Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e9a2fa13c71e43068c10d9394e78bb068a53f646
https://github.com/WebKit/WebKit/commit/e9a2fa13c71e43068c10d9394e78bb068a53f646
Author: Youenn Fablet <[email protected]>
Date: 2025-04-01 (Tue, 01 Apr 2025)
Changed paths:
M
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-blocked-expected.txt
M
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-blocked.html
M
LayoutTests/http/tests/security/contentSecurityPolicy/extensions/manifest-v3/default-src/manifest-v3-default-src-block-wildcard-expected.txt
M
LayoutTests/http/tests/security/contentSecurityPolicy/extensions/manifest-v3/worker-src/manifest-v3-worker-src-block-partial-wildcard-expected.txt
M
LayoutTests/http/tests/security/contentSecurityPolicy/extensions/manifest-v3/worker-src/manifest-v3-worker-src-block-wildcard-expected.txt
M
LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-src-test.js
M LayoutTests/http/tests/workers/resources/worker-redirect.js
M
LayoutTests/http/tests/workers/worker-document-domain-security-expected.txt
M LayoutTests/http/tests/workers/worker-document-domain-security.html
M LayoutTests/http/tests/workers/worker-invalid-url-expected.txt
M LayoutTests/http/tests/workers/worker-invalid-url.html
M LayoutTests/http/tests/workers/worker-redirect-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/support/testharness-helper.js
M
LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/generated/worker-dedicated-constructor.sub-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/workers/Worker_cross_origin_security_err-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/workers/dedicated-worker-in-data-url-context.window-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/workers/modules/dedicated-worker-import-failure-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/workers/modules/shared-worker-import-failure-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/workers/shared-worker-in-data-url-context.window-expected.txt
M
LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/generated/worker-dedicated-constructor.sub-expected.txt
M
LayoutTests/platform/mac-wk1/http/tests/workers/worker-redirect-expected.txt
M
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
M Source/WebCore/workers/AbstractWorker.cpp
M Source/WebCore/workers/AbstractWorker.h
M Source/WebCore/workers/Worker.cpp
M Source/WebCore/workers/shared/SharedWorker.cpp
Log Message:
-----------
Worker and SharedWorker constructors should fail asynchronously in case of
cross origin URLs
rdar://148229314
https://bugs.webkit.org/show_bug.cgi?id=290745
Reviewed by Anne Van Kesteren.
Align with the spec and fail asynchronously in case of bad URL checks.
This aligns with the spec and Firefox behavior.
As discussed in https://github.com/web-platform-tests/wpt/issues/41745, Chrome
also plans to align to the spec, and the web compatibility story seems
favorable.
We add a runtime flag for now, in preview state, but off by default for now to
further validate the web compatibility story.
We do a small refactoring to share more code between Worker and SharedWorker.
We update WPT tests from upstream to cope with the change of behavior and we
update our local tests acccordingly.
*
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-blocked-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-blocked.html:
*
LayoutTests/http/tests/security/contentSecurityPolicy/extensions/manifest-v3/default-src/manifest-v3-default-src-block-wildcard-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/extensions/manifest-v3/worker-src/manifest-v3-worker-src-block-partial-wildcard-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/extensions/manifest-v3/worker-src/manifest-v3-worker-src-block-wildcard-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-src-test.js:
(window.onload):
(injectWorker):
* LayoutTests/http/tests/workers/resources/worker-redirect.js:
(testCrossOriginLoad.try.worker.onerror):
(testCrossOriginLoad):
* LayoutTests/http/tests/workers/worker-document-domain-security-expected.txt:
* LayoutTests/http/tests/workers/worker-document-domain-security.html:
* LayoutTests/http/tests/workers/worker-invalid-url-expected.txt:
* LayoutTests/http/tests/workers/worker-invalid-url.html:
* LayoutTests/http/tests/workers/worker-redirect-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/support/testharness-helper.js:
(async_test): Deleted.
*
LayoutTests/imported/w3c/web-platform-tests/fetch/metadata/generated/worker-dedicated-constructor.sub-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/workers/Worker_cross_origin_security_err-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/workers/constructors/Worker/same-origin-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/workers/dedicated-worker-in-data-url-context.window-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/workers/modules/dedicated-worker-import-failure-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/workers/modules/shared-worker-import-failure-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/workers/shared-worker-in-data-url-context.window-expected.txt:
*
LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/metadata/generated/worker-dedicated-constructor.sub-expected.txt:
* LayoutTests/platform/mac-wk1/http/tests/workers/worker-redirect-expected.txt:
*
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt:
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/workers/AbstractWorker.cpp:
(WebCore::AbstractWorker::resolveURL):
(WebCore::AbstractWorker::validateURL):
* Source/WebCore/workers/AbstractWorker.h:
* Source/WebCore/workers/Worker.cpp:
(WebCore::Worker::create):
* Source/WebCore/workers/shared/SharedWorker.cpp:
(WebCore::SharedWorker::create):
Canonical link: https://commits.webkit.org/293014@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
