...
Created attachment 459803 [details] Patch
Created attachment 459975 [details] Patch
<rdar://problem/94331699>
Comment on attachment 459975 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=459975&action=review > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:640 > + NSString *origin = [request valueForHTTPHeaderField:@"Origin"] ?: @"*"; If there is no origin header, we probably do not need to add AccessControlAllowOrigin header. Adding it with '*' does not harm though. > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:642 > + networkDataTask->willPerformHTTPRedirection(WTFMove(synthesizedResponse), request, [completionHandler = makeBlockPtr(completionHandler), taskIdentifier, shouldIgnoreHSTS](auto&& request) { Seems fine for now. There are corner cases that will not work (CORS preflight for instance) In the future, we could add a dedicated HSTS upgrade signal and let NetworkResourceLoader/NetworkLoadChecker deal with the full case.
Committed r295230 (251284@main): <https://commits.webkit.org/251284@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 459975 [details].
This landed as 251285@main, NOT 251284@main.