WebKit Bugzilla
Attachment 368538 Details for
Bug 197397
: Add SPI to set a list of hosts to which to send custom header fields cross-origin
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-197397-20190429212549.patch (text/plain), 18.09 KB, created by
Alex Christensen
on 2019-04-29 21:25:50 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Alex Christensen
Created:
2019-04-29 21:25:50 PDT
Size:
18.09 KB
patch
obsolete
>Index: Source/WebCore/ChangeLog >=================================================================== >--- Source/WebCore/ChangeLog (revision 244759) >+++ Source/WebCore/ChangeLog (working copy) >@@ -1,3 +1,24 @@ >+2019-04-29 Alex Christensen <achristensen@webkit.org> >+ >+ Add SPI to set a list of hosts to which to send custom header fields cross-origin >+ https://bugs.webkit.org/show_bug.cgi?id=197397 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ In r223001 I added the ability to send custom headers, but with a restriction that they will not be sent except to the origin of the main document. >+ We need the ability to specify what origins to send these headers to even if they are not first party requests. >+ We get this information in a list of strings which are the hosts to send the headers to. Some of the strings have an asterisk at the beginning, >+ indicating that the headers are to be sent to all subdomains. >+ >+ * loader/DocumentLoader.h: >+ (WebCore::DocumentLoader::customHeaderFields const): >+ (WebCore::DocumentLoader::setCustomHeaderFieldHosts): >+ (WebCore::DocumentLoader::customHeaderFieldHosts const): >+ (WebCore::DocumentLoader::customHeaderFields): Deleted. >+ * loader/cache/CachedResourceLoader.cpp: >+ (WebCore::isInCustomHeaderFieldHosts): >+ (WebCore::CachedResourceLoader::requestResource): >+ > 2019-04-29 Alex Christensen <achristensen@webkit.org> > > <rdar://problem/50299396> Fix internal High Sierra build >Index: Source/WebCore/loader/DocumentLoader.h >=================================================================== >--- Source/WebCore/loader/DocumentLoader.h (revision 244759) >+++ Source/WebCore/loader/DocumentLoader.h (working copy) >@@ -372,7 +372,10 @@ public: > #endif > > WEBCORE_EXPORT void setCustomHeaderFields(Vector<HTTPHeaderField>&& fields); >- const Vector<HTTPHeaderField>& customHeaderFields() { return m_customHeaderFields; } >+ const Vector<HTTPHeaderField>& customHeaderFields() const { return m_customHeaderFields; } >+ >+ void setCustomHeaderFieldHosts(Vector<String>&& hosts) { m_customHeaderFieldHosts = WTFMove(hosts); } >+ const Vector<String>& customHeaderFieldHosts() const { return m_customHeaderFieldHosts; } > > void setAllowsWebArchiveForMainFrame(bool allowsWebArchiveForMainFrame) { m_allowsWebArchiveForMainFrame = allowsWebArchiveForMainFrame; } > bool allowsWebArchiveForMainFrame() const { return m_allowsWebArchiveForMainFrame; } >@@ -565,6 +568,7 @@ private: > #endif > > Vector<HTTPHeaderField> m_customHeaderFields; >+ Vector<String> m_customHeaderFieldHosts; > > bool m_subresourceLoadersArePageCacheAcceptable { false }; > ShouldOpenExternalURLsPolicy m_shouldOpenExternalURLsPolicy { ShouldOpenExternalURLsPolicy::ShouldNotAllow }; >Index: Source/WebCore/loader/cache/CachedResourceLoader.cpp >=================================================================== >--- Source/WebCore/loader/cache/CachedResourceLoader.cpp (revision 244759) >+++ Source/WebCore/loader/cache/CachedResourceLoader.cpp (working copy) >@@ -858,7 +858,21 @@ ResourceErrorOr<CachedResourceHandle<Cac > sameOriginRequest = document()->topDocument().securityOrigin().isSameSchemeHostPort(requestedOrigin.get()) > && document()->securityOrigin().isSameSchemeHostPort(requestedOrigin.get()); > } >- if (sameOriginRequest) { >+ >+ auto isInCustomHeaderFieldHosts = [](const URL& url, const Vector<String>& hosts) { >+ for (const auto& hostOrPattern : hosts) { >+ if (hostOrPattern == url.host()) >+ return true; >+ if (hostOrPattern.length() > 2 >+ && hostOrPattern[0] == '*' >+ && hostOrPattern[1] == '.' >+ && url.host().endsWith(StringView(hostOrPattern).substring(1))) >+ return true; >+ } >+ return false; >+ }; >+ >+ if (sameOriginRequest || isInCustomHeaderFieldHosts(url, m_documentLoader->customHeaderFieldHosts())) { > for (auto& field : m_documentLoader->customHeaderFields()) > request.resourceRequest().setHTTPHeaderField(field.name(), field.value()); > } >Index: Source/WebKit/ChangeLog >=================================================================== >--- Source/WebKit/ChangeLog (revision 244762) >+++ Source/WebKit/ChangeLog (working copy) >@@ -1,3 +1,24 @@ >+2019-04-29 Alex Christensen <achristensen@webkit.org> >+ >+ Add SPI to set a list of hosts to which to send custom header fields cross-origin >+ https://bugs.webkit.org/show_bug.cgi?id=197397 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * Shared/WebsitePoliciesData.cpp: >+ (WebKit::WebsitePoliciesData::encode const): >+ (WebKit::WebsitePoliciesData::decode): >+ (WebKit::WebsitePoliciesData::applyToDocumentLoader): >+ * Shared/WebsitePoliciesData.h: >+ * UIProcess/API/APIWebsitePolicies.cpp: >+ (API::WebsitePolicies::copy const): >+ (API::WebsitePolicies::data): >+ * UIProcess/API/APIWebsitePolicies.h: >+ * UIProcess/API/Cocoa/WKWebpagePreferences.mm: >+ (-[WKWebpagePreferences _customHeaderFieldHosts]): >+ (-[WKWebpagePreferences _setCustomHeaderFieldHosts:]): >+ * UIProcess/API/Cocoa/WKWebpagePreferencesPrivate.h: >+ > 2019-04-29 Truitt Savell <tsavell@apple.com> > > Unreviewed, rolling out r244755. >Index: Source/WebKit/Shared/WebsitePoliciesData.cpp >=================================================================== >--- Source/WebKit/Shared/WebsitePoliciesData.cpp (revision 244759) >+++ Source/WebKit/Shared/WebsitePoliciesData.cpp (working copy) >@@ -43,6 +43,7 @@ void WebsitePoliciesData::encode(IPC::En > #endif > encoder << allowedAutoplayQuirks; > encoder << customHeaderFields; >+ encoder << customHeaderFieldHosts; > encoder << popUpPolicy; > encoder << websiteDataStoreParameters; > encoder << customUserAgent; >@@ -81,6 +82,11 @@ Optional<WebsitePoliciesData> WebsitePol > decoder >> customHeaderFields; > if (!customHeaderFields) > return WTF::nullopt; >+ >+ Optional<Vector<String>> customHeaderFieldHosts; >+ decoder >> customHeaderFieldHosts; >+ if (!customHeaderFieldHosts) >+ return WTF::nullopt; > > Optional<WebsitePopUpPolicy> popUpPolicy; > decoder >> popUpPolicy; >@@ -130,6 +136,7 @@ Optional<WebsitePoliciesData> WebsitePol > WTFMove(*deviceOrientationAndMotionAccessState), > #endif > WTFMove(*customHeaderFields), >+ WTFMove(*customHeaderFieldHosts), > WTFMove(*popUpPolicy), > WTFMove(*websiteDataStoreParameters), > WTFMove(*customUserAgent), >@@ -144,6 +151,7 @@ Optional<WebsitePoliciesData> WebsitePol > void WebsitePoliciesData::applyToDocumentLoader(WebsitePoliciesData&& websitePolicies, WebCore::DocumentLoader& documentLoader) > { > documentLoader.setCustomHeaderFields(WTFMove(websitePolicies.customHeaderFields)); >+ documentLoader.setCustomHeaderFieldHosts(WTFMove(websitePolicies.customHeaderFieldHosts)); > documentLoader.setCustomUserAgent(websitePolicies.customUserAgent); > documentLoader.setCustomJavaScriptUserAgentAsSiteSpecificQuirks(websitePolicies.customJavaScriptUserAgentAsSiteSpecificQuirks); > documentLoader.setCustomNavigatorPlatform(websitePolicies.customNavigatorPlatform); >Index: Source/WebKit/Shared/WebsitePoliciesData.h >=================================================================== >--- Source/WebKit/Shared/WebsitePoliciesData.h (revision 244759) >+++ Source/WebKit/Shared/WebsitePoliciesData.h (working copy) >@@ -57,6 +57,7 @@ struct WebsitePoliciesData { > WebCore::DeviceOrientationOrMotionPermissionState deviceOrientationAndMotionAccessState; > #endif > Vector<WebCore::HTTPHeaderField> customHeaderFields; >+ Vector<String> customHeaderFieldHosts; > WebsitePopUpPolicy popUpPolicy { WebsitePopUpPolicy::Default }; > Optional<WebsiteDataStoreParameters> websiteDataStoreParameters; > String customUserAgent; >Index: Source/WebKit/UIProcess/API/APIWebsitePolicies.cpp >=================================================================== >--- Source/WebKit/UIProcess/API/APIWebsitePolicies.cpp (revision 244759) >+++ Source/WebKit/UIProcess/API/APIWebsitePolicies.cpp (working copy) >@@ -60,11 +60,18 @@ Ref<WebsitePolicies> WebsitePolicies::co > policies->setMetaViewportPolicy(m_metaViewportPolicy); > policies->setMediaSourcePolicy(m_mediaSourcePolicy); > policies->setSimulatedMouseEventsDispatchPolicy(m_simulatedMouseEventsDispatchPolicy); >+ > Vector<WebCore::HTTPHeaderField> customHeaderFields; > customHeaderFields.reserveInitialCapacity(m_customHeaderFields.size()); > for (auto& field : m_customHeaderFields) > customHeaderFields.append(WebCore::HTTPHeaderField(field)); > policies->setCustomHeaderFields(WTFMove(customHeaderFields)); >+ >+ Vector<WTF::String> hosts; >+ for (const auto& host : m_customHeaderFieldHosts) >+ hosts.append(host); >+ policies->setCustomHeaderFieldHosts(WTFMove(hosts)); >+ > return policies; > } > >@@ -87,6 +94,7 @@ WebKit::WebsitePoliciesData WebsitePolic > deviceOrientationAndMotionAccessState(), > #endif > customHeaderFields(), >+ customHeaderFieldHosts(), > popUpPolicy(), > m_websiteDataStore ? Optional<WebKit::WebsiteDataStoreParameters> { m_websiteDataStore->websiteDataStore().parameters() } : WTF::nullopt, > m_customUserAgent, >Index: Source/WebKit/UIProcess/API/APIWebsitePolicies.h >=================================================================== >--- Source/WebKit/UIProcess/API/APIWebsitePolicies.h (revision 244759) >+++ Source/WebKit/UIProcess/API/APIWebsitePolicies.h (working copy) >@@ -69,9 +69,11 @@ public: > #endif > > const Vector<WebCore::HTTPHeaderField>& customHeaderFields() const { return m_customHeaderFields; } >- Vector<WebCore::HTTPHeaderField>&& takeCustomHeaderFields() { return WTFMove(m_customHeaderFields); } > void setCustomHeaderFields(Vector<WebCore::HTTPHeaderField>&& fields) { m_customHeaderFields = WTFMove(fields); } > >+ const Vector<WTF::String> customHeaderFieldHosts() const { return m_customHeaderFieldHosts; } >+ void setCustomHeaderFieldHosts(Vector<WTF::String>&& hosts) { m_customHeaderFieldHosts = WTFMove(hosts); } >+ > WebKit::WebsitePopUpPolicy popUpPolicy() const { return m_popUpPolicy; } > void setPopUpPolicy(WebKit::WebsitePopUpPolicy policy) { m_popUpPolicy = policy; } > >@@ -111,6 +113,7 @@ private: > WebCore::DeviceOrientationOrMotionPermissionState m_deviceOrientationAndMotionAccessState { WebCore::DeviceOrientationOrMotionPermissionState::Prompt }; > #endif > Vector<WebCore::HTTPHeaderField> m_customHeaderFields; >+ Vector<WTF::String> m_customHeaderFieldHosts; > WebKit::WebsitePopUpPolicy m_popUpPolicy { WebKit::WebsitePopUpPolicy::Default }; > RefPtr<WebsiteDataStore> m_websiteDataStore; > WTF::String m_customUserAgent; >Index: Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferences.mm >=================================================================== >--- Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferences.mm (revision 244759) >+++ Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferences.mm (working copy) >@@ -236,6 +236,25 @@ - (void)_setCustomHeaderFields:(NSDictio > _websitePolicies->setCustomHeaderFields(WTFMove(parsedFields)); > } > >+- (NSArray<NSString *> *)_customHeaderFieldHosts >+{ >+ const auto& hosts = _websitePolicies->customHeaderFieldHosts(); >+ NSMutableArray<NSString *> *array = [[[NSMutableArray alloc] initWithCapacity:hosts.size()] autorelease]; >+ for (const auto& host : hosts) >+ [array addObject:host]; >+ return array; >+} >+ >+- (void)_setCustomHeaderFieldHosts:(NSArray<NSString *> *)nsHosts >+{ >+ Vector<String> hosts; >+ hosts.reserveInitialCapacity(nsHosts.count); >+ >+ for (NSString *host in nsHosts) >+ hosts.uncheckedAppend(host); >+ _websitePolicies->setCustomHeaderFieldHosts(WTFMove(hosts)); >+} >+ > - (WKWebsiteDataStore *)_websiteDataStore > { > return wrapper(_websitePolicies->websiteDataStore()); >Index: Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferencesPrivate.h >=================================================================== >--- Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferencesPrivate.h (revision 244759) >+++ Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferencesPrivate.h (working copy) >@@ -61,6 +61,7 @@ typedef NS_OPTIONS(NSUInteger, _WKWebsit > @property (nonatomic, setter=_setAllowedAutoplayQuirks:) _WKWebsiteAutoplayQuirk _allowedAutoplayQuirks; > @property (nonatomic, setter=_setAutoplayPolicy:) _WKWebsiteAutoplayPolicy _autoplayPolicy; > @property (nonatomic, copy, setter=_setCustomHeaderFields:) NSDictionary<NSString *, NSString *> *_customHeaderFields; >+@property (nonatomic, setter=_setCustomHeaderFieldHosts:) NSArray<NSString *> *_customHeaderFieldHosts; > @property (nonatomic, setter=_setPopUpPolicy:) _WKWebsitePopUpPolicy _popUpPolicy; > @property (nonatomic, strong, setter=_setWebsiteDataStore:) WKWebsiteDataStore *_websiteDataStore; > @property (nonatomic, copy, setter=_setCustomUserAgent:) NSString *_customUserAgent; >Index: Tools/ChangeLog >=================================================================== >--- Tools/ChangeLog (revision 244762) >+++ Tools/ChangeLog (working copy) >@@ -1,3 +1,16 @@ >+2019-04-29 Alex Christensen <achristensen@webkit.org> >+ >+ Add SPI to set a list of hosts to which to send custom header fields cross-origin >+ https://bugs.webkit.org/show_bug.cgi?id=197397 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * TestWebKitAPI/Tests/WebKitCocoa/WebsitePolicies.mm: >+ (-[CustomHeaderFieldsDelegate webView:decidePolicyForNavigationAction:preferences:decisionHandler:]): >+ (-[CustomHeaderFieldsDelegate webView:startURLSchemeTask:]): >+ (TEST): >+ (-[CustomHeaderFieldsDelegate _webView:decidePolicyForNavigationAction:decisionHandler:]): Deleted. >+ > 2019-04-29 Alex Christensen <achristensen@webkit.org> > > <rdar://problem/50299396> Fix internal High Sierra build >Index: Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsitePolicies.mm >=================================================================== >--- Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsitePolicies.mm (revision 244759) >+++ Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsitePolicies.mm (working copy) >@@ -36,6 +36,7 @@ > #import <WebKit/WKURLSchemeTaskPrivate.h> > #import <WebKit/WKUserContentControllerPrivate.h> > #import <WebKit/WKWebViewPrivate.h> >+#import <WebKit/WKWebpagePreferencesPrivate.h> > #import <WebKit/WKWebsiteDataStorePrivate.h> > #import <WebKit/WKWebsitePolicies.h> > #import <WebKit/_WKUserContentExtensionStorePrivate.h> >@@ -919,6 +920,7 @@ static bool firstTestDone; > static bool secondTestDone; > static bool thirdTestDone; > static bool fourthTestDone; >+static bool fifthTestDone; > > static void expectHeaders(id <WKURLSchemeTask> task, bool expected) > { >@@ -944,18 +946,16 @@ @interface CustomHeaderFieldsDelegate : > > @implementation CustomHeaderFieldsDelegate > >-IGNORE_WARNINGS_BEGIN("deprecated-implementations") >-- (void)_webView:(WKWebView *)webView decidePolicyForNavigationAction:(WKNavigationAction *)navigationAction decisionHandler:(void (^)(WKNavigationActionPolicy, _WKWebsitePolicies *))decisionHandler >-IGNORE_WARNINGS_END >+- (void)webView:(WKWebView *)webView decidePolicyForNavigationAction:(WKNavigationAction *)navigationAction preferences:(WKWebpagePreferences *)preferences decisionHandler:(void (^)(WKNavigationActionPolicy, WKWebpagePreferences *))decisionHandler > { >- _WKWebsitePolicies *websitePolicies = [[[_WKWebsitePolicies alloc] init] autorelease]; >- [websitePolicies setCustomHeaderFields:@{@"X-key1": @"value1", @"X-key2": @"value2"}]; >+ [preferences _setCustomHeaderFields:@{@"X-key1": @"value1", @"X-key2": @"value2"}]; >+ [preferences _setCustomHeaderFieldHosts:@[@"*.hostwithasterisk.example", @"hostwithoutasterisk.example"]]; > if ([navigationAction.request.URL.path isEqualToString:@"/mainresource"]) { > dispatch_async(dispatch_get_main_queue(), ^{ >- decisionHandler(WKNavigationActionPolicyAllow, websitePolicies); >+ decisionHandler(WKNavigationActionPolicyAllow, preferences); > }); > } else >- decisionHandler(WKNavigationActionPolicyAllow, websitePolicies); >+ decisionHandler(WKNavigationActionPolicyAllow, preferences); > } > > - (void)webView:(WKWebView *)webView startURLSchemeTask:(id <WKURLSchemeTask>)urlSchemeTask >@@ -998,7 +998,27 @@ - (void)webView:(WKWebView *)webView sta > expectHeaders(urlSchemeTask, true); > respond(urlSchemeTask); > fourthTestDone = true; >- } else >+ } else if ([path isEqualToString:@"/testcustomheaderfieldhosts"]) { >+ expectHeaders(urlSchemeTask, true); >+ NSString *html = @"<script>fetch('test://a.b.c.sub.hostwithasterisk.example/hosttest1',{mode:'no-cors'})" >+ ".then(function(response){fetch('test://subhostwithasterisk.example/hosttest2',{mode:'no-cors'})})" >+ ".then(function(response){fetch('test://hostwithoutasterisk.example/hosttest3',{mode:'no-cors'})})" >+ ".then(function(response){fetch('test://a.b.c.sub.hostwithoutasterisk.example/hosttest4',{mode:'no-cors'})})</script>"; >+ respond(urlSchemeTask, html); >+ } else if ([path isEqualToString:@"/hosttest1"]) { >+ expectHeaders(urlSchemeTask, true); >+ respond(urlSchemeTask); >+ } else if ([path isEqualToString:@"/hosttest2"]) { >+ expectHeaders(urlSchemeTask, false); >+ respond(urlSchemeTask); >+ } else if ([path isEqualToString:@"/hosttest3"]) { >+ expectHeaders(urlSchemeTask, true); >+ respond(urlSchemeTask); >+ } else if ([path isEqualToString:@"/hosttest4"]) { >+ expectHeaders(urlSchemeTask, false); >+ respond(urlSchemeTask); >+ fifthTestDone = true; >+ } else if ([path isEqualToString:@"/testcustomheaderfieldhosts"]) > EXPECT_TRUE(false); > } > >@@ -1023,6 +1043,9 @@ TEST(WebKit, CustomHeaderFields) > > [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"test://toporigin/nestedtop"]]]; > TestWebKitAPI::Util::run(&thirdTestDone); >+ >+ [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"test://host/testcustomheaderfieldhosts"]]]; >+ TestWebKitAPI::Util::run(&fifthTestDone); > } > > static unsigned loadCount;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=368538">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197397
:
368523
|
368538
|
368698
|
368711
|
368724
|
368738
|
368774
|
368780
|
368801
|
369179
|
369182
|
369187
|
369238
|
369325
|
369328
|
370005
|
370155