Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c5fabb4129dc9dcba8ebba81189a118d2997a0ab
https://github.com/WebKit/WebKit/commit/c5fabb4129dc9dcba8ebba81189a118d2997a0ab
Author: Basuke Suzuki <[email protected]>
Date: 2026-06-30 (Tue, 30 Jun 2026)
Changed paths:
M Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
M
Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in
M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
Log Message:
-----------
Remove shouldRestrictHTTPResponseAccess from NetworkResourceLoadParameters
rdar://174708348
Reviewed by Ryosuke Niwa.
The shouldRestrictHTTPResponseAccess field in NetworkResourceLoadParameters
was sent from WebContent process to NetworkProcess via IPC with no validation.
A compromised WebContent process could set it to false to bypass response
header sanitization (Set-Cookie stripping, cross-origin header filtering).
The field was originally introduced in 2018 as a runtime-configurable flag
(RestrictedHTTPResponseAccess preference) to allow WK1 to opt out of
sanitization. After WK1 was removed, the preference was hardcoded to true
(288687@main), but the IPC parameter was never cleaned up.
Since shouldPerformSecurityChecks() unconditionally returns true, this field
always carried the value true from a legitimate WebContent process. Remove
it entirely and make sanitization unconditional on the NetworkProcess side.
No new tests (hardening, no behavior change for legitimate WebContent process).
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.serialization.in:
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::sanitizeResponseIfPossible):
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
(WebKit::WebLoaderStrategy::loadResourceSynchronously):
(WebKit::WebLoaderStrategy::startPingLoad):
(WebKit::WebLoaderStrategy::preconnectTo):
Originally-landed-as: 305413.689@safari-7624-branch (1db91ab9400c).
rdar://180428250
Canonical link: https://commits.webkit.org/316187@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications