Modified: branches/safari-611.4.2.0-branch/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (283381 => 283382)
--- branches/safari-611.4.2.0-branch/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp 2021-10-01 18:06:29 UTC (rev 283381)
+++ branches/safari-611.4.2.0-branch/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp 2021-10-01 18:07:05 UTC (rev 283382)
@@ -98,7 +98,7 @@
m_loadInformation.request = request;
m_firstRequestHeaders = request.httpHeaderFields();
- checkRequest(WTFMove(request), client, WTFMove(handler));
+ checkRequest(WTFMove(request), client, URL(), WTFMove(handler));
}
static inline NetworkLoadChecker::RedirectionRequestOrError redirectionError(const ResourceResponse& redirectResponse, String&& errorMessage)
@@ -148,7 +148,7 @@
m_previousURL = WTFMove(m_url);
m_url = redirectRequest.url();
- checkRequest(WTFMove(redirectRequest), client, [handler = WTFMove(handler), request = WTFMove(request), redirectResponse = WTFMove(redirectResponse)](auto&& result) mutable {
+ checkRequest(WTFMove(redirectRequest), client, redirectResponse.url(), [handler = WTFMove(handler), request = WTFMove(request), redirectResponse = WTFMove(redirectResponse)](auto&& result) mutable {
WTF::switchOn(result,
[&handler] (ResourceError& error) mutable {
handler(makeUnexpected(WTFMove(error)));
@@ -247,7 +247,7 @@
#endif
}
-void NetworkLoadChecker::checkRequest(ResourceRequest&& request, ContentSecurityPolicyClient* client, ValidationHandler&& handler)
+void NetworkLoadChecker::checkRequest(ResourceRequest&& request, ContentSecurityPolicyClient* client, const URL& preRedirectURL, ValidationHandler&& handler)
{
ResourceRequest originalRequest = request;
@@ -260,7 +260,7 @@
auto type = m_options.mode == FetchOptions::Mode::Navigate ? ContentSecurityPolicy::InsecureRequestType::Navigation : ContentSecurityPolicy::InsecureRequestType::Load;
contentSecurityPolicy->upgradeInsecureRequestIfNeeded(request, type);
}
- if (!this->isAllowedByContentSecurityPolicy(request, client)) {
+ if (!this->isAllowedByContentSecurityPolicy(request, client, preRedirectURL)) {
handler(this->accessControlErrorForValidationHandler("Blocked by Content Security Policy."_s));
return;
}
@@ -299,7 +299,7 @@
this->continueCheckingRequest(WTFMove(currentRequest), WTFMove(handler));
}
-bool NetworkLoadChecker::isAllowedByContentSecurityPolicy(const ResourceRequest& request, WebCore::ContentSecurityPolicyClient* client)
+bool NetworkLoadChecker::isAllowedByContentSecurityPolicy(const ResourceRequest& request, WebCore::ContentSecurityPolicyClient* client, const URL& preRedirectURL)
{
auto* contentSecurityPolicy = this->contentSecurityPolicy();
contentSecurityPolicy->setClient(client);
@@ -314,7 +314,7 @@
case FetchOptions::Destination::Worker:
case FetchOptions::Destination::Serviceworker:
case FetchOptions::Destination::Sharedworker:
- return contentSecurityPolicy->allowChildContextFromSource(request.url(), redirectResponseReceived);
+ return contentSecurityPolicy->allowChildContextFromSource(request.url(), redirectResponseReceived, preRedirectURL);
case FetchOptions::Destination::Script:
if (request.requester() == ResourceRequest::Requester::ImportScripts && !contentSecurityPolicy->allowScriptFromSource(request.url(), redirectResponseReceived))
return false;