Diff
Modified: branches/safari-612.3.3.1-branch/Source/WTF/ChangeLog (285182 => 285183)
--- branches/safari-612.3.3.1-branch/Source/WTF/ChangeLog 2021-11-02 21:24:24 UTC (rev 285182)
+++ branches/safari-612.3.3.1-branch/Source/WTF/ChangeLog 2021-11-02 21:25:52 UTC (rev 285183)
@@ -1,3 +1,43 @@
+2021-11-02 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r283732. rdar://problem/84944569
+
+ Add feature flag for COOP / COEP violation reporting and turn off by default
+ https://bugs.webkit.org/show_bug.cgi?id=231371
+
+ Reviewed by Youenn Fablet.
+
+ Add feature flag for COOP / COEP violation reporting and turn off by default since our
+ implementation doesn't match the latest specification.
+
+ Source/WebCore:
+
+ * loader/CrossOriginEmbedderPolicy.cpp:
+ (WebCore::sendCOEPPolicyInheritenceViolation):
+ (WebCore::sendCOEPCORPViolation):
+ * loader/CrossOriginOpenerPolicy.cpp:
+ (WebCore::sendViolationReportWhenNavigatingToCOOPResponse):
+ (WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse):
+
+ Source/WTF:
+
+ * Scripts/Preferences/WebPreferencesExperimental.yaml:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@283732 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-10-07 Chris Dumez <cdu...@apple.com>
+
+ Add feature flag for COOP / COEP violation reporting and turn off by default
+ https://bugs.webkit.org/show_bug.cgi?id=231371
+
+ Reviewed by Youenn Fablet.
+
+ Add feature flag for COOP / COEP violation reporting and turn off by default since our
+ implementation doesn't match the latest specification.
+
+ * Scripts/Preferences/WebPreferencesExperimental.yaml:
+
2021-10-26 Alan Coon <alanc...@apple.com>
Cherry-pick r284344. rdar://problem/84625558
Modified: branches/safari-612.3.3.1-branch/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml (285182 => 285183)
--- branches/safari-612.3.3.1-branch/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml 2021-11-02 21:24:24 UTC (rev 285182)
+++ branches/safari-612.3.3.1-branch/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml 2021-11-02 21:25:52 UTC (rev 285183)
@@ -309,6 +309,18 @@
WebCore:
default: false
+CoopCoepViolationReportingEnabled:
+ type: bool
+ humanReadableName: "COOP and COEP violations reporting"
+ humanReadableDescription: "Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy reporting"
+ defaultValue:
+ WebKitLegacy:
+ default: false
+ WebKit:
+ default: false
+ WebCore:
+ default: false
+
CoreImageAcceleratedFilterRenderEnabled:
type: bool
webcoreOnChange: setNeedsRelayoutAllFrames
Modified: branches/safari-612.3.3.1-branch/Source/WebCore/ChangeLog (285182 => 285183)
--- branches/safari-612.3.3.1-branch/Source/WebCore/ChangeLog 2021-11-02 21:24:24 UTC (rev 285182)
+++ branches/safari-612.3.3.1-branch/Source/WebCore/ChangeLog 2021-11-02 21:25:52 UTC (rev 285183)
@@ -1,3 +1,48 @@
+2021-11-02 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r283732. rdar://problem/84944569
+
+ Add feature flag for COOP / COEP violation reporting and turn off by default
+ https://bugs.webkit.org/show_bug.cgi?id=231371
+
+ Reviewed by Youenn Fablet.
+
+ Add feature flag for COOP / COEP violation reporting and turn off by default since our
+ implementation doesn't match the latest specification.
+
+ Source/WebCore:
+
+ * loader/CrossOriginEmbedderPolicy.cpp:
+ (WebCore::sendCOEPPolicyInheritenceViolation):
+ (WebCore::sendCOEPCORPViolation):
+ * loader/CrossOriginOpenerPolicy.cpp:
+ (WebCore::sendViolationReportWhenNavigatingToCOOPResponse):
+ (WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse):
+
+ Source/WTF:
+
+ * Scripts/Preferences/WebPreferencesExperimental.yaml:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@283732 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-10-07 Chris Dumez <cdu...@apple.com>
+
+ Add feature flag for COOP / COEP violation reporting and turn off by default
+ https://bugs.webkit.org/show_bug.cgi?id=231371
+
+ Reviewed by Youenn Fablet.
+
+ Add feature flag for COOP / COEP violation reporting and turn off by default since our
+ implementation doesn't match the latest specification.
+
+ * loader/CrossOriginEmbedderPolicy.cpp:
+ (WebCore::sendCOEPPolicyInheritenceViolation):
+ (WebCore::sendCOEPCORPViolation):
+ * loader/CrossOriginOpenerPolicy.cpp:
+ (WebCore::sendViolationReportWhenNavigatingToCOOPResponse):
+ (WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse):
+
2021-10-28 Alan Coon <alanc...@apple.com>
Apply patch. rdar://problem/84630680
Modified: branches/safari-612.3.3.1-branch/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp (285182 => 285183)
--- branches/safari-612.3.3.1-branch/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp 2021-11-02 21:24:24 UTC (rev 285182)
+++ branches/safari-612.3.3.1-branch/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp 2021-11-02 21:25:52 UTC (rev 285183)
@@ -101,6 +101,9 @@
// https://html.spec.whatwg.org/multipage/origin.html#queue-a-cross-origin-embedder-policy-inheritance-violation
void sendCOEPPolicyInheritenceViolation(Frame& frame, const WebCore::SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition disposition, const String& type, const URL& blockedURL)
{
+ if (!frame.settings().coopCoepViolationReportingEnabled())
+ return;
+
ASSERT(!endpoint.isEmpty());
PingLoader::sendReportToEndpoint(frame, embedderOrigin, endpoint, "coep"_s, contextURLForReport(frame), frame.loader().userAgent(blockedURL), [&](auto& body) {
body.setString("disposition"_s, disposition == COEPDisposition::Reporting ? "reporting"_s : "enforce"_s);
@@ -113,6 +116,9 @@
void sendCOEPCORPViolation(Frame& frame, const SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition disposition, FetchOptions::Destination destination, const URL& blockedURL)
{
ASSERT(!endpoint.isEmpty());
+ if (!frame.settings().coopCoepViolationReportingEnabled())
+ return;
+
PingLoader::sendReportToEndpoint(frame, embedderOrigin, endpoint, "coep"_s, contextURLForReport(frame), frame.loader().userAgent(blockedURL), [&](auto& body) {
body.setString("disposition"_s, disposition == COEPDisposition::Reporting ? "reporting"_s : "enforce"_s);
body.setString("type"_s, "corp");
Modified: branches/safari-612.3.3.1-branch/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp (285182 => 285183)
--- branches/safari-612.3.3.1-branch/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp 2021-11-02 21:24:24 UTC (rev 285182)
+++ branches/safari-612.3.3.1-branch/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp 2021-11-02 21:25:52 UTC (rev 285183)
@@ -205,6 +205,9 @@
// https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-to
void sendViolationReportWhenNavigatingToCOOPResponse(Frame& frame, CrossOriginOpenerPolicy coop, COOPDisposition disposition, const URL& coopURL, const URL& previousResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& previousResponseOrigin, const String& referrer, const String& userAgent)
{
+ if (!frame.settings().coopCoepViolationReportingEnabled())
+ return;
+
auto& endpoint = coop.reportingEndpointForDisposition(disposition);
if (endpoint.isEmpty())
return;
@@ -221,6 +224,9 @@
// https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-from
void sendViolationReportWhenNavigatingAwayFromCOOPResponse(Frame& frame, CrossOriginOpenerPolicy coop, COOPDisposition disposition, const URL& coopURL, const URL& nextResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& nextResponseOrigin, bool isCOOPResponseNavigationSource, const String& userAgent)
{
+ if (!frame.settings().coopCoepViolationReportingEnabled())
+ return;
+
auto& endpoint = coop.reportingEndpointForDisposition(disposition);
if (endpoint.isEmpty())
return;