Title: [230541] trunk/Source
Revision
230541
Author
you...@apple.com
Date
2018-04-11 12:05:08 -0700 (Wed, 11 Apr 2018)

Log Message

Pass FetchOptions and SecurityOrigin as load parameters from WebProcess to NetworkProcess
https://bugs.webkit.org/show_bug.cgi?id=184374

Reviewed by Chris Dumez.

Source/WebCore:

Add support for SecurityOrigin encode/decode routines.

* page/SecurityOrigin.h:

Source/WebKit:

Pass full FetchOptions parameters as part of NetworkResourceLoadParameters.
This will allow handling redirection mode as well as credentials in case of cross origin redirections.
In case of SameOrigin credentials and there is a redirection from same-origin to cross-origin,
we will be able to stop using credentials without going to WebProcess.

To handle properly cross-origin checks, we have to be able to use SecurityOrigin as in WebProcess.
We make WebProcess sends Origin Access White list information to NetworkProcess.
This allows supporting the white list when doing loading in NetworkProcess.
This only works consistently if all WebProcesses share the same whitelist.

* NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::loadPing):
(WebKit::NetworkConnectionToWebProcess::addOriginAccessWhitelistEntry):
(WebKit::NetworkConnectionToWebProcess::removeOriginAccessWhitelistEntry):
(WebKit::NetworkConnectionToWebProcess::resetOriginAccessWhitelists):
* NetworkProcess/NetworkConnectionToWebProcess.h:
* NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::NetworkLoadChecker):
(WebKit::NetworkLoadChecker::checkRedirection):
(WebKit::NetworkLoadChecker::continueCheckingRequest):
(WebKit::NetworkLoadChecker::checkCORSRequest):
(WebKit::NetworkLoadChecker::checkCORSRedirectedRequest):
(WebKit::NetworkLoadChecker::checkCORSRequestWithPreflight):
(WebKit::NetworkLoadChecker::doesNotNeedCORSCheck const):
* NetworkProcess/NetworkLoadChecker.h:
(WebKit::NetworkLoadChecker::create):
* NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):
* NetworkProcess/NetworkResourceLoadParameters.h:
* NetworkProcess/PingLoad.cpp:
(WebKit::PingLoad::PingLoad):
(WebKit::PingLoad::willPerformHTTPRedirection):
* NetworkProcess/PingLoad.h:
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::addOriginAccessWhitelistEntry):
(WebKit::InjectedBundle::removeOriginAccessWhitelistEntry):
(WebKit::InjectedBundle::resetOriginAccessWhitelists):
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::startPingLoad):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (230540 => 230541)


--- trunk/Source/WebCore/ChangeLog	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebCore/ChangeLog	2018-04-11 19:05:08 UTC (rev 230541)
@@ -1,3 +1,14 @@
+2018-04-11  Youenn Fablet  <you...@apple.com>
+
+        Pass FetchOptions and SecurityOrigin as load parameters from WebProcess to NetworkProcess
+        https://bugs.webkit.org/show_bug.cgi?id=184374
+
+        Reviewed by Chris Dumez.
+
+        Add support for SecurityOrigin encode/decode routines.
+
+        * page/SecurityOrigin.h:
+
 2018-04-11  Thibault Saunier  <tsaun...@igalia.com>
 
         [GStreamer] Use of playbin3 when USE_PLAYBIN3 environment variable is set

Modified: trunk/Source/WebCore/page/SecurityOrigin.h (230540 => 230541)


--- trunk/Source/WebCore/page/SecurityOrigin.h	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebCore/page/SecurityOrigin.h	2018-04-11 19:05:08 UTC (rev 230541)
@@ -206,6 +206,9 @@
 
     const SecurityOriginData& data() const { return m_data; }
 
+    template<class Encoder> void encode(Encoder&) const;
+    template<class Decoder> static RefPtr<SecurityOrigin> decode(Decoder&);
+
 private:
     SecurityOrigin();
     explicit SecurityOrigin(const URL&);
@@ -241,4 +244,55 @@
 bool originsMatch(const SecurityOrigin&, const SecurityOrigin&);
 bool originsMatch(const SecurityOrigin*, const SecurityOrigin*);
 
+template<class Encoder> inline void SecurityOrigin::encode(Encoder& encoder) const
+{
+    encoder << m_data;
+    encoder << m_domain;
+    encoder << m_filePath;
+    encoder << m_isUnique;
+    encoder << m_universalAccess;
+    encoder << m_domainWasSetInDOM;
+    encoder << m_canLoadLocalResources;
+    encoder.encodeEnum(m_storageBlockingPolicy);
+    encoder << m_enforcesFilePathSeparation;
+    encoder << m_needsStorageAccessFromFileURLsQuirk;
+    encoder << m_isPotentiallyTrustworthy;
+    encoder << m_isLocal;
+}
+
+template<class Decoder> inline RefPtr<SecurityOrigin> SecurityOrigin::decode(Decoder& decoder)
+{
+    std::optional<SecurityOriginData> data;
+    decoder >> data;
+    if (!data)
+        return nullptr;
+
+    auto origin = SecurityOrigin::create(data->protocol, data->host, data->port);
+
+    if (!decoder.decode(origin->m_domain))
+        return nullptr;
+    if (!decoder.decode(origin->m_filePath))
+        return nullptr;
+    if (!decoder.decode(origin->m_isUnique))
+        return nullptr;
+    if (!decoder.decode(origin->m_universalAccess))
+        return nullptr;
+    if (!decoder.decode(origin->m_domainWasSetInDOM))
+        return nullptr;
+    if (!decoder.decode(origin->m_canLoadLocalResources))
+        return nullptr;
+    if (!decoder.decodeEnum(origin->m_storageBlockingPolicy))
+        return nullptr;
+    if (!decoder.decode(origin->m_enforcesFilePathSeparation))
+        return nullptr;
+    if (!decoder.decode(origin->m_needsStorageAccessFromFileURLsQuirk))
+        return nullptr;
+    if (!decoder.decode(origin->m_isPotentiallyTrustworthy))
+        return nullptr;
+    if (!decoder.decode(origin->m_isLocal))
+        return nullptr;
+
+    return WTFMove(origin);
+}
+
 } // namespace WebCore

Modified: trunk/Source/WebKit/ChangeLog (230540 => 230541)


--- trunk/Source/WebKit/ChangeLog	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/ChangeLog	2018-04-11 19:05:08 UTC (rev 230541)
@@ -1,3 +1,52 @@
+2018-04-11  Youenn Fablet  <you...@apple.com>
+
+        Pass FetchOptions and SecurityOrigin as load parameters from WebProcess to NetworkProcess
+        https://bugs.webkit.org/show_bug.cgi?id=184374
+
+        Reviewed by Chris Dumez.
+
+        Pass full FetchOptions parameters as part of NetworkResourceLoadParameters.
+        This will allow handling redirection mode as well as credentials in case of cross origin redirections.
+        In case of SameOrigin credentials and there is a redirection from same-origin to cross-origin,
+        we will be able to stop using credentials without going to WebProcess.
+
+        To handle properly cross-origin checks, we have to be able to use SecurityOrigin as in WebProcess.
+        We make WebProcess sends Origin Access White list information to NetworkProcess.
+        This allows supporting the white list when doing loading in NetworkProcess.
+        This only works consistently if all WebProcesses share the same whitelist.
+
+        * NetworkProcess/NetworkConnectionToWebProcess.cpp:
+        (WebKit::NetworkConnectionToWebProcess::loadPing):
+        (WebKit::NetworkConnectionToWebProcess::addOriginAccessWhitelistEntry):
+        (WebKit::NetworkConnectionToWebProcess::removeOriginAccessWhitelistEntry):
+        (WebKit::NetworkConnectionToWebProcess::resetOriginAccessWhitelists):
+        * NetworkProcess/NetworkConnectionToWebProcess.h:
+        * NetworkProcess/NetworkConnectionToWebProcess.messages.in:
+        * NetworkProcess/NetworkLoadChecker.cpp:
+        (WebKit::NetworkLoadChecker::NetworkLoadChecker):
+        (WebKit::NetworkLoadChecker::checkRedirection):
+        (WebKit::NetworkLoadChecker::continueCheckingRequest):
+        (WebKit::NetworkLoadChecker::checkCORSRequest):
+        (WebKit::NetworkLoadChecker::checkCORSRedirectedRequest):
+        (WebKit::NetworkLoadChecker::checkCORSRequestWithPreflight):
+        (WebKit::NetworkLoadChecker::doesNotNeedCORSCheck const):
+        * NetworkProcess/NetworkLoadChecker.h:
+        (WebKit::NetworkLoadChecker::create):
+        * NetworkProcess/NetworkResourceLoadParameters.cpp:
+        (WebKit::NetworkResourceLoadParameters::encode const):
+        (WebKit::NetworkResourceLoadParameters::decode):
+        * NetworkProcess/NetworkResourceLoadParameters.h:
+        * NetworkProcess/PingLoad.cpp:
+        (WebKit::PingLoad::PingLoad):
+        (WebKit::PingLoad::willPerformHTTPRedirection):
+        * NetworkProcess/PingLoad.h:
+        * WebProcess/InjectedBundle/InjectedBundle.cpp:
+        (WebKit::InjectedBundle::addOriginAccessWhitelistEntry):
+        (WebKit::InjectedBundle::removeOriginAccessWhitelistEntry):
+        (WebKit::InjectedBundle::resetOriginAccessWhitelists):
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::WebLoaderStrategy::startPingLoad):
+
 2018-04-11  Michael Catanzaro  <mcatanz...@igalia.com>
 
         [GTK] WaylandCompositorDisplay leaks its wl_display

Modified: trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp (230540 => 230541)


--- trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp	2018-04-11 19:05:08 UTC (rev 230541)
@@ -55,6 +55,7 @@
 #include <WebCore/PlatformCookieJar.h>
 #include <WebCore/ResourceLoaderOptions.h>
 #include <WebCore/ResourceRequest.h>
+#include <WebCore/SecurityPolicy.h>
 #include <pal/SessionID.h>
 
 using namespace WebCore;
@@ -248,7 +249,7 @@
     loader->start();
 }
 
-void NetworkConnectionToWebProcess::loadPing(NetworkResourceLoadParameters&& loadParameters, HTTPHeaderMap&& originalRequestHeaders)
+void NetworkConnectionToWebProcess::loadPing(NetworkResourceLoadParameters&& loadParameters)
 {
     auto completionHandler = [this, protectedThis = makeRef(*this), identifier = loadParameters.identifier] (const ResourceError& error, const ResourceResponse& response) {
         didFinishPingLoad(identifier, error, response);
@@ -255,7 +256,7 @@
     };
 
     // PingLoad manages its own lifetime, deleting itself when its purpose has been fulfilled.
-    new PingLoad(WTFMove(loadParameters), WTFMove(originalRequestHeaders), WTFMove(completionHandler));
+    new PingLoad(WTFMove(loadParameters), WTFMove(completionHandler));
 }
 
 void NetworkConnectionToWebProcess::didFinishPingLoad(uint64_t pingLoadIdentifier, const ResourceError& error, const ResourceResponse& response)
@@ -513,4 +514,19 @@
 #endif
 }
 
+void NetworkConnectionToWebProcess::addOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains)
+{
+    SecurityPolicy::addOriginAccessWhitelistEntry(SecurityOrigin::createFromString(sourceOrigin).get(), destinationProtocol, destinationHost, allowDestinationSubdomains);
+}
+
+void NetworkConnectionToWebProcess::removeOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains)
+{
+    SecurityPolicy::removeOriginAccessWhitelistEntry(SecurityOrigin::createFromString(sourceOrigin).get(), destinationProtocol, destinationHost, allowDestinationSubdomains);
+}
+
+void NetworkConnectionToWebProcess::resetOriginAccessWhitelists()
+{
+    SecurityPolicy::resetOriginAccessWhitelists();
+}
+
 } // namespace WebKit

Modified: trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h (230540 => 230541)


--- trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h	2018-04-11 19:05:08 UTC (rev 230541)
@@ -92,7 +92,7 @@
 
     void scheduleResourceLoad(NetworkResourceLoadParameters&&);
     void performSynchronousLoad(NetworkResourceLoadParameters&&, Ref<Messages::NetworkConnectionToWebProcess::PerformSynchronousLoad::DelayedReply>&&);
-    void loadPing(NetworkResourceLoadParameters&&, WebCore::HTTPHeaderMap&& originalRequestHeaders);
+    void loadPing(NetworkResourceLoadParameters&&);
     void prefetchDNS(const String&);
     void preconnectTo(uint64_t preconnectionIdentifier, NetworkLoadParameters&&);
 
@@ -140,6 +140,10 @@
     void removeStorageAccessForFrame(PAL::SessionID, uint64_t frameID, uint64_t pageID);
     void removeStorageAccessForAllFramesOnPage(PAL::SessionID, uint64_t pageID);
 
+    void addOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains);
+    void removeOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains);
+    void resetOriginAccessWhitelists();
+
     Ref<IPC::Connection> m_connection;
 
     HashMap<uint64_t, RefPtr<NetworkSocketStream>> m_networkSocketStreams;

Modified: trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in (230540 => 230541)


--- trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in	2018-04-11 19:05:08 UTC (rev 230541)
@@ -24,7 +24,7 @@
 
     ScheduleResourceLoad(WebKit::NetworkResourceLoadParameters resourceLoadParameters)
     PerformSynchronousLoad(WebKit::NetworkResourceLoadParameters resourceLoadParameters) -> (WebCore::ResourceError error, WebCore::ResourceResponse response, Vector<char> data) Delayed
-    LoadPing(WebKit::NetworkResourceLoadParameters resourceLoadParameters, WebCore::HTTPHeaderMap originalRequestHeaders)
+    LoadPing(WebKit::NetworkResourceLoadParameters resourceLoadParameters)
     RemoveLoadIdentifier(uint64_t resourceLoadIdentifier)
     SetDefersLoading(uint64_t resourceLoadIdentifier, bool defers)
     PrefetchDNS(String hostname)
@@ -60,4 +60,8 @@
 
     RemoveStorageAccessForFrame(PAL::SessionID sessionID, uint64_t frameID, uint64_t pageID);
     RemoveStorageAccessForAllFramesOnPage(PAL::SessionID sessionID, uint64_t pageID);
+
+    AddOriginAccessWhitelistEntry(String sourceOrigin, String destinationProtocol, String destinationHost, bool allowDestinationSubdomains);
+    RemoveOriginAccessWhitelistEntry(String sourceOrigin, String destinationProtocol, String destinationHost, bool allowDestinationSubdomains);
+    ResetOriginAccessWhitelists();
 }

Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (230540 => 230541)


--- trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp	2018-04-11 19:05:08 UTC (rev 230541)
@@ -41,17 +41,26 @@
 
 using namespace WebCore;
 
-NetworkLoadChecker::NetworkLoadChecker(WebCore::FetchOptions::Mode mode, bool shouldFollowRedirects, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, PAL::SessionID sessionID, WebCore::HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin)
-    : m_mode(mode)
-    , m_shouldFollowRedirects(shouldFollowRedirects)
-    , m_storedCredentialsPolicy(storedCredentialsPolicy)
+NetworkLoadChecker::NetworkLoadChecker(WebCore::FetchOptions&& options, PAL::SessionID sessionID, WebCore::HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin)
+    : m_options(WTFMove(options))
     , m_sessionID(sessionID)
     , m_originalRequestHeaders(WTFMove(originalRequestHeaders))
     , m_url(WTFMove(url))
     , m_origin(WTFMove(sourceOrigin))
 {
-    if (m_mode == FetchOptions::Mode::Cors || m_mode == FetchOptions::Mode::SameOrigin)
-        m_isSameOriginRequest = m_origin->canRequest(m_url);
+    if (m_options.mode == FetchOptions::Mode::Cors || m_options.mode == FetchOptions::Mode::SameOrigin)
+        m_isSameOriginRequest = m_url.protocolIsData() || m_url.protocolIsBlob() || m_origin->canRequest(m_url);
+    switch (options.credentials) {
+    case FetchOptions::Credentials::Include:
+        m_storedCredentialsPolicy = StoredCredentialsPolicy::Use;
+        break;
+    case FetchOptions::Credentials::SameOrigin:
+        m_storedCredentialsPolicy = m_isSameOriginRequest ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
+        break;
+    case FetchOptions::Credentials::Omit:
+        m_storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
+        break;
+    }
 }
 
 NetworkLoadChecker::~NetworkLoadChecker() = default;
@@ -77,7 +86,7 @@
     m_previousURL = WTFMove(m_url);
     m_url = request.url();
 
-    if (!m_shouldFollowRedirects) {
+    if (m_options.redirect != FetchOptions::Redirect::Follow) {
         handler(returnError(ASCIILiteral("Load parameters do not allow following redirections")));
         return;
     }
@@ -105,12 +114,12 @@
         return { };
     }
 
-    if (m_mode == FetchOptions::Mode::NoCors) {
+    if (m_options.mode == FetchOptions::Mode::NoCors) {
         response.setTainting(ResourceResponse::Tainting::Opaque);
         return { };
     }
 
-    ASSERT(m_mode == FetchOptions::Mode::Cors);
+    ASSERT(m_options.mode == FetchOptions::Mode::Cors);
 
     String errorMessage;
     if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage))
@@ -145,7 +154,7 @@
     if (auto* contentSecurityPolicy = this->contentSecurityPolicy()) {
         if (isRedirected()) {
             URL url = ""
-            auto type = m_mode == FetchOptions::Mode::Navigate ? ContentSecurityPolicy::InsecureRequestType::Navigation : ContentSecurityPolicy::InsecureRequestType::Load;
+            auto type = m_options.mode == FetchOptions::Mode::Navigate ? ContentSecurityPolicy::InsecureRequestType::Navigation : ContentSecurityPolicy::InsecureRequestType::Load;
             contentSecurityPolicy->upgradeInsecureRequestIfNeeded(url, type);
             if (url != request.url())
                 request.setURL(url);
@@ -156,12 +165,15 @@
         }
     }
 
+    if (m_options.credentials == FetchOptions::Credentials::SameOrigin)
+        m_storedCredentialsPolicy =  (m_isSameOriginRequest && m_origin->canRequest(request.url())) ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
+
     if (doesNotNeedCORSCheck(request.url())) {
         handler(WTFMove(request));
         return;
     }
 
-    if (m_mode == FetchOptions::Mode::SameOrigin) {
+    if (m_options.mode == FetchOptions::Mode::SameOrigin) {
         handler(returnError(ASCIILiteral("SameOrigin mode does not allow cross origin requests")));
         return;
     }
@@ -177,7 +189,7 @@
 
 void NetworkLoadChecker::checkCORSRequest(ResourceRequest&& request, ValidationHandler&& handler)
 {
-    ASSERT(m_mode == FetchOptions::Mode::Cors);
+    ASSERT(m_options.mode == FetchOptions::Mode::Cors);
 
     // Except in case where preflight is needed, loading should be able to continue on its own.
     if (m_isSimpleRequest && isSimpleCrossOriginAccessRequest(request.httpMethod(), m_originalRequestHeaders)) {
@@ -190,7 +202,7 @@
 
 void NetworkLoadChecker::checkCORSRedirectedRequest(ResourceRequest&& request, ValidationHandler&& handler)
 {
-    ASSERT(m_mode == FetchOptions::Mode::Cors);
+    ASSERT(m_options.mode == FetchOptions::Mode::Cors);
     ASSERT(isRedirected());
 
     // Force any subsequent request to use these checks.
@@ -215,7 +227,7 @@
 
 void NetworkLoadChecker::checkCORSRequestWithPreflight(ResourceRequest&& request, ValidationHandler&& handler)
 {
-    ASSERT(m_mode == FetchOptions::Mode::Cors);
+    ASSERT(m_options.mode == FetchOptions::Mode::Cors);
 
     m_isSimpleRequest = false;
     // FIXME: We should probably partition preflight result cache by session ID.
@@ -254,7 +266,7 @@
 
 bool NetworkLoadChecker::doesNotNeedCORSCheck(const URL& url) const
 {
-    if (m_mode == FetchOptions::Mode::NoCors || m_mode == FetchOptions::Mode::Navigate)
+    if (m_options.mode == FetchOptions::Mode::NoCors || m_options.mode == FetchOptions::Mode::Navigate)
         return true;
 
     return m_isSameOriginRequest && m_origin->canRequest(url);

Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.h (230540 => 230541)


--- trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.h	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.h	2018-04-11 19:05:08 UTC (rev 230541)
@@ -42,9 +42,9 @@
 
 class NetworkLoadChecker : public RefCounted<NetworkLoadChecker> {
 public:
-    static Ref<NetworkLoadChecker> create(WebCore::FetchOptions::Mode mode, bool shouldFollowRedirects, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, PAL::SessionID sessionID, WebCore::HTTPHeaderMap&& originalHeaders, WebCore::URL&& url, RefPtr<WebCore::SecurityOrigin>&& sourceOrigin)
+    static Ref<NetworkLoadChecker> create(WebCore::FetchOptions&& options, PAL::SessionID sessionID, WebCore::HTTPHeaderMap&& originalHeaders, WebCore::URL&& url, RefPtr<WebCore::SecurityOrigin>&& sourceOrigin)
     {
-        return adoptRef(*new NetworkLoadChecker { mode, shouldFollowRedirects, storedCredentialsPolicy, sessionID, WTFMove(originalHeaders), WTFMove(url), WTFMove(sourceOrigin) });
+        return adoptRef(*new NetworkLoadChecker { WTFMove(options), sessionID, WTFMove(originalHeaders), WTFMove(url), WTFMove(sourceOrigin) });
     }
     ~NetworkLoadChecker();
 
@@ -68,7 +68,7 @@
     WebCore::StoredCredentialsPolicy storedCredentialsPolicy() const { return m_storedCredentialsPolicy; }
 
 private:
-    NetworkLoadChecker(WebCore::FetchOptions::Mode, bool shouldFollowRedirects, WebCore::StoredCredentialsPolicy, PAL::SessionID, WebCore::HTTPHeaderMap&&, WebCore::URL&&, RefPtr<WebCore::SecurityOrigin>&&);
+    NetworkLoadChecker(WebCore::FetchOptions&&, PAL::SessionID, WebCore::HTTPHeaderMap&&, WebCore::URL&&, RefPtr<WebCore::SecurityOrigin>&&);
 
     WebCore::ContentSecurityPolicy* contentSecurityPolicy() const;
     bool isChecking() const { return !!m_corsPreflightChecker; }
@@ -89,8 +89,7 @@
     void processContentExtensionRulesForLoad(WebCore::ResourceRequest&&, CompletionHandler<void(WebCore::ResourceRequest&&, const WebCore::ContentExtensions::BlockedStatus&)>&&);
 #endif
 
-    WebCore::FetchOptions::Mode m_mode;
-    bool m_shouldFollowRedirects;
+    WebCore::FetchOptions m_options;
     WebCore::StoredCredentialsPolicy m_storedCredentialsPolicy;
     PAL::SessionID m_sessionID;
     WebCore::HTTPHeaderMap m_originalRequestHeaders; // Needed for CORS checks.

Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp (230540 => 230541)


--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp	2018-04-11 19:05:08 UTC (rev 230541)
@@ -87,10 +87,10 @@
 
     encoder << static_cast<bool>(sourceOrigin);
     if (sourceOrigin)
-        encoder << sourceOrigin->data();
-    encoder.encodeEnum(mode);
-    encoder.encodeEnum(destination);
+        encoder << *sourceOrigin;
+    encoder << options;
     encoder << cspResponseHeaders;
+    encoder << originalRequestHeaders;
 
 #if ENABLE(CONTENT_EXTENSIONS)
     encoder << mainDocumentURL;
@@ -171,19 +171,21 @@
     if (!decoder.decode(hasSourceOrigin))
         return false;
     if (hasSourceOrigin) {
-        std::optional<SecurityOriginData> sourceOriginData;
-        decoder >> sourceOriginData;
-        if (!sourceOriginData)
+        result.sourceOrigin = SecurityOrigin::decode(decoder);
+        if (!result.sourceOrigin)
             return false;
-        ASSERT(!sourceOriginData->isEmpty());
-        result.sourceOrigin = sourceOriginData->securityOrigin();
     }
-    if (!decoder.decodeEnum(result.mode))
+
+    std::optional<FetchOptions> options;
+    decoder >> options;
+    if (!options)
         return false;
-    if (!decoder.decodeEnum(result.destination))
-        return false;
+    result.options = *options;
+
     if (!decoder.decode(result.cspResponseHeaders))
         return false;
+    if (!decoder.decode(result.originalRequestHeaders))
+        return false;
 
 #if ENABLE(CONTENT_EXTENSIONS)
     if (!decoder.decode(result.mainDocumentURL))

Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h (230540 => 230541)


--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h	2018-04-11 19:05:08 UTC (rev 230541)
@@ -56,9 +56,9 @@
     Seconds maximumBufferingTime;
     Vector<String> derivedCachedDataTypesToRetrieve;
     RefPtr<WebCore::SecurityOrigin> sourceOrigin;
-    WebCore::FetchOptions::Mode mode;
-    WebCore::FetchOptions::Destination destination;
+    WebCore::FetchOptions options;
     std::optional<WebCore::ContentSecurityPolicyResponseHeaders> cspResponseHeaders;
+    WebCore::HTTPHeaderMap originalRequestHeaders;
     bool shouldRestrictHTTPResponseAccess { false };
 
 #if ENABLE(CONTENT_EXTENSIONS)

Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (230540 => 230541)


--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp	2018-04-11 19:05:08 UTC (rev 230541)
@@ -472,7 +472,7 @@
             // We reduce filtering when it would otherwise be visible to scripts.
             // FIXME: We should use response tainting once computed in Network Process.
             bool isSameOrigin = m_parameters.sourceOrigin ? m_parameters.sourceOrigin->canRequest(response.url()) : protocolHostAndPortAreEqual(response.url(), m_parameters.request.url());
-            if (isSameOrigin && m_parameters.destination == FetchOptions::Destination::EmptyString)
+            if (isSameOrigin && m_parameters.options.destination == FetchOptions::Destination::EmptyString)
                 type = ResourceResponse::SanitizationType::RemoveCookies;
         }
         response.sanitizeHTTPHeaderFields(type);

Modified: trunk/Source/WebKit/NetworkProcess/PingLoad.cpp (230540 => 230541)


--- trunk/Source/WebKit/NetworkProcess/PingLoad.cpp	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/PingLoad.cpp	2018-04-11 19:05:08 UTC (rev 230541)
@@ -38,11 +38,11 @@
 
 using namespace WebCore;
 
-PingLoad::PingLoad(NetworkResourceLoadParameters&& parameters, HTTPHeaderMap&& originalRequestHeaders, WTF::CompletionHandler<void(const ResourceError&, const ResourceResponse&)>&& completionHandler)
+PingLoad::PingLoad(NetworkResourceLoadParameters&& parameters, WTF::CompletionHandler<void(const ResourceError&, const ResourceResponse&)>&& completionHandler)
     : m_parameters(WTFMove(parameters))
     , m_completionHandler(WTFMove(completionHandler))
     , m_timeoutTimer(*this, &PingLoad::timeoutTimerFired)
-    , m_networkLoadChecker(NetworkLoadChecker::create(m_parameters.mode, m_parameters.shouldFollowRedirects, m_parameters.storedCredentialsPolicy, m_parameters.sessionID, WTFMove(originalRequestHeaders), URL { m_parameters.request.url() }, m_parameters.sourceOrigin.copyRef()))
+    , m_networkLoadChecker(NetworkLoadChecker::create(FetchOptions { m_parameters.options}, m_parameters.sessionID, WTFMove(m_parameters.originalRequestHeaders), URL { m_parameters.request.url() }, m_parameters.sourceOrigin.copyRef()))
 {
 
     if (m_parameters.cspResponseHeaders)

Modified: trunk/Source/WebKit/NetworkProcess/PingLoad.h (230540 => 230541)


--- trunk/Source/WebKit/NetworkProcess/PingLoad.h	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/NetworkProcess/PingLoad.h	2018-04-11 19:05:08 UTC (rev 230541)
@@ -44,7 +44,7 @@
 
 class PingLoad final : private NetworkDataTaskClient {
 public:
-    PingLoad(NetworkResourceLoadParameters&&, WebCore::HTTPHeaderMap&& originalRequestHeaders, WTF::CompletionHandler<void(const WebCore::ResourceError&, const WebCore::ResourceResponse&)>&&);
+    PingLoad(NetworkResourceLoadParameters&&, WTF::CompletionHandler<void(const WebCore::ResourceError&, const WebCore::ResourceResponse&)>&&);
     
 private:
     ~PingLoad();

Modified: trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp (230540 => 230541)


--- trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp	2018-04-11 19:05:08 UTC (rev 230541)
@@ -29,6 +29,8 @@
 #include "APIArray.h"
 #include "APIData.h"
 #include "InjectedBundleScriptWorld.h"
+#include "NetworkConnectionToWebProcessMessages.h"
+#include "NetworkProcessConnection.h"
 #include "NetworkSessionCreationParameters.h"
 #include "NotificationPermissionRequestManager.h"
 #include "SessionTracker.h"
@@ -375,16 +377,20 @@
 void InjectedBundle::addOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains)
 {
     SecurityPolicy::addOriginAccessWhitelistEntry(SecurityOrigin::createFromString(sourceOrigin).get(), destinationProtocol, destinationHost, allowDestinationSubdomains);
+    WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::AddOriginAccessWhitelistEntry { sourceOrigin, destinationProtocol, destinationHost, allowDestinationSubdomains }, 0);
+
 }
 
 void InjectedBundle::removeOriginAccessWhitelistEntry(const String& sourceOrigin, const String& destinationProtocol, const String& destinationHost, bool allowDestinationSubdomains)
 {
     SecurityPolicy::removeOriginAccessWhitelistEntry(SecurityOrigin::createFromString(sourceOrigin).get(), destinationProtocol, destinationHost, allowDestinationSubdomains);
+    WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::RemoveOriginAccessWhitelistEntry { sourceOrigin, destinationProtocol, destinationHost, allowDestinationSubdomains }, 0);
 }
 
 void InjectedBundle::resetOriginAccessWhitelists()
 {
     SecurityPolicy::resetOriginAccessWhitelists();
+    WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::ResetOriginAccessWhitelists { }, 0);
 }
 
 void InjectedBundle::setAsynchronousSpellCheckingEnabled(WebPageGroupProxy* pageGroup, bool enabled)

Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (230540 => 230541)


--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp	2018-04-11 18:33:39 UTC (rev 230540)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp	2018-04-11 19:05:08 UTC (rev 230541)
@@ -273,7 +273,7 @@
     loadParameters.needsCertificateInfo = resourceLoader.shouldIncludeCertificateInfo();
     loadParameters.maximumBufferingTime = maximumBufferingTime;
     loadParameters.derivedCachedDataTypesToRetrieve = resourceLoader.options().derivedCachedDataTypesToRetrieve;
-    loadParameters.destination = resourceLoader.options().destination;
+    loadParameters.options = resourceLoader.options();
 
     // FIXME: We should also sanitize redirect response for navigations.
     loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() && resourceLoader.options().mode != FetchOptions::Mode::Navigate;
@@ -434,7 +434,7 @@
     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(webFrame ? webFrame->coreFrame() : nullptr);
     loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
     // FIXME: Use the proper destination once all fetch options are passed.
-    loadParameters.destination = FetchOptions::Destination::EmptyString;
+    loadParameters.options.destination = FetchOptions::Destination::EmptyString;
 
     data.shrink(0);
 
@@ -470,8 +470,8 @@
     loadParameters.sourceOrigin = &document->securityOrigin();
     loadParameters.sessionID = frame.page() ? frame.page()->sessionID() : PAL::SessionID::defaultSessionID();
     loadParameters.storedCredentialsPolicy = options.credentials == FetchOptions::Credentials::Omit ? StoredCredentialsPolicy::DoNotUse : StoredCredentialsPolicy::Use;
-    loadParameters.mode = options.mode;
-    loadParameters.shouldFollowRedirects = options.redirect == FetchOptions::Redirect::Follow;
+    loadParameters.options = options;
+    loadParameters.originalRequestHeaders = originalRequestHeaders;
     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(&frame);
     loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
     if (!document->shouldBypassMainWorldContentSecurityPolicy()) {
@@ -492,7 +492,7 @@
     if (completionHandler)
         m_pingLoadCompletionHandlers.add(loadParameters.identifier, WTFMove(completionHandler));
 
-    WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::LoadPing(WTFMove(loadParameters), originalRequestHeaders), 0);
+    WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::LoadPing { loadParameters }, 0);
 }
 
 void WebLoaderStrategy::didFinishPingLoad(uint64_t pingLoadIdentifier, ResourceError&& error, ResourceResponse&& response)
@@ -532,7 +532,7 @@
     parameters.shouldPreconnectOnly = PreconnectOnly::Yes;
     parameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
     // FIXME: Use the proper destination once all fetch options are passed.
-    parameters.destination = FetchOptions::Destination::EmptyString;
+    parameters.options.destination = FetchOptions::Destination::EmptyString;
 
     WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::PreconnectTo(preconnectionIdentifier, WTFMove(parameters)), 0);
 }
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to