Title: [262978] trunk
- Revision
- 262978
- Author
- cdu...@apple.com
- Date
- 2020-06-12 15:05:26 -0700 (Fri, 12 Jun 2020)
Log Message
Stop allowing pages served over HTTPS with "Cache-Control: no-store" into the back/forward cache
https://bugs.webkit.org/show_bug.cgi?id=213147
<rdar://problem/64249683>
Reviewed by Geoffrey Garen.
Source/WebCore:
Stop allowing pages served over HTTPS with "Cache-Control: no-store" into the back/forward cache.
This is a revert of r250437 due to push back from Web developers.
No new tests, updated existing tests.
* history/BackForwardCache.cpp:
(WebCore::canCacheFrame):
LayoutTests:
Update layout test coverage.
* http/tests/navigation/https-in-page-cache-expected.txt:
* http/tests/navigation/resources/https-in-page-cache-1.php:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (262977 => 262978)
--- trunk/LayoutTests/ChangeLog 2020-06-12 21:58:25 UTC (rev 262977)
+++ trunk/LayoutTests/ChangeLog 2020-06-12 22:05:26 UTC (rev 262978)
@@ -1,3 +1,16 @@
+2020-06-12 Chris Dumez <cdu...@apple.com>
+
+ Stop allowing pages served over HTTPS with "Cache-Control: no-store" into the back/forward cache
+ https://bugs.webkit.org/show_bug.cgi?id=213147
+ <rdar://problem/64249683>
+
+ Reviewed by Geoffrey Garen.
+
+ Update layout test coverage.
+
+ * http/tests/navigation/https-in-page-cache-expected.txt:
+ * http/tests/navigation/resources/https-in-page-cache-1.php:
+
2020-06-12 Jason Lawrence <lawrenc...@apple.com>
REGRESSION: [ Mac wk1 Debug ] media/remoteplayback-target-availability.html is flaky failing.
Modified: trunk/LayoutTests/http/tests/navigation/https-in-page-cache-expected.txt (262977 => 262978)
--- trunk/LayoutTests/http/tests/navigation/https-in-page-cache-expected.txt 2020-06-12 21:58:25 UTC (rev 262977)
+++ trunk/LayoutTests/http/tests/navigation/https-in-page-cache-expected.txt 2020-06-12 22:05:26 UTC (rev 262978)
@@ -1,5 +1,5 @@
-ALERT: This page is https and has the no-store cache-control directive. It should go in to the page cache.
-ALERT: The page was restored from the page cache. Good job. Running part 2 of the test.
+ALERT: This page is https and has the no-store cache-control directive. It should NOT go in to the page cache.
+ALERT: The page was reloaded on back, not from the page cache. Good job. Running part 2 of the test.
ALERT: This page is https and has the no-cache cache-control directive. It should go in to the page cache.
ALERT: The page was restored from the page cache. Good job!. Running part 3 of the test.
ALERT: This page is https and should go in to the page cache.
Modified: trunk/LayoutTests/http/tests/navigation/resources/https-in-page-cache-1.php (262977 => 262978)
--- trunk/LayoutTests/http/tests/navigation/resources/https-in-page-cache-1.php 2020-06-12 21:58:25 UTC (rev 262977)
+++ trunk/LayoutTests/http/tests/navigation/resources/https-in-page-cache-1.php 2020-06-12 22:05:26 UTC (rev 262978)
@@ -11,7 +11,7 @@
window._onpageshow_ = function(evt) {
if (evt.persisted) {
- alert("The page was restored from the page cache. Good job. Running part 2 of the test.");
+ alert("The page was restored from the page cache. It should NOT have been. Running part 2 of the test.");
nextTest();
}
}
@@ -18,12 +18,12 @@
window._onload_ = function() {
if (window.sessionStorage.https_in_page_cache_started) {
- alert("The page was reloaded on back, not from the page cache. It should NOT have reloaded. Running part 2 of the test.");
+ alert("The page was reloaded on back, not from the page cache. Good job. Running part 2 of the test.");
nextTest();
return;
}
- alert("This page is https and has the no-store cache-control directive. It should go in to the page cache.");
+ alert("This page is https and has the no-store cache-control directive. It should NOT go in to the page cache.");
window.sessionStorage.https_in_page_cache_started = true;
setTimeout('window.location = "go-back.html"', 0);
Modified: trunk/Source/WebCore/ChangeLog (262977 => 262978)
--- trunk/Source/WebCore/ChangeLog 2020-06-12 21:58:25 UTC (rev 262977)
+++ trunk/Source/WebCore/ChangeLog 2020-06-12 22:05:26 UTC (rev 262978)
@@ -1,3 +1,19 @@
+2020-06-12 Chris Dumez <cdu...@apple.com>
+
+ Stop allowing pages served over HTTPS with "Cache-Control: no-store" into the back/forward cache
+ https://bugs.webkit.org/show_bug.cgi?id=213147
+ <rdar://problem/64249683>
+
+ Reviewed by Geoffrey Garen.
+
+ Stop allowing pages served over HTTPS with "Cache-Control: no-store" into the back/forward cache.
+ This is a revert of r250437 due to push back from Web developers.
+
+ No new tests, updated existing tests.
+
+ * history/BackForwardCache.cpp:
+ (WebCore::canCacheFrame):
+
2020-06-12 Tetsuharu Ohzeki <tetsuharu.ohz...@gmail.com>
Stop to use ActiveDOMObject::setPendingActivity() for Modules/fetch
Modified: trunk/Source/WebCore/history/BackForwardCache.cpp (262977 => 262978)
--- trunk/Source/WebCore/history/BackForwardCache.cpp 2020-06-12 21:58:25 UTC (rev 262977)
+++ trunk/Source/WebCore/history/BackForwardCache.cpp 2020-06-12 22:05:26 UTC (rev 262978)
@@ -140,6 +140,11 @@
logBackForwardCacheFailureDiagnosticMessage(diagnosticLoggingClient, DiagnosticLoggingKeys::hasPluginsKey());
isCacheable = false;
}
+ if (frame.isMainFrame() && frame.document() && frame.document()->url().protocolIs("https") && documentLoader->response().cacheControlContainsNoStore()) {
+ PCLOG(" -Frame is HTTPS, and cache control prohibits storing");
+ logBackForwardCacheFailureDiagnosticMessage(diagnosticLoggingClient, DiagnosticLoggingKeys::httpsNoStoreKey());
+ isCacheable = false;
+ }
if (frame.isMainFrame() && !frameLoader.history().currentItem()) {
PCLOG(" -Main frame has no current history item");
logBackForwardCacheFailureDiagnosticMessage(diagnosticLoggingClient, DiagnosticLoggingKeys::noCurrentHistoryItemKey());
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes