Changeset 252185 in webkit

Timestamp:

Nov 7, 2019 9:05:18 AM (5 years ago)

Author:

achristensen@apple.com

Message:

Re-enable NSURLSession isolation after r252116
​https://bugs.webkit.org/show_bug.cgi?id=203934
<rdar://problem/56921584>

Reviewed by Chris Dumez.

Source/WebCore:

• platform/network/StoredCredentialsPolicy.h:

Source/WebKit:

r252116 was a rollout of r248640, which introduced cases where data tasks from different NSURLSessions
which can have the same task identifiers were put into the same maps. This key collision caused data from the wrong
tasks to be sent to NetworkResourceLoader, causing rare and strange loading bugs. In order to prevent insertion into
wrong maps again, I made a new abstraction, SessionWrapper, which wraps a NSURLSession, its delegate, and all maps
that are scoped to that NSURLSession. Along the way I found a few other places where we had made similar mistakes.

Covered by an API test which would've failed before r252116 because it exercises the key collision condition,
and by tests which were skipped in r252116 and I now unskipped.

• NetworkProcess/Downloads/cocoa/DownloadCocoa.mm:

(WebKit::Download::resume):

• NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
• NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
(WebKit::NetworkDataTaskCocoa::~NetworkDataTaskCocoa):

• NetworkProcess/cocoa/NetworkSessionCocoa.h:
• NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate initWithSessionWrapper:withCredentials:]):
(-[WKNetworkSessionDelegate sessionInvalidated]):
(-[WKNetworkSessionDelegate existingTask:]):
(-[WKNetworkSessionDelegate sessionCocoa]):
(-[WKNetworkSessionDelegate URLSession:didBecomeInvalidWithError:]):
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:_schemeUpgraded:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:willCacheResponse:completionHandler:]):
(processServerTrustEvaluation):
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:didCompleteWithError:]):
(-[WKNetworkSessionDelegate URLSession:downloadTask:didFinishDownloadingToURL:]):
(-[WKNetworkSessionDelegate URLSession:downloadTask:didWriteData:totalBytesWritten:totalBytesExpectedToWrite:]):
(-[WKNetworkSessionDelegate URLSession:downloadTask:didResumeAtOffset:expectedTotalBytes:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didBecomeDownloadTask:]):
(-[WKNetworkSessionDelegate existingWebSocketTask:]):
(WebKit::SessionWrapper::initialize):
(WebKit::NetworkSessionCocoa::NetworkSessionCocoa):
(WebKit::NetworkSessionCocoa::initializeEphemeralStatelessSession):
(WebKit::NetworkSessionCocoa::sessionWrapperForTask):
(WebKit::NetworkSessionCocoa::isolatedSession):
(WebKit::NetworkSessionCocoa::invalidateAndCancel):
(WebKit::NetworkSessionCocoa::continueDidReceiveChallenge):
(WebKit::NetworkSessionCocoa::createWebSocketTask):
(WebKit::NetworkSessionCocoa::addWebSocketTask):
(WebKit::NetworkSessionCocoa::removeWebSocketTask):
(-[WKNetworkSessionDelegate initWithNetworkSession:withCredentials:]): Deleted.
(WebKit::NetworkSessionCocoa::initializeEphemeralStatelessCookielessSession): Deleted.
(WebKit::NetworkSessionCocoa::session): Deleted.
(WebKit::NetworkSessionCocoa::dataTaskForIdentifier): Deleted.
(WebKit::NetworkSessionCocoa::downloadTaskWithResumeData): Deleted.
(WebKit::NetworkSessionCocoa::addDownloadID): Deleted.
(WebKit::NetworkSessionCocoa::downloadID): Deleted.
(WebKit::NetworkSessionCocoa::takeDownloadID): Deleted.
(WebKit::NetworkSessionCocoa::webSocketDataTaskForIdentifier): Deleted.

• UIProcess/API/Cocoa/WKWebsiteDataStore.mm:

(-[WKWebsiteDataStore _logUserInteraction:completionHandler:]):

• UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h:

Tools:

• TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadStatistics.mm:

(-[DataTaskIdentifierCollisionDelegate webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
(-[DataTaskIdentifierCollisionDelegate waitForMessages:]):
(-[DataTaskIdentifierCollisionDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
(TEST):

LayoutTests:

• platform/wk2/TestExpectations:

Re-enable skipped tests.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/platform/wk2/TestExpectations (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/platform/network/StoredCredentialsPolicy.h (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/AdClickAttributionManager.cpp (modified) (1 diff)
• Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkDataTask.cpp (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkDataTask.h (modified) (1 diff)
• Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h (modified) (2 diffs)
• Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (modified) (5 diffs)
• Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h (modified) (7 diffs)
• Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (modified) (33 diffs)
• Source/WebKit/Shared/WebCoreArgumentCoders.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadStatistics.mm (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-11-07  Alex Christensen  <achristensen@webkit.org>
+
+        Re-enable NSURLSession isolation after r252116
+        https://bugs.webkit.org/show_bug.cgi?id=203934
+        <rdar://problem/56921584>
+
+        Reviewed by Chris Dumez.
+
+        * platform/wk2/TestExpectations:
+        Re-enable skipped tests.
+
 2019-11-06  Antti Koivisto  <antti@apple.com>
 

trunk/LayoutTests/platform/wk2/TestExpectations

@@ -747 +747 @@
 http/tests/resourceLoadStatistics/cap-cache-max-age-for-prevalent-resource.html [ Skip ]
 
-# rdar://problem/56921584
-http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction.php [ Skip ]
-http/tests/resourceLoadStatistics/switch-session-on-navigation-to-prevalent-with-interaction-database.php [ Skip ]
-
 # This feature is currently disabled by default and unfinished <rdar://problem/38925077>.
 http/tests/navigation/process-swap-window-open.html [ Skip ]

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-11-07  Alex Christensen  <achristensen@webkit.org>
+
+        Re-enable NSURLSession isolation after r252116
+        https://bugs.webkit.org/show_bug.cgi?id=203934
+        <rdar://problem/56921584>
+
+        Reviewed by Chris Dumez.
+
+        * platform/network/StoredCredentialsPolicy.h:
+
 2019-11-07  Andres Gonzalez  <andresg_22@apple.com>
 

trunk/Source/WebCore/platform/network/StoredCredentialsPolicy.h

@@ -31 +31 @@
     DoNotUse,
     Use,
-    EphemeralStatelessCookieless
+    EphemeralStateless
 };
 

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-11-07  Alex Christensen  <achristensen@webkit.org>
+
+        Re-enable NSURLSession isolation after r252116
+        https://bugs.webkit.org/show_bug.cgi?id=203934
+        <rdar://problem/56921584>
+
+        Reviewed by Chris Dumez.
+
+        r252116 was a rollout of r248640, which introduced cases where data tasks from different NSURLSessions
+        which can have the same task identifiers were put into the same maps.  This key collision caused data from the wrong
+        tasks to be sent to NetworkResourceLoader, causing rare and strange loading bugs.  In order to prevent insertion into
+        wrong maps again, I made a new abstraction, SessionWrapper, which wraps a NSURLSession, its delegate, and all maps
+        that are scoped to that NSURLSession.  Along the way I found a few other places where we had made similar mistakes.
+
+        Covered by an API test which would've failed before r252116 because it exercises the key collision condition,
+        and by tests which were skipped in r252116 and I now unskipped.
+
+        * NetworkProcess/Downloads/cocoa/DownloadCocoa.mm:
+        (WebKit::Download::resume):
+        * NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
+        * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+        (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
+        (WebKit::NetworkDataTaskCocoa::~NetworkDataTaskCocoa):
+        * NetworkProcess/cocoa/NetworkSessionCocoa.h:
+        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+        (-[WKNetworkSessionDelegate initWithSessionWrapper:withCredentials:]):
+        (-[WKNetworkSessionDelegate sessionInvalidated]):
+        (-[WKNetworkSessionDelegate existingTask:]):
+        (-[WKNetworkSessionDelegate sessionCocoa]):
+        (-[WKNetworkSessionDelegate URLSession:didBecomeInvalidWithError:]):
+        (-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
+        (-[WKNetworkSessionDelegate URLSession:task:_schemeUpgraded:completionHandler:]):
+        (-[WKNetworkSessionDelegate URLSession:dataTask:willCacheResponse:completionHandler:]):
+        (processServerTrustEvaluation):
+        (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
+        (-[WKNetworkSessionDelegate URLSession:task:didCompleteWithError:]):
+        (-[WKNetworkSessionDelegate URLSession:downloadTask:didFinishDownloadingToURL:]):
+        (-[WKNetworkSessionDelegate URLSession:downloadTask:didWriteData:totalBytesWritten:totalBytesExpectedToWrite:]):
+        (-[WKNetworkSessionDelegate URLSession:downloadTask:didResumeAtOffset:expectedTotalBytes:]):
+        (-[WKNetworkSessionDelegate URLSession:dataTask:didBecomeDownloadTask:]):
+        (-[WKNetworkSessionDelegate existingWebSocketTask:]):
+        (WebKit::SessionWrapper::initialize):
+        (WebKit::NetworkSessionCocoa::NetworkSessionCocoa):
+        (WebKit::NetworkSessionCocoa::initializeEphemeralStatelessSession):
+        (WebKit::NetworkSessionCocoa::sessionWrapperForTask):
+        (WebKit::NetworkSessionCocoa::isolatedSession):
+        (WebKit::NetworkSessionCocoa::invalidateAndCancel):
+        (WebKit::NetworkSessionCocoa::continueDidReceiveChallenge):
+        (WebKit::NetworkSessionCocoa::createWebSocketTask):
+        (WebKit::NetworkSessionCocoa::addWebSocketTask):
+        (WebKit::NetworkSessionCocoa::removeWebSocketTask):
+        (-[WKNetworkSessionDelegate initWithNetworkSession:withCredentials:]): Deleted.
+        (WebKit::NetworkSessionCocoa::initializeEphemeralStatelessCookielessSession): Deleted.
+        (WebKit::NetworkSessionCocoa::session): Deleted.
+        (WebKit::NetworkSessionCocoa::dataTaskForIdentifier): Deleted.
+        (WebKit::NetworkSessionCocoa::downloadTaskWithResumeData): Deleted.
+        (WebKit::NetworkSessionCocoa::addDownloadID): Deleted.
+        (WebKit::NetworkSessionCocoa::downloadID): Deleted.
+        (WebKit::NetworkSessionCocoa::takeDownloadID): Deleted.
+        (WebKit::NetworkSessionCocoa::webSocketDataTaskForIdentifier): Deleted.
+        * UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
+        (-[WKWebsiteDataStore _logUserInteraction:completionHandler:]):
+        * UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h:
+
 2019-11-07  Peng Liu  <peng.liu6@apple.com>
 

trunk/Source/WebKit/NetworkProcess/AdClickAttributionManager.cpp

@@ -169 +169 @@
     loadParameters.sourceOrigin = SecurityOrigin::create(conversionReferrerURL);
     loadParameters.parentPID = presentingApplicationPID();
-    loadParameters.storedCredentialsPolicy = StoredCredentialsPolicy::EphemeralStatelessCookieless;
+    loadParameters.storedCredentialsPolicy = StoredCredentialsPolicy::EphemeralStateless;
     loadParameters.options = options;
     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = true;

trunk/Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm

@@ -71 +71 @@
 #endif
 
-    m_downloadTask = cocoaSession.downloadTaskWithResumeData(updatedData);
-    cocoaSession.addDownloadID(m_downloadTask.get().taskIdentifier, m_downloadID);
+    m_downloadTask = [cocoaSession.sessionWrapperForDownloads().session downloadTaskWithResumeData:updatedData];
+    auto taskIdentifier = [m_downloadTask taskIdentifier];
+    ASSERT(!cocoaSession.sessionWrapperForDownloads().downloadMap.contains(taskIdentifier));
+    cocoaSession.sessionWrapperForDownloads().downloadMap.add(taskIdentifier, m_downloadID);
     m_downloadTask.get()._pathToDownloadTaskFile = path;
 

trunk/Source/WebKit/NetworkProcess/NetworkDataTask.cpp

@@ -159 +159 @@
 }
 
+NetworkSession* NetworkDataTask::networkSession()
+{
+    return m_session.get();
+}
+
 } // namespace WebKit

trunk/Source/WebKit/NetworkProcess/NetworkDataTask.h

@@ -134 +134 @@
     PAL::SessionID sessionID() const;
 
+    NetworkSession* networkSession();
+
 protected:
     NetworkDataTask(NetworkSession&, NetworkDataTaskClient&, const WebCore::ResourceRequest&, WebCore::StoredCredentialsPolicy, bool shouldClearReferrerOnHTTPSToHTTPRedirect, bool dataTaskIsForMainFrameNavigation);

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h

@@ -39 +39 @@
 class Download;
 class NetworkSessionCocoa;
+struct SessionWrapper;
 
 class NetworkDataTaskCocoa final : public NetworkDataTask {
@@ -90 +91 @@
     bool isAlwaysOnLoggingAllowed() const;
 
+    SessionWrapper& m_sessionWrapper;
     RefPtr<SandboxExtension> m_sandboxExtension;
     RetainPtr<NSURLSessionDataTask> m_task;

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm

@@ -173 +173 @@
 NetworkDataTaskCocoa::NetworkDataTaskCocoa(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials, WebCore::FrameIdentifier frameID, WebCore::PageIdentifier pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly, bool dataTaskIsForMainFrameNavigation, bool dataTaskIsForMainResourceNavigationForAnyFrame, Optional<NetworkActivityTracker> networkActivityTracker)
     : NetworkDataTask(session, client, requestWithCredentials, storedCredentialsPolicy, shouldClearReferrerOnHTTPSToHTTPRedirect, dataTaskIsForMainFrameNavigation)
+    , m_sessionWrapper(static_cast<NetworkSessionCocoa&>(session).sessionWrapperForTask(requestWithCredentials, storedCredentialsPolicy))
     , m_frameID(frameID)
     , m_pageID(pageID)
@@ -207 +208 @@
 
     bool shouldBlockCookies = false;
-    bool needsIsolatedSession = false;
-    auto firstParty = WebCore::RegistrableDomain(request.firstPartyForCookies());
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
-    shouldBlockCookies = storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::EphemeralStatelessCookieless;
+    shouldBlockCookies = storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::EphemeralStateless;
     if (auto* networkStorageSession = session.networkStorageSession()) {
         if (!shouldBlockCookies)
             shouldBlockCookies = networkStorageSession->shouldBlockCookies(request, frameID, pageID);
-        // FIXME: <rdar://problem/56921584> needsIsolatedSession should be set here.
     }
 #endif
@@ -222 +220 @@
     applySniffingPoliciesAndBindRequestToInferfaceIfNeeded(nsRequest, shouldContentSniff == WebCore::ContentSniffingPolicy::SniffContent && !url.isLocalFile(), shouldContentEncodingSniff == WebCore::ContentEncodingSniffingPolicy::Sniff);
 
-    auto& cocoaSession = static_cast<NetworkSessionCocoa&>(*m_session);
-    if (needsIsolatedSession)
-        m_task = [cocoaSession.isolatedSession(storedCredentialsPolicy, firstParty) dataTaskWithRequest:nsRequest];
-    else
-        m_task = [cocoaSession.session(storedCredentialsPolicy) dataTaskWithRequest:nsRequest];
-
-    LOG(NetworkSession, "%llu Creating NetworkDataTask with storedCredentialsPolicy=%u and URL=%s", [m_task taskIdentifier], storedCredentialsPolicy, nsRequest.URL.absoluteString.UTF8String);
-    cocoaSession.registerDataTask([m_task taskIdentifier], *this, storedCredentialsPolicy);
+    m_task = [m_sessionWrapper.session dataTaskWithRequest:nsRequest];
+
+    RELEASE_ASSERT(!m_sessionWrapper.dataTaskMap.contains([m_task taskIdentifier]));
+    m_sessionWrapper.dataTaskMap.add([m_task taskIdentifier], this);
+    LOG(NetworkSession, "%llu Creating NetworkDataTask with URL %s", [m_task taskIdentifier], nsRequest.URL.absoluteString.UTF8String);
 
     if (shouldPreconnectOnly == PreconnectOnly::Yes) {
@@ -267 +262 @@
         return;
 
-    auto& cocoaSession = static_cast<NetworkSessionCocoa&>(*m_session);
-    cocoaSession.unregisterDataTask([m_task taskIdentifier], *this, m_storedCredentialsPolicy);
+    RELEASE_ASSERT(m_sessionWrapper.dataTaskMap.get([m_task taskIdentifier]) == this);
+    m_sessionWrapper.dataTaskMap.remove([m_task taskIdentifier]);
 }
 
@@ -358 +353 @@
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
     if (!m_hasBeenSetToUseStatelessCookieStorage) {
-        if (m_storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::EphemeralStatelessCookieless
+        if (m_storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::EphemeralStateless
             || (m_session->networkStorageSession() && m_session->networkStorageSession()->shouldBlockCookies(request, m_frameID, m_pageID)))
             blockCookies();

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h

@@ -29 +29 @@
 OBJC_CLASS NSData;
 OBJC_CLASS NSURLSession;
+OBJC_CLASS NSURLSessionConfiguration;
 OBJC_CLASS NSURLSessionDownloadTask;
 OBJC_CLASS NSOperationQueue;
@@ -46 +47 @@
 
 class LegacyCustomProtocolManager;
+class NetworkSessionCocoa;
+
+struct SessionWrapper : public CanMakeWeakPtr<SessionWrapper> {
+    void initialize(NSURLSessionConfiguration *, NetworkSessionCocoa&, WebCore::StoredCredentialsPolicy);
+
+    RetainPtr<NSURLSession> session;
+    RetainPtr<WKNetworkSessionDelegate> delegate;
+    HashMap<NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*> dataTaskMap;
+    HashMap<NetworkDataTaskCocoa::TaskIdentifier, DownloadID> downloadMap;
+#if HAVE(NSURLSESSION_WEBSOCKET)
+    HashMap<NetworkDataTaskCocoa::TaskIdentifier, WebSocketTask*> webSocketDataTaskMap;
+#endif
+};
 
 class NetworkSessionCocoa final : public NetworkSession {
@@ -55 +69 @@
     ~NetworkSessionCocoa();
 
-    void initializeEphemeralStatelessCookielessSession();
+    void initializeEphemeralStatelessSession();
 
     const String& boundInterfaceIdentifier() const;
@@ -64 +78 @@
 #endif
 
-    NetworkDataTaskCocoa* dataTaskForIdentifier(NetworkDataTaskCocoa::TaskIdentifier, WebCore::StoredCredentialsPolicy);
-    void registerDataTask(NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa&, WebCore::StoredCredentialsPolicy);
-    void unregisterDataTask(NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa&, WebCore::StoredCredentialsPolicy);
-
-    NSURLSessionDownloadTask* downloadTaskWithResumeData(NSData*);
-
-    WebSocketTask* webSocketDataTaskForIdentifier(WebSocketTask::TaskIdentifier);
-
-    void addDownloadID(NetworkDataTaskCocoa::TaskIdentifier, DownloadID);
-    DownloadID downloadID(NetworkDataTaskCocoa::TaskIdentifier);
-    DownloadID takeDownloadID(NetworkDataTaskCocoa::TaskIdentifier);
-
     static bool allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge&);
 
-    void continueDidReceiveChallenge(const WebCore::AuthenticationChallenge&, NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*, CompletionHandler<void(WebKit::AuthenticationChallengeDisposition, const WebCore::Credential&)>&&);
+    void continueDidReceiveChallenge(SessionWrapper&, const WebCore::AuthenticationChallenge&, NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*, CompletionHandler<void(WebKit::AuthenticationChallengeDisposition, const WebCore::Credential&)>&&);
+
+    SessionWrapper& sessionWrapperForDownloads() { return m_sessionWithCredentialStorage; }
 
     bool fastServerTrustEvaluationEnabled() const { return m_fastServerTrustEvaluationEnabled; }
@@ -87 +91 @@
     CFDictionaryRef proxyConfiguration() const { return m_proxyConfiguration.get(); }
 
-    NSURLSession* session(WebCore::StoredCredentialsPolicy);
-    NSURLSession* isolatedSession(WebCore::StoredCredentialsPolicy, const WebCore::RegistrableDomain);
     bool hasIsolatedSession(const WebCore::RegistrableDomain) const override;
     void clearIsolatedSessions() override;
@@ -97 +99 @@
     bool shouldLogCookieInformation() const override { return m_shouldLogCookieInformation; }
     Seconds loadThrottleLatency() const override { return m_loadThrottleLatency; }
+    SessionWrapper& sessionWrapperForTask(const WebCore::ResourceRequest&, WebCore::StoredCredentialsPolicy);
+    SessionWrapper& isolatedSession(WebCore::StoredCredentialsPolicy, const WebCore::RegistrableDomain);
 
 #if HAVE(NSURLSESSION_WEBSOCKET)
@@ -104 +108 @@
 #endif
 
-    HashMap<NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*>& dataTaskMap(WebCore::StoredCredentialsPolicy);
-
-    HashMap<NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*> m_dataTaskMapWithCredentials;
-    HashMap<NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*> m_dataTaskMapWithoutState;
-    HashMap<NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*> m_dataTaskMapEphemeralStatelessCookieless;
-    HashMap<NetworkDataTaskCocoa::TaskIdentifier, DownloadID> m_downloadMap;
-#if HAVE(NSURLSESSION_WEBSOCKET)
-    HashMap<NetworkDataTaskCocoa::TaskIdentifier, WebSocketTask*> m_webSocketDataTaskMap;
-#endif
-
     struct IsolatedSession {
-        RetainPtr<NSURLSession> sessionWithCredentialStorage;
-        RetainPtr<WKNetworkSessionDelegate> sessionWithCredentialStorageDelegate;
-        RetainPtr<NSURLSession> statelessSession;
-        RetainPtr<WKNetworkSessionDelegate> statelessSessionDelegate;
+        WTF_MAKE_FAST_ALLOCATED;
+    public:
+        SessionWrapper sessionWithCredentialStorage;
+        SessionWrapper sessionWithoutCredentialStorage;
         WallTime lastUsed;
     };
 
-    HashMap<WebCore::RegistrableDomain, IsolatedSession> m_isolatedSessions;
+    HashMap<WebCore::RegistrableDomain, std::unique_ptr<IsolatedSession>> m_isolatedSessions;
 
-    RetainPtr<NSURLSession> m_sessionWithCredentialStorage;
-    RetainPtr<WKNetworkSessionDelegate> m_sessionWithCredentialStorageDelegate;
-    RetainPtr<NSURLSession> m_statelessSession;
-    RetainPtr<WKNetworkSessionDelegate> m_statelessSessionDelegate;
-    RetainPtr<NSURLSession> m_ephemeralStatelessCookielessSession;
-    RetainPtr<WKNetworkSessionDelegate> m_ephemeralStatelessCookielessSessionDelegate;
+    SessionWrapper m_sessionWithCredentialStorage;
+    SessionWrapper m_sessionWithoutCredentialStorage;
+    SessionWrapper m_ephemeralStatelessSession;
 
     String m_boundInterfaceIdentifier;

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

@@ -49 +49 @@
 #import <WebCore/WebCoreURLResponse.h>
 #import <pal/spi/cf/CFNetworkSPI.h>
+#import <wtf/BlockPtr.h>
 #import <wtf/MainThread.h>
 #import <wtf/NeverDestroyed.h>
@@ -55 +56 @@
 #import <wtf/SoftLinking.h>
 #import <wtf/URL.h>
+#import <wtf/WeakObjCPtr.h>
 #import <wtf/text/WTFString.h>
-#import <wtf/BlockPtr.h>
 
 #if USE(APPLE_INTERNAL_SDK)
@@ -397 +398 @@
 > {
     WeakPtr<WebKit::NetworkSessionCocoa> _session;
+    WeakPtr<WebKit::SessionWrapper> _sessionWrapper;
     bool _withCredentials;
 }
 
-- (id)initWithNetworkSession:(WebKit::NetworkSessionCocoa&)session withCredentials:(bool)withCredentials;
+- (id)initWithNetworkSession:(WebKit::NetworkSessionCocoa&)session wrapper:(WebKit::SessionWrapper&)sessionWrapper withCredentials:(bool)withCredentials;
 - (void)sessionInvalidated;
 
@@ -407 +409 @@
 @implementation WKNetworkSessionDelegate
 
-- (id)initWithNetworkSession:(WebKit::NetworkSessionCocoa&)session withCredentials:(bool)withCredentials
+- (id)initWithNetworkSession:(WebKit::NetworkSessionCocoa&)session wrapper:(WebKit::SessionWrapper&)sessionWrapper withCredentials:(bool)withCredentials
 {
     self = [super init];
@@ -414 +416 @@
 
     _session = makeWeakPtr(session);
+    _sessionWrapper = makeWeakPtr(sessionWrapper);
     _withCredentials = withCredentials;
 
@@ -421 +424 @@
 - (void)sessionInvalidated
 {
-    _session = nullptr;
+    _sessionWrapper = nullptr;
 }
 
 - (NetworkDataTaskCocoa*)existingTask:(NSURLSessionTask *)task
 {
-    if (!_session)
+    if (!_sessionWrapper)
         return nullptr;
 
@@ -432 +435 @@
         return nullptr;
 
-    auto storedCredentialsPolicy = _withCredentials ? WebCore::StoredCredentialsPolicy::Use : WebCore::StoredCredentialsPolicy::DoNotUse;
-    return _session->dataTaskForIdentifier(task.taskIdentifier, storedCredentialsPolicy);
+    return _sessionWrapper->dataTaskMap.get(task.taskIdentifier);
 }
 
 - (void)URLSession:(NSURLSession *)session didBecomeInvalidWithError:(NSError *)error
 {
-    ASSERT(!_session);
+    ASSERT(!_sessionWrapper);
 }
 
@@ -528 +530 @@
         bool shouldIgnoreHSTS = false;
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
-        shouldIgnoreHSTS = schemeWasUpgradedDueToDynamicHSTS(request) && _session->networkProcess().storageSession(_session->sessionID())->shouldBlockCookies(request, networkDataTask->frameID(), networkDataTask->pageID());
-        if (shouldIgnoreHSTS) {
-            request = downgradeRequest(request);
-            ASSERT([request.URL.scheme isEqualToString:@"http"]);
-            LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
-        }
+        if (auto* sessionCocoa = networkDataTask->networkSession()) {
+            shouldIgnoreHSTS = schemeWasUpgradedDueToDynamicHSTS(request) && sessionCocoa->networkProcess().storageSession(sessionCocoa->sessionID())->shouldBlockCookies(request, networkDataTask->frameID(), networkDataTask->pageID());
+            if (shouldIgnoreHSTS) {
+                request = downgradeRequest(request);
+                ASSERT([request.URL.scheme isEqualToString:@"http"]);
+                LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
+            }
+        } else
+            ASSERT_NOT_REACHED();
 #endif
 
@@ -561 +566 @@
         bool shouldIgnoreHSTS = false;
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
-        shouldIgnoreHSTS = schemeWasUpgradedDueToDynamicHSTS(request) && _session->networkProcess().storageSession(_session->sessionID())->shouldBlockCookies(request, networkDataTask->frameID(), networkDataTask->pageID());
-        if (shouldIgnoreHSTS) {
-            request = downgradeRequest(request);
-            ASSERT([request.URL.scheme isEqualToString:@"http"]);
-            LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
-        }
+        if (auto* sessionCocoa = networkDataTask->networkSession()) {
+            shouldIgnoreHSTS = schemeWasUpgradedDueToDynamicHSTS(request) && sessionCocoa->networkProcess().storageSession(sessionCocoa->sessionID())->shouldBlockCookies(request, networkDataTask->frameID(), networkDataTask->pageID());
+            if (shouldIgnoreHSTS) {
+                request = downgradeRequest(request);
+                ASSERT([request.URL.scheme isEqualToString:@"http"]);
+                LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
+            }
+        } else
+            ASSERT_NOT_REACHED();
 #endif
 
@@ -589 +597 @@
 - (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)dataTask willCacheResponse:(NSCachedURLResponse *)proposedResponse completionHandler:(void (^)(NSCachedURLResponse *cachedResponse))completionHandler
 {
-    if (!_session) {
-        completionHandler(nil);
-        return;
-    }
-
     // FIXME: remove if <rdar://problem/20001985> is ever resolved.
     if ([proposedResponse.response respondsToSelector:@selector(allHeaderFields)]
@@ -603 +606 @@
 
 #if HAVE(CFNETWORK_NSURLSESSION_STRICTRUSTEVALUATE)
-static inline void processServerTrustEvaluation(NetworkSessionCocoa *session, NSURLAuthenticationChallenge *challenge, NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, NetworkDataTaskCocoa* networkDataTask, CompletionHandler<void(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential)>&& completionHandler)
-{
-    session->continueDidReceiveChallenge(challenge, taskIdentifier, networkDataTask, [completionHandler = WTFMove(completionHandler), secTrust = retainPtr(challenge.protectionSpace.serverTrust)] (WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential) mutable {
+static inline void processServerTrustEvaluation(NetworkSessionCocoa *session, SessionWrapper& sessionWrapper, NSURLAuthenticationChallenge *challenge, NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, NetworkDataTaskCocoa* networkDataTask, CompletionHandler<void(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential)>&& completionHandler)
+{
+    session->continueDidReceiveChallenge(sessionWrapper, challenge, taskIdentifier, networkDataTask, [completionHandler = WTFMove(completionHandler), secTrust = retainPtr(challenge.protectionSpace.serverTrust)] (WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential) mutable {
         // FIXME: UIProcess should send us back non nil credentials but the credential IPC encoder currently only serializes ns credentials for username/password.
         if (disposition == WebKit::AuthenticationChallengeDisposition::UseCredential && !credential.nsCredential()) {
@@ -618 +621 @@
 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler
 {
-    if (!_session || [task state] == NSURLSessionTaskStateCanceling) {
+    auto* networkDataTask = [self existingTask:task];
+    auto* sessionCocoa = networkDataTask ? static_cast<NetworkSessionCocoa*>(networkDataTask->networkSession()) : nullptr;
+    if (!sessionCocoa || [task state] == NSURLSessionTaskStateCanceling) {
         completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
         return;
@@ -638 +643 @@
 
         // Handle server trust evaluation at platform-level if requested, for performance reasons and to use ATS defaults.
-        if (_session->fastServerTrustEvaluationEnabled()) {
+        if (sessionCocoa->fastServerTrustEvaluationEnabled()) {
 #if HAVE(CFNETWORK_NSURLSESSION_STRICTRUSTEVALUATE)
             auto* networkDataTask = [self existingTask:task];
             ASSERT(networkDataTask);
-            auto decisionHandler = makeBlockPtr([_session = makeWeakPtr(_session.get()), completionHandler = makeBlockPtr(completionHandler), taskIdentifier, networkDataTask = RefPtr<NetworkDataTaskCocoa>(networkDataTask)](NSURLAuthenticationChallenge *challenge, OSStatus trustResult) mutable {
+            auto decisionHandler = makeBlockPtr([weakSelf = WeakObjCPtr<WKNetworkSessionDelegate>(self), sessionCocoa = makeWeakPtr(sessionCocoa), completionHandler = makeBlockPtr(completionHandler), taskIdentifier, networkDataTask = RefPtr<NetworkDataTaskCocoa>(networkDataTask)](NSURLAuthenticationChallenge *challenge, OSStatus trustResult) mutable {
+                auto strongSelf = weakSelf.get();
+                if (!strongSelf)
+                    return completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
                 auto task = WTFMove(networkDataTask);
-                auto* session = _session.get();
+                auto* session = sessionCocoa.get();
                 if (trustResult == noErr || !session) {
                     completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
                     return;
                 }
-                processServerTrustEvaluation(session, challenge, taskIdentifier, task.get(), WTFMove(completionHandler));
+                processServerTrustEvaluation(session, *strongSelf->_sessionWrapper, challenge, taskIdentifier, task.get(), WTFMove(completionHandler));
             });
             [NSURLSession _strictTrustEvaluate:challenge queue:[NSOperationQueue mainQueue].underlyingQueue completionHandler:decisionHandler.get()];
@@ -658 +666 @@
         }
     }
-    _session->continueDidReceiveChallenge(challenge, taskIdentifier, [self existingTask:task], [completionHandler = makeBlockPtr(completionHandler)] (WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential) mutable {
+    sessionCocoa->continueDidReceiveChallenge(*_sessionWrapper, challenge, taskIdentifier, [self existingTask:task], [completionHandler = makeBlockPtr(completionHandler)] (WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential) mutable {
         completionHandler(toNSURLSessionAuthChallengeDisposition(disposition), credential.nsCredential());
     });
@@ -665 +673 @@
 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didCompleteWithError:(NSError *)error
 {
-    if (!_session)
-        return;
-
     LOG(NetworkSession, "%llu didCompleteWithError %@", task.taskIdentifier, error);
 
@@ -680 +685 @@
         networkDataTask->didCompleteWithError(error, networkDataTask->networkLoadMetrics());
     else if (error) {
-        auto downloadID = _session->takeDownloadID(task.taskIdentifier);
-        if (downloadID.downloadID()) {
-            if (auto* download = _session->networkProcess().downloadManager().download(downloadID)) {
-                NSData *resumeData = nil;
-                if (id userInfo = error.userInfo) {
-                    if ([userInfo isKindOfClass:[NSDictionary class]]) {
-                        resumeData = userInfo[@"NSURLSessionDownloadTaskResumeData"];
-                        if (resumeData && ![resumeData isKindOfClass:[NSData class]]) {
-                            RELEASE_LOG(NetworkSession, "Download task %llu finished with resume data of wrong class: %s", (unsigned long long)task.taskIdentifier, NSStringFromClass([resumeData class]).UTF8String);
-                            ASSERT_NOT_REACHED();
-                            resumeData = nil;
-                        }
-                    }
+        if (!_sessionWrapper)
+            return;
+        auto downloadID = _sessionWrapper->downloadMap.take(task.taskIdentifier);
+        if (!downloadID.downloadID())
+            return;
+        if (!_session)
+            return;
+        auto* download = _session->networkProcess().downloadManager().download(downloadID);
+        if (!download)
+            return;
+
+        NSData *resumeData = nil;
+        if (id userInfo = error.userInfo) {
+            if ([userInfo isKindOfClass:[NSDictionary class]]) {
+                resumeData = userInfo[@"NSURLSessionDownloadTaskResumeData"];
+                if (resumeData && ![resumeData isKindOfClass:[NSData class]]) {
+                    RELEASE_LOG(NetworkSession, "Download task %llu finished with resume data of wrong class: %s", (unsigned long long)task.taskIdentifier, NSStringFromClass([resumeData class]).UTF8String);
+                    ASSERT_NOT_REACHED();
+                    resumeData = nil;
                 }
-
-                auto resumeDataReference = resumeData ? IPC::DataReference { static_cast<const uint8_t*>(resumeData.bytes), resumeData.length } : IPC::DataReference { };
-
-                if (download->wasCanceled())
-                    download->didCancel(resumeDataReference);
-                else
-                    download->didFail(error, resumeDataReference);
             }
         }
+
+        auto resumeDataReference = resumeData ? IPC::DataReference { static_cast<const uint8_t*>(resumeData.bytes), resumeData.length } : IPC::DataReference { };
+
+        if (download->wasCanceled())
+            download->didCancel(resumeDataReference);
+        else
+            download->didFail(error, resumeDataReference);
     }
 }
@@ -837 +848 @@
 - (void)URLSession:(NSURLSession *)session downloadTask:(NSURLSessionDownloadTask *)downloadTask didFinishDownloadingToURL:(NSURL *)location
 {
+    if (!_sessionWrapper)
+        return;
+    auto downloadID = _sessionWrapper->downloadMap.take([downloadTask taskIdentifier]);
+    if (!downloadID.downloadID())
+        return;
     if (!_session)
         return;
-
-    auto downloadID = _session->takeDownloadID([downloadTask taskIdentifier]);
-    if (auto* download = _session->networkProcess().downloadManager().download(downloadID))
-        download->didFinish();
+    auto* download = _session->networkProcess().downloadManager().download(downloadID);
+    if (!download)
+        return;
+    download->didFinish();
 }
 
 - (void)URLSession:(NSURLSession *)session downloadTask:(NSURLSessionDownloadTask *)downloadTask didWriteData:(int64_t)bytesWritten totalBytesWritten:(int64_t)totalBytesWritten totalBytesExpectedToWrite:(int64_t)totalBytesExpectedToWrite
 {
+    ASSERT_WITH_MESSAGE(![self existingTask:downloadTask], "The NetworkDataTask should be destroyed immediately after didBecomeDownloadTask returns");
+
+    if (!_sessionWrapper)
+        return;
+    auto downloadID = _sessionWrapper->downloadMap.get([downloadTask taskIdentifier]);
+    if (!downloadID.downloadID())
+        return;
     if (!_session)
         return;
-
-    ASSERT_WITH_MESSAGE(![self existingTask:downloadTask], "The NetworkDataTask should be destroyed immediately after didBecomeDownloadTask returns");
-
-    auto downloadID = _session->downloadID([downloadTask taskIdentifier]);
-    if (auto* download = _session->networkProcess().downloadManager().download(downloadID))
-        download->didReceiveData(bytesWritten);
+    auto* download = _session->networkProcess().downloadManager().download(downloadID);
+    if (!download)
+        return;
+    download->didReceiveData(bytesWritten);
 }
 
 - (void)URLSession:(NSURLSession *)session downloadTask:(NSURLSessionDownloadTask *)downloadTask didResumeAtOffset:(int64_t)fileOffset expectedTotalBytes:(int64_t)expectedTotalBytes
 {
-    if (!_session)
-        return;
-
     notImplemented();
 }
@@ -867 +885 @@
 - (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)dataTask didBecomeDownloadTask:(NSURLSessionDownloadTask *)downloadTask
 {
-    if (auto* networkDataTask = [self existingTask:dataTask]) {
-        Ref<NetworkDataTaskCocoa> protectedNetworkDataTask(*networkDataTask);
-        auto downloadID = networkDataTask->pendingDownloadID();
-        auto& downloadManager = _session->networkProcess().downloadManager();
-        auto download = makeUnique<WebKit::Download>(downloadManager, downloadID, downloadTask, *_session, networkDataTask->suggestedFilename());
-        networkDataTask->transferSandboxExtensionToDownload(*download);
-        ASSERT(FileSystem::fileExists(networkDataTask->pendingDownloadLocation()));
-        download->didCreateDestination(networkDataTask->pendingDownloadLocation());
-        downloadManager.dataTaskBecameDownloadTask(downloadID, WTFMove(download));
-
-        _session->addDownloadID([downloadTask taskIdentifier], downloadID);
-    }
+    auto* networkDataTask = [self existingTask:dataTask];
+    if (!networkDataTask)
+        return;
+    auto* sessionCocoa = networkDataTask->networkSession();
+    if (!sessionCocoa)
+        return;
+
+    Ref<NetworkDataTaskCocoa> protectedNetworkDataTask(*networkDataTask);
+    auto downloadID = networkDataTask->pendingDownloadID();
+    auto& downloadManager = sessionCocoa->networkProcess().downloadManager();
+    auto download = makeUnique<WebKit::Download>(downloadManager, downloadID, downloadTask, *sessionCocoa, networkDataTask->suggestedFilename());
+    networkDataTask->transferSandboxExtensionToDownload(*download);
+    ASSERT(FileSystem::fileExists(networkDataTask->pendingDownloadLocation()));
+    download->didCreateDestination(networkDataTask->pendingDownloadLocation());
+    downloadManager.dataTaskBecameDownloadTask(downloadID, WTFMove(download));
+
+    RELEASE_ASSERT(!_sessionWrapper->downloadMap.contains(downloadTask.taskIdentifier));
+    _sessionWrapper->downloadMap.add(downloadTask.taskIdentifier, downloadID);
 }
 
@@ -884 +908 @@
 - (WebSocketTask*)existingWebSocketTask:(NSURLSessionWebSocketTask *)task
 {
-    if (!_session)
+    if (!_sessionWrapper)
         return nullptr;
 
@@ -890 +914 @@
         return nullptr;
 
-    return _session->webSocketDataTaskForIdentifier(task.taskIdentifier);
+    return _sessionWrapper->webSocketDataTaskMap.get(task.taskIdentifier);
 }
 
@@ -971 +995 @@
 
     ALLOW_DEPRECATED_DECLARATIONS_END
+}
+
+void SessionWrapper::initialize(NSURLSessionConfiguration *configuration, NetworkSessionCocoa& networkSession, WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
+{
+    delegate = adoptNS([[WKNetworkSessionDelegate alloc] initWithNetworkSession:networkSession wrapper:*this withCredentials:storedCredentialsPolicy == WebCore::StoredCredentialsPolicy::Use]);
+    session = [NSURLSession sessionWithConfiguration:configuration delegate:delegate.get() delegateQueue:[NSOperationQueue mainQueue]];
 }
 
@@ -1064 +1094 @@
 #endif
 
-    m_sessionWithCredentialStorageDelegate = adoptNS([[WKNetworkSessionDelegate alloc] initWithNetworkSession:*this withCredentials:true]);
-    m_sessionWithCredentialStorage = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_sessionWithCredentialStorageDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
+    m_sessionWithCredentialStorage.initialize(configuration, *this, WebCore::StoredCredentialsPolicy::Use);
     LOG(NetworkSession, "Created NetworkSession with cookieAcceptPolicy %lu", configuration.HTTPCookieStorage.cookieAcceptPolicy);
 
@@ -1074 +1103 @@
     // configuration.HTTPCookieAcceptPolicy = NSHTTPCookieAcceptPolicyNever;
 
-    m_statelessSessionDelegate = adoptNS([[WKNetworkSessionDelegate alloc] initWithNetworkSession:*this withCredentials:false]);
-    m_statelessSession = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_statelessSessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
+    m_sessionWithoutCredentialStorage.initialize(configuration, *this, WebCore::StoredCredentialsPolicy::DoNotUse);
 
     m_deviceManagementRestrictionsEnabled = parameters.deviceManagementRestrictionsEnabled;
@@ -1098 +1126 @@
 }
 
-void NetworkSessionCocoa::initializeEphemeralStatelessCookielessSession()
+void NetworkSessionCocoa::initializeEphemeralStatelessSession()
 {
     NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration ephemeralSessionConfiguration];
-    NSURLSessionConfiguration *existingConfiguration = m_statelessSession.get().configuration;
+    NSURLSessionConfiguration *existingConfiguration = m_sessionWithoutCredentialStorage.session.get().configuration;
 
     configuration.HTTPCookieAcceptPolicy = NSHTTPCookieAcceptPolicyNever;
@@ -1116 +1144 @@
 #endif
 
-    m_ephemeralStatelessCookielessSessionDelegate = adoptNS([[WKNetworkSessionDelegate alloc] initWithNetworkSession:*this withCredentials:false]);
-    m_ephemeralStatelessCookielessSession = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_ephemeralStatelessCookielessSessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
-}
-
-NSURLSession* NetworkSessionCocoa::session(WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
-{
+    m_ephemeralStatelessSession.initialize(configuration, *this, WebCore::StoredCredentialsPolicy::EphemeralStateless);
+}
+
+SessionWrapper& NetworkSessionCocoa::sessionWrapperForTask(const WebCore::ResourceRequest& request, WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
+{
+#if ENABLE(RESOURCE_LOAD_STATISTICS)
+    if (auto* storageSession = networkStorageSession()) {
+        auto firstParty = WebCore::RegistrableDomain(request.firstPartyForCookies());
+        if (storageSession->shouldBlockThirdPartyCookiesButKeepFirstPartyCookiesFor(firstParty))
+            return isolatedSession(storedCredentialsPolicy, firstParty);
+    } else
+        ASSERT_NOT_REACHED();
+#endif
+
     switch (storedCredentialsPolicy) {
     case WebCore::StoredCredentialsPolicy::Use:
-        return m_sessionWithCredentialStorage.get();
+        return m_sessionWithCredentialStorage;
     case WebCore::StoredCredentialsPolicy::DoNotUse:
-        return m_statelessSession.get();
-    case WebCore::StoredCredentialsPolicy::EphemeralStatelessCookieless:
-        if (!m_ephemeralStatelessCookielessSession)
-            initializeEphemeralStatelessCookielessSession();
-        return m_ephemeralStatelessCookielessSession.get();
-    }
-}
-
-NSURLSession* NetworkSessionCocoa::isolatedSession(WebCore::StoredCredentialsPolicy storedCredentialsPolicy, const WebCore::RegistrableDomain firstPartyDomain)
-{
-    auto entry = m_isolatedSessions.ensure(firstPartyDomain, [this] {
-        IsolatedSession newEntry { };
-        newEntry.sessionWithCredentialStorageDelegate = adoptNS([[WKNetworkSessionDelegate alloc] initWithNetworkSession:*this withCredentials:true]);
-        newEntry.sessionWithCredentialStorage = [NSURLSession sessionWithConfiguration:m_sessionWithCredentialStorage.get().configuration delegate:static_cast<id>(newEntry.sessionWithCredentialStorageDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
-
-        newEntry.statelessSessionDelegate = adoptNS([[WKNetworkSessionDelegate alloc] initWithNetworkSession:*this withCredentials:false]);
-        newEntry.statelessSession = [NSURLSession sessionWithConfiguration:m_statelessSession.get().configuration delegate:static_cast<id>(newEntry.statelessSessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]];
-
+        return m_sessionWithoutCredentialStorage;
+    case WebCore::StoredCredentialsPolicy::EphemeralStateless:
+        if (!m_ephemeralStatelessSession.session)
+            initializeEphemeralStatelessSession();
+        return m_ephemeralStatelessSession;
+    }
+}
+
+SessionWrapper& NetworkSessionCocoa::isolatedSession(WebCore::StoredCredentialsPolicy storedCredentialsPolicy, const WebCore::RegistrableDomain firstPartyDomain)
+{
+    auto& entry = m_isolatedSessions.ensure(firstPartyDomain, [this] {
+        auto newEntry = makeUnique<IsolatedSession>();
+        newEntry->sessionWithCredentialStorage.initialize(m_sessionWithCredentialStorage.session.get().configuration, *this, WebCore::StoredCredentialsPolicy::Use);
+        newEntry->sessionWithoutCredentialStorage.initialize(m_sessionWithoutCredentialStorage.session.get().configuration, *this, WebCore::StoredCredentialsPolicy::DoNotUse);
         return newEntry;
     }).iterator->value;
 
-    entry.lastUsed = WallTime::now();
+    entry->lastUsed = WallTime::now();
 
     if (m_isolatedSessions.size() > maxNumberOfIsolatedSessions) {
@@ -1153 +1185 @@
         auto oldestTimestamp = WallTime::now();
         for (auto& key : m_isolatedSessions.keys()) {
-            auto timestamp = m_isolatedSessions.get(key).lastUsed;
+            auto timestamp = m_isolatedSessions.get(key)->lastUsed;
             if (timestamp < oldestTimestamp) {
                 oldestTimestamp = timestamp;
@@ -1168 +1200 @@
     case WebCore::StoredCredentialsPolicy::Use:
         LOG(NetworkSession, "Using isolated NSURLSession with credential storage.");
-        return entry.sessionWithCredentialStorage.get();
+        return entry->sessionWithCredentialStorage;
     case WebCore::StoredCredentialsPolicy::DoNotUse:
         LOG(NetworkSession, "Using isolated NSURLSession without credential storage.");
-        return entry.statelessSession.get();
-    case WebCore::StoredCredentialsPolicy::EphemeralStatelessCookieless:
-        if (!m_ephemeralStatelessCookielessSession)
-            initializeEphemeralStatelessCookielessSession();
-        return m_ephemeralStatelessCookielessSession.get();
+        return entry->sessionWithoutCredentialStorage;
+    case WebCore::StoredCredentialsPolicy::EphemeralStateless:
+        if (!m_ephemeralStatelessSession.session)
+            initializeEphemeralStatelessSession();
+        return m_ephemeralStatelessSession;
     }
 }
@@ -1193 +1225 @@
     NetworkSession::invalidateAndCancel();
 
-    [m_sessionWithCredentialStorage invalidateAndCancel];
-    [m_statelessSession invalidateAndCancel];
-    [m_ephemeralStatelessCookielessSession invalidateAndCancel];
-    [m_sessionWithCredentialStorageDelegate sessionInvalidated];
-    [m_statelessSessionDelegate sessionInvalidated];
-    [m_ephemeralStatelessCookielessSessionDelegate sessionInvalidated];
+    [m_sessionWithCredentialStorage.session invalidateAndCancel];
+    [m_sessionWithoutCredentialStorage.session invalidateAndCancel];
+    [m_ephemeralStatelessSession.session invalidateAndCancel];
+    [m_sessionWithCredentialStorage.delegate sessionInvalidated];
+    [m_sessionWithoutCredentialStorage.delegate sessionInvalidated];
+    [m_ephemeralStatelessSession.delegate sessionInvalidated];
 
     for (auto& session : m_isolatedSessions.values()) {
-        [session.sessionWithCredentialStorage invalidateAndCancel];
-        [session.sessionWithCredentialStorageDelegate sessionInvalidated];
+        [session->sessionWithCredentialStorage.session invalidateAndCancel];
+        [session->sessionWithCredentialStorage.delegate sessionInvalidated];
+        [session->sessionWithoutCredentialStorage.session invalidateAndCancel];
+        [session->sessionWithoutCredentialStorage.delegate sessionInvalidated];
     }
     m_isolatedSessions.clear();
@@ -1221 +1255 @@
 }
 
-HashMap<NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*>& NetworkSessionCocoa::dataTaskMap(WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
-{
-    ASSERT(RunLoop::isMain());
-    switch (storedCredentialsPolicy) {
-    case WebCore::StoredCredentialsPolicy::EphemeralStatelessCookieless:
-        return m_dataTaskMapEphemeralStatelessCookieless;
-    case WebCore::StoredCredentialsPolicy::DoNotUse:
-        return m_dataTaskMapWithoutState;
-    case WebCore::StoredCredentialsPolicy::Use:
-        return m_dataTaskMapWithCredentials;
-    }
-    ASSERT_NOT_REACHED();
-    return m_dataTaskMapWithCredentials;
-}
-
-NetworkDataTaskCocoa* NetworkSessionCocoa::dataTaskForIdentifier(NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
-{
-    ASSERT(RunLoop::isMain());
-    return dataTaskMap(storedCredentialsPolicy).get(taskIdentifier);
-}
-
-void NetworkSessionCocoa::registerDataTask(NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, NetworkDataTaskCocoa& dataTask, WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
-{
-    auto& map = dataTaskMap(storedCredentialsPolicy);
-    RELEASE_ASSERT(!map.contains(taskIdentifier));
-    map.add(taskIdentifier, &dataTask);
-}
-
-void NetworkSessionCocoa::unregisterDataTask(NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, NetworkDataTaskCocoa& dataTask, WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
-{
-    auto& map = dataTaskMap(storedCredentialsPolicy);
-    RELEASE_ASSERT(map.get(taskIdentifier) == &dataTask);
-    map.remove(taskIdentifier);
-}
-
-NSURLSessionDownloadTask* NetworkSessionCocoa::downloadTaskWithResumeData(NSData* resumeData)
-{
-    return [m_sessionWithCredentialStorage downloadTaskWithResumeData:resumeData];
-}
-
-void NetworkSessionCocoa::addDownloadID(NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, DownloadID downloadID)
-{
-#ifndef NDEBUG
-    ASSERT(!m_downloadMap.contains(taskIdentifier));
-    for (auto idInMap : m_downloadMap.values())
-        ASSERT(idInMap != downloadID);
-#endif
-    m_downloadMap.add(taskIdentifier, downloadID);
-}
-
-DownloadID NetworkSessionCocoa::downloadID(NetworkDataTaskCocoa::TaskIdentifier taskIdentifier)
-{
-    ASSERT(m_downloadMap.get(taskIdentifier).downloadID());
-    return m_downloadMap.get(taskIdentifier);
-}
-
-DownloadID NetworkSessionCocoa::takeDownloadID(NetworkDataTaskCocoa::TaskIdentifier taskIdentifier)
-{
-    auto downloadID = m_downloadMap.take(taskIdentifier);
-    return downloadID;
-}
-
 static bool certificatesMatch(SecTrustRef trust1, SecTrustRef trust2)
 {
@@ -1323 +1295 @@
 }
 
-void NetworkSessionCocoa::continueDidReceiveChallenge(const WebCore::AuthenticationChallenge& challenge, NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, NetworkDataTaskCocoa* networkDataTask, CompletionHandler<void(WebKit::AuthenticationChallengeDisposition, const WebCore::Credential&)>&& completionHandler)
+void NetworkSessionCocoa::continueDidReceiveChallenge(SessionWrapper& sessionWrapper, const WebCore::AuthenticationChallenge& challenge, NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, NetworkDataTaskCocoa* networkDataTask, CompletionHandler<void(WebKit::AuthenticationChallengeDisposition, const WebCore::Credential&)>&& completionHandler)
 {
     if (!networkDataTask) {
 #if HAVE(NSURLSESSION_WEBSOCKET)
-        if (auto* webSocketTask = webSocketDataTaskForIdentifier(taskIdentifier)) {
+        if (auto* webSocketTask = sessionWrapper.webSocketDataTaskMap.get(taskIdentifier)) {
             // FIXME: Handle challenges for web socket.
             completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, { });
@@ -1333 +1305 @@
         }
 #endif
-
-        auto downloadID = this->downloadID(taskIdentifier);
+        auto downloadID = sessionWrapper.downloadMap.get(taskIdentifier);
         if (downloadID.downloadID()) {
             if (auto* download = networkProcess().downloadManager().download(downloadID)) {
@@ -1396 +1367 @@
 {
     // FIXME: Use protocol.
-    RetainPtr<NSURLSessionWebSocketTask> task = [m_sessionWithCredentialStorage.get() webSocketTaskWithRequest: request.nsURLRequest(WebCore::HTTPBodyUpdatePolicy::DoNotUpdateHTTPBody)];
+    RetainPtr<NSURLSessionWebSocketTask> task = [m_sessionWithCredentialStorage.session webSocketTaskWithRequest:request.nsURLRequest(WebCore::HTTPBodyUpdatePolicy::DoNotUpdateHTTPBody)];
     return makeUnique<WebSocketTask>(channel, WTFMove(task));
 }
@@ -1402 +1373 @@
 void NetworkSessionCocoa::addWebSocketTask(WebSocketTask& task)
 {
-    ASSERT(!m_webSocketDataTaskMap.contains(task.identifier()));
-    m_webSocketDataTaskMap.add(task.identifier(), &task);
+    RELEASE_ASSERT(!m_sessionWithCredentialStorage.webSocketDataTaskMap.contains(task.identifier()));
+    m_sessionWithCredentialStorage.webSocketDataTaskMap.add(task.identifier(), &task);
 }
 
 void NetworkSessionCocoa::removeWebSocketTask(WebSocketTask& task)
 {
-    ASSERT(m_webSocketDataTaskMap.contains(task.identifier()));
-    m_webSocketDataTaskMap.remove(task.identifier());
-}
-
-WebSocketTask* NetworkSessionCocoa::webSocketDataTaskForIdentifier(WebSocketTask::TaskIdentifier identifier)
-{
-    return m_webSocketDataTaskMap.get(identifier);
-}
-
-#endif
-}
+    RELEASE_ASSERT(m_sessionWithCredentialStorage.webSocketDataTaskMap.contains(task.identifier()));
+    m_sessionWithCredentialStorage.webSocketDataTaskMap.remove(task.identifier());
+}
+
+#endif // HAVE(NSURLSESSION_WEBSOCKET)
+
+}

trunk/Source/WebKit/Shared/WebCoreArgumentCoders.h

@@ -880 +880 @@
         WebCore::StoredCredentialsPolicy::DoNotUse,
         WebCore::StoredCredentialsPolicy::Use,
-        WebCore::StoredCredentialsPolicy::EphemeralStatelessCookieless
+        WebCore::StoredCredentialsPolicy::EphemeralStateless
     >;
 };

trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm

@@ -464 +464 @@
 }
 
+- (void)_logUserInteraction:(NSURL *)domain completionHandler:(void (^)(void))completionHandler
+{
+#if ENABLE(RESOURCE_LOAD_STATISTICS)
+    _websiteDataStore->logUserInteraction(domain, [completionHandler = makeBlockPtr(completionHandler)] {
+        completionHandler();
+    });
+#else
+    completionHandler();
+#endif
+}
+
 - (void)_setPrevalentDomain:(NSURL *)domain completionHandler:(void (^)(void))completionHandler
 {

trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h

@@ -69 +69 @@
 
 - (void)_scheduleCookieBlockingUpdate:(void (^)(void))completionHandler WK_API_AVAILABLE(macos(10.15), ios(13.0));
+- (void)_logUserInteraction:(NSURL *)domain completionHandler:(void (^)(void))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
 - (void)_setPrevalentDomain:(NSURL *)domain completionHandler:(void (^)(void))completionHandler WK_API_AVAILABLE(macos(10.15), ios(13.0));
 - (void)_getIsPrevalentDomain:(NSURL *)domain completionHandler:(void (^)(BOOL))completionHandler WK_API_AVAILABLE(macos(10.15), ios(13.0));

trunk/Tools/ChangeLog

@@ +1 @@
+2019-11-07  Alex Christensen  <achristensen@webkit.org>
+
+        Re-enable NSURLSession isolation after r252116
+        https://bugs.webkit.org/show_bug.cgi?id=203934
+        <rdar://problem/56921584>
+
+        Reviewed by Chris Dumez.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadStatistics.mm:
+        (-[DataTaskIdentifierCollisionDelegate webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
+        (-[DataTaskIdentifierCollisionDelegate waitForMessages:]):
+        (-[DataTaskIdentifierCollisionDelegate webView:didReceiveAuthenticationChallenge:completionHandler:]):
+        (TEST):
+
 2019-11-07  Paulo Matos  <pmatos@igalia.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadStatistics.mm

@@ -27 +27 @@
 
 #import "PlatformUtilities.h"
+#import "TCPServer.h"
 #import "TestNavigationDelegate.h"
 #import "TestWKWebView.h"
@@ -475 +476 @@
 }
 
+@interface DataTaskIdentifierCollisionDelegate : NSObject <WKNavigationDelegate, WKUIDelegate>
+- (NSArray<NSString *> *)waitForMessages:(size_t)count;
+@end
+
+@implementation DataTaskIdentifierCollisionDelegate {
+    RetainPtr<NSMutableArray<NSString *>> _messages;
+}
+
+- (void)webView:(WKWebView *)webView runJavaScriptAlertPanelWithMessage:(NSString *)message initiatedByFrame:(WKFrameInfo *)frame completionHandler:(void (^)(void))completionHandler
+{
+    [_messages addObject:message];
+    completionHandler();
+}
+
+- (NSArray<NSString *> *)waitForMessages:(size_t)messageCount
+{
+    _messages = adoptNS([NSMutableArray arrayWithCapacity:messageCount]);
+    while ([_messages count] < messageCount)
+        TestWebKitAPI::Util::spinRunLoop();
+    return _messages.autorelease();
+}
+
+- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * credential))completionHandler
+{
+    completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
+}
+
+@end
+
+TEST(ResourceLoadStatistics, DataTaskIdentifierCollision)
+{
+    using namespace TestWebKitAPI;
+
+    std::atomic<unsigned> serversConnected { 0 };
+    const char* header = "HTTP/1.1 200 OK\r\nContent-Length: 27\r\n\r\n";
+
+    TCPServer httpsServer(TCPServer::Protocol::HTTPSProxy, [&] (SSL* ssl) {
+        serversConnected++;
+        while (serversConnected < 2)
+            usleep(100000);
+        TCPServer::read(ssl);
+        TCPServer::write(ssl, header, strlen(header));
+        const char* body = "<script>alert('1')</script>";
+        TCPServer::write(ssl, body, strlen(body));
+    });
+
+    TCPServer httpServer([&] (int socket) {
+        serversConnected++;
+        while (serversConnected < 2)
+            usleep(100000);
+        TCPServer::read(socket);
+        TCPServer::write(socket, header, strlen(header));
+        const char* body = "<script>alert('2')</script>";
+        TCPServer::write(socket, body, strlen(body));
+    });
+
+    _WKWebsiteDataStoreConfiguration *storeConfiguration = [[_WKWebsiteDataStoreConfiguration new] autorelease];
+    storeConfiguration.httpsProxy = [NSURL URLWithString:[NSString stringWithFormat:@"https://127.0.0.1:%d/", httpsServer.port()]];
+    WKWebsiteDataStore *dataStore = [[[WKWebsiteDataStore alloc] _initWithConfiguration:storeConfiguration] autorelease];
+    auto viewConfiguration = adoptNS([WKWebViewConfiguration new]);
+    [viewConfiguration setWebsiteDataStore:dataStore];
+
+    auto webView1 = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 100, 100) configuration:viewConfiguration.get()]);
+    [webView1 synchronouslyLoadHTMLString:@"start network process and initialize data store"];
+    auto delegate = adoptNS([DataTaskIdentifierCollisionDelegate new]);
+    auto webView2 = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 100, 100) configuration:viewConfiguration.get()]);
+    [webView1 setUIDelegate:delegate.get()];
+    [webView1 setNavigationDelegate:delegate.get()];
+    [webView2 setUIDelegate:delegate.get()];
+    [webView2 setNavigationDelegate:delegate.get()];
+    [dataStore _setResourceLoadStatisticsEnabled:YES];
+    [dataStore _setResourceLoadStatisticsDebugMode:YES];
+
+    __block bool isolatedSessionDomain = false;
+    __block NSURL *prevalentExample = [NSURL URLWithString:@"https://prevalent-example.com/"];
+    [dataStore _logUserInteraction:prevalentExample completionHandler:^{
+        [dataStore _setPrevalentDomain:prevalentExample completionHandler: ^(void) {
+            [dataStore _scheduleCookieBlockingUpdate:^{
+                isolatedSessionDomain = true;
+            }];
+        }];
+    }];
+    TestWebKitAPI::Util::run(&isolatedSessionDomain);
+
+    [webView1 loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"http://127.0.0.1:%d/", httpServer.port()]]]];
+    [webView2 loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"https://prevalent-example.com/"]]];
+
+    NSArray<NSString *> *messages = [delegate waitForMessages:2];
+    auto contains = [] (NSArray<NSString *> *array, NSString *expected) {
+        for (NSString *s in array) {
+            if ([s isEqualToString:expected])
+                return true;
+        }
+        return false;
+    };
+    EXPECT_TRUE(contains(messages, @"1"));
+    EXPECT_TRUE(contains(messages, @"2"));
+}
+
 TEST(ResourceLoadStatistics, NoMessagesWhenNotTesting)
 {