Diff
Modified: trunk/LayoutTests/ChangeLog (289120 => 289121)
--- trunk/LayoutTests/ChangeLog 2022-02-04 17:04:43 UTC (rev 289120)
+++ trunk/LayoutTests/ChangeLog 2022-02-04 17:06:32 UTC (rev 289121)
@@ -1,3 +1,16 @@
+2022-02-04 Kate Cheney <katherine_che...@apple.com>
+
+ Fix App Privacy Report redirect attribution
+ https://bugs.webkit.org/show_bug.cgi?id=236111
+
+ Reviewed by Brent Fulgham.
+
+ * http/tests/app-privacy-report/resources/redirect.js: Added.
+ * http/tests/app-privacy-report/app-attribution-redirect-expected.txt: Added.
+ * http/tests/app-privacy-report/app-attribution-redirect.html: Added.
+ * http/tests/app-privacy-report/user-attribution-redirect-expected.txt: Added.
+ * http/tests/app-privacy-report/user-attribution-redirect.html: Added.
+
2022-02-04 Chris Dumez <cdu...@apple.com>
Unreviewed, unskip more Shared Worker layout tests on WK2.
Added: trunk/LayoutTests/http/tests/app-privacy-report/app-attribution-redirect-expected.txt (0 => 289121)
--- trunk/LayoutTests/http/tests/app-privacy-report/app-attribution-redirect-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/app-privacy-report/app-attribution-redirect-expected.txt 2022-02-04 17:06:32 UTC (rev 289121)
@@ -0,0 +1,9 @@
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. Status code: 200
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/app-privacy-report/resources/redirect.js due to access control checks.
+Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
+
+PASS successfully loaded only app initiated requests
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/app-privacy-report/app-attribution-redirect.html (0 => 289121)
--- trunk/LayoutTests/http/tests/app-privacy-report/app-attribution-redirect.html (rev 0)
+++ trunk/LayoutTests/http/tests/app-privacy-report/app-attribution-redirect.html 2022-02-04 17:06:32 UTC (rev 289121)
@@ -0,0 +1,59 @@
+<!DOCTYPE html><!-- webkit-test-runner [ isAppInitiated=true ] -->
+<head>
+ <script src=""
+</head>
+<body>
+<p>Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:</p>
+<pre id='console'></pre>
+<script type="text/_javascript_">
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ }
+
+ function log(message)
+ {
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+ }
+
+ if (window.testRunner)
+ testRunner.setAllowsAnySSLCertificate(true);
+
+ window.jsTestIsAsync = true;
+
+ function log(message)
+ {
+ document.getElementById('console').appendChild(document.createTextNode(message + '\n'));
+ }
+
+ function askForAttribution() {
+ var didLoadAppInitiatedRequest = testRunner.didLoadAppInitiatedRequest();
+ var didLoadNonAppInitiatedRequest = testRunner.didLoadNonAppInitiatedRequest();
+
+ if (didLoadNonAppInitiatedRequest) {
+ log("FAIL did load non app initiated request");
+ finishJSTest();
+ return;
+ }
+
+ if (!didLoadAppInitiatedRequest) {
+ log("FAIL did not load app initiated request");
+ finishJSTest();
+ return;
+ }
+
+ log("PASS successfully loaded only app initiated requests");
+
+ finishJSTest();
+ }
+
+ var xhr = new XMLHttpRequest;
+ xhr._onerror_ = function() { setTimeout(askForAttribution, 0); }
+ xhr.open("GET", "/resources/redirect.py?url="" true);
+ xhr.send();
+
+</script>
+<script src=""
+
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/app-privacy-report/resources/redirect.js (0 => 289121)
--- trunk/LayoutTests/http/tests/app-privacy-report/resources/redirect.js (rev 0)
+++ trunk/LayoutTests/http/tests/app-privacy-report/resources/redirect.js 2022-02-04 17:06:32 UTC (rev 289121)
@@ -0,0 +1 @@
+console.log("FAIL");
Added: trunk/LayoutTests/http/tests/app-privacy-report/user-attribution-redirect-expected.txt (0 => 289121)
--- trunk/LayoutTests/http/tests/app-privacy-report/user-attribution-redirect-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/app-privacy-report/user-attribution-redirect-expected.txt 2022-02-04 17:06:32 UTC (rev 289121)
@@ -0,0 +1,9 @@
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. Status code: 200
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/app-privacy-report/resources/redirect.js due to access control checks.
+Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
+
+PASS successfully loaded only non app initiated requests
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/app-privacy-report/user-attribution-redirect.html (0 => 289121)
--- trunk/LayoutTests/http/tests/app-privacy-report/user-attribution-redirect.html (rev 0)
+++ trunk/LayoutTests/http/tests/app-privacy-report/user-attribution-redirect.html 2022-02-04 17:06:32 UTC (rev 289121)
@@ -0,0 +1,59 @@
+<!DOCTYPE html><!-- webkit-test-runner [ isAppInitiated=false ] -->
+<head>
+ <script src=""
+</head>
+<body>
+<p>Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:</p>
+<pre id='console'></pre>
+<script type="text/_javascript_">
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ }
+
+ function log(message)
+ {
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+ }
+
+ if (window.testRunner)
+ testRunner.setAllowsAnySSLCertificate(true);
+
+ window.jsTestIsAsync = true;
+
+ function log(message)
+ {
+ document.getElementById('console').appendChild(document.createTextNode(message + '\n'));
+ }
+
+ function askForAttribution() {
+ var didLoadAppBoundRequest = testRunner.didLoadAppInitiatedRequest();
+ var didLoadNonAppBoundRequest = testRunner.didLoadNonAppInitiatedRequest();
+
+ if (didLoadAppBoundRequest) {
+ log("FAIL did load app initiated request");
+ finishJSTest();
+ return;
+ }
+
+ if (!didLoadNonAppBoundRequest) {
+ log("FAIL did not load non app initiated request");
+ finishJSTest();
+ return;
+ }
+
+ log("PASS successfully loaded only non app initiated requests");
+
+ finishJSTest();
+ }
+
+ var xhr = new XMLHttpRequest;
+ xhr._onerror_ = function() { setTimeout(askForAttribution, 0); }
+ xhr.open("GET", "/resources/redirect.py?url="" true);
+ xhr.send();
+
+</script>
+<script src=""
+
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (289120 => 289121)
--- trunk/Source/WebCore/ChangeLog 2022-02-04 17:04:43 UTC (rev 289120)
+++ trunk/Source/WebCore/ChangeLog 2022-02-04 17:06:32 UTC (rev 289121)
@@ -1,3 +1,16 @@
+2022-02-04 Kate Cheney <katherine_che...@apple.com>
+
+ Fix App Privacy Report redirect attribution
+ https://bugs.webkit.org/show_bug.cgi?id=236111
+
+ Reviewed by Brent Fulgham.
+
+ Test: http/tests/app-privacy-report/user-attribution-redirect.html
+ Test: http/tests/app-privacy-report/app-attribution-redirect.html
+
+ * platform/network/cf/ResourceRequestCFNet.cpp:
+ (WebCore::ResourceRequest::updateFromDelegatePreservingOldProperties):
+
2022-02-04 Alexey Shvayka <ashva...@apple.com>
[WebIDL] Rename Document / ScriptExecutionContext / GlobalObject values of [*CallWith] to include "Current"
Modified: trunk/Source/WebCore/platform/network/cf/ResourceRequestCFNet.cpp (289120 => 289121)
--- trunk/Source/WebCore/platform/network/cf/ResourceRequestCFNet.cpp 2022-02-04 17:04:43 UTC (rev 289120)
+++ trunk/Source/WebCore/platform/network/cf/ResourceRequestCFNet.cpp 2022-02-04 17:06:32 UTC (rev 289121)
@@ -370,6 +370,7 @@
auto oldRequester = requester();
auto oldInitiatorIdentifier = initiatorIdentifier();
auto oldInspectorInitiatorNodeIdentifier = inspectorInitiatorNodeIdentifier();
+ auto oldAppInitiatedValue = isAppInitiated();
*this = delegateProvidedRequest;
@@ -380,6 +381,7 @@
setInitiatorIdentifier(oldInitiatorIdentifier);
if (oldInspectorInitiatorNodeIdentifier)
setInspectorInitiatorNodeIdentifier(*oldInspectorInitiatorNodeIdentifier);
+ setIsAppInitiated(oldAppInitiatedValue);
}
bool ResourceRequest::httpPipeliningEnabled()
Modified: trunk/Source/WebKit/ChangeLog (289120 => 289121)
--- trunk/Source/WebKit/ChangeLog 2022-02-04 17:04:43 UTC (rev 289120)
+++ trunk/Source/WebKit/ChangeLog 2022-02-04 17:06:32 UTC (rev 289121)
@@ -1,3 +1,13 @@
+2022-02-04 Kate Cheney <katherine_che...@apple.com>
+
+ Fix App Privacy Report redirect attribution
+ https://bugs.webkit.org/show_bug.cgi?id=236111
+
+ Reviewed by Brent Fulgham.
+
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
+
2022-02-04 Ben Nham <n...@apple.com>
Import APSConnection-related SPI
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (289120 => 289121)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2022-02-04 17:04:43 UTC (rev 289120)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2022-02-04 17:06:32 UTC (rev 289121)
@@ -597,12 +597,7 @@
WebCore::ResourceResponse resourceResponse(response);
networkDataTask->checkTAO(resourceResponse);
- bool isAppInitiated = true;
-#if ENABLE(APP_PRIVACY_REPORT)
- isAppInitiated = request.attribution == NSURLRequestAttributionDeveloper;
-#endif
-
- networkDataTask->willPerformHTTPRedirection(WTFMove(resourceResponse), request, [session = networkDataTask->networkSession(), completionHandler = makeBlockPtr(completionHandler), taskIdentifier, shouldIgnoreHSTS, isAppInitiated](auto&& request) {
+ networkDataTask->willPerformHTTPRedirection(WTFMove(resourceResponse), request, [session = networkDataTask->networkSession(), completionHandler = makeBlockPtr(completionHandler), taskIdentifier, shouldIgnoreHSTS](auto&& request) {
#if !LOG_DISABLED
LOG(NetworkSession, "%llu willPerformHTTPRedirection completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
#else
@@ -609,19 +604,6 @@
UNUSED_PARAM(taskIdentifier);
#endif
auto nsRequest = retainPtr(request.nsURLRequest(WebCore::HTTPBodyUpdatePolicy::UpdateHTTPBody));
-
-#if ENABLE(APP_PRIVACY_REPORT)
- if (session) {
- RetainPtr<NSMutableURLRequest> mutableRequest = adoptNS([nsRequest mutableCopy]);
- mutableRequest.get().attribution = isAppInitiated ? NSURLRequestAttributionDeveloper : NSURLRequestAttributionUser;
- nsRequest = mutableRequest.get();
-
- session->appPrivacyReportTestingData().didLoadAppInitiatedRequest(nsRequest.get().attribution == NSURLRequestAttributionDeveloper);
- }
-#else
- UNUSED_PARAM(isAppInitiated);
- UNUSED_PARAM(session);
-#endif
updateIgnoreStrictTransportSecuritySetting(nsRequest, shouldIgnoreHSTS);
completionHandler(nsRequest.get());
});
