Diff
Modified: trunk/LayoutTests/ChangeLog (260381 => 260382)
--- trunk/LayoutTests/ChangeLog 2020-04-20 18:41:29 UTC (rev 260381)
+++ trunk/LayoutTests/ChangeLog 2020-04-20 18:43:45 UTC (rev 260382)
@@ -1,3 +1,16 @@
+2020-04-20 Chris Dumez <cdu...@apple.com>
+
+ Sending beacons when Fetch KeepAlive feature is disabled crashes the WebProcess
+ https://bugs.webkit.org/show_bug.cgi?id=210753
+ <rdar://problem/61896221>
+
+ Reviewed by Geoffrey Garen.
+
+ Add layout test coverage.
+
+ * http/wpt/beacon/beacon-legacy-code-path-expected.txt: Added.
+ * http/wpt/beacon/beacon-legacy-code-path.html: Added.
+
2020-04-20 Youenn Fablet <you...@apple.com>
MediaPlayerPrivateMediaStreamAVFObjC should start play a newly added audio track if it is playing
Added: trunk/LayoutTests/http/wpt/beacon/beacon-legacy-code-path-expected.txt (0 => 260382)
--- trunk/LayoutTests/http/wpt/beacon/beacon-legacy-code-path-expected.txt (rev 0)
+++ trunk/LayoutTests/http/wpt/beacon/beacon-legacy-code-path-expected.txt 2020-04-20 18:43:45 UTC (rev 260382)
@@ -0,0 +1,3 @@
+
+PASS Send Beacon
+
Added: trunk/LayoutTests/http/wpt/beacon/beacon-legacy-code-path.html (0 => 260382)
--- trunk/LayoutTests/http/wpt/beacon/beacon-legacy-code-path.html (rev 0)
+++ trunk/LayoutTests/http/wpt/beacon/beacon-legacy-code-path.html 2020-04-20 18:43:45 UTC (rev 260382)
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<script src=""
+<script src=""
+<script src=""
+<script>
+ const RESOURCES_DIR = "/WebKit/beacon/resources/";
+
+ if (window.internals)
+ internals.settings.setFetchAPIKeepAliveEnabled(false);
+
+ function waitForBeaconCompletion()
+ {
+ return new Promise(function(resolve, reject) {
+ if (!internals.inflightBeaconsCount) {
+ resolve();
+ return;
+ }
+ setTimeout(function() {
+ waitForBeaconCompletion().then(resolve, reject);
+ }, 10);
+ });
+ }
+
+ function createPayload(payloadSize)
+ {
+ return new Blob(["*".repeat(payloadSize)]);
+ }
+
+ promise_test(function() {
+ var id = self.token();
+ var target = RESOURCES_DIR + "beacon-preflight.py?allowCors=1&cmd=put&id=" + id;
+
+ assert_true(navigator.sendBeacon(target, createPayload(10)), "Send beacon");
+ return waitForBeaconCompletion();
+ }, "Send Beacon");
+</script>
Modified: trunk/Source/WebCore/ChangeLog (260381 => 260382)
--- trunk/Source/WebCore/ChangeLog 2020-04-20 18:41:29 UTC (rev 260381)
+++ trunk/Source/WebCore/ChangeLog 2020-04-20 18:43:45 UTC (rev 260382)
@@ -1,3 +1,21 @@
+2020-04-20 Chris Dumez <cdu...@apple.com>
+
+ Sending beacons when Fetch KeepAlive feature is disabled crashes the WebProcess
+ https://bugs.webkit.org/show_bug.cgi?id=210753
+ <rdar://problem/61896221>
+
+ Reviewed by Geoffrey Garen.
+
+ Test: http/wpt/beacon/beacon-legacy-code-path.html
+
+ * testing/InternalSettings.cpp:
+ (WebCore::InternalSettings::Backup::Backup):
+ (WebCore::InternalSettings::Backup::restoreTo):
+ (WebCore::InternalSettings::setFetchAPIKeepAliveEnabled):
+ * testing/InternalSettings.h:
+ * testing/InternalSettings.idl:
+ Add internal settings to disable Fetch Keep Alive for layout testing.
+
2020-04-20 Youenn Fablet <you...@apple.com>
MediaPlayerPrivateMediaStreamAVFObjC should start play a newly added audio track if it is playing
Modified: trunk/Source/WebCore/testing/InternalSettings.cpp (260381 => 260382)
--- trunk/Source/WebCore/testing/InternalSettings.cpp 2020-04-20 18:41:29 UTC (rev 260381)
+++ trunk/Source/WebCore/testing/InternalSettings.cpp 2020-04-20 18:43:45 UTC (rev 260382)
@@ -119,6 +119,7 @@
#if ENABLE(MEDIA_STREAM)
, m_setScreenCaptureEnabled(RuntimeEnabledFeatures::sharedFeatures().screenCaptureEnabled())
#endif
+ , m_fetchAPIKeepAliveAPIEnabled(RuntimeEnabledFeatures::sharedFeatures().fetchAPIKeepAliveEnabled())
, m_shouldMockBoldSystemFontForAccessibility(RenderTheme::singleton().shouldMockBoldSystemFontForAccessibility())
#if USE(AUDIO_SESSION)
, m_shouldManageAudioSessionCategory(DeprecatedGlobalSettings::shouldManageAudioSessionCategory())
@@ -222,6 +223,7 @@
#if ENABLE(MEDIA_STREAM)
RuntimeEnabledFeatures::sharedFeatures().setScreenCaptureEnabled(m_setScreenCaptureEnabled);
#endif
+ RuntimeEnabledFeatures::sharedFeatures().setFetchAPIKeepAliveEnabled(m_fetchAPIKeepAliveAPIEnabled);
RuntimeEnabledFeatures::sharedFeatures().setCustomPasteboardDataEnabled(m_customPasteboardDataEnabled);
#if USE(AUDIO_SESSION)
@@ -809,6 +811,11 @@
#endif
}
+void InternalSettings::setFetchAPIKeepAliveEnabled(bool enabled)
+{
+ RuntimeEnabledFeatures::sharedFeatures().setFetchAPIKeepAliveEnabled(enabled);
+}
+
ExceptionOr<String> InternalSettings::userInterfaceDirectionPolicy()
{
if (!m_page)
Modified: trunk/Source/WebCore/testing/InternalSettings.h (260381 => 260382)
--- trunk/Source/WebCore/testing/InternalSettings.h 2020-04-20 18:41:29 UTC (rev 260381)
+++ trunk/Source/WebCore/testing/InternalSettings.h 2020-04-20 18:43:45 UTC (rev 260382)
@@ -131,6 +131,7 @@
static void setWebGPUEnabled(bool);
static void setPictureInPictureAPIEnabled(bool);
static void setScreenCaptureEnabled(bool);
+ static void setFetchAPIKeepAliveEnabled(bool);
static bool webAnimationsCSSIntegrationEnabled();
@@ -220,6 +221,7 @@
bool m_indexedDBWorkersEnabled;
bool m_webGL2Enabled;
bool m_setScreenCaptureEnabled;
+ bool m_fetchAPIKeepAliveAPIEnabled;
bool m_shouldMockBoldSystemFontForAccessibility;
#if USE(AUDIO_SESSION)
Modified: trunk/Source/WebCore/testing/InternalSettings.idl (260381 => 260382)
--- trunk/Source/WebCore/testing/InternalSettings.idl 2020-04-20 18:41:29 UTC (rev 260381)
+++ trunk/Source/WebCore/testing/InternalSettings.idl 2020-04-20 18:43:45 UTC (rev 260382)
@@ -97,6 +97,7 @@
void setWebGL2Enabled(boolean enabled);
void setWebGPUEnabled(boolean enabled);
void setScreenCaptureEnabled(boolean enabled);
+ void setFetchAPIKeepAliveEnabled(boolean enabled);
[MayThrowException] DOMString userInterfaceDirectionPolicy();
[MayThrowException] void setUserInterfaceDirectionPolicy(DOMString policy);
Modified: trunk/Source/WebKit/ChangeLog (260381 => 260382)
--- trunk/Source/WebKit/ChangeLog 2020-04-20 18:41:29 UTC (rev 260381)
+++ trunk/Source/WebKit/ChangeLog 2020-04-20 18:43:45 UTC (rev 260382)
@@ -1,3 +1,16 @@
+2020-04-20 Chris Dumez <cdu...@apple.com>
+
+ Sending beacons when Fetch KeepAlive feature is disabled crashes the WebProcess
+ https://bugs.webkit.org/show_bug.cgi?id=210753
+ <rdar://problem/61896221>
+
+ Reviewed by Geoffrey Garen.
+
+ * WebProcess/Network/WebLoaderStrategy.cpp:
+ (WebKit::WebLoaderStrategy::startPingLoad):
+ Make sure NetworkResourceLoadParameters's webPageProxyID / webPageID / webFrameID are properly
+ initialized before sending the IPC or IPC decoding will fail.
+
2020-04-20 David Kilzer <ddkil...@apple.com>
[IPC hardening] Use ObjectIdentifier<> for geolocationID
Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (260381 => 260382)
--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp 2020-04-20 18:41:29 UTC (rev 260381)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp 2020-04-20 18:43:45 UTC (rev 260382)
@@ -639,15 +639,26 @@
void WebLoaderStrategy::startPingLoad(Frame& frame, ResourceRequest& request, const HTTPHeaderMap& originalRequestHeaders, const FetchOptions& options, ContentSecurityPolicyImposition policyCheck, PingLoadCompletionHandler&& completionHandler)
{
+ auto* webFrame = WebFrame::fromCoreFrame(frame);
auto* document = frame.document();
- if (!document) {
+ if (!document || !webFrame) {
if (completionHandler)
completionHandler(internalError(request.url()), { });
return;
}
+ auto* webPage = webFrame->page();
+ if (!webPage) {
+ if (completionHandler)
+ completionHandler(internalError(request.url()), { });
+ return;
+ }
+
NetworkResourceLoadParameters loadParameters;
loadParameters.identifier = generateLoadIdentifier();
+ loadParameters.webPageProxyID = webPage->webPageProxyIdentifier();
+ loadParameters.webPageID = webPage->identifier();
+ loadParameters.webFrameID = webFrame->frameID();
loadParameters.request = request;
loadParameters.sourceOrigin = &document->securityOrigin();
loadParameters.topOrigin = &document->topOrigin();
@@ -666,17 +677,12 @@
}
addParametersShared(&frame, loadParameters);
- auto* webFrameLoaderClient = toWebFrameLoaderClient(frame.loader().client());
- auto* webFrame = webFrameLoaderClient ? &webFrameLoaderClient->webFrame() : nullptr;
- auto* webPage = webFrame ? webFrame->page() : nullptr;
- if (webPage)
- loadParameters.isNavigatingToAppBoundDomain = webPage->isNavigatingToAppBoundDomain();
+ loadParameters.isNavigatingToAppBoundDomain = webPage->isNavigatingToAppBoundDomain();
#if ENABLE(CONTENT_EXTENSIONS)
loadParameters.mainDocumentURL = document->topDocument().url();
// FIXME: Instead of passing userContentControllerIdentifier, we should just pass webPageId to NetworkProcess.
- if (webPage)
- loadParameters.userContentControllerIdentifier = webPage->userContentControllerIdentifier();
+ loadParameters.userContentControllerIdentifier = webPage->userContentControllerIdentifier();
#endif
if (completionHandler)
