Changeset 280881 in webkit

Timestamp:

Aug 10, 2021 7:58:01 PM (11 months ago)

Author:

Chris Dumez

Message:

Add Cross-Origin-Opener-Policy support for Blob URLs
​https://bugs.webkit.org/show_bug.cgi?id=228924

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline WPT test that is now passing.

• web-platform-tests/html/cross-origin-opener-policy/blob-popup.https-expected.txt:

Source/WebCore:

Pass ScriptExecutionContext's cross-origin-opener-policy when registering a public
Blob URL and store it in the blob registry alongside the blob data. As a result,
we are able to service the right COOP headers on the blob response later on when
doing a load of this blob. In the future, we'll pass the cross-origin-embedder-policy
as well, once we support it.

No new tests, rebaselined existing test.

• Modules/fetch/FetchLoader.cpp:

(WebCore::FetchLoader::startLoadingBlobURL):

• dom/Document.h:
• dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::crossOriginOpenerPolicy const):

• dom/ScriptExecutionContext.h:
• fileapi/Blob.cpp:

(WebCore::BlobURLRegistry::registerURL):
(WebCore::Blob::Blob):

• fileapi/FileReaderLoader.cpp:

(WebCore::FileReaderLoader::start):

• fileapi/ThreadableBlobRegistry.cpp:

(WebCore::ThreadableBlobRegistry::registerBlobURL):

• fileapi/ThreadableBlobRegistry.h:
• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::loadResource):

• loader/CrossOriginEmbedderPolicy.cpp:

(WebCore::obtainCrossOriginEmbedderPolicy):
For WebKit1, the initial empty document seems to have an empty URL instead of
"about:blank" so I had to extend the check so that COEP properly gets enabled.

• loader/CrossOriginOpenerPolicy.cpp:

(WebCore::obtainCrossOriginOpenerPolicy):
For WebKit1, the initial empty document seems to have an empty URL instead of
"about:blank" so I had to extend the check so that COOP properly gets enabled.

(WebCore::crossOriginOpenerPolicyToString):
(WebCore::CrossOriginOpenerPolicy::isolatedCopy const):
(WebCore::addCrossOriginOpenerPolicyHeaders):

• loader/CrossOriginOpenerPolicy.h:

(WebCore::operator==):
(WebCore::CrossOriginOpenerPolicy::encode const):
(WebCore::CrossOriginOpenerPolicy::decode):

• platform/network/BlobData.cpp:

(WebCore::BlobData::clone const):

• platform/network/BlobData.h:

(WebCore::BlobData::crossOriginOpenerPolicy const):
(WebCore::BlobData::setCrossOriginOpenerPolicy):

• platform/network/BlobRegistry.h:
• platform/network/BlobRegistryImpl.cpp:

(WebCore::BlobRegistryImpl::registerBlobURL):
(WebCore::BlobRegistryImpl::registerBlobURLOptionallyFileBacked):

• platform/network/BlobRegistryImpl.h:
• platform/network/BlobResourceHandle.cpp:

(WebCore::BlobResourceHandle::notifyResponseOnSuccess):

Source/WebKit:

• NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::registerBlobURLFromURL):
(WebKit::NetworkConnectionToWebProcess::registerBlobURLOptionallyFileBacked):

• NetworkProcess/NetworkConnectionToWebProcess.h:
• NetworkProcess/NetworkConnectionToWebProcess.messages.in:
• NetworkProcess/NetworkDataTaskBlob.cpp:

(WebKit::NetworkDataTaskBlob::dispatchDidReceiveResponse):

• NetworkProcess/NetworkProcessPlatformStrategies.cpp:

(WebKit::NetworkProcessPlatformStrategies::createBlobRegistry):

• WebProcess/FileAPI/BlobRegistryProxy.cpp:

(WebKit::BlobRegistryProxy::registerBlobURL):

• WebProcess/FileAPI/BlobRegistryProxy.h:

Source/WebKitLegacy/mac:

• WebCoreSupport/WebPlatformStrategies.mm:

Source/WebKitLegacy/win:

• WebCoreSupport/WebPlatformStrategies.cpp:

Location:

trunk

Files:

• LayoutTests/TestExpectations (modified) (1 diff)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/blob-popup.https-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/fetch/FetchLoader.cpp (modified) (1 diff)
• Source/WebCore/dom/Document.h (modified) (1 diff)
• Source/WebCore/dom/ScriptExecutionContext.cpp (modified) (2 diffs)
• Source/WebCore/dom/ScriptExecutionContext.h (modified) (2 diffs)
• Source/WebCore/fileapi/Blob.cpp (modified) (2 diffs)
• Source/WebCore/fileapi/FileReaderLoader.cpp (modified) (1 diff)
• Source/WebCore/fileapi/ThreadableBlobRegistry.cpp (modified) (2 diffs)
• Source/WebCore/fileapi/ThreadableBlobRegistry.h (modified) (1 diff)
• Source/WebCore/html/HTMLMediaElement.cpp (modified) (1 diff)
• Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp (modified) (1 diff)
• Source/WebCore/loader/CrossOriginOpenerPolicy.cpp (modified) (3 diffs)
• Source/WebCore/loader/CrossOriginOpenerPolicy.h (modified) (2 diffs)
• Source/WebCore/platform/network/BlobData.cpp (modified) (1 diff)
• Source/WebCore/platform/network/BlobData.h (modified) (4 diffs)
• Source/WebCore/platform/network/BlobRegistry.h (modified) (3 diffs)
• Source/WebCore/platform/network/BlobRegistryImpl.cpp (modified) (3 diffs)
• Source/WebCore/platform/network/BlobRegistryImpl.h (modified) (2 diffs)
• Source/WebCore/platform/network/BlobResourceHandle.cpp (modified) (2 diffs)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp (modified) (3 diffs)
• Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h (modified) (2 diffs)
• Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkDataTaskBlob.cpp (modified) (2 diffs)
• Source/WebKit/NetworkProcess/NetworkProcessPlatformStrategies.cpp (modified) (1 diff)
• Source/WebKit/WebProcess/FileAPI/BlobRegistryProxy.cpp (modified) (2 diffs)
• Source/WebKit/WebProcess/FileAPI/BlobRegistryProxy.h (modified) (1 diff)
• Source/WebKitLegacy/mac/ChangeLog (modified) (1 diff)
• Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.mm (modified) (1 diff)
• Source/WebKitLegacy/win/ChangeLog (modified) (1 diff)
• Source/WebKitLegacy/win/WebCoreSupport/WebPlatformStrategies.cpp (modified) (1 diff)

trunk/LayoutTests/TestExpectations

@@ -719 +719 @@
 # test is served over HTTP.
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/no-https.html [ Skip ]
-
-# COOP tests that are failing and keep printing a different uuid in the error output.
-imported/w3c/web-platform-tests/html/cross-origin-opener-policy/blob-popup.https.html [ Failure Pass ]
-imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coep-blob-popup.https.html [ Failure Pass ]
 
 # Newly imported WPT tests that are crashing.

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2021-08-10  Chris Dumez  <cdumez@apple.com>
+
+        Add Cross-Origin-Opener-Policy support for Blob URLs
+        https://bugs.webkit.org/show_bug.cgi?id=228924
+
+        Reviewed by Alex Christensen.
+
+        Rebaseline WPT test that is now passing.
+
+        * web-platform-tests/html/cross-origin-opener-policy/blob-popup.https-expected.txt:
+
 2021-08-10  Chris Dumez  <cdumez@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/blob-popup.https-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: TypeError: null is not an object (evaluating 'window.opener.furtherPopup = w')
 
-FAIL Cross-Origin-Opener-Policy and a blob URL popup assert_equals: expected 0 but got 36
+PASS Cross-Origin-Opener-Policy and a blob URL popup
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2021-08-10  Chris Dumez  <cdumez@apple.com>
+
+        Add Cross-Origin-Opener-Policy support for Blob URLs
+        https://bugs.webkit.org/show_bug.cgi?id=228924
+
+        Reviewed by Alex Christensen.
+
+        Pass ScriptExecutionContext's cross-origin-opener-policy when registering a public
+        Blob URL and store it in the blob registry alongside the blob data. As a result,
+        we are able to service the right COOP headers on the blob response later on when
+        doing a load of this blob. In the future, we'll pass the cross-origin-embedder-policy
+        as well, once we support it.
+
+        No new tests, rebaselined existing test.
+
+        * Modules/fetch/FetchLoader.cpp:
+        (WebCore::FetchLoader::startLoadingBlobURL):
+        * dom/Document.h:
+        * dom/ScriptExecutionContext.cpp:
+        (WebCore::ScriptExecutionContext::crossOriginOpenerPolicy const):
+        * dom/ScriptExecutionContext.h:
+        * fileapi/Blob.cpp:
+        (WebCore::BlobURLRegistry::registerURL):
+        (WebCore::Blob::Blob):
+        * fileapi/FileReaderLoader.cpp:
+        (WebCore::FileReaderLoader::start):
+        * fileapi/ThreadableBlobRegistry.cpp:
+        (WebCore::ThreadableBlobRegistry::registerBlobURL):
+        * fileapi/ThreadableBlobRegistry.h:
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::loadResource):
+
+        * loader/CrossOriginEmbedderPolicy.cpp:
+        (WebCore::obtainCrossOriginEmbedderPolicy):
+        For WebKit1, the initial empty document seems to have an empty URL instead of
+        "about:blank" so I had to extend the check so that COEP properly gets enabled.
+
+        * loader/CrossOriginOpenerPolicy.cpp:
+        (WebCore::obtainCrossOriginOpenerPolicy):
+        For WebKit1, the initial empty document seems to have an empty URL instead of
+        "about:blank" so I had to extend the check so that COOP properly gets enabled.
+
+        (WebCore::crossOriginOpenerPolicyToString):
+        (WebCore::CrossOriginOpenerPolicy::isolatedCopy const):
+        (WebCore::addCrossOriginOpenerPolicyHeaders):
+        * loader/CrossOriginOpenerPolicy.h:
+        (WebCore::operator==):
+        (WebCore::CrossOriginOpenerPolicy::encode const):
+        (WebCore::CrossOriginOpenerPolicy::decode):
+        * platform/network/BlobData.cpp:
+        (WebCore::BlobData::clone const):
+        * platform/network/BlobData.h:
+        (WebCore::BlobData::crossOriginOpenerPolicy const):
+        (WebCore::BlobData::setCrossOriginOpenerPolicy):
+        * platform/network/BlobRegistry.h:
+        * platform/network/BlobRegistryImpl.cpp:
+        (WebCore::BlobRegistryImpl::registerBlobURL):
+        (WebCore::BlobRegistryImpl::registerBlobURLOptionallyFileBacked):
+        * platform/network/BlobRegistryImpl.h:
+        * platform/network/BlobResourceHandle.cpp:
+        (WebCore::BlobResourceHandle::notifyResponseOnSuccess):
+
 2021-08-10  Wenson Hsieh  <wenson_hsieh@apple.com>
 

trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp

@@ -66 +66 @@
     }
 
-    ThreadableBlobRegistry::registerBlobURL(context.securityOrigin(), m_urlForReading, blobURL);
+    ThreadableBlobRegistry::registerBlobURL(context.securityOrigin(), context.crossOriginOpenerPolicy(), m_urlForReading, blobURL);
 
     ResourceRequest request(m_urlForReading);

trunk/Source/WebCore/dom/Document.h

@@ -1355 +1355 @@
     bool shouldForceNoOpenerBasedOnCOOP() const;
 
-    const CrossOriginOpenerPolicy& crossOriginOpenerPolicy() const;
+    const CrossOriginOpenerPolicy& crossOriginOpenerPolicy() const final;
     void setCrossOriginOpenerPolicy(const CrossOriginOpenerPolicy&);
 

trunk/Source/WebCore/dom/ScriptExecutionContext.cpp

@@ -32 +32 @@
 #include "CachedScript.h"
 #include "CommonVM.h"
+#include "CrossOriginOpenerPolicy.h"
 #include "DOMTimer.h"
 #include "DOMWindow.h"
@@ -336 +337 @@
 }
 
+const CrossOriginOpenerPolicy& ScriptExecutionContext::crossOriginOpenerPolicy() const
+{
+    static NeverDestroyed<CrossOriginOpenerPolicy> coop;
+    return coop;
+}
+
 void ScriptExecutionContext::suspendActiveDOMObjectIfNeeded(ActiveDOMObject& activeDOMObject)
 {

trunk/Source/WebCore/dom/ScriptExecutionContext.h

@@ -79 +79 @@
 enum class TaskSource : uint8_t;
 
+struct CrossOriginOpenerPolicy;
+
 #if ENABLE(SERVICE_WORKER)
 class ServiceWorker;
@@ -146 +148 @@
     bool activeDOMObjectsAreSuspended() const { return m_activeDOMObjectsAreSuspended; }
     bool activeDOMObjectsAreStopped() const { return m_activeDOMObjectsAreStopped; }
+
+    virtual const CrossOriginOpenerPolicy& crossOriginOpenerPolicy() const;
 
     JSC::ScriptExecutionStatus jscScriptExecutionStatus() const;

trunk/Source/WebCore/fileapi/Blob.cpp

@@ -63 +63 @@
 {
     ASSERT(&blob.registry() == this);
-    ThreadableBlobRegistry::registerBlobURL(context.securityOrigin(), publicURL, static_cast<Blob&>(blob).url());
+    ThreadableBlobRegistry::registerBlobURL(context.securityOrigin(), context.crossOriginOpenerPolicy(), publicURL, static_cast<Blob&>(blob).url());
 }
 
@@ -138 +138 @@
 {
     if (fileBackedPath.isEmpty())
-        ThreadableBlobRegistry::registerBlobURL(nullptr, m_internalURL, srcURL);
+        ThreadableBlobRegistry::registerBlobURL(nullptr, { }, m_internalURL, srcURL);
     else
         ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked(m_internalURL, srcURL, fileBackedPath, m_type);

trunk/Source/WebCore/fileapi/FileReaderLoader.cpp

@@ -83 +83 @@
         return;
     }
-    ThreadableBlobRegistry::registerBlobURL(scriptExecutionContext->securityOrigin(), m_urlForReading, blob.url());
+    ThreadableBlobRegistry::registerBlobURL(scriptExecutionContext->securityOrigin(), scriptExecutionContext->crossOriginOpenerPolicy(), m_urlForReading, blob.url());
 
     // Construct and load the request.

trunk/Source/WebCore/fileapi/ThreadableBlobRegistry.cpp

@@ -100 +100 @@
 }
 
-void ThreadableBlobRegistry::registerBlobURL(SecurityOrigin* origin, const URL& url, const URL& srcURL)
+void ThreadableBlobRegistry::registerBlobURL(SecurityOrigin* origin, const CrossOriginOpenerPolicy& coop, const URL& url, const URL& srcURL)
 {
     // If the blob URL contains null origin, as in the context with unique security origin or file URL, save the mapping between url and origin so that the origin can be retrived when doing security origin check.
@@ -107 +107 @@
 
     if (isMainThread()) {
-        blobRegistry().registerBlobURL(url, srcURL);
+        blobRegistry().registerBlobURL(url, srcURL, coop);
         return;
     }
 
-    callOnMainThread([url = url.isolatedCopy(), srcURL = srcURL.isolatedCopy()] {
-        blobRegistry().registerBlobURL(url, srcURL);
+    callOnMainThread([url = url.isolatedCopy(), srcURL = srcURL.isolatedCopy(), coop = crossThreadCopy(coop)] {
+        blobRegistry().registerBlobURL(url, srcURL, coop);
     });
 }

trunk/Source/WebCore/fileapi/ThreadableBlobRegistry.h

@@ -39 +39 @@
 class SecurityOrigin;
 
+struct CrossOriginOpenerPolicy;
+
 class ThreadableBlobRegistry {
 public:
     static void registerFileBlobURL(const URL&, const String& path, const String& replacementPath, const String& contentType);
     static void registerBlobURL(const URL&, Vector<BlobPart>&& blobParts, const String& contentType);
-    static void registerBlobURL(SecurityOrigin*, const URL&, const URL& srcURL);
+    static void registerBlobURL(SecurityOrigin*, const CrossOriginOpenerPolicy&, const URL&, const URL& srcURL);
     static void registerBlobURLOptionallyFileBacked(const URL&, const URL& srcURL, const String& fileBackedPath, const String& contentType);
     static void registerBlobURLForSlice(const URL& newURL, const URL& srcURL, long long start, long long end, const String& contentType);

trunk/Source/WebCore/html/HTMLMediaElement.cpp

@@ -1553 +1553 @@
             ThreadableBlobRegistry::unregisterBlobURL(m_blobURLForReading);
         m_blobURLForReading = BlobURL::createPublicURL(&document().securityOrigin());
-        ThreadableBlobRegistry::registerBlobURL(&document().securityOrigin(), m_blobURLForReading, m_blob->url());
+        ThreadableBlobRegistry::registerBlobURL(&document().securityOrigin(), document().crossOriginOpenerPolicy(), m_blobURLForReading, m_blob->url());
 
         if (!m_player->load(m_blobURLForReading, contentType, keySystem))

trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp

@@ -46 +46 @@
     CrossOriginEmbedderPolicy policy;
     // FIXME: about:blank should be marked as secure as per https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url.
-    if (!context.isSecureContext() && context.url() != aboutBlankURL())
+    if (!context.isSecureContext() && context.url() != aboutBlankURL() && !context.url().isEmpty())
         return policy;
 

trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp

@@ -34 +34 @@
 namespace WebCore {
 
+static String crossOriginOpenerPolicyToString(const CrossOriginOpenerPolicyValue& coop)
+{
+    switch (coop) {
+    case CrossOriginOpenerPolicyValue::SameOrigin:
+    case CrossOriginOpenerPolicyValue::SameOriginPlusCOEP:
+        return "same-origin"_s;
+    case CrossOriginOpenerPolicyValue::SameOriginAllowPopups:
+        return "same-origin-allow-popups"_s;
+    case CrossOriginOpenerPolicyValue::UnsafeNone:
+        break;
+    }
+    return "unsafe-none"_s;
+}
+
 // https://html.spec.whatwg.org/multipage/origin.html#obtain-coop
 CrossOriginOpenerPolicy obtainCrossOriginOpenerPolicy(const ResourceResponse& response, const ScriptExecutionContext& context)
@@ -62 +76 @@
     CrossOriginOpenerPolicy policy;
     // FIXME: about:blank should be marked as secure as per https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url.
-    if (!context.isSecureContext() && context.url() != aboutBlankURL())
+    if (!context.isSecureContext() && context.url() != aboutBlankURL() && !context.url().isEmpty())
         return policy;
 
@@ -70 +84 @@
 }
 
+CrossOriginOpenerPolicy CrossOriginOpenerPolicy::isolatedCopy() const
+{
+    return {
+        value,
+        reportingEndpoint.isolatedCopy(),
+        reportOnlyValue,
+        reportOnlyReportingEndpoint.isolatedCopy()
+    };
+}
+
+void addCrossOriginOpenerPolicyHeaders(ResourceResponse& response, const CrossOriginOpenerPolicy& coop)
+{
+    if (coop.value != CrossOriginOpenerPolicyValue::UnsafeNone) {
+        if (coop.reportingEndpoint.isEmpty())
+            response.setHTTPHeaderField(HTTPHeaderName::CrossOriginOpenerPolicy, crossOriginOpenerPolicyToString(coop.value));
+        else
+            response.setHTTPHeaderField(HTTPHeaderName::CrossOriginOpenerPolicy, makeString(crossOriginOpenerPolicyToString(coop.value), "; report-to=\"", coop.reportingEndpoint, '\"'));
+        if (coop.value == CrossOriginOpenerPolicyValue::SameOriginPlusCOEP)
+            response.setHTTPHeaderField(HTTPHeaderName::CrossOriginEmbedderPolicy, "require-corp"_s); // FIXME: Pass in coep and set header value correctly.
+    }
+    if (coop.reportOnlyValue != CrossOriginOpenerPolicyValue::UnsafeNone) {
+        if (coop.reportOnlyReportingEndpoint.isEmpty())
+            response.setHTTPHeaderField(HTTPHeaderName::CrossOriginOpenerPolicyReportOnly, crossOriginOpenerPolicyToString(coop.reportOnlyValue));
+        else
+            response.setHTTPHeaderField(HTTPHeaderName::CrossOriginOpenerPolicyReportOnly, makeString(crossOriginOpenerPolicyToString(coop.reportOnlyValue), "; report-to=\"", coop.reportOnlyReportingEndpoint, '\"'));
+        if (coop.reportOnlyValue == CrossOriginOpenerPolicyValue::SameOriginPlusCOEP)
+            response.setHTTPHeaderField(HTTPHeaderName::CrossOriginEmbedderPolicyReportOnly, "require-corp"_s); // FIXME: Pass in coep and set header value correctly.
+    }
+}
+
 } // namespace WebCore

trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.h

@@ -49 +49 @@
     CrossOriginOpenerPolicyValue reportOnlyValue { CrossOriginOpenerPolicyValue::UnsafeNone };
     String reportOnlyReportingEndpoint;
+
+    CrossOriginOpenerPolicy isolatedCopy() const;
+    template<class Encoder> void encode(Encoder&) const;
+    template<class Decoder> static std::optional<CrossOriginOpenerPolicy> decode(Decoder&);
 };
+
+inline bool operator==(const CrossOriginOpenerPolicy& a, const CrossOriginOpenerPolicy& b)
+{
+    return a.value == b.value && a.reportingEndpoint == b.reportingEndpoint && a.reportOnlyValue == b.reportOnlyValue && a.reportOnlyReportingEndpoint == b.reportOnlyReportingEndpoint;
+}
+
+template<class Encoder>
+void CrossOriginOpenerPolicy::encode(Encoder& encoder) const
+{
+    encoder << value << reportingEndpoint << reportOnlyValue << reportOnlyReportingEndpoint;
+}
+
+template<class Decoder>
+std::optional<CrossOriginOpenerPolicy> CrossOriginOpenerPolicy::decode(Decoder& decoder)
+{
+    std::optional<CrossOriginOpenerPolicyValue> value;
+    decoder >> value;
+    if (!value)
+        return std::nullopt;
+
+    std::optional<String> reportingEndpoint;
+    decoder >> reportingEndpoint;
+    if (!reportingEndpoint)
+        return std::nullopt;
+
+    std::optional<CrossOriginOpenerPolicyValue> reportOnlyValue;
+    decoder >> reportOnlyValue;
+    if (!reportOnlyValue)
+        return std::nullopt;
+
+    std::optional<String> reportOnlyReportingEndpoint;
+    decoder >> reportOnlyReportingEndpoint;
+    if (!reportOnlyReportingEndpoint)
+        return std::nullopt;
+
+    return {{
+        *value,
+        WTFMove(*reportingEndpoint),
+        *reportOnlyValue,
+        WTFMove(*reportOnlyReportingEndpoint)
+    }};
+}
 
 // https://html.spec.whatwg.org/multipage/origin.html#coop-enforcement-result
@@ -62 +108 @@
 
 CrossOriginOpenerPolicy obtainCrossOriginOpenerPolicy(const ResourceResponse&, const ScriptExecutionContext&);
+WEBCORE_EXPORT void addCrossOriginOpenerPolicyHeaders(ResourceResponse&, const CrossOriginOpenerPolicy&);
 
 } // namespace WebCore
+
+namespace WTF {
+
+template<> struct EnumTraits<WebCore::CrossOriginOpenerPolicyValue> {
+    using values = EnumValues<
+    WebCore::CrossOriginOpenerPolicyValue,
+    WebCore::CrossOriginOpenerPolicyValue::UnsafeNone,
+    WebCore::CrossOriginOpenerPolicyValue::SameOrigin,
+    WebCore::CrossOriginOpenerPolicyValue::SameOriginPlusCOEP,
+    WebCore::CrossOriginOpenerPolicyValue::SameOriginAllowPopups
+    >;
+};
+
+} // namespace WTF

trunk/Source/WebCore/platform/network/BlobData.cpp

@@ -79 +79 @@
 }
 
+Ref<BlobData> BlobData::clone() const
+{
+    auto blobData = BlobData::create(m_contentType);
+    blobData->m_coop = m_coop;
+    blobData->m_items = m_items;
+    return blobData;
+}
+
 void BlobData::appendFile(BlobDataFileReference* file, long long offset, long long length)
 {

trunk/Source/WebCore/platform/network/BlobData.h

@@ -33 +33 @@
 
 #include "BlobDataFileReference.h"
+#include "CrossOriginOpenerPolicy.h"
 #include "ThreadSafeDataBuffer.h"
 #include <wtf/Forward.h>
@@ -106 +107 @@
     const String& contentType() const { return m_contentType; }
 
+    const CrossOriginOpenerPolicy& crossOriginOpenerPolicy() const { return m_coop; }
+    void setCrossOriginOpenerPolicy(const CrossOriginOpenerPolicy& coop) { m_coop = coop; }
+
     const BlobDataItemList& items() const { return m_items; }
     void swapItems(BlobDataItemList&);
@@ -111 +115 @@
     void appendData(const ThreadSafeDataBuffer&);
     void appendFile(Ref<BlobDataFileReference>&&);
+
+    Ref<BlobData> clone() const;
 
 private:
@@ -120 +126 @@
 
     String m_contentType;
+    CrossOriginOpenerPolicy m_coop;
     BlobDataItemList m_items;
 };

trunk/Source/WebCore/platform/network/BlobRegistry.h

@@ -32 +32 @@
 #pragma once
 
+#include <optional>
 #include <wtf/Forward.h>
 
@@ -40 +41 @@
 class BlobRegistry;
 class BlobRegistryImpl;
+
+struct CrossOriginOpenerPolicy;
 
 WEBCORE_EXPORT BlobRegistry& blobRegistry();
@@ -54 +57 @@
     
     // Registers a new blob URL referring to the blob data identified by the specified srcURL.
-    virtual void registerBlobURL(const URL&, const URL& srcURL) = 0;
+    virtual void registerBlobURL(const URL&, const URL& srcURL, const CrossOriginOpenerPolicy&) = 0;
 
     // Registers a new blob URL referring to the blob data identified by the specified srcURL or, if none found, referring to the file found at the given path.

trunk/Source/WebCore/platform/network/BlobRegistryImpl.cpp

@@ -153 +153 @@
 }
 
-void BlobRegistryImpl::registerBlobURL(const URL& url, const URL& srcURL)
-{
-    registerBlobURLOptionallyFileBacked(url, srcURL, nullptr, { });
-}
-
-void BlobRegistryImpl::registerBlobURLOptionallyFileBacked(const URL& url, const URL& srcURL, RefPtr<BlobDataFileReference>&& file, const String& contentType)
+void BlobRegistryImpl::registerBlobURL(const URL& url, const URL& srcURL, const CrossOriginOpenerPolicy& coop)
+{
+    registerBlobURLOptionallyFileBacked(url, srcURL, nullptr, { }, coop);
+}
+
+void BlobRegistryImpl::registerBlobURLOptionallyFileBacked(const URL& url, const URL& srcURL, RefPtr<BlobDataFileReference>&& file, const String& contentType, const CrossOriginOpenerPolicy& coop)
 {
     ASSERT(isMainThread());
@@ -165 +165 @@
     BlobData* src = getBlobDataFromURL(srcURL);
     if (src) {
-        addBlobData(url.string(), src);
+        if (src->crossOriginOpenerPolicy() == coop)
+            addBlobData(url.string(), src);
+        else {
+            auto clone = src->clone();
+            clone->setCrossOriginOpenerPolicy(coop);
+            addBlobData(url.string(), WTFMove(clone));
+        }
         return;
     }
@@ -174 +180 @@
     auto backingFile = BlobData::create(contentType);
     backingFile->appendFile(file.releaseNonNull());
+    backingFile->setCrossOriginOpenerPolicy(coop);
 
     addBlobData(url.string(), WTFMove(backingFile));

trunk/Source/WebCore/platform/network/BlobRegistryImpl.h

@@ -46 +46 @@
 class ResourceRequest;
 class ThreadSafeDataBuffer;
+struct CrossOriginOpenerPolicy;
 
 // BlobRegistryImpl is not thread-safe. It should only be called from main thread.
@@ -62 +63 @@
     void registerFileBlobURL(const URL&, Ref<BlobDataFileReference>&&, const String& contentType);
     void registerBlobURL(const URL&, Vector<BlobPart>&&, const String& contentType);
-    void registerBlobURL(const URL&, const URL& srcURL);
-    void registerBlobURLOptionallyFileBacked(const URL&, const URL& srcURL, RefPtr<BlobDataFileReference>&&, const String& contentType);
+    void registerBlobURL(const URL&, const URL& srcURL, const CrossOriginOpenerPolicy&);
+    void registerBlobURLOptionallyFileBacked(const URL&, const URL& srcURL, RefPtr<BlobDataFileReference>&&, const String& contentType, const CrossOriginOpenerPolicy&);
     void registerBlobURLForSlice(const URL&, const URL& srcURL, long long start, long long end, const String& contentType);
     void unregisterBlobURL(const URL&);

trunk/Source/WebCore/platform/network/BlobResourceHandle.cpp

@@ -35 +35 @@
 #include "AsyncFileStream.h"
 #include "BlobData.h"
+#include "CrossOriginOpenerPolicy.h"
 #include "FileStream.h"
 #include "HTTPHeaderNames.h"
@@ -577 +578 @@
     response.setHTTPHeaderField(HTTPHeaderName::ContentType, m_blobData->contentType());
     response.setHTTPHeaderField(HTTPHeaderName::ContentLength, String::number(m_totalRemainingSize));
+    addCrossOriginOpenerPolicyHeaders(response, m_blobData->crossOriginOpenerPolicy());
 
     if (isRangeRequest)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2021-08-10  Chris Dumez  <cdumez@apple.com>
+
+        Add Cross-Origin-Opener-Policy support for Blob URLs
+        https://bugs.webkit.org/show_bug.cgi?id=228924
+
+        Reviewed by Alex Christensen.
+
+        * NetworkProcess/NetworkConnectionToWebProcess.cpp:
+        (WebKit::NetworkConnectionToWebProcess::registerBlobURLFromURL):
+        (WebKit::NetworkConnectionToWebProcess::registerBlobURLOptionallyFileBacked):
+        * NetworkProcess/NetworkConnectionToWebProcess.h:
+        * NetworkProcess/NetworkConnectionToWebProcess.messages.in:
+        * NetworkProcess/NetworkDataTaskBlob.cpp:
+        (WebKit::NetworkDataTaskBlob::dispatchDidReceiveResponse):
+        * NetworkProcess/NetworkProcessPlatformStrategies.cpp:
+        (WebKit::NetworkProcessPlatformStrategies::createBlobRegistry):
+        * WebProcess/FileAPI/BlobRegistryProxy.cpp:
+        (WebKit::BlobRegistryProxy::registerBlobURL):
+        * WebProcess/FileAPI/BlobRegistryProxy.h:
+
 2021-08-10  Tim Horton  <timothy_horton@apple.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp

@@ -829 +829 @@
 }
 
-void NetworkConnectionToWebProcess::registerBlobURLFromURL(const URL& url, const URL& srcURL)
+void NetworkConnectionToWebProcess::registerBlobURLFromURL(const URL& url, const URL& srcURL, CrossOriginOpenerPolicy&& coop)
 {
     auto* session = networkSession();
@@ -835 +835 @@
         return;
 
-    session->blobRegistry().registerBlobURL(url, srcURL);
+    session->blobRegistry().registerBlobURL(url, srcURL, WTFMove(coop));
 }
 
@@ -846 +846 @@
         return;
 
-    session->blobRegistry().registerBlobURLOptionallyFileBacked(url, srcURL, BlobDataFileReferenceWithSandboxExtension::create(fileBackedPath), contentType);
+    session->blobRegistry().registerBlobURLOptionallyFileBacked(url, srcURL, BlobDataFileReferenceWithSandboxExtension::create(fileBackedPath), contentType, { });
 }
 

trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h

@@ -67 +67 @@
 enum class StorageAccessScope : bool;
 enum class ShouldAskITP : bool;
+struct CrossOriginOpenerPolicy;
 struct RequestStorageAccessResult;
 struct SameSiteInfo;
@@ -230 +231 @@
     void registerFileBlobURL(const URL&, const String& path, const String& replacementPath, SandboxExtension::Handle&&, const String& contentType);
     void registerBlobURL(const URL&, Vector<WebCore::BlobPart>&&, const String& contentType);
-    void registerBlobURLFromURL(const URL&, const URL& srcURL);
+    void registerBlobURLFromURL(const URL&, const URL& srcURL, WebCore::CrossOriginOpenerPolicy&&);
     void registerBlobURLOptionallyFileBacked(const URL&, const URL& srcURL, const String& fileBackedPath, const String& contentType);
     void registerBlobURLForSlice(const URL&, const URL& srcURL, int64_t start, int64_t end, const String& contentType);

trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in

@@ -51 +51 @@
     RegisterFileBlobURL(URL url, String path, String replacementPath, WebKit::SandboxExtension::Handle extensionHandle, String contentType)
     RegisterBlobURL(URL url, Vector<WebCore::BlobPart> blobParts, String contentType)
-    RegisterBlobURLFromURL(URL url, URL srcURL)
+    RegisterBlobURLFromURL(URL url, URL srcURL, struct WebCore::CrossOriginOpenerPolicy coop)
     RegisterBlobURLOptionallyFileBacked(URL url, URL srcURL, String fileBackedPath, String contentType)
     RegisterBlobURLForSlice(URL url, URL srcURL, int64_t start, int64_t end, String contentType)

trunk/Source/WebKit/NetworkProcess/NetworkDataTaskBlob.cpp

@@ -42 +42 @@
 #include <WebCore/AsyncFileStream.h>
 #include <WebCore/BlobRegistryImpl.h>
+#include <WebCore/CrossOriginOpenerPolicy.h>
 #include <WebCore/HTTPParsers.h>
 #include <WebCore/ParsedContentRange.h>
@@ -265 +266 @@
         response.setHTTPHeaderField(HTTPHeaderName::ContentType, m_blobData->contentType());
         response.setHTTPHeaderField(HTTPHeaderName::ContentLength, String::number(m_totalRemainingSize));
+        addCrossOriginOpenerPolicyHeaders(response, m_blobData->crossOriginOpenerPolicy());
 
         if (isRangeRequest)

trunk/Source/WebKit/NetworkProcess/NetworkProcessPlatformStrategies.cpp

@@ -60 +60 @@
         void registerFileBlobURL(const URL&, Ref<BlobDataFileReference>&&, const String& path, const String& contentType) final { ASSERT_NOT_REACHED(); }
         void registerBlobURL(const URL&, Vector<BlobPart>&&, const String& contentType) final { ASSERT_NOT_REACHED(); }
-        void registerBlobURL(const URL&, const URL& srcURL) final { ASSERT_NOT_REACHED(); }
+        void registerBlobURL(const URL&, const URL& srcURL, const WebCore::CrossOriginOpenerPolicy&) final { ASSERT_NOT_REACHED(); }
         void registerBlobURLOptionallyFileBacked(const URL&, const URL& srcURL, RefPtr<BlobDataFileReference>&&, const String& contentType) final { ASSERT_NOT_REACHED(); }
         void registerBlobURLForSlice(const URL&, const URL& srcURL, long long start, long long end, const String& contentType) final { ASSERT_NOT_REACHED(); }

trunk/Source/WebKit/WebProcess/FileAPI/BlobRegistryProxy.cpp

@@ -32 +32 @@
 #include "WebProcess.h"
 #include <WebCore/BlobDataFileReference.h>
+#include <WebCore/CrossOriginOpenerPolicy.h>
 #include <WebCore/SWContextManager.h>
 
@@ -54 +55 @@
 }
 
-void BlobRegistryProxy::registerBlobURL(const URL& url, const URL& srcURL)
+void BlobRegistryProxy::registerBlobURL(const URL& url, const URL& srcURL, const CrossOriginOpenerPolicy& coop)
 {
-    WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::RegisterBlobURLFromURL { url, srcURL }, 0);
+    WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::RegisterBlobURLFromURL { url, srcURL, coop }, 0);
 }
 

trunk/Source/WebKit/WebProcess/FileAPI/BlobRegistryProxy.h

@@ -34 +34 @@
     void registerFileBlobURL(const URL&, Ref<WebCore::BlobDataFileReference>&&, const String& path, const String& contentType) final;
     void registerBlobURL(const URL&, Vector<WebCore::BlobPart>&&, const String& contentType) final;
-    void registerBlobURL(const URL&, const URL& srcURL) final;
+    void registerBlobURL(const URL&, const URL& srcURL, const WebCore::CrossOriginOpenerPolicy&) final;
     void registerBlobURLOptionallyFileBacked(const URL&, const URL& srcURL, RefPtr<WebCore::BlobDataFileReference>&&, const String& contentType) final;
     void unregisterBlobURL(const URL&) final;

trunk/Source/WebKitLegacy/mac/ChangeLog

@@ +1 @@
+2021-08-10  Chris Dumez  <cdumez@apple.com>
+
+        Add Cross-Origin-Opener-Policy support for Blob URLs
+        https://bugs.webkit.org/show_bug.cgi?id=228924
+
+        Reviewed by Alex Christensen.
+
+        * WebCoreSupport/WebPlatformStrategies.mm:
+
 2021-08-10  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.mm

@@ -86 +86 @@
     void registerFileBlobURL(const URL& url, Ref<BlobDataFileReference>&& reference, const String&, const String& contentType) final { m_blobRegistry.registerFileBlobURL(url, WTFMove(reference), contentType); }
     void registerBlobURL(const URL& url, Vector<BlobPart>&& parts, const String& contentType) final { m_blobRegistry.registerBlobURL(url, WTFMove(parts), contentType); }
-    void registerBlobURL(const URL& url, const URL& srcURL) final { m_blobRegistry.registerBlobURL(url, srcURL); }
-    void registerBlobURLOptionallyFileBacked(const URL& url, const URL& srcURL, RefPtr<BlobDataFileReference>&& reference, const String& contentType) final { m_blobRegistry.registerBlobURLOptionallyFileBacked(url, srcURL, WTFMove(reference), contentType); }
+    void registerBlobURL(const URL& url, const URL& srcURL, const CrossOriginOpenerPolicy& coop) final { m_blobRegistry.registerBlobURL(url, srcURL, coop); }
+    void registerBlobURLOptionallyFileBacked(const URL& url, const URL& srcURL, RefPtr<BlobDataFileReference>&& reference, const String& contentType) final { m_blobRegistry.registerBlobURLOptionallyFileBacked(url, srcURL, WTFMove(reference), contentType, { }); }
     void registerBlobURLForSlice(const URL& url, const URL& srcURL, long long start, long long end, const String& contentType) final { m_blobRegistry.registerBlobURLForSlice(url, srcURL, start, end, contentType); }
     void unregisterBlobURL(const URL& url) final { m_blobRegistry.unregisterBlobURL(url); }

trunk/Source/WebKitLegacy/win/ChangeLog

@@ +1 @@
+2021-08-10  Chris Dumez  <cdumez@apple.com>
+
+        Add Cross-Origin-Opener-Policy support for Blob URLs
+        https://bugs.webkit.org/show_bug.cgi?id=228924
+
+        Reviewed by Alex Christensen.
+
+        * WebCoreSupport/WebPlatformStrategies.cpp:
+
 2021-08-09  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebKitLegacy/win/WebCoreSupport/WebPlatformStrategies.cpp

@@ -82 +82 @@
     void registerFileBlobURL(const URL& url, Ref<BlobDataFileReference>&& reference, const String&, const String& contentType) final { m_blobRegistry.registerFileBlobURL(url, WTFMove(reference), contentType); }
     void registerBlobURL(const URL& url, Vector<BlobPart>&& parts, const String& contentType) final { m_blobRegistry.registerBlobURL(url, WTFMove(parts), contentType); }
-    void registerBlobURL(const URL& url, const URL& srcURL) final { m_blobRegistry.registerBlobURL(url, srcURL); }
-    void registerBlobURLOptionallyFileBacked(const URL& url, const URL& srcURL, RefPtr<BlobDataFileReference>&& reference, const String& contentType) final { m_blobRegistry.registerBlobURLOptionallyFileBacked(url, srcURL, WTFMove(reference), contentType); }
+    void registerBlobURL(const URL& url, const URL& srcURL, const CrossOriginOpenerPolicy& coop) final { m_blobRegistry.registerBlobURL(url, srcURL, coop); }
+    void registerBlobURLOptionallyFileBacked(const URL& url, const URL& srcURL, RefPtr<BlobDataFileReference>&& reference, const String& contentType) final { m_blobRegistry.registerBlobURLOptionallyFileBacked(url, srcURL, WTFMove(reference), contentType, { }); }
     void registerBlobURLForSlice(const URL& url, const URL& srcURL, long long start, long long end, const String& contentType) final { m_blobRegistry.registerBlobURLForSlice(url, srcURL, start, end, contentType); }
     void unregisterBlobURL(const URL& url) final { m_blobRegistry.unregisterBlobURL(url); }