Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 3533fb3edb8034827a24eeeb72feb65c247b06b0
https://github.com/WebKit/WebKit/commit/3533fb3edb8034827a24eeeb72feb65c247b06b0
Author: Sihui Liu <sihui_...@apple.com>
Date: 2024-04-25 (Thu, 25 Apr 2024)
Changed paths:
M Source/WebCore/loader/EmptyClients.cpp
M Source/WebCore/page/Chrome.cpp
M Source/WebCore/page/Page.h
M Source/WebCore/storage/StorageNamespaceProvider.h
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.messages.in
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
M Source/WebKit/WebProcess/WebStorage/WebStorageNamespaceProvider.cpp
M Source/WebKit/WebProcess/WebStorage/WebStorageNamespaceProvider.h
M Source/WebKitLegacy/Storage/WebStorageNamespaceProvider.cpp
M Source/WebKitLegacy/Storage/WebStorageNamespaceProvider.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm
Log Message:
-----------
Stop sending CloneSessionStorageNamespace message from web process
https://bugs.webkit.org/show_bug.cgi?id=273082
rdar://126879290
Reviewed by Alex Christensen.
Currently web process sends CloneSessionStorageNamespace message to network
process when creating new window (page). On
receiving the message, network process copies SessionStorage of the existing
page to new page. Since web process cannot
be trusted, network process is supposed to validate that the sender process has
access to both pages before performing
the copy, but it currently doesn't. To fix this, this patch moves the message
from web process to UI process. UI process
is a trusted process, so network process does not need to do the validation.
Also, UI process is reponsible for creating
new page (see WebPageProxy::CreateNewPage), so it knows what pages need the
copy.
This is for hardening and it should not change existing behavior. The
SessionStorage copy behavior is covered by
existing tests like storage/domstorage/sessionstorage/window-open.html and
imported/w3c/web-platform-tests/webstorage/storage_session_window_noopener.window.html.
* Source/WebCore/loader/EmptyClients.cpp:
* Source/WebCore/page/Chrome.cpp:
(WebCore::Chrome::createWindow):
* Source/WebCore/page/Page.h:
* Source/WebCore/storage/StorageNamespaceProvider.h:
(WebCore::StorageNamespaceProvider::cloneSessionStorageNamespaceForPage):
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp:
(WebKit::NetworkStorageManager::cloneSessionStorageNamespace):
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h:
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.messages.in:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::createNewPage):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
* Source/WebKit/WebProcess/WebStorage/WebStorageNamespaceProvider.cpp:
(WebKit::WebStorageNamespaceProvider::copySessionStorageNamespace): Deleted.
* Source/WebKit/WebProcess/WebStorage/WebStorageNamespaceProvider.h:
* Source/WebKitLegacy/Storage/WebStorageNamespaceProvider.cpp:
(WebKit::WebStorageNamespaceProvider::cloneSessionStorageNamespaceForPage):
(WebKit::WebStorageNamespaceProvider::copySessionStorageNamespace): Deleted.
* Source/WebKitLegacy/Storage/WebStorageNamespaceProvider.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebChromeClient.mm:
(WebChromeClient::createWindow):
Canonical link: https://commits.webkit.org/277988@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
