Diff
Modified: branches/safari-608-branch/LayoutTests/ChangeLog (251333 => 251334)
--- branches/safari-608-branch/LayoutTests/ChangeLog 2019-10-20 17:32:36 UTC (rev 251333)
+++ branches/safari-608-branch/LayoutTests/ChangeLog 2019-10-20 17:32:40 UTC (rev 251334)
@@ -1,5 +1,55 @@
2019-10-15 Kocsen Chung <kocsen_ch...@apple.com>
+ Cherry-pick r250431. rdar://problem/55927251
+
+ Storage Access API: document.hasStorageAccess() should return false by default
+ https://bugs.webkit.org/show_bug.cgi?id=202281
+ <rdar://problem/55718526>
+
+ Reviewed by Alex Christensen.
+
+ document.hasStorageAccess() should return false by default so that it only
+ returns true if the context has asked for and been granted storage access.
+
+ Source/WebKit:
+
+ * NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
+ (WebKit::ResourceLoadStatisticsDatabaseStore::hasStorageAccess):
+ * NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp:
+ (WebKit::ResourceLoadStatisticsMemoryStore::hasStorageAccess):
+
+ LayoutTests:
+
+ * http/tests/storageAccess/has-storage-access-false-by-default-expected.txt: Added.
+ * http/tests/storageAccess/has-storage-access-false-by-default.html: Added.
+ * platform/ios/TestExpectations:
+ The new test is marked as [ Pass ].
+ * platform/mac-wk2/TestExpectations:
+ The new test is marked as [ Pass ].
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250431 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-09-27 John Wilander <wilan...@apple.com>
+
+ Storage Access API: document.hasStorageAccess() should return false by default
+ https://bugs.webkit.org/show_bug.cgi?id=202281
+ <rdar://problem/55718526>
+
+ Reviewed by Alex Christensen.
+
+ document.hasStorageAccess() should return false by default so that it only
+ returns true if the context has asked for and been granted storage access.
+
+ * http/tests/storageAccess/has-storage-access-false-by-default-expected.txt: Added.
+ * http/tests/storageAccess/has-storage-access-false-by-default.html: Added.
+ * platform/ios/TestExpectations:
+ The new test is marked as [ Pass ].
+ * platform/mac-wk2/TestExpectations:
+ The new test is marked as [ Pass ].
+
+2019-10-15 Kocsen Chung <kocsen_ch...@apple.com>
+
Cherry-pick r249517. rdar://problem/56000099
Mail appears to be double inverting code copied from Notes, Xcode, or Terminal.
Added: branches/safari-608-branch/LayoutTests/http/tests/storageAccess/has-storage-access-false-by-default-expected.txt (0 => 251334)
--- branches/safari-608-branch/LayoutTests/http/tests/storageAccess/has-storage-access-false-by-default-expected.txt (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/tests/storageAccess/has-storage-access-false-by-default-expected.txt 2019-10-20 17:32:40 UTC (rev 251334)
@@ -0,0 +1,10 @@
+Tests that document.hasStorageAccess() returns false for a 3rd-party iframe by default.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS No storage access. document.cookie == , cookies seen server-side == "No cookies"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: branches/safari-608-branch/LayoutTests/http/tests/storageAccess/has-storage-access-false-by-default.html (0 => 251334)
--- branches/safari-608-branch/LayoutTests/http/tests/storageAccess/has-storage-access-false-by-default.html (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/tests/storageAccess/has-storage-access-false-by-default.html 2019-10-20 17:32:40 UTC (rev 251334)
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script src=""
+ <script src=""
+ <script>
+ description("Tests that document.hasStorageAccess() returns false for a 3rd-party iframe by default.");
+ jsTestIsAsync = true;
+
+ window.addEventListener("message", receiveMessage, false);
+
+ function receiveMessage(event) {
+ if (event.origin === "http://localhost:8000") {
+ if (event.data.indexOf("PASS") !== -1)
+ testPassed(event.data.replace("PASS ", ""));
+ else
+ testFailed(event.data.replace("FAIL ", ""));
+ } else
+ testFailed("Received a message from an unexpected origin: " + event.origin);
+ setEnableFeature(false, finishJSTest);
+ }
+
+ const hostUnderTest = "localhost:8000";
+ const statisticsUrl = "http://" + hostUnderTest + "/temp";
+ function runTest() {
+ setEnableFeature(true, function() {
+ let iframeElement = document.createElement("iframe");
+ iframeElement.id = "TheIframeThatRequestsStorageAccess";
+ iframeElement.src = ""
+ document.body.appendChild(iframeElement);
+ });
+ }
+ </script>
+</head>
+<body _onload_="runTest()">
+</body>
+</html>
Modified: branches/safari-608-branch/LayoutTests/platform/ios/TestExpectations (251333 => 251334)
--- branches/safari-608-branch/LayoutTests/platform/ios/TestExpectations 2019-10-20 17:32:36 UTC (rev 251333)
+++ branches/safari-608-branch/LayoutTests/platform/ios/TestExpectations 2019-10-20 17:32:40 UTC (rev 251334)
@@ -2794,7 +2794,9 @@
http/tests/storageAccess/deny-storage-access-under-opener.html [ Pass ]
http/tests/storageAccess/deny-storage-access-under-opener-if-auto-dismiss.html [ Pass ]
http/tests/resourceLoadStatistics/cap-cache-max-age-for-prevalent-resource.html [ Pass ]
+http/tests/storageAccess/has-storage-access-false-by-default.html [ Pass ]
+
# Skipped in general expectations since they only work on iOS and Mac, WK2.
http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html [ Pass ]
http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html [ Pass ]
Modified: branches/safari-608-branch/LayoutTests/platform/mac-wk2/TestExpectations (251333 => 251334)
--- branches/safari-608-branch/LayoutTests/platform/mac-wk2/TestExpectations 2019-10-20 17:32:36 UTC (rev 251333)
+++ branches/safari-608-branch/LayoutTests/platform/mac-wk2/TestExpectations 2019-10-20 17:32:40 UTC (rev 251334)
@@ -733,6 +733,7 @@
[ HighSierra+ ] http/tests/storageAccess/deny-with-prompt-does-not-preserve-gesture.html [ Skip ]
[ HighSierra+ ] http/tests/storageAccess/deny-without-prompt-preserves-gesture.html [ Pass ]
[ HighSierra+ ] http/tests/storageAccess/has-storage-access-true-if-feature-off.html [ Pass ]
+[ HighSierra+ ] http/tests/storageAccess/has-storage-access-false-by-default.html [ Pass ]
# As of https://trac.webkit.org/changeset/227762 the timestampResolution is just 5 seconds which makes this test flaky
http/tests/resourceLoadStatistics/user-interaction-only-reported-once-within-short-period-of-time.html [ Skip ]
Modified: branches/safari-608-branch/Source/WebKit/ChangeLog (251333 => 251334)
--- branches/safari-608-branch/Source/WebKit/ChangeLog 2019-10-20 17:32:36 UTC (rev 251333)
+++ branches/safari-608-branch/Source/WebKit/ChangeLog 2019-10-20 17:32:40 UTC (rev 251334)
@@ -1,5 +1,53 @@
2019-10-15 Kocsen Chung <kocsen_ch...@apple.com>
+ Cherry-pick r250431. rdar://problem/55927251
+
+ Storage Access API: document.hasStorageAccess() should return false by default
+ https://bugs.webkit.org/show_bug.cgi?id=202281
+ <rdar://problem/55718526>
+
+ Reviewed by Alex Christensen.
+
+ document.hasStorageAccess() should return false by default so that it only
+ returns true if the context has asked for and been granted storage access.
+
+ Source/WebKit:
+
+ * NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
+ (WebKit::ResourceLoadStatisticsDatabaseStore::hasStorageAccess):
+ * NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp:
+ (WebKit::ResourceLoadStatisticsMemoryStore::hasStorageAccess):
+
+ LayoutTests:
+
+ * http/tests/storageAccess/has-storage-access-false-by-default-expected.txt: Added.
+ * http/tests/storageAccess/has-storage-access-false-by-default.html: Added.
+ * platform/ios/TestExpectations:
+ The new test is marked as [ Pass ].
+ * platform/mac-wk2/TestExpectations:
+ The new test is marked as [ Pass ].
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250431 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-09-27 John Wilander <wilan...@apple.com>
+
+ Storage Access API: document.hasStorageAccess() should return false by default
+ https://bugs.webkit.org/show_bug.cgi?id=202281
+ <rdar://problem/55718526>
+
+ Reviewed by Alex Christensen.
+
+ document.hasStorageAccess() should return false by default so that it only
+ returns true if the context has asked for and been granted storage access.
+
+ * NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
+ (WebKit::ResourceLoadStatisticsDatabaseStore::hasStorageAccess):
+ * NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp:
+ (WebKit::ResourceLoadStatisticsMemoryStore::hasStorageAccess):
+
+2019-10-15 Kocsen Chung <kocsen_ch...@apple.com>
+
Cherry-pick r250416. rdar://problem/55954224
SubFrameSOAuthorizationSession should ensure messages are posted in the right order to the parent frame
Modified: branches/safari-608-branch/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp (251333 => 251334)
--- branches/safari-608-branch/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp 2019-10-20 17:32:36 UTC (rev 251333)
+++ branches/safari-608-branch/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp 2019-10-20 17:32:40 UTC (rev 251334)
@@ -726,11 +726,12 @@
case CookieTreatmentResult::BlockAndPurge:
completionHandler(false);
return;
+ case CookieTreatmentResult::Allow:
+ // We should only return true if the context has asked for and been granted access.
+ completionHandler(false);
+ return;
case CookieTreatmentResult::BlockAndKeep:
- completionHandler(true);
- return;
- case CookieTreatmentResult::Allow:
- // Do nothing
+ // Do nothing. The below dispatch will complete the task.
break;
};
Modified: branches/safari-608-branch/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp (251333 => 251334)
--- branches/safari-608-branch/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp 2019-10-20 17:32:36 UTC (rev 251333)
+++ branches/safari-608-branch/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp 2019-10-20 17:32:40 UTC (rev 251334)
@@ -204,16 +204,12 @@
ASSERT(!RunLoop::isMain());
auto& subFrameStatistic = ensureResourceStatisticsForRegistrableDomain(subFrameDomain);
- if (shouldBlockAndPurgeCookies(subFrameStatistic)) {
+ // Return false if this domain cannot ask for storage access.
+ if (shouldBlockAndPurgeCookies(subFrameStatistic) || !shouldBlockAndKeepCookies(subFrameStatistic)) {
completionHandler(false);
return;
}
- if (!shouldBlockAndKeepCookies(subFrameStatistic)) {
- completionHandler(true);
- return;
- }
-
RunLoop::main().dispatch([store = makeRef(store()), subFrameDomain = subFrameDomain.isolatedCopy(), topFrameDomain = topFrameDomain.isolatedCopy(), frameID, pageID, completionHandler = WTFMove(completionHandler)]() mutable {
store->callHasStorageAccessForFrameHandler(subFrameDomain, topFrameDomain, frameID.value(), pageID, [store = store.copyRef(), completionHandler = WTFMove(completionHandler)](bool result) mutable {
store->statisticsQueue().dispatch([completionHandler = WTFMove(completionHandler), result] () mutable {
