenNavigation()); > if (m_frame.page() && m_frame.page()->openedViaWindowOpenWithOpener()) > action.setOpenedViaWindowOpenWithOpener(); > action.setHasOpenedFrames(!m_openedFrames.isEmpty()); >- if (auto* opener = this->opener()) { >- auto pageID = opener->loader().client().pageID(); >- auto frameID = opener->loader().client().frameID(); >- if (pageID && frameID) >- action.setOpener(std::make_pair(*pageID, *frameID)); >- } > > if (!targetFrame && !frameName.isEmpty()) { > action = action.copyWithShouldOpenExternalURLsPolicy(shouldOpenExternalURLsPolicyToApply(m_frame, frameLoadRequest)); >@@ -1392,7 +1385,7 @@ void FrameLoader::loadURL(FrameLoadRequest&& frameLoadRequest, const String& ref > // exactly the same so pages with '#' links and DHTML side effects > // work properly. > if (shouldPerformFragmentNavigation(isFormSubmission, httpMethod, newLoadType, newURL)) { >- oldDocumentLoader->setTriggeringAction(action); >+ oldDocumentLoader->setTriggeringAction(WTFMove(action)); > oldDocumentLoader->setLastCheckedRequest(ResourceRequest()); > policyChecker().stopCheck(); > policyChecker().setLoadType(newLoadType); >@@ -1410,7 +1403,7 @@ void FrameLoader::loadURL(FrameLoadRequest&& frameLoadRequest, const String& ref > if (isSystemPreview) > request.setSystemPreviewRect(frameLoadRequest.systemPreviewRect()); > #endif >- loadWithNavigationAction(request, action, lockHistory, newLoadType, WTFMove(formState), allowNavigationToInvalidURL, frameLoadRequest.shouldSkipSafeBrowsingCheck(), [this, isRedirect, sameURL, newLoadType, protectedFrame = makeRef(m_frame), completionHandler = completionHandlerCaller.release()] () mutable { >+ loadWithNavigationAction(request, WTFMove(action), lockHistory, newLoadType, WTFMove(formState), allowNavigationToInvalidURL, frameLoadRequest.shouldSkipSafeBrowsingCheck(), [this, isRedirect, sameURL, newLoadType, protectedFrame = makeRef(m_frame), completionHandler = completionHandlerCaller.release()] () mutable { > if (isRedirect) { > m_quickRedirectComing = false; > if (m_provisionalDocumentLoader) >@@ -1475,7 +1468,7 @@ void FrameLoader::load(FrameLoadRequest&& request) > load(loader.get(), request.shouldSkipSafeBrowsingCheck()); > } > >-void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, const NavigationAction& action, LockHistory lockHistory, FrameLoadType type, RefPtr<FormState>&& formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL, ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck, CompletionHandler<void()>&& completionHandler) >+void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, NavigationAction&& action, LockHistory lockHistory, FrameLoadType type, RefPtr<FormState>&& formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL, ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck, CompletionHandler<void()>&& completionHandler) > { > Ref<DocumentLoader> loader = m_client.createDocumentLoader(request, defaultSubstituteDataForURL(request.url())); > applyShouldOpenExternalURLsPolicyToNewDocumentLoader(m_frame, loader, action.initiatedByMainFrame(), action.shouldOpenExternalURLsPolicy()); >@@ -1483,7 +1476,14 @@ void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, const > if (lockHistory == LockHistory::Yes && m_documentLoader) > loader->setClientRedirectSourceForHistory(m_documentLoader->didCreateGlobalHistoryEntry() ? m_documentLoader->urlForHistory().string() : m_documentLoader->clientRedirectSourceForHistory()); > >- loader->setTriggeringAction(action); >+ if (auto* opener = this->opener()) { >+ auto pageID = opener->loader().client().pageID(); >+ auto frameID = opener->loader().client().frameID(); >+ if (pageID && frameID) >+ action.setOpener(std::make_pair(*pageID, *frameID)); >+ } >+ >+ loader->setTriggeringAction(WTFMove(action)); > if (m_documentLoader) > loader->setOverrideEncoding(m_documentLoader->overrideEncoding()); > >@@ -1568,7 +1568,7 @@ void FrameLoader::loadWithDocumentLoader(DocumentLoader* loader, FrameLoadType t > RefPtr<DocumentLoader> oldDocumentLoader = m_documentLoader; > NavigationAction action { *m_frame.document(), loader->request(), InitiatedByMainFrame::Unknown, policyChecker().loadType(), isFormSubmission }; > >- oldDocumentLoader->setTriggeringAction(action); >+ oldDocumentLoader->setTriggeringAction(WTFMove(action)); > oldDocumentLoader->setLastCheckedRequest(ResourceRequest()); > policyChecker().stopCheck(); > policyChecker().checkNavigationPolicy(ResourceRequest(loader->request()), ResourceResponse { } /* redirectResponse */, oldDocumentLoader.get(), WTFMove(formState), [this, protectedFrame = makeRef(m_frame)] (const ResourceRequest& request, WeakPtr<FormState>&&, ShouldContinue shouldContinue) { >@@ -2928,7 +2928,7 @@ void FrameLoader::loadPostRequest(FrameLoadRequest&& request, const String& refe > if (!frameName.isEmpty()) { > // The search for a target frame is done earlier in the case of form submission. > if (auto* targetFrame = formState ? nullptr : findFrameForNavigation(frameName)) { >- targetFrame->loader().loadWithNavigationAction(workingResourceRequest, action, lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, ShouldSkipSafeBrowsingCheck::No, WTFMove(completionHandler)); >+ targetFrame->loader().loadWithNavigationAction(workingResourceRequest, WTFMove(action), lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, ShouldSkipSafeBrowsingCheck::No, WTFMove(completionHandler)); > return; > } > >@@ -2941,7 +2941,7 @@ void FrameLoader::loadPostRequest(FrameLoadRequest&& request, const String& refe > > // must grab this now, since this load may stop the previous load and clear this flag > bool isRedirect = m_quickRedirectComing; >- loadWithNavigationAction(workingResourceRequest, action, lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, request.shouldSkipSafeBrowsingCheck(), [this, isRedirect, protectedFrame = makeRef(m_frame), completionHandler = WTFMove(completionHandler)] () mutable { >+ loadWithNavigationAction(workingResourceRequest, WTFMove(action), lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, request.shouldSkipSafeBrowsingCheck(), [this, isRedirect, protectedFrame = makeRef(m_frame), completionHandler = WTFMove(completionHandler)] () mutable { > if (isRedirect) { > m_quickRedirectComing = false; > if (m_provisionalDocumentLoader) >@@ -3403,7 +3403,7 @@ void FrameLoader::continueLoadAfterNewWindowPolicy(const ResourceRequest& reques > } > > NavigationAction newAction { *frame->document(), request, InitiatedByMainFrame::Unknown, NavigationType::Other, action.shouldOpenExternalURLsPolicy() }; >- mainFrame->loader().loadWithNavigationAction(request, newAction, LockHistory::No, FrameLoadType::Standard, formState, allowNavigationToInvalidURL); >+ mainFrame->loader().loadWithNavigationAction(request, WTFMove(newAction), LockHistory::No, FrameLoadType::Standard, formState, allowNavigationToInvalidURL); > } > > void FrameLoader::requestFromDelegate(ResourceRequest& request, unsigned long& identifier, ResourceError& error) >@@ -3687,7 +3687,7 @@ void FrameLoader::loadDifferentDocumentItem(HistoryItem& item, FrameLoadType loa > > action.setTargetBackForwardItem(item); > >- loadWithNavigationAction(request, action, LockHistory::No, loadType, { }, AllowNavigationToInvalidURL::Yes); >+ loadWithNavigationAction(request, WTFMove(action), LockHistory::No, loadType, { }, AllowNavigationToInvalidURL::Yes); > } > > // Loads content into this frame, as specified by history item >diff --git a/Source/WebCore/loader/FrameLoader.h b/Source/WebCore/loader/FrameLoader.h >index 86b74baa03cc9b09a7d851c7d07d70e4bf8b8fa2..9ed7a5dd6dee00744d373217910240f0a7fcd44b 100644 >--- a/Source/WebCore/loader/FrameLoader.h >+++ b/Source/WebCore/loader/FrameLoader.h >@@ -372,7 +372,7 @@ private: > void loadWithDocumentLoader(DocumentLoader*, FrameLoadType, RefPtr<FormState>&&, AllowNavigationToInvalidURL, ShouldTreatAsContinuingLoad, ShouldSkipSafeBrowsingCheck = ShouldSkipSafeBrowsingCheck::No, CompletionHandler<void()>&& = [] { }); // Calls continueLoadAfterNavigationPolicy > void load(DocumentLoader&, ShouldSkipSafeBrowsingCheck); // Calls loadWithDocumentLoader > >- void loadWithNavigationAction(const ResourceRequest&, const NavigationAction&, LockHistory, FrameLoadType, RefPtr<FormState>&&, AllowNavigationToInvalidURL, ShouldSkipSafeBrowsingCheck = ShouldSkipSafeBrowsingCheck::No, CompletionHandler<void()>&& = [] { }); // Calls loadWithDocumentLoader >+ void loadWithNavigationAction(const ResourceRequest&, NavigationAction&&, LockHistory, FrameLoadType, RefPtr<FormState>&&, AllowNavigationToInvalidURL, ShouldSkipSafeBrowsingCheck = ShouldSkipSafeBrowsingCheck::No, CompletionHandler<void()>&& = [] { }); // Calls loadWithDocumentLoader > > void loadPostRequest(FrameLoadRequest&&, const String& referrer, FrameLoadType, Event*, RefPtr<FormState>&&, CompletionHandler<void()>&&); > void loadURL(FrameLoadRequest&&, const String& referrer, FrameLoadType, Event*, RefPtr<FormState>&&, CompletionHandler<void()>&&); >diff --git a/Source/WebCore/loader/NavigationAction.h b/Source/WebCore/loader/NavigationAction.h >index 95bce229bc81579825e89bff288a230ab3bf814a..9d721d6e7134a8439d2294bc29507409360daa83 100644 >--- a/Source/WebCore/loader/NavigationAction.h >+++ b/Source/WebCore/loader/NavigationAction.h >@@ -111,15 +111,13 @@ public: > RefPtr<UserGestureToken> userGestureToken() const { return m_userGestureToken; } > > ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicy() const { return m_shouldOpenExternalURLsPolicy; } >+ void setShouldOpenExternalURLsPolicy(ShouldOpenExternalURLsPolicy policy) { m_shouldOpenExternalURLsPolicy = policy; } > InitiatedByMainFrame initiatedByMainFrame() const { return m_initiatedByMainFrame; } > > const AtomicString& downloadAttribute() const { return m_downloadAttribute; } > > bool treatAsSameOriginNavigation() const { return m_treatAsSameOriginNavigation; } > >- void setIsCrossOriginWindowOpenNavigation(bool value) { m_isCrossOriginWindowOpenNavigation = value; } >- bool isCrossOriginWindowOpenNavigation() const { return m_isCrossOriginWindowOpenNavigation; } >- > void setOpener(std::optional<PageIDAndFrameIDPair>&& opener) { m_opener = WTFMove(opener); } > const std::optional<PageIDAndFrameIDPair>& opener() const { return m_opener; } > >@@ -145,7 +143,6 @@ private: > RefPtr<UserGestureToken> m_userGestureToken { UserGestureIndicator::currentUserGesture() }; > AtomicString m_downloadAttribute; > bool m_treatAsSameOriginNavigation; >- bool m_isCrossOriginWindowOpenNavigation { false }; > bool m_hasOpenedFrames { false }; > bool m_openedViaWindowOpenWithOpener { false }; > std::optional<PageIDAndFrameIDPair> m_opener; >diff --git a/Source/WebCore/loader/PolicyChecker.cpp b/Source/WebCore/loader/PolicyChecker.cpp >index 25c08c3a1fca908588ba00e03704ea885769fff6..aa1a1f42a38a0c6585d70e96732cece507898301 100644 >--- a/Source/WebCore/loader/PolicyChecker.cpp >+++ b/Source/WebCore/loader/PolicyChecker.cpp >@@ -103,7 +103,7 @@ void PolicyChecker::checkNavigationPolicy(ResourceRequest&& request, const Resou > NavigationAction action = loader->triggeringAction(); > if (action.isEmpty()) { > action = NavigationAction { *m_frame.document(), request, InitiatedByMainFrame::Unknown, NavigationType::Other, loader->shouldOpenExternalURLsPolicyToPropagate() }; >- loader->setTriggeringAction(action); >+ loader->setTriggeringAction(NavigationAction { action }); > } > > // Don't ask more than once for the same request or if we are loading an empty URL. >diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp >index 1f0eefab460d0116f1d8d597da05835708b90318..90a88d36e13e701d244dc3563babf656dea1fb4d 100644 >--- a/Source/WebCore/page/DOMWindow.cpp >+++ b/Source/WebCore/page/DOMWindow.cpp >@@ -2282,8 +2282,6 @@ ExceptionOr<RefPtr<Frame>> DOMWindow::createWindow(const String& urlString, cons > ResourceRequest resourceRequest { completedURL, referrer, ResourceRequestCachePolicy::UseProtocolCachePolicy }; > FrameLoader::addSameSiteInfoToRequestIfNeeded(resourceRequest, openerFrame.document()); > FrameLoadRequest frameLoadRequest { *activeWindow.document(), activeWindow.document()->securityOrigin(), resourceRequest, "_self"_s, LockHistory::No, LockBackForwardList::No, MaybeSendReferrer, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Allow, activeDocument->shouldOpenExternalURLsPolicyToPropagate(), initiatedByMainFrame }; >- if (openerFrame.document() && !protocolHostAndPortAreEqual(openerFrame.document()->url(), frameLoadRequest.resourceRequest().url())) >- frameLoadRequest.setIsCrossOriginWindowOpenNavigation(true); > newFrame->loader().changeLocation(WTFMove(frameLoadRequest)); > > #if HAVE(CFNETWORK_STORAGE_PARTITIONING) >diff --git a/Source/WebKit/Shared/NavigationActionData.cpp b/Source/WebKit/Shared/NavigationActionData.cpp >index 95496dab0c71fc508975ee7e0f36c00c659c8d66..394361db04b641e55c77388fa53df146b928c0d1 100644 >--- a/Source/WebKit/Shared/NavigationActionData.cpp >+++ b/Source/WebKit/Shared/NavigationActionData.cpp >@@ -46,10 +46,10 @@ void NavigationActionData::encode(IPC::Encoder& encoder) const > encoder << clickLocationInRootViewCoordinates; > encoder << isRedirect; > encoder << treatAsSameOriginNavigation; >- encoder << isCrossOriginWindowOpenNavigation; > encoder << hasOpenedFrames; > encoder << openedViaWindowOpenWithOpener; > encoder << opener; >+ encoder << requesterOrigin; > encoder << targetBackForwardItemIdentifier; > } > >@@ -104,11 +104,6 @@ std::optional<NavigationActionData> NavigationActionData::decode(IPC::Decoder& d > if (!treatAsSameOriginNavigation) > return std::nullopt; > >- std::optional<bool> isCrossOriginWindowOpenNavigation; >- decoder >> isCrossOriginWindowOpenNavigation; >- if (!isCrossOriginWindowOpenNavigation) >- return std::nullopt; >- > std::optional<bool> hasOpenedFrames; > decoder >> hasOpenedFrames; > if (!hasOpenedFrames) >@@ -124,6 +119,11 @@ std::optional<NavigationActionData> NavigationActionData::decode(IPC::Decoder& d > if (!opener) > return std::nullopt; > >+ std::optional<WebCore::SecurityOriginData> requesterOrigin; >+ decoder >> requesterOrigin; >+ if (!opener) >+ return std::nullopt; >+ > std::optional<std::optional<WebCore::BackForwardItemIdentifier>> targetBackForwardItemIdentifier; > decoder >> targetBackForwardItemIdentifier; > if (!targetBackForwardItemIdentifier) >@@ -131,7 +131,8 @@ std::optional<NavigationActionData> NavigationActionData::decode(IPC::Decoder& d > > return {{ WTFMove(navigationType), WTFMove(modifiers), WTFMove(mouseButton), WTFMove(syntheticClickType), WTFMove(*userGestureTokenIdentifier), > WTFMove(*canHandleRequest), WTFMove(shouldOpenExternalURLsPolicy), WTFMove(*downloadAttribute), WTFMove(clickLocationInRootViewCoordinates), >- WTFMove(*isRedirect), *treatAsSameOriginNavigation, *isCrossOriginWindowOpenNavigation, *hasOpenedFrames, *openedViaWindowOpenWithOpener, WTFMove(*opener), WTFMove(*targetBackForwardItemIdentifier) }}; >+ WTFMove(*isRedirect), *treatAsSameOriginNavigation, *hasOpenedFrames, *openedViaWindowOpenWithOpener, WTFMove(*opener), WTFMove(*requesterOrigin), >+ WTFMove(*targetBackForwardItemIdentifier) }}; > } > > } // namespace WebKit >diff --git a/Source/WebKit/Shared/NavigationActionData.h b/Source/WebKit/Shared/NavigationActionData.h >index 79008d845619af6122754a31f8db4b4a964a1f9f..0839f1f4b5d44d72f05f667c9ab3d72e1019caf6 100644 >--- a/Source/WebKit/Shared/NavigationActionData.h >+++ b/Source/WebKit/Shared/NavigationActionData.h >@@ -29,6 +29,7 @@ > #include <WebCore/BackForwardItemIdentifier.h> > #include <WebCore/FloatPoint.h> > #include <WebCore/FrameLoaderTypes.h> >+#include <WebCore/SecurityOriginData.h> > > namespace IPC { > class Decoder; >@@ -52,10 +53,10 @@ struct NavigationActionData { > WebCore::FloatPoint clickLocationInRootViewCoordinates; > bool isRedirect { false }; > bool treatAsSameOriginNavigation { false }; >- bool isCrossOriginWindowOpenNavigation { false }; > bool hasOpenedFrames { false }; > bool openedViaWindowOpenWithOpener { false }; > std::optional<std::pair<uint64_t, uint64_t>> opener; >+ WebCore::SecurityOriginData requesterOrigin; > std::optional<WebCore::BackForwardItemIdentifier> targetBackForwardItemIdentifier; > }; > >diff --git a/Source/WebKit/UIProcess/API/APINavigation.h b/Source/WebKit/UIProcess/API/APINavigation.h >index abd85c73eba69991713f8822cf316553255a7bbc..97ee96ddd6e47a19acdc2f2848f7a76297bdd1f2 100644 >--- a/Source/WebKit/UIProcess/API/APINavigation.h >+++ b/Source/WebKit/UIProcess/API/APINavigation.h >@@ -29,6 +29,7 @@ > #include "WebBackForwardListItem.h" > #include <WebCore/Process.h> > #include <WebCore/ResourceRequest.h> >+#include <WebCore/SecurityOriginData.h> > #include <wtf/Ref.h> > > namespace WebCore { >@@ -88,9 +89,6 @@ public: > void setTreatAsSameOriginNavigation(bool value) { m_treatAsSameOriginNavigation = value; } > bool treatAsSameOriginNavigation() const { return m_treatAsSameOriginNavigation; } > >- void setIsCrossOriginWindowOpenNavigation(bool value) { m_isCrossOriginWindowOpenNavigation = value; } >- bool isCrossOriginWindowOpenNavigation() const { return m_isCrossOriginWindowOpenNavigation; } >- > void setHasOpenedFrames(bool value) { m_hasOpenedFrames = value; } > bool hasOpenedFrames() const { return m_hasOpenedFrames; } > >@@ -100,6 +98,9 @@ public: > void setOpener(const std::optional<std::pair<uint64_t, uint64_t>>& opener) { m_opener = opener; } > const std::optional<std::pair<uint64_t, uint64_t>>& opener() const { return m_opener; } > >+ void setRequesterOrigin(const WebCore::SecurityOriginData& origin) { m_requesterOrigin = origin; } >+ const WebCore::SecurityOriginData& requesterOrigin() const { return m_requesterOrigin; } >+ > #if !LOG_DISABLED > const char* loggingString() const; > #endif >@@ -122,10 +123,10 @@ private: > RefPtr<WebKit::WebBackForwardListItem> m_fromItem; > std::optional<WebCore::FrameLoadType> m_backForwardFrameLoadType; > bool m_treatAsSameOriginNavigation { false }; >- bool m_isCrossOriginWindowOpenNavigation { false }; > bool m_hasOpenedFrames { false }; > bool m_openedViaWindowOpenWithOpener { false }; > std::optional<std::pair<uint64_t, uint64_t>> m_opener; >+ WebCore::SecurityOriginData m_requesterOrigin; > }; > > } // namespace API >diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp >index 7ab55914d715eff53be5eb95273948d9385f1968..7190eabed994156a36aabd46e724ce0d09de95f9 100644 >--- a/Source/WebKit/UIProcess/WebPageProxy.cpp >+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp >@@ -2523,7 +2523,8 @@ void WebPageProxy::continueNavigationInNewProcess(API::Navigation& navigation, R > }; > } > >- if (!navigation.isCrossOriginWindowOpenNavigation() || !navigatedFrameIdentifierInPreviousProcess) >+ bool isInitialNavigationInNewWindow = openedByDOM() && !hasCommittedAnyProvisionalLoads(); >+ if (!isInitialNavigationInNewWindow || !navigatedFrameIdentifierInPreviousProcess) > return; > > m_mainFrameWindowCreationHandler = [this, previousProcess = WTFMove(previousProcess), navigatedFrameIdentifierInPreviousProcess = *navigatedFrameIdentifierInPreviousProcess](const GlobalWindowIdentifier& windowIdentifier) { >@@ -3628,6 +3629,7 @@ void WebPageProxy::didCommitLoadForFrame(uint64_t frameID, uint64_t navigationID > if (frame->isMainFrame() && navigationID) > navigation = &navigationState().navigation(navigationID); > >+ m_hasCommittedAnyProvisionalLoads = true; > m_process->didCommitProvisionalLoad(); > > #if PLATFORM(IOS) >@@ -4020,11 +4022,11 @@ void WebPageProxy::decidePolicyForNavigationAction(uint64_t frameID, const WebCo > navigation->setCurrentRequest(ResourceRequest(request), m_process->coreProcessIdentifier()); > navigation->setCurrentRequestIsRedirect(navigationActionData.isRedirect); > navigation->setTreatAsSameOriginNavigation(navigationActionData.treatAsSameOriginNavigation); >- navigation->setIsCrossOriginWindowOpenNavigation(navigationActionData.isCrossOriginWindowOpenNavigation); > navigation->setHasOpenedFrames(navigationActionData.hasOpenedFrames); > if (navigationActionData.openedViaWindowOpenWithOpener) > navigation->setOpenedViaWindowOpenWithOpener(); > navigation->setOpener(navigationActionData.opener); >+ navigation->setRequesterOrigin(navigationActionData.requesterOrigin); > > #if ENABLE(CONTENT_FILTERING) > if (frame->didHandleContentFilterUnblockNavigation(request)) >@@ -4272,6 +4274,8 @@ void WebPageProxy::createNewPage(const FrameInfoData& originatingFrameInfoData, > return; > } > >+ newPage->setOpenedByDOM(); >+ > reply(newPage->pageID(), newPage->creationParameters()); > > WebsiteDataStore::cloneSessionData(*this, *newPage); >diff --git a/Source/WebKit/UIProcess/WebPageProxy.h b/Source/WebKit/UIProcess/WebPageProxy.h >index a9d3072975cec2989e7542de7ef12e696b4a5c48..f4e5419c00c8538b153e457b6f46e5a4f976ba1b 100644 >--- a/Source/WebKit/UIProcess/WebPageProxy.h >+++ b/Source/WebKit/UIProcess/WebPageProxy.h >@@ -440,6 +440,11 @@ public: > bool tryClose(); > bool isClosed() const { return m_isClosed; } > >+ void setOpenedByDOM() { m_openedByDOM = true; } >+ bool openedByDOM() const { return m_openedByDOM; } >+ >+ bool hasCommittedAnyProvisionalLoads() const { return m_hasCommittedAnyProvisionalLoads; } >+ > void setIsUsingHighPerformanceWebGL(bool value) { m_isUsingHighPerformanceWebGL = value; } > bool isUsingHighPerformanceWebGL() const { return m_isUsingHighPerformanceWebGL; } > >@@ -2210,6 +2215,8 @@ private: > #endif > > bool m_isUsingHighPerformanceWebGL { false }; >+ bool m_openedByDOM { false }; >+ bool m_hasCommittedAnyProvisionalLoads { false }; > > HashMap<String, Ref<WebURLSchemeHandler>> m_urlSchemeHandlersByScheme; > HashMap<uint64_t, Ref<WebURLSchemeHandler>> m_urlSchemeHandlersByIdentifier; >diff --git a/Source/WebKit/UIProcess/WebProcessPool.cpp b/Source/WebKit/UIProcess/WebProcessPool.cpp >index 5133ff664ffec0f00cac881b6987d5600ed38368..f880690853dbda061545b0cfd9eca8a4b52960de 100644 >--- a/Source/WebKit/UIProcess/WebProcessPool.cpp >+++ b/Source/WebKit/UIProcess/WebProcessPool.cpp >@@ -2142,26 +2142,15 @@ Ref<WebProcessProxy> WebProcessPool::processForNavigationInternal(WebPageProxy& > return page.process(); > } > >- if (navigation.isCrossOriginWindowOpenNavigation()) { >- if (navigation.opener() && !m_configuration->processSwapsOnWindowOpenWithOpener()) { >- reason = "Browsing context has an opener"_s; >- return page.process(); >- } >- >- reason = "Initial navigation is cross-site in a newly opened window"_s; >- action = PolicyAction::Ignore; >- return createNewWebProcess(page.websiteDataStore()); >- } >- > // FIXME: We should support process swap when a window has been opened via window.open() without 'noopener'. > // The issue is that the opener has a handle to the WindowProxy. >- if (navigation.openedViaWindowOpenWithOpener()) { >+ if (navigation.openedViaWindowOpenWithOpener() && !m_configuration->processSwapsOnWindowOpenWithOpener()) { > reason = "Browsing context been opened via window.open() without 'noopener'"_s; > return page.process(); > } > > // FIXME: We should support process swap when a window has an opener. >- if (navigation.opener()) { >+ if (navigation.opener() && !m_configuration->processSwapsOnWindowOpenWithOpener()) { > reason = "Browsing context has an opener"_s; > return page.process(); > } >@@ -2197,7 +2186,12 @@ Ref<WebProcessProxy> WebProcessPool::processForNavigationInternal(WebPageProxy& > return page.process(); > } > >- auto url = URL { ParsedURLString, page.pageLoadState().url() }; >+ bool isInitialLoadInNewWindowOpenedByDOM = page.openedByDOM() && !page.hasCommittedAnyProvisionalLoads(); >+ URL url; >+ if (isInitialLoadInNewWindowOpenedByDOM && !navigation.requesterOrigin().isEmpty()) >+ url = URL { URL(), navigation.requesterOrigin().toString() }; >+ else >+ url = URL { ParsedURLString, page.pageLoadState().url() }; > if (!url.isValid() || !targetURL.isValid() || url.isEmpty() || url.isBlankURL() || registrableDomainsAreEqual(url, targetURL)) { > reason = "Navigation is same-site"_s; > return page.process(); >diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >index 5b1f37a79ecc2c830c335b6d1a049f3626744506..703a8a04af86cd82856cd6964fe7eaa98d6f7fef 100644 >--- a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >@@ -866,10 +866,11 @@ void WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const Navigat > navigationActionData.downloadAttribute = navigationAction.downloadAttribute(); > navigationActionData.isRedirect = !redirectResponse.isNull(); > navigationActionData.treatAsSameOriginNavigation = navigationAction.treatAsSameOriginNavigation(); >- navigationActionData.isCrossOriginWindowOpenNavigation = navigationAction.isCrossOriginWindowOpenNavigation(); > navigationActionData.hasOpenedFrames = navigationAction.hasOpenedFrames(); > navigationActionData.openedViaWindowOpenWithOpener = navigationAction.openedViaWindowOpenWithOpener(); > navigationActionData.opener = navigationAction.opener(); >+ if (auto& requester = navigationAction.requester()) >+ navigationActionData.requesterOrigin = requester->securityOrigin().data(); > navigationActionData.targetBackForwardItemIdentifier = navigationAction.targetBackForwardItemIdentifier(); > > WebCore::Frame* coreFrame = m_frame->coreFrame(); >diff --git a/Tools/ChangeLog b/Tools/ChangeLog >index 5fe064ee88198fd3c53b43366d1197d166b12a03..680682eae4f094ef789c9c493644c66c365967e1 100644 >--- a/Tools/ChangeLog >+++ b/Tools/ChangeLog >@@ -1,3 +1,15 @@ >+2018-09-14 Chris Dumez <cdumez@apple.com> >+ >+ PSON: window.open() with 'noopener' should only process-swap cross-site, not cross-origin >+ https://bugs.webkit.org/show_bug.cgi?id=189602 >+ <rdar://problem/44430549> >+ >+ Reviewed by Geoff Garen. >+ >+ Add API test coverage. >+ >+ * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm: >+ > 2018-09-17 Philippe Normand <pnormand@igalia.com> > > [JHBuild] Update to GStreamer 1.14.3 >diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm >index f70d11f1fa56b2f8ef7ddbb618e577c35b984f78..71b21eb492ed649e93dcbf38f2ba111d77b5e002 100644 >--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm >+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm >@@ -247,7 +247,7 @@ window.onpageshow = function(evt) { > > #if PLATFORM(MAC) > >-static const char* windowOpenCrossOriginNoOpenerTestBytes = R"PSONRESOURCE( >+static const char* windowOpenCrossSiteNoOpenerTestBytes = R"PSONRESOURCE( > <script> > window.onload = function() { > window.open("pson://www.apple.com/main.html", "_blank", "noopener"); >@@ -255,7 +255,15 @@ window.onload = function() { > </script> > )PSONRESOURCE"; > >-static const char* windowOpenCrossOriginWithOpenerTestBytes = R"PSONRESOURCE( >+static const char* windowOpenCrossOriginButSameSiteNoOpenerTestBytes = R"PSONRESOURCE( >+<script> >+window.onload = function() { >+ window.open("pson://www.webkit.org:8080/main.html", "_blank", "noopener"); >+} >+</script> >+)PSONRESOURCE"; >+ >+static const char* windowOpenCrossSiteWithOpenerTestBytes = R"PSONRESOURCE( > <script> > window.onload = function() { > window.open("pson://www.apple.com/main.html"); >@@ -263,7 +271,7 @@ window.onload = function() { > </script> > )PSONRESOURCE"; > >-static const char* windowOpenSameOriginNoOpenerTestBytes = R"PSONRESOURCE( >+static const char* windowOpenSameSiteNoOpenerTestBytes = R"PSONRESOURCE( > <script> > window.onload = function() { > if (!opener) >@@ -272,6 +280,33 @@ window.onload = function() { > </script> > )PSONRESOURCE"; > >+static const char* targetBlankCrossSiteWithOpenerTestBytes = R"PSONRESOURCE( >+<a id="testLink" target="_blank" href="pson://www.apple.com/main.html">Link</a> >+<script> >+window.onload = function() { >+ testLink.click(); >+} >+</script> >+)PSONRESOURCE"; >+ >+static const char* targetBlankCrossSiteNoOpenerTestBytes = R"PSONRESOURCE( >+<a id="testLink" target="_blank" href="pson://www.apple.com/main.html" rel="noopener">Link</a> >+<script> >+window.onload = function() { >+ testLink.click(); >+} >+</script> >+)PSONRESOURCE"; >+ >+static const char* targetBlankSameSiteNoOpenerTestBytes = R"PSONRESOURCE( >+<a id="testLink" target="_blank" href="pson://www.webkit.org/main2.html" rel="noopener">Link</a> >+<script> >+window.onload = function() { >+ testLink.click(); >+} >+</script> >+)PSONRESOURCE"; >+ > #endif // PLATFORM(MAC) > > TEST(ProcessSwap, Basic) >@@ -479,7 +514,7 @@ TEST(ProcessSwap, BackWithoutSuspendedPage) > > #if PLATFORM(MAC) > >-TEST(ProcessSwap, CrossOriginWindowOpenNoOpener) >+TEST(ProcessSwap, CrossSiteWindowOpenNoOpener) > { > auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]); > processPoolConfiguration.get().processSwapsOnNavigation = YES; >@@ -488,7 +523,7 @@ TEST(ProcessSwap, CrossOriginWindowOpenNoOpener) > auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]); > [webViewConfiguration setProcessPool:processPool.get()]; > auto handler = adoptNS([[PSONScheme alloc] init]); >- [handler addMappingFromURLString:@"pson://www.webkit.org/main.html" toData:windowOpenCrossOriginNoOpenerTestBytes]; >+ [handler addMappingFromURLString:@"pson://www.webkit.org/main.html" toData:windowOpenCrossSiteNoOpenerTestBytes]; > [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"]; > > auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]); >@@ -519,7 +554,47 @@ TEST(ProcessSwap, CrossOriginWindowOpenNoOpener) > EXPECT_NE(pid1, pid2); > } > >-TEST(ProcessSwap, CrossOriginWindowOpenWithOpener) >+TEST(ProcessSwap, CrossOriginButSameSiteWindowOpenNoOpener) >+{ >+ auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]); >+ processPoolConfiguration.get().processSwapsOnNavigation = YES; >+ auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]); >+ >+ auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]); >+ [webViewConfiguration setProcessPool:processPool.get()]; >+ auto handler = adoptNS([[PSONScheme alloc] init]); >+ [handler addMappingFromURLString:@"pson://www.webkit.org/main.html" toData:windowOpenCrossOriginButSameSiteNoOpenerTestBytes]; >+ [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"]; >+ >+ auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]); >+ auto navigationDelegate = adoptNS([[PSONNavigationDelegate alloc] init]); >+ [webView setNavigationDelegate:navigationDelegate.get()]; >+ auto uiDelegate = adoptNS([[PSONUIDelegate alloc] initWithNavigationDelegate:navigationDelegate.get()]); >+ [webView setUIDelegate:uiDelegate.get()]; >+ >+ numberOfDecidePolicyCalls = 0; >+ NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.webkit.org/main.html"]]; >+ [webView loadRequest:request]; >+ >+ TestWebKitAPI::Util::run(&done); >+ done = false; >+ >+ TestWebKitAPI::Util::run(&didCreateWebView); >+ didCreateWebView = false; >+ >+ TestWebKitAPI::Util::run(&done); >+ >+ EXPECT_EQ(2, numberOfDecidePolicyCalls); >+ >+ auto pid1 = [webView _webProcessIdentifier]; >+ EXPECT_TRUE(!!pid1); >+ auto pid2 = [createdWebView _webProcessIdentifier]; >+ EXPECT_TRUE(!!pid2); >+ >+ EXPECT_EQ(pid1, pid2); >+} >+ >+TEST(ProcessSwap, CrossSiteWindowOpenWithOpener) > { > auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]); > processPoolConfiguration.get().processSwapsOnNavigation = YES; >@@ -529,7 +604,7 @@ TEST(ProcessSwap, CrossOriginWindowOpenWithOpener) > auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]); > [webViewConfiguration setProcessPool:processPool.get()]; > auto handler = adoptNS([[PSONScheme alloc] init]); >- [handler addMappingFromURLString:@"pson://www.webkit.org/main.html" toData:windowOpenCrossOriginWithOpenerTestBytes]; >+ [handler addMappingFromURLString:@"pson://www.webkit.org/main.html" toData:windowOpenCrossSiteWithOpenerTestBytes]; > [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"]; > > auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]); >@@ -560,7 +635,7 @@ TEST(ProcessSwap, CrossOriginWindowOpenWithOpener) > EXPECT_NE(pid1, pid2); > } > >-TEST(ProcessSwap, SameOriginWindowOpenNoOpener) >+TEST(ProcessSwap, SameSiteWindowOpenNoOpener) > { > auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]); > processPoolConfiguration.get().processSwapsOnNavigation = YES; >@@ -568,7 +643,7 @@ TEST(ProcessSwap, SameOriginWindowOpenNoOpener) > > auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]); > [webViewConfiguration setProcessPool:processPool.get()]; >- auto handler = adoptNS([[PSONScheme alloc] initWithBytes:windowOpenSameOriginNoOpenerTestBytes]); >+ auto handler = adoptNS([[PSONScheme alloc] initWithBytes:windowOpenSameSiteNoOpenerTestBytes]); > [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"]; > > auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]); >@@ -599,6 +674,126 @@ TEST(ProcessSwap, SameOriginWindowOpenNoOpener) > EXPECT_EQ(pid1, pid2); > } > >+TEST(ProcessSwap, CrossSiteBlankTargetWithOpener) >+{ >+ auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]); >+ processPoolConfiguration.get().processSwapsOnNavigation = YES; >+ auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]); >+ >+ auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]); >+ [webViewConfiguration setProcessPool:processPool.get()]; >+ auto handler = adoptNS([[PSONScheme alloc] init]); >+ [handler addMappingFromURLString:@"pson://www.webkit.org/main.html" toData:targetBlankCrossSiteWithOpenerTestBytes]; >+ [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"]; >+ >+ auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]); >+ auto navigationDelegate = adoptNS([[PSONNavigationDelegate alloc] init]); >+ [webView setNavigationDelegate:navigationDelegate.get()]; >+ auto uiDelegate = adoptNS([[PSONUIDelegate alloc] initWithNavigationDelegate:navigationDelegate.get()]); >+ [webView setUIDelegate:uiDelegate.get()]; >+ >+ numberOfDecidePolicyCalls = 0; >+ NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.webkit.org/main.html"]]; >+ [webView loadRequest:request]; >+ >+ TestWebKitAPI::Util::run(&done); >+ done = false; >+ >+ TestWebKitAPI::Util::run(&didCreateWebView); >+ didCreateWebView = false; >+ >+ TestWebKitAPI::Util::run(&done); >+ >+ EXPECT_EQ(3, numberOfDecidePolicyCalls); >+ >+ auto pid1 = [webView _webProcessIdentifier]; >+ EXPECT_TRUE(!!pid1); >+ auto pid2 = [createdWebView _webProcessIdentifier]; >+ EXPECT_TRUE(!!pid2); >+ >+ EXPECT_EQ(pid1, pid2); >+} >+ >+TEST(ProcessSwap, CrossSiteBlankTargetNoOpener) >+{ >+ auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]); >+ processPoolConfiguration.get().processSwapsOnNavigation = YES; >+ auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]); >+ >+ auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]); >+ [webViewConfiguration setProcessPool:processPool.get()]; >+ auto handler = adoptNS([[PSONScheme alloc] init]); >+ [handler addMappingFromURLString:@"pson://www.webkit.org/main.html" toData:targetBlankCrossSiteNoOpenerTestBytes]; >+ [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"]; >+ >+ auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]); >+ auto navigationDelegate = adoptNS([[PSONNavigationDelegate alloc] init]); >+ [webView setNavigationDelegate:navigationDelegate.get()]; >+ auto uiDelegate = adoptNS([[PSONUIDelegate alloc] initWithNavigationDelegate:navigationDelegate.get()]); >+ [webView setUIDelegate:uiDelegate.get()]; >+ >+ numberOfDecidePolicyCalls = 0; >+ NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.webkit.org/main.html"]]; >+ [webView loadRequest:request]; >+ >+ TestWebKitAPI::Util::run(&done); >+ done = false; >+ >+ TestWebKitAPI::Util::run(&didCreateWebView); >+ didCreateWebView = false; >+ >+ TestWebKitAPI::Util::run(&done); >+ >+ EXPECT_EQ(3, numberOfDecidePolicyCalls); >+ >+ auto pid1 = [webView _webProcessIdentifier]; >+ EXPECT_TRUE(!!pid1); >+ auto pid2 = [createdWebView _webProcessIdentifier]; >+ EXPECT_TRUE(!!pid2); >+ >+ EXPECT_NE(pid1, pid2); >+} >+ >+TEST(ProcessSwap, SameSiteBlankTargetNoOpener) >+{ >+ auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]); >+ processPoolConfiguration.get().processSwapsOnNavigation = YES; >+ auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]); >+ >+ auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]); >+ [webViewConfiguration setProcessPool:processPool.get()]; >+ auto handler = adoptNS([[PSONScheme alloc] init]); >+ [handler addMappingFromURLString:@"pson://www.webkit.org/main.html" toData:targetBlankSameSiteNoOpenerTestBytes]; >+ [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"]; >+ >+ auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]); >+ auto navigationDelegate = adoptNS([[PSONNavigationDelegate alloc] init]); >+ [webView setNavigationDelegate:navigationDelegate.get()]; >+ auto uiDelegate = adoptNS([[PSONUIDelegate alloc] initWithNavigationDelegate:navigationDelegate.get()]); >+ [webView setUIDelegate:uiDelegate.get()]; >+ >+ numberOfDecidePolicyCalls = 0; >+ NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.webkit.org/main.html"]]; >+ [webView loadRequest:request]; >+ >+ TestWebKitAPI::Util::run(&done); >+ done = false; >+ >+ TestWebKitAPI::Util::run(&didCreateWebView); >+ didCreateWebView = false; >+ >+ TestWebKitAPI::Util::run(&done); >+ >+ EXPECT_EQ(3, numberOfDecidePolicyCalls); >+ >+ auto pid1 = [webView _webProcessIdentifier]; >+ EXPECT_TRUE(!!pid1); >+ auto pid2 = [createdWebView _webProcessIdentifier]; >+ EXPECT_TRUE(!!pid2); >+ >+ EXPECT_EQ(pid1, pid2); >+} >+ > #endif // PLATFORM(MAC) > > TEST(ProcessSwap, ServerRedirectFromNewWebView)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=349895">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 189602
:
349715
|
349719
|
349723
|
349730
|
349769
| 349895