[webkit-changes] [WebKit/WebKit] 57bf18: Improve cross-origin isolation for workers

Mon, 04 May 2026 06:13:56 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 57bf18458f9e543ecf037b8425abbdaa5b29a612
      
https://github.com/WebKit/WebKit/commit/57bf18458f9e543ecf037b8425abbdaa5b29a612
  Author: Anne van Kesteren <[email protected]>
  Date:   2026-05-04 (Mon, 04 May 2026)

  Changed paths:
    M LayoutTests/TestExpectations
    M 
LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https-expected.txt
    M 
LayoutTests/imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/nested-sharedworker-success.https-expected.txt
    M LayoutTests/platform/glib/TestExpectations
    M Source/WebCore/Headers.cmake
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp
    M Source/WebCore/loader/CrossOriginEmbedderPolicy.h
    A Source/WebCore/loader/CrossOriginEmbedderPolicyValue.h
    M Source/WebCore/workers/service/server/SWServer.cpp
    M Source/WebCore/workers/service/server/SWServer.h
    M Source/WebCore/workers/service/server/SWServerDelegate.h
    M Source/WebCore/workers/service/server/SWServerToContextConnection.h
    M Source/WebCore/workers/service/server/SWServerWorker.cpp
    M Source/WebCore/workers/service/server/SWServerWorker.h
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
    M Source/WebKit/NetworkProcess/NetworkSession.cpp
    M Source/WebKit/NetworkProcess/NetworkSession.h
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
    M 
Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp
    M 
Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h
    M Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorker.cpp
    M Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServer.cpp
    M Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServer.h
    M 
Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerToContextConnection.cpp
    M 
Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerToContextConnection.h
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in
    M Source/WebKit/UIProcess/WebProcessPool.cpp
    M Source/WebKit/UIProcess/WebProcessPool.h
    M Source/WebKit/UIProcess/WebProcessProxy.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.h
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h
    M 
Source/WebKit/WebProcess/Storage/WebSharedWorkerContextManagerConnection.cpp
    M Source/WebKit/WebProcess/Storage/WebSharedWorkerContextManagerConnection.h
    M Source/WebKit/WebProcess/WebProcess.cpp
    M Source/WebKit/WebProcess/WebProcess.h
    M Source/WebKit/WebProcess/WebProcess.messages.in

  Log Message:
  -----------
  Improve cross-origin isolation for workers
https://bugs.webkit.org/show_bug.cgi?id=313459

Reviewed by Chris Dumez.

Per the HTML specification, StructuredSerializeInternal must throw
DataCloneError when serializing a SharedArrayBuffer if the cross-origin
isolated capability is false. WebKit only enforced this for
window.postMessage, not for workers, MessageChannel, or
BroadcastChannel.

Shared workers and service workers determine their own cross-origin
isolation from their COEP, independent of the creating page. This maps
1:1 to CrossOriginMode (RequireCORP → Isolated, UnsafeNone → Shared),
so process selection by crossOriginMode is sufficient.

That is not sufficient for SharedArrayBuffer however, which needs to be
scoped by agent cluster as well. That should be done separately as this
change is already quite large.

Changes:

- Move the cross-origin isolation check to the top of the isShared()
  block in SerializedScriptValue, before any context-specific handling.

- Extract CrossOriginEmbedderPolicyValue into its own header.

- Pass CrossOriginEmbedderPolicyValue through the full IPC chain
  (NetworkProcess → UIProcess → WebProcess → NetworkProcess) so worker
  processes and context connections are created with the correct
  isolation level.

- Key worker context connections by (RegistrableDomain,
  CrossOriginEmbedderPolicyValue) instead of RegistrableDomain alone,
  so connections with different isolation levels coexist.

- Derive worker process CrossOriginMode directly from the worker's COEP
  and match on it during process selection, ensuring different COEPs
  get separate processes.

- Prevent Isolated processes from being reused for non-isolated pages
  in single-process mode.

Canonical link: https://commits.webkit.org/312518@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to