Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: fca31e67e9f6ee2753de81cdde7b8585a70e05a1
https://github.com/WebKit/WebKit/commit/fca31e67e9f6ee2753de81cdde7b8585a70e05a1
Author: Sihui Liu <[email protected]>
Date: 2026-04-08 (Wed, 08 Apr 2026)
Changed paths:
M Source/WTF/Scripts/GeneratePreferences.rb
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h
M
Source/WebKit/Scripts/PreferencesTemplates/SharedPreferencesForWebProcess.cpp.erb
M
Source/WebKit/Scripts/PreferencesTemplates/SharedPreferencesForWebProcess.h.erb
M
Source/WebKit/Scripts/PreferencesTemplates/SharedPreferencesForWebProcess.serialization.in.erb
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/WKWebsiteDatastore.mm
Log Message:
-----------
Skip site validation in WebStorage messages if StorageBlockingPolicy is
AllowAll
rdar://174127236
https://bugs.webkit.org/show_bug.cgi?id=311535
Reviewed by Chris Dumez.
In current implementation, when StorageBlockingPolicy is AllowAll, third-party
context will use non-partitioned storage
for WebStorage. For example, apple.com iframe embedded in webkit.org will have
access to the same WebStorage data as
apple.com loaded in main frame. However,
NetworkStorageManager::m_allowedSitesForConnections only records sites of
first-party context -- if a web process loads webkit.org that has an apple.com
iframe, the web process will only have
access to webkit.org, but not apple.com; and when the process asks for data of
apple.com, the process can get killed for
failing site validation.
To fix this, we may have UI process also send third-party context sites to
network process; but StorageBlockingPolicy
AllowAll is not a common configuration (default value is BlockThirdParty), and
this information will be only used for
WebStorage (other types all use partitioned storage). Therefore, this patch
simply disables the validation in this case.
To make sure network process can check for StorageBlockingPolicy (which is
uint32_t instead of bool), this patch also
modifies script that generates SharedPreferencesForWebProcess to support type
uint32_t. With this change, some web
inspector tests like
WKWebExtensionAPIDevTools.MessagePassingFromPanelToDevToolsBackground start to
hit debug assertion
in WebExtensionContext::loadInspectorBackgroundPage. The direct cause is
extension inspector background page no longer
uses same web process as web inspector page, and the root cause is their shared
preferences don't match -- inspector
page uses AllowAll blocking policy, while extension page uses default
BlockThirdParty policy, which causes the
hasSameGPUAndNetworkProcessPreferencesAs check in WebProcessPool::createWebPage
to fail, even though the two pages are
marked as related page. To fix this, make sure the extension page also uses the
AllowAll policy.
API test: StorageSiteValidation.StorageBlockingPolicyAllowAll
* Source/WTF/Scripts/GeneratePreferences.rb:
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp:
(WebKit::NetworkStorageManager::canConnectionAccessSiteForWebStorage const):
(WebKit::NetworkStorageManager::connectToStorageArea):
(WebKit::NetworkStorageManager::cancelConnectToStorageArea):
(WebKit::NetworkStorageManager::disconnectFromStorageArea):
(WebKit::NetworkStorageManager::setItem):
(WebKit::NetworkStorageManager::removeItem):
(WebKit::NetworkStorageManager::clear):
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h:
*
Source/WebKit/Scripts/PreferencesTemplates/SharedPreferencesForWebProcess.cpp.erb:
*
Source/WebKit/Scripts/PreferencesTemplates/SharedPreferencesForWebProcess.h.erb:
*
Source/WebKit/Scripts/PreferencesTemplates/SharedPreferencesForWebProcess.serialization.in.erb:
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm:
(WebKit::WebExtensionContext::webViewConfiguration):
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/WKWebsiteDatastore.mm:
(TestWebKitAPI::(StorageSiteValidation, StorageBlockingPolicyAllowAll)):
Canonical link: https://commits.webkit.org/310806@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
