Changeset 213126 in webkit
- Timestamp:
- Feb 28, 2017, 12:30:44 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r213125 r213126 1 2017-02-28 Alex Christensen <achristensen@webkit.org> 2 3 Main resource requests need cachePartition 4 https://bugs.webkit.org/show_bug.cgi?id=168806 5 6 Reviewed by Brady Eidson. 7 8 * http/tests/security/credentials-main-resource-expected.txt: Added. 9 * http/tests/security/credentials-main-resource.html: Added. 10 * http/tests/security/resources/credentials-main-resource.php: Added. 11 1 12 2017-02-28 Alex Christensen <achristensen@webkit.org> 2 13 -
trunk/Source/WebCore/ChangeLog
r213125 r213126 1 2017-02-28 Alex Christensen <achristensen@webkit.org> 2 3 Main resource requests need cachePartition 4 https://bugs.webkit.org/show_bug.cgi?id=168806 5 <rdar://30639764> 6 7 Reviewed by Brady Eidson. 8 9 Test: http/tests/security/credentials-main-resource.html 10 11 r211751 caused an unintended regression on pages whose main resource is protected 12 by basic authentication. We were not setting the cache partition for main resource 13 requests, and we use the cache partition now for credentials, so the credentials for 14 the main resource were not being put into a partition in the CredentialStorage that 15 would not be used for subresources of the page, whose requests had the correct partition 16 for the domain of the page. This caused users to have to enter their credentials twice, 17 once for the main resource and once for any subresources. This is fixed by using the 18 domain from the main resource request as the cache partition. Elsewhere the Document is 19 used to get the cache partition, but there is no Document yet when requesting the main resource. 20 21 * loader/DocumentLoader.cpp: 22 (WebCore::DocumentLoader::startLoadingMainResource): 23 Set the cache partition for the main resource loads based on the SecurityOrigin of the 24 initial request if we are loading the main resource for a new top document. If the main resource 25 request is redirected, then we will still use the partition of the initial request because that is 26 what the user requested and that is where the user entered the credentials. 27 * loader/cache/CachedResourceLoader.h: 28 * loader/cache/CachedResourceRequest.cpp: 29 (WebCore::CachedResourceRequest::setDomainForCachePartition): 30 * loader/cache/CachedResourceRequest.h: 31 1 32 2017-02-28 Alex Christensen <achristensen@webkit.org> 2 33 -
trunk/Source/WebCore/loader/DocumentLoader.cpp
r212993 r213126 1480 1480 1481 1481 static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, IncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching); 1482 m_mainResource = m_cachedResourceLoader->requestMainResource(CachedResourceRequest(ResourceRequest(request), mainResourceLoadOptions)); 1482 CachedResourceRequest mainResourceRequest(ResourceRequest(request), mainResourceLoadOptions); 1483 if (!m_frame->isMainFrame() && m_frame->document()) { 1484 // If we are loading the main resource of a subframe, use the cache partition of the main document. 1485 mainResourceRequest.setDomainForCachePartition(*m_frame->document()); 1486 } else { 1487 auto origin = SecurityOrigin::create(request.url()); 1488 origin->setStorageBlockingPolicy(frameLoader()->frame().settings().storageBlockingPolicy()); 1489 mainResourceRequest.setDomainForCachePartition(origin->domainForCachePartition()); 1490 } 1491 m_mainResource = m_cachedResourceLoader->requestMainResource(WTFMove(mainResourceRequest)); 1483 1492 1484 1493 #if ENABLE(CONTENT_EXTENSIONS) -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.h
r212449 r213126 54 54 class Frame; 55 55 class ImageLoader; 56 class Settings; 56 57 class URL; 57 58 -
trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp
r212449 r213126 135 135 } 136 136 137 void CachedResourceRequest::setDomainForCachePartition(const String& domain) 138 { 139 m_resourceRequest.setDomainForCachePartition(domain); 140 } 141 137 142 static inline String acceptHeaderValueFromType(CachedResource::Type type) 138 143 { -
trunk/Source/WebCore/loader/cache/CachedResourceRequest.h
r211946 r213126 77 77 #endif 78 78 void setDomainForCachePartition(Document&); 79 void setDomainForCachePartition(const String&); 79 80 bool isLinkPreload() const { return m_isLinkPreload; } 80 81 void setIsLinkPreload() { m_isLinkPreload = true; } -
trunk/Source/WebKit2/ChangeLog
r213123 r213126 1 2017-02-28 Alex Christensen <achristensen@webkit.org> 2 3 Main resource requests need cachePartition 4 https://bugs.webkit.org/show_bug.cgi?id=168806 5 6 Reviewed by Brady Eidson. 7 8 * NetworkProcess/NetworkResourceLoader.cpp: 9 (WebKit::NetworkResourceLoader::continueWillSendRequest): 10 1 11 2017-02-27 Alex Christensen <achristensen@webkit.org> 2 12 -
trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp
r212993 r213126 473 473 RELEASE_LOG_IF_ALLOWED("continueWillSendRequest: (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ")", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier); 474 474 475 // If there is a match in the network cache, we need to reuse the original cache policy .475 // If there is a match in the network cache, we need to reuse the original cache policy and partition. 476 476 newRequest.setCachePolicy(originalRequest().cachePolicy()); 477 newRequest.setCachePartition(originalRequest().cachePartition()); 477 478 478 479 #if ENABLE(NETWORK_CACHE)
Note:
See TracChangeset
for help on using the changeset viewer.