Bug 188564

Summary: Storage Access API: Maintain access through same-site navigations
Product: WebKit Reporter: Dima Voytenko <dvoytenko>
Component: FramesAssignee: John Wilander <wilander>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, cdumez, commit-queue, dbates, esprehn+autocc, ews-watchlist, japhet, kangil.han, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=198663
Attachments:
Description Flags
Patch
none
Patch none

Description Dima Voytenko 2018-08-14 11:01:52 PDT 
An approved `document.requestStorageAccess` will include cookies in the subsequent XHR requests. However, in many cases, it'd be much easier to simply reload the iframe once the storage access has been approved. This seems to fit well within the intent of `requestStorageAccess` API. This especially helps cases that rely on server-side rendering.
Comment 1 Radar WebKit Bug Importer 2018-08-17 16:54:12 PDT 
<rdar://problem/43445160>
Comment 2 John Wilander 2018-08-17 16:56:22 PDT 
Thanks! We've received other requests on allowing persisted storage access on same-origin navigations of the iframe.
Comment 3 Dima Voytenko 2018-08-20 11:57:37 PDT 
Thanks, John! Please notice that this wouldn't only be useful for a clean internal page state, but also security-specific headers such as CSP config.
Comment 4 Dima Voytenko 2018-08-20 12:03:53 PDT 
RE: navigations: this would certainly be helpful. For this report, however, I intentionally narrowed the scope as much as possible in hopes that this would be more agreeable and possibly faster to implement.
Comment 5 John Wilander 2018-08-20 12:07:38 PDT 
1(In reply to Dima Voytenko from comment #4)
> RE: navigations: this would certainly be helpful. For this report, however,
> I intentionally narrowed the scope as much as possible in hopes that this
> would be more agreeable and possibly faster to implement.

As stated, I'm talking about iframe navigations, not top frame navigations. Reloading the iframe is an iframe navigation.
Comment 6 Dima Voytenko 2018-08-20 12:14:02 PDT 
> I'm talking about iframe navigations, not top frame navigations.

I'm likewise talking about iframe navigation/reload. Not sure where confusion has come from. Are iframes in Safari not observing CSP headers?
Comment 7 John Wilander 2018-08-20 12:21:23 PDT 
(In reply to Dima Voytenko from comment #6)
> > I'm talking about iframe navigations, not top frame navigations.
> 
> I'm likewise talking about iframe navigation/reload. Not sure where
> confusion has come from. Are iframes in Safari not observing CSP headers?

I'm commenting on "RE: navigations: this would certainly be helpful. For this report, however, I intentionally narrowed the scope as much as possible …"

Your scope is for iframe reloads which are iframe navigations. I can see that a reload would preserve the whole URL and not just the origin, but the significant change request is whether same-origin iframe navigations should be allowed or not.
Comment 8 John Wilander 2018-08-30 14:47:16 PDT 
New title to reflect the proposed change.
Comment 9 John Wilander 2018-08-30 17:28:40 PDT 
Created attachment 348574 [details]
Patch
Comment 10 John Wilander 2018-08-30 17:30:01 PDT 
The style checker error about "Inline functions should not be in classes annotated with WEBCORE_EXPORT" is not applicable. The whole class is marked for export and has several inline functions, including the one I'm adding two parameters to.
Comment 11 EWS Watchlist 2018-08-30 17:33:59 PDT 
Attachment 348574 [details] did not pass style-queue:


ERROR: Source/WebCore/loader/FrameLoaderClient.h:169:  Inline functions should not be in classes annotated with WEBCORE_EXPORT. Remove the macro from the class and apply it to each appropriate method, or move the inline function definition out-of-line.  [build/webcore_export] [4]
Total errors found: 1 in 15 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 12 John Wilander 2018-08-31 11:56:06 PDT 
I will add another correctness step to one of the test cases.
Comment 13 John Wilander 2018-08-31 12:50:45 PDT 
Created attachment 348664 [details]
Patch
Comment 14 EWS Watchlist 2018-08-31 12:51:54 PDT 
Attachment 348664 [details] did not pass style-queue:


ERROR: Source/WebCore/loader/FrameLoaderClient.h:169:  Inline functions should not be in classes annotated with WEBCORE_EXPORT. Remove the macro from the class and apply it to each appropriate method, or move the inline function definition out-of-line.  [build/webcore_export] [4]
Total errors found: 1 in 16 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 15 John Wilander 2018-08-31 13:43:22 PDT 
Comment on attachment 348664 [details]
Patch

Thank you, Alex!
Comment 16 WebKit Commit Bot 2018-08-31 14:09:43 PDT 
Comment on attachment 348664 [details]
Patch

Clearing flags on attachment: 348664

Committed r235569: <https://trac.webkit.org/changeset/235569>
Comment 17 WebKit Commit Bot 2018-08-31 14:09:45 PDT 
All reviewed patches have been landed.  Closing bug.