[webkit-changes] [WebKit/WebKit] 68ec5f: Ensure Enhanced Security handles HTTPFirst correctly

Thu, 30 Apr 2026 00:56:33 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 68ec5f328d2394c1583128ee07306c7f053336df
      
https://github.com/WebKit/WebKit/commit/68ec5f328d2394c1583128ee07306c7f053336df
  Author: Ronan Turner <[email protected]>
  Date:   2026-04-30 (Thu, 30 Apr 2026)

  Changed paths:
    M Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp
    M Source/WebKit/UIProcess/EnhancedSecurityTracking.h
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/EnhancedSecurityPolicies.mm

  Log Message:
  -----------
  Ensure Enhanced Security handles HTTPFirst correctly
https://bugs.webkit.org/show_bug.cgi?id=312578
rdar://173934437

Reviewed by Matthew Finkel.

Currently, when a http:// URL is received with the HTTPSFirst network
policy set, we opt in to Enhanced Security. However, WebContent will
attempt to upgrade this to HTTPS on seeing the set policy automatically
and never pass the decision back through WebPageProxy if the upgrade
succeeds.

To address this, we determine if a HTTPS upgrade is going to be
attempted and, in this case, do not opt into Enhanced Security. If the
upgrade later fails, this will pass through didFailProvisionalLoad and
revisit the Enhanced Security decision in WebPageProxy.

Two new tests are added which confirm the expected behaviour for
HTTPSFirst in the success case, and ensure that when HTTPSFirst fails
that Enhanced Security is still enabled.

Test: Tools/TestWebKitAPI/Tests/WebKit/WKWebView/EnhancedSecurityPolicies.mm

* Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp:
(WebKit::shouldExpectHTTPSUpgrade):
(WebKit::EnhancedSecurityTracking::enableIfRequired):
(WebKit::EnhancedSecurityTracking::trackNavigation):
* Source/WebKit/UIProcess/EnhancedSecurityTracking.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/EnhancedSecurityPolicies.mm:
(runHttpsFirstUpgradeDisablesEnhancedSecurity):
(runHttpsFirstFailureEnablesEnhancedSecurity):

Canonical link: https://commits.webkit.org/312342@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to