Skip to site navigation (Press enter)

[webkit-changes] [283732] trunk/Source

cdumez Thu, 07 Oct 2021 12:13:33 -0700

Title: [283732] trunk/Source

Revision: 283732
Author: cdu...@apple.com
Date: 2021-10-07 12:12:57 -0700 (Thu, 07 Oct 2021)

Log Message

Add feature flag for COOP / COEP violation reporting and turn off by default
https://bugs.webkit.org/show_bug.cgi?id=231371


Reviewed by Youenn Fablet.

Add feature flag for COOP / COEP violation reporting and turn off by default since our
implementation doesn't match the latest specification.

Source/WebCore:

* loader/CrossOriginEmbedderPolicy.cpp:
(WebCore::sendCOEPPolicyInheritenceViolation):
(WebCore::sendCOEPCORPViolation):
* loader/CrossOriginOpenerPolicy.cpp:
(WebCore::sendViolationReportWhenNavigatingToCOOPResponse):
(WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse):

Source/WTF:

* Scripts/Preferences/WebPreferencesExperimental.yaml:

Modified Paths

trunk/Source/WTF/ChangeLog
trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp
trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp

Diff

Modified: trunk/Source/WTF/ChangeLog (283731 => 283732)


--- trunk/Source/WTF/ChangeLog	2021-10-07 18:56:58 UTC (rev 283731)
+++ trunk/Source/WTF/ChangeLog	2021-10-07 19:12:57 UTC (rev 283732)
@@ -1,3 +1,15 @@
+2021-10-07  Chris Dumez  <cdu...@apple.com>
+
+        Add feature flag for COOP / COEP violation reporting and turn off by default
+        https://bugs.webkit.org/show_bug.cgi?id=231371
+
+        Reviewed by Youenn Fablet.
+
+        Add feature flag for COOP / COEP violation reporting and turn off by default since our
+        implementation doesn't match the latest specification.
+
+        * Scripts/Preferences/WebPreferencesExperimental.yaml:
+
 2021-10-06  Sihui Liu  <sihui_...@apple.com>
 
         Add support for FileSystemSyncAccessHandle

Modified: trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml (283731 => 283732)


--- trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml	2021-10-07 18:56:58 UTC (rev 283731)
+++ trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml	2021-10-07 19:12:57 UTC (rev 283732)
@@ -331,6 +331,18 @@
     WebCore:
       default: false
 
+CoopCoepViolationReportingEnabled:
+  type: bool
+  humanReadableName: "COOP and COEP violations reporting"
+  humanReadableDescription: "Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy reporting"
+  defaultValue:
+    WebKitLegacy:
+      default: false
+    WebKit:
+      default: false
+    WebCore:
+      default: false
+
 CoreImageAcceleratedFilterRenderEnabled:
   type: bool
   webcoreOnChange: setNeedsRelayoutAllFrames

Modified: trunk/Source/WebCore/ChangeLog (283731 => 283732)


--- trunk/Source/WebCore/ChangeLog	2021-10-07 18:56:58 UTC (rev 283731)
+++ trunk/Source/WebCore/ChangeLog	2021-10-07 19:12:57 UTC (rev 283732)
@@ -1,3 +1,20 @@
+2021-10-07  Chris Dumez  <cdu...@apple.com>
+
+        Add feature flag for COOP / COEP violation reporting and turn off by default
+        https://bugs.webkit.org/show_bug.cgi?id=231371
+
+        Reviewed by Youenn Fablet.
+
+        Add feature flag for COOP / COEP violation reporting and turn off by default since our
+        implementation doesn't match the latest specification.
+
+        * loader/CrossOriginEmbedderPolicy.cpp:
+        (WebCore::sendCOEPPolicyInheritenceViolation):
+        (WebCore::sendCOEPCORPViolation):
+        * loader/CrossOriginOpenerPolicy.cpp:
+        (WebCore::sendViolationReportWhenNavigatingToCOOPResponse):
+        (WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse):
+
 2021-10-07  Antti Koivisto  <an...@apple.com>
 
         [LFC][Integration] Use optimized InlineContent::boxesForRect for hit testing

Modified: trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp (283731 => 283732)


--- trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp	2021-10-07 18:56:58 UTC (rev 283731)
+++ trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp	2021-10-07 19:12:57 UTC (rev 283732)
@@ -113,6 +113,9 @@
 // https://html.spec.whatwg.org/multipage/origin.html#queue-a-cross-origin-embedder-policy-inheritance-violation
 void sendCOEPPolicyInheritenceViolation(Frame& frame, const WebCore::SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition disposition, const String& type, const URL& blockedURL)
 {
+    if (!frame.settings().coopCoepViolationReportingEnabled())
+        return;
+
     ASSERT(!endpoint.isEmpty());
     PingLoader::sendReportToEndpoint(frame, embedderOrigin, endpoint, "coep"_s, contextURLForReport(frame), frame.loader().userAgent(blockedURL), [&](auto& body) {
         body.setString("disposition"_s, disposition == COEPDisposition::Reporting ? "reporting"_s : "enforce"_s);
@@ -125,6 +128,9 @@
 void sendCOEPCORPViolation(Frame& frame, const SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition disposition, FetchOptions::Destination destination, const URL& blockedURL)
 {
     ASSERT(!endpoint.isEmpty());
+    if (!frame.settings().coopCoepViolationReportingEnabled())
+        return;
+
     PingLoader::sendReportToEndpoint(frame, embedderOrigin, endpoint, "coep"_s, contextURLForReport(frame), frame.loader().userAgent(blockedURL), [&](auto& body) {
         body.setString("disposition"_s, disposition == COEPDisposition::Reporting ? "reporting"_s : "enforce"_s);
         body.setString("type"_s, "corp");

Modified: trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp (283731 => 283732)


--- trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp	2021-10-07 18:56:58 UTC (rev 283731)
+++ trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp	2021-10-07 19:12:57 UTC (rev 283732)
@@ -209,6 +209,9 @@
 // https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-to
 void sendViolationReportWhenNavigatingToCOOPResponse(Frame& frame, CrossOriginOpenerPolicy coop, COOPDisposition disposition, const URL& coopURL, const URL& previousResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& previousResponseOrigin, const String& referrer, const String& userAgent)
 {
+    if (!frame.settings().coopCoepViolationReportingEnabled())
+        return;
+
     auto& endpoint = coop.reportingEndpointForDisposition(disposition);
     if (endpoint.isEmpty())
         return;
@@ -225,6 +228,9 @@
 // https://html.spec.whatwg.org/multipage/origin.html#coop-violation-navigation-from
 void sendViolationReportWhenNavigatingAwayFromCOOPResponse(Frame& frame, CrossOriginOpenerPolicy coop, COOPDisposition disposition, const URL& coopURL, const URL& nextResponseURL, const SecurityOrigin& coopOrigin, const SecurityOrigin& nextResponseOrigin, bool isCOOPResponseNavigationSource, const String& userAgent)
 {
+    if (!frame.settings().coopCoepViolationReportingEnabled())
+        return;
+
     auto& endpoint = coop.reportingEndpointForDisposition(disposition);
     if (endpoint.isEmpty())
         return;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes