Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c5fabb4129dc9dcba8ebba81189a118d2997a0ab
      
https://github.com/WebKit/WebKit/commit/c5fabb4129dc9dcba8ebba81189a118d2997a0ab
  Author: Basuke Suzuki <[email protected]>
  Date:   2026-06-30 (Tue, 30 Jun 2026)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
    M 
Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
    M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp

  Log Message:
  -----------
  Remove shouldRestrictHTTPResponseAccess from NetworkResourceLoadParameters
rdar://174708348

Reviewed by Ryosuke Niwa.

The shouldRestrictHTTPResponseAccess field in NetworkResourceLoadParameters
was sent from WebContent process to NetworkProcess via IPC with no validation.
A compromised WebContent process could set it to false to bypass response
header sanitization (Set-Cookie stripping, cross-origin header filtering).

The field was originally introduced in 2018 as a runtime-configurable flag
(RestrictedHTTPResponseAccess preference) to allow WK1 to opt out of
sanitization. After WK1 was removed, the preference was hardcoded to true
(288687@main), but the IPC parameter was never cleaned up.

Since shouldPerformSecurityChecks() unconditionally returns true, this field
always carried the value true from a legitimate WebContent process. Remove
it entirely and make sanitization unconditional on the NetworkProcess side.

No new tests (hardening, no behavior change for legitimate WebContent process).

* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in:
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::sanitizeResponseIfPossible):
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
(WebKit::WebLoaderStrategy::loadResourceSynchronously):
(WebKit::WebLoaderStrategy::startPingLoad):
(WebKit::WebLoaderStrategy::preconnectTo):

Originally-landed-as: 305413.689@safari-7624-branch (1db91ab9400c). 
rdar://180428250
Canonical link: https://commits.webkit.org/316187@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to