Diff
Modified: trunk/ChangeLog (215752 => 215753)
--- trunk/ChangeLog 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/ChangeLog 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,3 +1,16 @@
+2017-04-25 Daniel Bates <daba...@apple.com>
+
+ [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+ https://bugs.webkit.org/show_bug.cgi?id=136452
+ <rdar://problem/23412620>
+
+ Reviewed by Brent Fulgham.
+
+ Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+ * Source/cmake/OptionsMac.cmake:
+ * Source/cmake/OptionsWin.cmake:
+
2017-04-24 Zan Dobersek <zdober...@igalia.com>
Unreviewed follow-up to r215681.
Modified: trunk/LayoutTests/ChangeLog (215752 => 215753)
--- trunk/LayoutTests/ChangeLog 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/ChangeLog 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,3 +1,35 @@
+2017-04-25 Daniel Bates <daba...@apple.com>
+
+ [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+ https://bugs.webkit.org/show_bug.cgi?id=136452
+ <rdar://problem/23412620>
+
+ Reviewed by Brent Fulgham.
+
+ Unskip nosniff tests on Mac, iOS and Windows and update expected results now that
+ we support X-Content-Type-Options: nosniff.
+
+ Merge Blink test from <https://src.chromium.org/viewvc/blink?revision=168570&view=revision>.
+
+ * TestExpectations: Unskip all nosniff tests except imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html.
+ We need to fix <https://bugs.webkit.org/show_bug.cgi?id=171248> before we can unskip it.
+ When running the nosniff Web Platform Tests (WPT) dump console messages to standard error
+ to avoid a difference of console message ordering due to the non-determinism of the WPT
+ tests from affecting the matching of the expected result.
+ * http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt: Added.
+ * http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html: Copied from LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked.html.
+ * http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt: Update expected result.
+ * http/tests/security/contentTypeOptions/nosniff-script-blocked.html: Substitute the not executable
+ MIME type "text/xx-_javascript_" for "text/x-_javascript_" as the latter is an acceptable MIME type for
+ _javascript_ scripts as per the Fetch standard, <https://html.spec.whatwg.org/multipage/scripting.html#_javascript_-mime-type> (30 March 2017).
+ * http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt: Update
+ expected result.
+ * platform/gtk/TestExpectations: Skip the nosniff tests as GTK does not enable ENABLE(NOSNIFF).
+ * platform/ios/TestExpectations: Unskip nosniff tests.
+ * platform/mac/TestExpectations: Ditto.
+ * platform/win/TestExpectations: Ditto.
+ * platform/wk2/TestExpectations: Ditto.
+
2017-04-25 Ryan Haddad <ryanhad...@apple.com>
Mark http/tests/inspector/network/resource-sizes-disk-cache.html as flaky.
Modified: trunk/LayoutTests/TestExpectations (215752 => 215753)
--- trunk/LayoutTests/TestExpectations 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/TestExpectations 2017-04-25 20:26:13 UTC (rev 215753)
@@ -352,8 +352,6 @@
webkit.org/b/168448 imported/w3c/web-platform-tests/resource-timing/rt-shared-resource-in-workers.html [ Pass Failure ]
imported/w3c/web-platform-tests/resource-timing/test_resource_timing.html [ Pass Failure ]
-webkit.org/b/157068 imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html [ Skip ]
-webkit.org/b/157145 imported/w3c/web-platform-tests/fetch/nosniff/stylesheet.html [ Failure Pass ]
webkit.org/b/161312 imported/w3c/web-platform-tests/html/semantics/document-metadata/the-link-element/document-without-browsing-context.html [ Failure Pass ]
# rdar://problem/30975761
@@ -1120,6 +1118,9 @@
webkit.org/b/168238 imported/w3c/web-platform-tests/dom/events/EventListener-invoke-legacy.html [ Pass Failure ]
+# Ignore MIME type refused console messages when comparing nosniff tests results as their ordering is non-deterministic.
+imported/w3c/web-platform-tests/fetch/nosniff [ DumpJSConsoleLogInStdErr ]
+
########################################
### START OF -disabled tests
@@ -1294,3 +1295,5 @@
webkit.org/b/171031 imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-cl.htm [ Failure ]
webkit.org/b/170701 webrtc/datachannel/bufferedAmountLowThreshold.html [ Pass Failure ]
+
+webkit.org/b/171248 imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html
Added: trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt (0 => 215753)
--- trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt 2017-04-25 20:26:13 UTC (rev 215753)
@@ -0,0 +1,11 @@
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/json' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+Check that script sent with an 'X-Content-Type-Options: nosniff' header is correctly blocked if the MIME type isn't scripty.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS window.scriptsSuccessfullyLoaded is 0
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Copied: trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html (from rev 215752, trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked.html) (0 => 215753)
--- trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html 2017-04-25 20:26:13 UTC (rev 215753)
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>'X-Content-Type-Options: nosniff;' blocks scripts!</title>
+<body>
+ <script src=""
+ <script>
+ description('Check that script sent with an \'X-Content-Type-Options: nosniff\' header is correctly blocked if the MIME type isn\'t scripty.');
+ window.jsTestIsAsync = true;
+
+ window.scriptsSuccessfullyLoaded = 0;
+
+ var s = document.createElement('script');
+ s.src = '';
+ document.querySelector('head').appendChild(s);
+
+ window._onload_ = function () {
+ shouldBe('window.scriptsSuccessfullyLoaded', '0');
+ finishJSTest();
+ };
+ </script>
+ <script src=""
+</body>
+</html>
Modified: trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt (215752 => 215753)
--- trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,9 +1,9 @@
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/json' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=image/png' because its MIME type ('image/png') is not executable, and strict MIME type checking is enabled.
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/html' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/vbs' because its MIME type ('text/vbs') is not executable, and strict MIME type checking is enabled.
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/_vbscript_' because its MIME type ('text/_vbscript_') is not executable, and strict MIME type checking is enabled.
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/x-_javascript_' because its MIME type ('text/x-_javascript_') is not executable, and strict MIME type checking is enabled.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/json' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=image/png' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/html' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/vbs' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/_vbscript_' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/xx-_javascript_' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
Check that script sent with an 'X-Content-Type-Options: nosniff' header is correctly blocked if the MIME type isn't scripty.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Modified: trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked.html (215752 => 215753)
--- trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked.html 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked.html 2017-04-25 20:26:13 UTC (rev 215753)
@@ -14,7 +14,7 @@
'text/html',
'text/vbs',
'text/_vbscript_',
- 'text/x-_javascript_',
+ 'text/xx-_javascript_',
];
window.scriptsSuccessfullyLoaded = 0;
Modified: trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt (215752 => 215753)
--- trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 16: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
Check that script sent with an 'X-Content-Type-Options: nosniff' header is correctly blocked if no 'Content-Type' header is present.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (215752 => 215753)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,3 +1,17 @@
+2017-04-25 Daniel Bates <daba...@apple.com>
+
+ [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+ https://bugs.webkit.org/show_bug.cgi?id=136452
+ <rdar://problem/23412620>
+
+ Reviewed by Brent Fulgham.
+
+ Update expected results now we support X-Content-Type-Options: nosniff.
+
+ * web-platform-tests/fetch/nosniff/parsing-nosniff-expected.txt:
+ * web-platform-tests/fetch/nosniff/script-expected.txt:
+ * web-platform-tests/fetch/nosniff/stylesheet-expected.txt:
+
2017-04-25 Frederic Wang <fw...@igalia.com>
Import W3C tests for the CSSOM View module
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff-expected.txt (215752 => 215753)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff-expected.txt 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff-expected.txt 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,6 +1,6 @@
FAIL URL query: first assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: uppercase assert_unreached: Unexpected load event Reached unreachable code
+PASS URL query: uppercase
PASS URL query: last
PASS URL query: quoted
PASS URL query: quoted-single
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/script-expected.txt (215752 => 215753)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/script-expected.txt 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/script-expected.txt 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,8 +1,8 @@
-FAIL URL query: assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type= assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type=x assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type=x/x assert_unreached: Unexpected load event Reached unreachable code
+PASS URL query:
+PASS URL query: ?type=
+PASS URL query: ?type=x
+PASS URL query: ?type=x/x
PASS URL query: ?type=text/_javascript_
PASS URL query: ?type=text/ecmascript
PASS URL query: ?type=text/ecmascript;blah
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/stylesheet-expected.txt (215752 => 215753)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/stylesheet-expected.txt 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/stylesheet-expected.txt 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,8 +1,8 @@
-FAIL URL query: assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type= assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type=x assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type=x/x assert_unreached: Unexpected load event Reached unreachable code
+PASS URL query:
+PASS URL query: ?type=
+PASS URL query: ?type=x
+PASS URL query: ?type=x/x
PASS URL query: ?type=text/css
PASS URL query: ?type=text/css;blah
Modified: trunk/LayoutTests/platform/gtk/TestExpectations (215752 => 215753)
--- trunk/LayoutTests/platform/gtk/TestExpectations 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/platform/gtk/TestExpectations 2017-04-25 20:26:13 UTC (rev 215753)
@@ -76,6 +76,7 @@
# X-Content-Type-Options (ENABLE_NOSNIFF) is not enabled.
webkit.org/b/71851 http/tests/security/contentTypeOptions [ Skip ]
+imported/w3c/web-platform-tests/fetch/nosniff [ Skip ]
# Accelerated overflow scrolling (ENABLE_ACCELERATED_OVERFLOW_SCROLLING) is not enabled.
Modified: trunk/LayoutTests/platform/ios/TestExpectations (215752 => 215753)
--- trunk/LayoutTests/platform/ios/TestExpectations 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/platform/ios/TestExpectations 2017-04-25 20:26:13 UTC (rev 215753)
@@ -193,9 +193,6 @@
fast/history/page-cache-media-source-opened.html [ Skip ]
fast/history/page-cache-removed-source-buffer.html [ Skip ]
-# X-Content-Type-Options (ENABLE_NOSNIFF) is not enabled.
-webkit.org/b/136452 http/tests/security/contentTypeOptions
-
# IndexedDB tests have numerous unexpected failures on iOS
webkit.org/b/144475 storage/indexeddb
Modified: trunk/LayoutTests/platform/mac/TestExpectations (215752 => 215753)
--- trunk/LayoutTests/platform/mac/TestExpectations 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/platform/mac/TestExpectations 2017-04-25 20:26:13 UTC (rev 215753)
@@ -154,9 +154,6 @@
fast/forms/time
fast/forms/week
-# X-Content-Type-Options (ENABLE_NOSNIFF) is not enabled.
-webkit.org/b/136452 http/tests/security/contentTypeOptions
-
# Media Stream API is not fully supported.
fast/mediastream/MediaStream-add-ended-tracks.html
Modified: trunk/LayoutTests/platform/win/TestExpectations (215752 => 215753)
--- trunk/LayoutTests/platform/win/TestExpectations 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/platform/win/TestExpectations 2017-04-25 20:26:13 UTC (rev 215753)
@@ -325,9 +325,6 @@
# ENABLE_GAMEPAD not enabled.
gamepad/ [ Skip ]
-# X-Content-Type-Options (ENABLE_NOSNIFF) is not enabled.
-webkit.org/b/136452 http/tests/security/contentTypeOptions
-
# TODO Userscripts stuff is not implemented
webkit.org/b/140258 userscripts/ [ Skip ]
userscripts/window-onerror-for-isolated-world-1.html [ Skip ]
@@ -2316,7 +2313,6 @@
http/tests/navigation/post-goback-same-url.html [ Failure ] # Easy
http/tests/navigation/restore-form-state-https.html [ Failure ]
http/tests/navigation/target-blank-opener.html [ Skip ] # Timeout
-http/tests/security/contentTypeOptions/nosniff-script-blocked.html [ Failure ]
http/tests/security/cross-frame-access-call.html [ Failure ]
http/tests/security/cross-frame-access-get.html [ Failure ]
http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html [ Failure ]
Modified: trunk/LayoutTests/platform/wk2/TestExpectations (215752 => 215753)
--- trunk/LayoutTests/platform/wk2/TestExpectations 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/LayoutTests/platform/wk2/TestExpectations 2017-04-25 20:26:13 UTC (rev 215753)
@@ -352,9 +352,6 @@
http/tests/security/canvas-remote-read-remote-video-allowed-with-credentials.html [ Failure ]
http/tests/security/video-cross-origin-readback.html
-# X-Content-Type-Options (ENABLE_NOSNIFF) is not enabled.
-http/tests/security/contentTypeOptions
-
# Unexpected redirection happens.
http/tests/loading/redirect-methods.html
Modified: trunk/Source/_javascript_Core/ChangeLog (215752 => 215753)
--- trunk/Source/_javascript_Core/ChangeLog 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,3 +1,15 @@
+2017-04-25 Daniel Bates <daba...@apple.com>
+
+ [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+ https://bugs.webkit.org/show_bug.cgi?id=136452
+ <rdar://problem/23412620>
+
+ Reviewed by Brent Fulgham.
+
+ Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+ * Configurations/FeatureDefines.xcconfig:
+
2017-04-25 Mark Lam <mark....@apple.com>
Local CSE wrongly CSEs array accesses with different result types.
Modified: trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig (215752 => 215753)
--- trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig 2017-04-25 20:26:13 UTC (rev 215753)
@@ -157,7 +157,7 @@
ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
ENABLE_NAVIGATOR_CONTENT_UTILS = ;
ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@
ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVE
NTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_
MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBL
Y) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVEN
TS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_M
EDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(
ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
Modified: trunk/Source/WebCore/ChangeLog (215752 => 215753)
--- trunk/Source/WebCore/ChangeLog 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebCore/ChangeLog 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,3 +1,58 @@
+2017-04-25 Daniel Bates <daba...@apple.com>
+
+ [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+ https://bugs.webkit.org/show_bug.cgi?id=136452
+ <rdar://problem/23412620>
+
+ Reviewed by Brent Fulgham.
+
+ Enable support for X-Content-Type-Options: nosniff on Mac, iOS and Windows.
+
+ Additionally, honor X-Content-Type-Options: nosniff header for stylesheets as per
+ <https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff%3F> (30 March 2017).
+
+ Test: http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html
+
+ * Configurations/FeatureDefines.xcconfig:
+ * css/StyleSheetContents.cpp:
+ (WebCore::StyleSheetContents::parseAuthorStyleSheet): Log an error if the stylesheet
+ has the nosniff header and does not have a valid MIME type. Also update code for
+ renaming of MIMETypeCheck to MIMETypeCheckHint.
+ (WebCore::StyleSheetContents::notifyLoadedSheet): If the stylesheet is blocked by
+ nosniff then consider it analogous to a load error so that we dispatch a DOM error
+ event at the <style>/<link> element.
+ * dom/LoadableClassicScript.cpp:
+ (WebCore::LoadableClassicScript::notifyFinished): Modified the wording of the error
+ message when a script is disallowed by nosniff so as to more closely match the
+ wording used when a stylesheet is disallowed by nonsniff.
+ * loader/cache/CachedCSSStyleSheet.cpp:
+ (WebCore::CachedCSSStyleSheet::sheetText): Update for renaming of MIMETypeCheck
+ to MIMETypeCheckHint.
+ (WebCore::CachedCSSStyleSheet::responseMIMEType): Added.
+ (WebCore::CachedCSSStyleSheet::mimeTypeAllowedByNosniff): Added.
+ (WebCore::CachedCSSStyleSheet::canUseSheet): Modified to check if the X-Content-Type-Options: nosniff
+ header is in the HTTP response for the stylesheet. If it is then we can only use the stylesheet
+ if its content-type is "text/css". Otherwise, apply the existing criterion for determining whether
+ to to use the stylesheet.
+ * loader/cache/CachedCSSStyleSheet.h: Rename MIMETypeCheck to MIMETypeCheckHint to better
+ describe its purpose as a hint as to whether to enforce MIME type checking for the stylesheet.
+ Processing of the HTTP header X-Content-Type-Options takes precedence over this hint.
+ * loader/cache/CachedScript.h: Make mimeType() private.
+
+2017-04-25 Daniel Bates <daba...@apple.com>
+
+ [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+ https://bugs.webkit.org/show_bug.cgi?id=136452
+ <rdar://problem/23412620>
+
+ Reviewed by Brent Fulgham.
+
+ Part 1
+
+ Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+ * Configurations/FeatureDefines.xcconfig:
+
2017-04-25 Myles C. Maxfield <mmaxfi...@apple.com>
[GTK] Build fix after r215737
Modified: trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig (215752 => 215753)
--- trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig 2017-04-25 20:26:13 UTC (rev 215753)
@@ -157,7 +157,7 @@
ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
ENABLE_NAVIGATOR_CONTENT_UTILS = ;
ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@
ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVE
NTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_
MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBL
Y) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVEN
TS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_M
EDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(
ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
Modified: trunk/Source/WebCore/PAL/ChangeLog (215752 => 215753)
--- trunk/Source/WebCore/PAL/ChangeLog 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebCore/PAL/ChangeLog 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,3 +1,15 @@
+2017-04-25 Daniel Bates <daba...@apple.com>
+
+ [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+ https://bugs.webkit.org/show_bug.cgi?id=136452
+ <rdar://problem/23412620>
+
+ Reviewed by Brent Fulgham.
+
+ Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+ * Configurations/FeatureDefines.xcconfig:
+
2017-04-19 Youenn Fablet <you...@apple.com>
[Mac] Allow customizing H264 encoder
Modified: trunk/Source/WebCore/PAL/Configurations/FeatureDefines.xcconfig (215752 => 215753)
--- trunk/Source/WebCore/PAL/Configurations/FeatureDefines.xcconfig 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebCore/PAL/Configurations/FeatureDefines.xcconfig 2017-04-25 20:26:13 UTC (rev 215753)
@@ -157,7 +157,7 @@
ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
ENABLE_NAVIGATOR_CONTENT_UTILS = ;
ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@
ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVE
NTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_
MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBL
Y) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVEN
TS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_M
EDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(
ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
Modified: trunk/Source/WebCore/css/StyleSheetContents.cpp (215752 => 215753)
--- trunk/Source/WebCore/css/StyleSheetContents.cpp 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebCore/css/StyleSheetContents.cpp 2017-04-25 20:26:13 UTC (rev 215753)
@@ -312,9 +312,9 @@
void StyleSheetContents::parseAuthorStyleSheet(const CachedCSSStyleSheet* cachedStyleSheet, const SecurityOrigin* securityOrigin)
{
bool isSameOriginRequest = securityOrigin && securityOrigin->canRequest(baseURL());
- CachedCSSStyleSheet::MIMETypeCheck mimeTypeCheck = isStrictParserMode(m_parserContext.mode) || !isSameOriginRequest ? CachedCSSStyleSheet::MIMETypeCheck::Strict : CachedCSSStyleSheet::MIMETypeCheck::Lax;
+ CachedCSSStyleSheet::MIMETypeCheckHint mimeTypeCheckHint = isStrictParserMode(m_parserContext.mode) || !isSameOriginRequest ? CachedCSSStyleSheet::MIMETypeCheckHint::Strict : CachedCSSStyleSheet::MIMETypeCheckHint::Lax;
bool hasValidMIMEType = true;
- String sheetText = cachedStyleSheet->sheetText(mimeTypeCheck, &hasValidMIMEType);
+ String sheetText = cachedStyleSheet->sheetText(mimeTypeCheckHint, &hasValidMIMEType);
if (!hasValidMIMEType) {
ASSERT(sheetText.isNull());
@@ -321,9 +321,13 @@
if (auto* document = singleOwnerDocument()) {
if (auto* page = document->page()) {
if (isStrictParserMode(m_parserContext.mode))
- page->console().addMessage(MessageSource::Security, MessageLevel::Error, "Did not parse stylesheet at '" + cachedStyleSheet->url().stringCenterEllipsizedToLength() + "' because non CSS MIME types are not allowed in strict mode.");
+ page->console().addMessage(MessageSource::Security, MessageLevel::Error, makeString("Did not parse stylesheet at '", cachedStyleSheet->url().stringCenterEllipsizedToLength(), "' because non CSS MIME types are not allowed in strict mode."));
+#if ENABLE(NOSNIFF)
+ else if (!cachedStyleSheet->mimeTypeAllowedByNosniff())
+ page->console().addMessage(MessageSource::Security, MessageLevel::Error, makeString("Did not parse stylesheet at '", cachedStyleSheet->url().stringCenterEllipsizedToLength(), "' because non CSS MIME types are not allowed when 'X-Content-Type: nosniff' is given."));
+#endif
else
- page->console().addMessage(MessageSource::Security, MessageLevel::Error, "Did not parse stylesheet at '" + cachedStyleSheet->url().stringCenterEllipsizedToLength() + "' because non CSS MIME types are not allowed for cross-origin stylesheets.");
+ page->console().addMessage(MessageSource::Security, MessageLevel::Error, makeString("Did not parse stylesheet at '", cachedStyleSheet->url().stringCenterEllipsizedToLength(), "' because non CSS MIME types are not allowed for cross-origin stylesheets."));
}
}
return;
@@ -385,6 +389,9 @@
{
ASSERT(sheet);
m_didLoadErrorOccur |= sheet->errorOccurred();
+#if ENABLE(NOSNIFF)
+ m_didLoadErrorOccur |= !sheet->mimeTypeAllowedByNosniff();
+#endif
}
void StyleSheetContents::startLoadingDynamicSheet()
Modified: trunk/Source/WebCore/dom/LoadableClassicScript.cpp (215752 => 215753)
--- trunk/Source/WebCore/dom/LoadableClassicScript.cpp 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebCore/dom/LoadableClassicScript.cpp 2017-04-25 20:26:13 UTC (rev 215753)
@@ -90,9 +90,7 @@
ConsoleMessage {
MessageSource::Security,
MessageLevel::Error,
- makeString(
- "Refused to execute script from '", m_cachedScript->url().stringCenterEllipsizedToLength(),
- "' because its MIME type ('", m_cachedScript->mimeType(), "') is not executable, and strict MIME type checking is enabled.")
+ makeString("Did not load script at '", m_cachedScript->url().stringCenterEllipsizedToLength(), "' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.")
}
};
}
Modified: trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp (215752 => 215753)
--- trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp 2017-04-25 20:26:13 UTC (rev 215753)
@@ -73,9 +73,9 @@
return m_decoder->encoding().name();
}
-const String CachedCSSStyleSheet::sheetText(MIMETypeCheck mimeTypeCheck, bool* hasValidMIMEType) const
+const String CachedCSSStyleSheet::sheetText(MIMETypeCheckHint mimeTypeCheckHint, bool* hasValidMIMEType) const
{
- if (!m_data || m_data->isEmpty() || !canUseSheet(mimeTypeCheck, hasValidMIMEType))
+ if (!m_data || m_data->isEmpty() || !canUseSheet(mimeTypeCheckHint, hasValidMIMEType))
return String();
if (!m_decodedSheetText.isNull())
@@ -121,12 +121,32 @@
c->setCSSStyleSheet(m_resourceRequest.url(), m_response.url(), m_decoder->encoding().name(), this);
}
-bool CachedCSSStyleSheet::canUseSheet(MIMETypeCheck mimeTypeCheck, bool* hasValidMIMEType) const
+String CachedCSSStyleSheet::responseMIMEType() const
{
+ return extractMIMETypeFromMediaType(m_response.httpHeaderField(HTTPHeaderName::ContentType));
+}
+
+#if ENABLE(NOSNIFF)
+bool CachedCSSStyleSheet::mimeTypeAllowedByNosniff() const
+{
+ return parseContentTypeOptionsHeader(m_response.httpHeaderField(HTTPHeaderName::XContentTypeOptions)) != ContentTypeOptionsNosniff || equalLettersIgnoringASCIICase(responseMIMEType(), "text/css");
+}
+#endif
+
+bool CachedCSSStyleSheet::canUseSheet(MIMETypeCheckHint mimeTypeCheckHint, bool* hasValidMIMEType) const
+{
if (errorOccurred())
return false;
- if (mimeTypeCheck == MIMETypeCheck::Lax)
+#if ENABLE(NOSNIFF)
+ if (!mimeTypeAllowedByNosniff()) {
+ if (hasValidMIMEType)
+ *hasValidMIMEType = false;
+ return false;
+ }
+#endif
+
+ if (mimeTypeCheckHint == MIMETypeCheckHint::Lax)
return true;
// This check exactly matches Firefox. Note that we grab the Content-Type
@@ -136,7 +156,7 @@
//
// This code defaults to allowing the stylesheet for non-HTTP protocols so
// folks can use standards mode for local HTML documents.
- String mimeType = extractMIMETypeFromMediaType(response().httpHeaderField(HTTPHeaderName::ContentType));
+ String mimeType = responseMIMEType();
bool typeOK = mimeType.isEmpty() || equalLettersIgnoringASCIICase(mimeType, "text/css") || equalLettersIgnoringASCIICase(mimeType, "application/x-unknown-content-type");
if (hasValidMIMEType)
*hasValidMIMEType = typeOK;
Modified: trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.h (215752 => 215753)
--- trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.h 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebCore/loader/cache/CachedCSSStyleSheet.h 2017-04-25 20:26:13 UTC (rev 215753)
@@ -36,14 +36,19 @@
CachedCSSStyleSheet(CachedResourceRequest&&, SessionID);
virtual ~CachedCSSStyleSheet();
- enum class MIMETypeCheck { Strict, Lax };
- const String sheetText(MIMETypeCheck = MIMETypeCheck::Strict, bool* hasValidMIMEType = nullptr) const;
+ enum class MIMETypeCheckHint { Strict, Lax };
+ const String sheetText(MIMETypeCheckHint = MIMETypeCheckHint::Strict, bool* hasValidMIMEType = nullptr) const;
RefPtr<StyleSheetContents> restoreParsedStyleSheet(const CSSParserContext&, CachePolicy);
void saveParsedStyleSheet(Ref<StyleSheetContents>&&);
+#if ENABLE(NOSNIFF)
+ bool mimeTypeAllowedByNosniff() const;
+#endif
+
private:
- bool canUseSheet(MIMETypeCheck, bool* hasValidMIMEType) const;
+ String responseMIMEType() const;
+ bool canUseSheet(MIMETypeCheckHint, bool* hasValidMIMEType) const;
bool mayTryReplaceEncodedData() const final { return true; }
void didAddClient(CachedResourceClient&) final;
Modified: trunk/Source/WebCore/loader/cache/CachedScript.h (215752 => 215753)
--- trunk/Source/WebCore/loader/cache/CachedScript.h 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebCore/loader/cache/CachedScript.h 2017-04-25 20:26:13 UTC (rev 215753)
@@ -39,13 +39,13 @@
StringView script();
unsigned scriptHash();
- String mimeType() const;
-
#if ENABLE(NOSNIFF)
bool mimeTypeAllowedByNosniff() const;
#endif
private:
+ String mimeType() const;
+
bool mayTryReplaceEncodedData() const final { return true; }
bool shouldIgnoreHTTPStatusCodeErrors() const final;
Modified: trunk/Source/WebKit/mac/ChangeLog (215752 => 215753)
--- trunk/Source/WebKit/mac/ChangeLog 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebKit/mac/ChangeLog 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,3 +1,15 @@
+2017-04-25 Daniel Bates <daba...@apple.com>
+
+ [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+ https://bugs.webkit.org/show_bug.cgi?id=136452
+ <rdar://problem/23412620>
+
+ Reviewed by Brent Fulgham.
+
+ Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+ * Configurations/FeatureDefines.xcconfig:
+
2017-04-25 Wenson Hsieh <wenson_hs...@apple.com>
Support reading NSURL titles from the pasteboard when performing data interaction
Modified: trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig (215752 => 215753)
--- trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig 2017-04-25 20:26:13 UTC (rev 215753)
@@ -157,7 +157,7 @@
ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
ENABLE_NAVIGATOR_CONTENT_UTILS = ;
ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@
ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVE
NTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_
MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBL
Y) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVEN
TS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_M
EDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(
ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
Modified: trunk/Source/WebKit2/ChangeLog (215752 => 215753)
--- trunk/Source/WebKit2/ChangeLog 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebKit2/ChangeLog 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,3 +1,15 @@
+2017-04-25 Daniel Bates <daba...@apple.com>
+
+ [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+ https://bugs.webkit.org/show_bug.cgi?id=136452
+ <rdar://problem/23412620>
+
+ Reviewed by Brent Fulgham.
+
+ Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+ * Configurations/FeatureDefines.xcconfig:
+
2017-04-25 John Wilander <wilan...@apple.com>
Resource Load Statistics: Clear network process cache when clearing store
Modified: trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig (215752 => 215753)
--- trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig 2017-04-25 20:26:13 UTC (rev 215753)
@@ -157,7 +157,7 @@
ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
ENABLE_NAVIGATOR_CONTENT_UTILS = ;
ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@
ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVE
NTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_
MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBL
Y) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVEN
TS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_M
EDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(
ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
Modified: trunk/Source/cmake/OptionsMac.cmake (215752 => 215753)
--- trunk/Source/cmake/OptionsMac.cmake 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/cmake/OptionsMac.cmake 2017-04-25 20:26:13 UTC (rev 215753)
@@ -66,7 +66,7 @@
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_MOUSE_CURSOR_SCALE PRIVATE ON)
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NAVIGATOR_CONTENT_UTILS PRIVATE OFF)
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NAVIGATOR_HWCONCURRENCY PRIVATE ON)
-WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NOSNIFF PRIVATE OFF)
+WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NOSNIFF PRIVATE ON)
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NOTIFICATIONS PRIVATE ON)
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_PDFKIT_PLUGIN PRIVATE ON)
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_POINTER_LOCK PRIVATE OFF)
Modified: trunk/Source/cmake/OptionsWin.cmake (215752 => 215753)
--- trunk/Source/cmake/OptionsWin.cmake 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Source/cmake/OptionsWin.cmake 2017-04-25 20:26:13 UTC (rev 215753)
@@ -46,6 +46,7 @@
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_MEDIA_STATISTICS PUBLIC ON)
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_METER_ELEMENT PUBLIC ON)
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_MOUSE_CURSOR_SCALE PUBLIC ON)
+WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NOSNIFF PRIVATE ON)
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NOTIFICATIONS PUBLIC OFF)
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_PROXIMITY_EVENTS PUBLIC OFF)
WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_QUOTA PUBLIC OFF)
Modified: trunk/Tools/ChangeLog (215752 => 215753)
--- trunk/Tools/ChangeLog 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Tools/ChangeLog 2017-04-25 20:26:13 UTC (rev 215753)
@@ -1,3 +1,17 @@
+2017-04-25 Daniel Bates <daba...@apple.com>
+
+ [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+ https://bugs.webkit.org/show_bug.cgi?id=136452
+ <rdar://problem/23412620>
+
+ Reviewed by Brent Fulgham.
+
+ Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+ * Scripts/webkitperl/FeatureList.pm: Also do not enable nosniff on EFL
+ as the EFL port is no longer in the WebKit OpenSource repository.
+ * TestWebKitAPI/Configurations/FeatureDefines.xcconfig:
+
2017-04-25 Zan Dobersek <zdober...@igalia.com>
Unreviewed follow-up to r215739 and r215740.
Modified: trunk/Tools/Scripts/webkitperl/FeatureList.pm (215752 => 215753)
--- trunk/Tools/Scripts/webkitperl/FeatureList.pm 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Tools/Scripts/webkitperl/FeatureList.pm 2017-04-25 20:26:13 UTC (rev 215753)
@@ -327,7 +327,7 @@
define => "ENABLE_NETSCAPE_PLUGIN_API", default => !isIOSWebKit(), value => \$netscapePluginAPISupport },
{ option => "nosniff", desc => "Toggle support for 'X-Content-Type-Options: nosniff'",
- define => "ENABLE_NOSNIFF", default => isEfl(), value => \$nosniffSupport },
+ define => "ENABLE_NOSNIFF", default => (isAppleCocoaWebKit() || isAppleWinWebKit()), value => \$nosniffSupport },
{ option => "notifications", desc => "Toggle Notifications support",
define => "ENABLE_NOTIFICATIONS", default => isGtk(), value => \$notificationsSupport },
Modified: trunk/Tools/TestWebKitAPI/Configurations/FeatureDefines.xcconfig (215752 => 215753)
--- trunk/Tools/TestWebKitAPI/Configurations/FeatureDefines.xcconfig 2017-04-25 20:22:42 UTC (rev 215752)
+++ trunk/Tools/TestWebKitAPI/Configurations/FeatureDefines.xcconfig 2017-04-25 20:26:13 UTC (rev 215753)
@@ -157,7 +157,7 @@
ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
ENABLE_NAVIGATOR_CONTENT_UTILS = ;
ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@
ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVE
NTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_
MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBL
Y) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVEN
TS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_M
EDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(
ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);