Changeset 280953 in webkit

Timestamp:

Aug 11, 2021 7:43:53 PM (11 months ago)

Author:

Chris Dumez

Message:

Add initial support for Cross-Origin-Embedder-Policy (COEP)
​https://bugs.webkit.org/show_bug.cgi?id=228754

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline COEP WPT tests now that we are passing more checks.

• web-platform-tests/html/cross-origin-embedder-policy/blob.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/coep-frame-javascript.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/coep-on-response-from-service-worker.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/data.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/header-parsing.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/javascript.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/multi-globals/workers-coep-report.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/no-secure-context-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/none-sw-from-require-corp.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/none.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-blank-expected.txt: Removed.
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-blank.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-srcdoc-expected.txt: Removed.
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-srcdoc.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-none.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-require-corp.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/require-corp.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/sandbox.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/service-worker-cache-storage.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/srcdoc.https-expected.txt:

Source/WebCore:

Add initial support for Cross-Origin-Embedder-Policy (COEP) behind a runtime feature flag, off by default:

• ​https://html.spec.whatwg.org/multipage/origin.html#coep

The COEP header has the following impacts:

• When a document with Cross-Origin-Embedder-Policy: require-corp loads an iframe or a worker script, if the network response for that iframe doesn't also contain Cross-Origin-Embedder-Policy: require-corp, then we fail the load.
• When a document with Cross-Origin-Embedder-Policy: require-corp loads cross-origin subresources, then either CORS must be used or the resource response must be allowed by Cross-Origin-Resource-Policy (CORP) header.

Support is only for WK2 and checks are done in the network process for better security. Support for workers and service
workers (including cache storage) is included.

Most of the Web-Platform-Tests for COEP are passing with this patch. The exceptions are:

• Some tests relying on Blob are failing. Similarly to COOP, Blobs need to inherit COEP from their creator. This is currently unimplemented as the change will likely be non-trivial. I will follow-up to fix Blob support for both COOP and COEP.
• Tests in the credentialless/ folder are failing because we do not support Cross-Origin-Embedder-Policy: credentialless. This seems to be a fairly recent extension proposed by Google and it is not part of the HTML specification yet.
• Some tests expect violation reporting and they are failing and we do not implement reporting yet.

Note that self.crossOriginIsolated still returns false, even if the pages opts into both COOP & COEP, and APIs such
as SharedArrayBuffer still are not permitted to use. In order to support this, we will have to actually implement process
swapping so that we know a process is not actually shared by several origins.

Test: http/wpt/html/cross-origin-embedder-policy/require-corp.https.html

• Modules/cache/DOMCache.cpp:

(WebCore::DOMCache::queryCache):

• Modules/cache/DOMCacheEngine.cpp:

(WebCore::DOMCacheEngine::convertToException):

• Modules/cache/DOMCacheEngine.h:
• Modules/cache/RetrieveRecordsOptions.h:

(WebCore::RetrieveRecordsOptions::isolatedCopy const):
(WebCore::RetrieveRecordsOptions::encode const):
(WebCore::RetrieveRecordsOptions::decode):

• dom/Document.cpp:

(WebCore::Document::initSecurityContext):

• dom/SecurityContext.h:

(WebCore::SecurityContext::crossOriginEmbedderPolicy const):
(WebCore::SecurityContext::setCrossOriginEmbedderPolicy):

• loader/CrossOriginAccessControl.cpp:

(WebCore::shouldCrossOriginResourcePolicyCancelLoad):
(WebCore::validateCrossOriginResourcePolicy):

• loader/CrossOriginAccessControl.h:
• loader/CrossOriginEmbedderPolicy.cpp:

(WebCore::obtainCrossOriginEmbedderPolicy):
(WebCore::CrossOriginEmbedderPolicy::isolatedCopy const):

• loader/CrossOriginEmbedderPolicy.h:

(WebCore::CrossOriginEmbedderPolicy::encode const):
(WebCore::CrossOriginEmbedderPolicy::decode):

• loader/CrossOriginOpenerPolicy.cpp:

(WebCore::obtainCrossOriginOpenerPolicy):

• loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::loadResourceSynchronously):
(WebCore::DocumentThreadableLoader::create):
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
(WebCore::DocumentThreadableLoader::crossOriginEmbedderPolicy const):

• loader/DocumentThreadableLoader.h:
• loader/DocumentWriter.cpp:

(WebCore::DocumentWriter::begin):

• loader/FrameLoader.cpp:

(WebCore::FrameLoader::didBeginDocument):

• loader/ResourceLoaderOptions.h:
• loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):

• loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):

• page/SecurityOrigin.h:
• platform/network/HTTPParsers.cpp:

(WebCore::parseCrossOriginResourcePolicyHeader):

• platform/network/HTTPParsers.h:
• workers/Worker.cpp:

(WebCore::Worker::notifyFinished):

• workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::WorkerGlobalScope):

• workers/WorkerGlobalScopeProxy.h:
• workers/WorkerMessagingProxy.cpp:

(WebCore::WorkerMessagingProxy::startWorkerGlobalScope):

• workers/WorkerMessagingProxy.h:
• workers/WorkerScriptLoader.cpp:

(WebCore::WorkerScriptLoader::loadSynchronously):
(WebCore::WorkerScriptLoader::loadAsynchronously):
(WebCore::WorkerScriptLoader::didReceiveResponse):

• workers/WorkerScriptLoader.h:

(WebCore::WorkerScriptLoader::crossOriginEmbedderPolicy const):

• workers/WorkerThread.cpp:

(WebCore::WorkerParameters::isolatedCopy const):

• workers/WorkerThread.h:
• workers/service/ServiceWorkerContainer.cpp:

(WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):

• workers/service/ServiceWorkerContainer.h:
• workers/service/ServiceWorkerContextData.cpp:

(WebCore::ServiceWorkerContextData::isolatedCopy const):

• workers/service/ServiceWorkerContextData.h:

(WebCore::ServiceWorkerContextData::encode const):
(WebCore::ServiceWorkerContextData::decode):

• workers/service/ServiceWorkerFetchResult.h:

(WebCore::ServiceWorkerFetchResult::isolatedCopy const):
(WebCore::serviceWorkerFetchError):
(WebCore::ServiceWorkerFetchResult::encode const):
(WebCore::ServiceWorkerFetchResult::decode):

• workers/service/ServiceWorkerJob.cpp:

(WebCore::ServiceWorkerJob::notifyFinished):

• workers/service/ServiceWorkerJobClient.h:
• workers/service/context/ServiceWorkerThread.cpp:

(WebCore::ServiceWorkerThread::ServiceWorkerThread):

• workers/service/server/RegistrationDatabase.cpp:

(WebCore::RegistrationDatabase::doPushChanges):
(WebCore::RegistrationDatabase::importRecords):

• workers/service/server/SWServer.cpp:

(WebCore::SWServer::addRegistrationFromStore):
(WebCore::SWServer::updateWorker):
(WebCore::SWServer::installContextData):

• workers/service/server/SWServer.h:
• workers/service/server/SWServerJobQueue.cpp:

(WebCore::SWServerJobQueue::scriptFetchFinished):

• workers/service/server/SWServerWorker.cpp:

(WebCore::SWServerWorker::SWServerWorker):
(WebCore::SWServerWorker::contextData const):

• workers/service/server/SWServerWorker.h:

Source/WebKit:

As mentioned in the WebCore changelog, we do all the COEP checks in the network process
instead of WebCore for added security. As a result, we need to pass more information
to the network process when doing loads in order to do those checks. The checks are done
in NetworkResourceLoader for navigations & worker script loads (similarly to CSP,
X-FrameOptions) and in NetworkLoadChecker for CORP checks of subresource loads (similarly
to CORS checks).

• NetworkProcess/NetworkLoadChecker.cpp:

(WebKit::NetworkLoadChecker::NetworkLoadChecker):
(WebKit::NetworkLoadChecker::validateResponse):

• NetworkProcess/NetworkLoadChecker.h:

(WebKit::NetworkLoadChecker::setParentCrossOriginEmbedderPolicy):
(WebKit::NetworkLoadChecker::setCrossOriginEmbedderPolicy):

• NetworkProcess/NetworkResourceLoadParameters.cpp:

(WebKit::NetworkResourceLoadParameters::parentOrigin const):
(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):

• NetworkProcess/NetworkResourceLoadParameters.h:
• NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions):
(WebKit::NetworkResourceLoader::shouldInterruptNavigationForCrossOriginEmbedderPolicy):
(WebKit::NetworkResourceLoader::shouldInterruptWorkerLoadForCrossOriginEmbedderPolicy):
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::willSendRedirectedRequest):

• NetworkProcess/NetworkResourceLoader.h:
• NetworkProcess/PingLoad.cpp:

(WebKit::PingLoad::PingLoad):
(WebKit::PingLoad::initialize):

• NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp:

(WebKit::ServiceWorkerFetchTask::didReceiveResponse):

• NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp:

(WebKit::ServiceWorkerSoftUpdateLoader::processResponse):
(WebKit::ServiceWorkerSoftUpdateLoader::didFinishLoading):

• NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h:
• NetworkProcess/cache/CacheStorageEngineCache.cpp:

(WebKit::CacheStorage::Cache::retrieveRecords):

• WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::addParametersShared):
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):

Source/WTF:

Add experimental feature flag for Cross-Origin-Embedder-Policy (COEP), off by default.

• Scripts/Preferences/WebPreferencesExperimental.yaml:

LayoutTests:

Update test expectations now that we support COEP on WK2.

• TestExpectations:
• http/wpt/html/cross-origin-embedder-policy/require-corp.https-expected.txt: Added.
• http/wpt/html/cross-origin-embedder-policy/require-corp.https.html: Added.
• http/wpt/html/cross-origin-embedder-policy/require-corp.https.html.headers: Added.
• platform/mac-wk1/TestExpectations:
• platform/win/TestExpectations:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/TestExpectations (modified) (4 diffs)
• LayoutTests/http/wpt/html/cross-origin-embedder-policy (added)
• LayoutTests/http/wpt/html/cross-origin-embedder-policy/require-corp.https-expected.txt (added)
• LayoutTests/http/wpt/html/cross-origin-embedder-policy/require-corp.https.html (added)
• LayoutTests/http/wpt/html/cross-origin-embedder-policy/require-corp.https.html.headers (added)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/blob.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/coep-frame-javascript.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/coep-on-response-from-service-worker.https-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/data.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/header-parsing.https-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/javascript.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/multi-globals/workers-coep-report.https-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/no-secure-context-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/none-sw-from-require-corp.https-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/none.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-blank-expected.txt (deleted)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-blank.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-srcdoc-expected.txt (deleted)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-srcdoc.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-none.https-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-require-corp.https-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp.https-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/sandbox.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/service-worker-cache-storage.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/srcdoc.https-expected.txt (modified) (1 diff)
• LayoutTests/platform/mac-wk1/TestExpectations (modified) (2 diffs)
• LayoutTests/platform/win/TestExpectations (modified) (2 diffs)
• Source/WTF/ChangeLog (modified) (1 diff)
• Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/cache/DOMCache.cpp (modified) (1 diff)
• Source/WebCore/Modules/cache/DOMCacheEngine.cpp (modified) (2 diffs)
• Source/WebCore/Modules/cache/DOMCacheEngine.h (modified) (3 diffs)
• Source/WebCore/Modules/cache/RetrieveRecordsOptions.h (modified) (5 diffs)
• Source/WebCore/dom/Document.cpp (modified) (1 diff)
• Source/WebCore/dom/SecurityContext.h (modified) (3 diffs)
• Source/WebCore/loader/CrossOriginAccessControl.cpp (modified) (3 diffs)
• Source/WebCore/loader/CrossOriginAccessControl.h (modified) (2 diffs)
• Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp (modified) (3 diffs)
• Source/WebCore/loader/CrossOriginEmbedderPolicy.h (modified) (1 diff)
• Source/WebCore/loader/CrossOriginOpenerPolicy.cpp (modified) (1 diff)
• Source/WebCore/loader/DocumentThreadableLoader.cpp (modified) (7 diffs)
• Source/WebCore/loader/DocumentThreadableLoader.h (modified) (4 diffs)
• Source/WebCore/loader/DocumentWriter.cpp (modified) (2 diffs)
• Source/WebCore/loader/FrameLoader.cpp (modified) (2 diffs)
• Source/WebCore/loader/ResourceLoaderOptions.h (modified) (2 diffs)
• Source/WebCore/loader/WorkerThreadableLoader.cpp (modified) (3 diffs)
• Source/WebCore/loader/cache/CachedResourceLoader.cpp (modified) (1 diff)
• Source/WebCore/page/SecurityOrigin.h (modified) (1 diff)
• Source/WebCore/platform/network/HTTPParsers.cpp (modified) (1 diff)
• Source/WebCore/platform/network/HTTPParsers.h (modified) (1 diff)
• Source/WebCore/workers/Worker.cpp (modified) (1 diff)
• Source/WebCore/workers/WorkerGlobalScope.cpp (modified) (1 diff)
• Source/WebCore/workers/WorkerGlobalScopeProxy.h (modified) (1 diff)
• Source/WebCore/workers/WorkerMessagingProxy.cpp (modified) (2 diffs)
• Source/WebCore/workers/WorkerMessagingProxy.h (modified) (1 diff)
• Source/WebCore/workers/WorkerScriptLoader.cpp (modified) (3 diffs)
• Source/WebCore/workers/WorkerScriptLoader.h (modified) (3 diffs)
• Source/WebCore/workers/WorkerThread.cpp (modified) (1 diff)
• Source/WebCore/workers/WorkerThread.h (modified) (2 diffs)
• Source/WebCore/workers/service/ServiceWorkerContainer.cpp (modified) (2 diffs)
• Source/WebCore/workers/service/ServiceWorkerContainer.h (modified) (1 diff)
• Source/WebCore/workers/service/ServiceWorkerContextData.cpp (modified) (1 diff)
• Source/WebCore/workers/service/ServiceWorkerContextData.h (modified) (5 diffs)
• Source/WebCore/workers/service/ServiceWorkerFetchResult.h (modified) (5 diffs)
• Source/WebCore/workers/service/ServiceWorkerJob.cpp (modified) (1 diff)
• Source/WebCore/workers/service/ServiceWorkerJobClient.h (modified) (2 diffs)
• Source/WebCore/workers/service/context/ServiceWorkerThread.cpp (modified) (1 diff)
• Source/WebCore/workers/service/server/RegistrationDatabase.cpp (modified) (8 diffs)
• Source/WebCore/workers/service/server/SWServer.cpp (modified) (3 diffs)
• Source/WebCore/workers/service/server/SWServer.h (modified) (1 diff)
• Source/WebCore/workers/service/server/SWServerJobQueue.cpp (modified) (1 diff)
• Source/WebCore/workers/service/server/SWServerWorker.cpp (modified) (3 diffs)
• Source/WebCore/workers/service/server/SWServerWorker.h (modified) (3 diffs)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (modified) (4 diffs)
• Source/WebKit/NetworkProcess/NetworkLoadChecker.h (modified) (4 diffs)
• Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp (modified) (3 diffs)
• Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h (modified) (3 diffs)
• Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (modified) (4 diffs)
• Source/WebKit/NetworkProcess/NetworkResourceLoader.h (modified) (1 diff)
• Source/WebKit/NetworkProcess/PingLoad.cpp (modified) (3 diffs)
• Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp (modified) (1 diff)
• Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp (modified) (2 diffs)
• Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h (modified) (2 diffs)
• Source/WebKit/NetworkProcess/cache/CacheStorageEngineCache.cpp (modified) (2 diffs)
• Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (modified) (3 diffs)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2021-08-11  Chris Dumez  <cdumez@apple.com>
+
+        Add initial support for Cross-Origin-Embedder-Policy (COEP)
+        https://bugs.webkit.org/show_bug.cgi?id=228754
+
+        Reviewed by Alex Christensen.
+
+        Update test expectations now that we support COEP on WK2.
+
+        * TestExpectations:
+        * http/wpt/html/cross-origin-embedder-policy/require-corp.https-expected.txt: Added.
+        * http/wpt/html/cross-origin-embedder-policy/require-corp.https.html: Added.
+        * http/wpt/html/cross-origin-embedder-policy/require-corp.https.html.headers: Added.
+        * platform/mac-wk1/TestExpectations:
+        * platform/win/TestExpectations:
+
 2021-08-11  Jean-Yves Avenard  <jya@apple.com>
 

trunk/LayoutTests/TestExpectations

@@ -395 +395 @@
 
 # Console log lines may appear in a different order so we silence them.
+http/wpt/html/cross-origin-embedder-policy/require-corp.https.html [ DumpJSConsoleLogInStdErr ]
 imported/w3c/web-platform-tests/eventsource/format-utf-8.htm [ DumpJSConsoleLogInStdErr ]
 imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-protocol-setter-non-broken.html [ DumpJSConsoleLogInStdErr Failure Pass ]
@@ -530 +531 @@
 imported/w3c/web-platform-tests/html/browsers/sandboxing/window-open-blank-from-different-initiator.html [ Skip ]
 imported/w3c/web-platform-tests/html/browsers/the-window-object/navigate-to-about-blank-while-initial-load-pending.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting-service-worker.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.tentative.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/none.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-frame-owner.https.html [ Skip ]
 imported/w3c/web-platform-tests/html/infrastructure/urls/resolving-urls/query-encoding/windows-1251.html [ Skip ]
 imported/w3c/web-platform-tests/html/infrastructure/urls/resolving-urls/query-encoding/windows-1252.html [ Skip ]
@@ -717 +713 @@
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting [ Skip ]
 
-# This test is timing out locally but passing on wpt.live. The issue is that we run the WPT tests over localhost and they
-# are thus marked as secure contexts even when served over HTTP. The test assumes the context is non-secure because the
-# test is served over HTTP.
+# Cross-Origin-Embedder-Policy: credentialless is not supported.
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless
+
+# These tests are timing out locally but passing on wpt.live. The issue is that we run the WPT tests over localhost and they
+# are thus marked as secure contexts even when served over HTTP. These tests assume the context is non-secure because they
+# are served over HTTP.
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/no-https.html [ Skip ]
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/no-secure-context.html [ Skip ]
+
+# COEP test timing out due to lack of Blob URL support.
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/blob.https.html [ Skip ]
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https.html [ Skip ]
+imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coep-blob-popup.https.html [ Skip ]
+
+# This test makes the assumption that get_host_info().REMOTE_ORIGIN is same-site, which is not true for
+# our layout tests. We maintain our own version of this test in http/wpt.
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp.https.html [ Skip ]
+
+# We do not support COEP reporting.
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html [ Failure Pass ]
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/multi-globals/workers-coep-report.https.html [ Skip ]
 
 # Newly imported WPT tests that are crashing.
@@ -775 +788 @@
 imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/microtasks/checkpoint-after-window-onerror-module.html [ Failure Pass ]
 imported/w3c/web-platform-tests/html/browsers/windows/targeting-cross-origin-nested-browsing-contexts.html [ Failure Pass ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.tentative.https.html [ Failure Pass ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https.html [ Failure Pass ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.tentative.https.html [ Failure Pass ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/header-parsing.https.html [ Failure Pass ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html [ Failure Pass ]
 imported/w3c/web-platform-tests/html/webappapis/update-rendering/child-document-raf-order.html [ Failure Pass ]
 imported/w3c/web-platform-tests/html/rendering/replaced-elements/attributes-for-embedded-content-and-images/img-aspect-ratio-lazy.tentative.html [ Failure Pass ]

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2021-08-11  Chris Dumez  <cdumez@apple.com>
+
+        Add initial support for Cross-Origin-Embedder-Policy (COEP)
+        https://bugs.webkit.org/show_bug.cgi?id=228754
+
+        Reviewed by Alex Christensen.
+
+        Rebaseline COEP WPT tests now that we are passing more checks.
+
+        * web-platform-tests/html/cross-origin-embedder-policy/blob.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/coep-frame-javascript.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/coep-on-response-from-service-worker.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/data.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/header-parsing.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/javascript.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/multi-globals/workers-coep-report.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/no-secure-context-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/none-sw-from-require-corp.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/none.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-blank-expected.txt: Removed.
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-blank.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-srcdoc-expected.txt: Removed.
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-srcdoc.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-none.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-require-corp.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/sandbox.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/service-worker-cache-storage.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/srcdoc.https-expected.txt:
+
 2021-08-11  Chris Dumez  <cdumez@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/blob.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Refused to display 'blob:https://localhost:9443/ce752f78-9f54-4192-885f-d338222dbf89' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'blob:https://127.0.0.1:9443/2d609484-fc8c-4162-b451-5e5a60ca6fb0' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'blob:https://127.0.0.1:9443/d6c69b1b-b9e2-468f-afd5-3ee0ca1f26cd' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'blob:https://localhost:9443/a2f48f74-c115-4535-8945-845540d08260' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'blob:https://127.0.0.1:9443/e46352d8-4f39-4348-addc-cf3be4c271d5' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'blob:https://127.0.0.1:9443/d4b68c8b-e74e-47a5-a08d-612bf0d709d7' in a frame because of Cross-Origin-Embedder-Policy.
 
-Harness Error (FAIL), message = 2 duplicate test names: "Cross-Origin-Embedder-Policy and blob: URL from https://127.0.0.1:9443 in subframe via subframe", "Cross-Origin-Embedder-Policy and blob: URL from https://127.0.0.1:9443 in subframe via navigate"
+Harness Error (TIMEOUT), message = null
 
-FAIL Cross-Origin-Embedder-Policy and blob: URL from https://localhost:9443 in subframe via subframe assert_true: Cross-origin without CORP did not fail expected true got false
-PASS Cross-Origin-Embedder-Policy and blob: URL from https://localhost:9443 in subframe via navigate
-PASS Cross-Origin-Embedder-Policy and blob: URL from https://127.0.0.1:9443 in subframe via subframe
-PASS Cross-Origin-Embedder-Policy and blob: URL from https://127.0.0.1:9443 in subframe via navigate
-PASS Cross-Origin-Embedder-Policy and blob: URL from https://127.0.0.1:9443 in subframe via subframe
-PASS Cross-Origin-Embedder-Policy and blob: URL from https://127.0.0.1:9443 in subframe via navigate
+TIMEOUT Cross-Origin-Embedder-Policy and blob: URL from https://localhost:9443 in subframe via subframe Test timed out
+TIMEOUT Cross-Origin-Embedder-Policy and blob: URL from https://localhost:9443 in subframe via navigate Test timed out
+TIMEOUT Cross-Origin-Embedder-Policy and blob: URL from https://127.0.0.1:9443 in subframe via subframe Test timed out
+TIMEOUT Cross-Origin-Embedder-Policy and blob: URL from https://127.0.0.1:9443 in subframe via navigate Test timed out
+TIMEOUT Cross-Origin-Embedder-Policy and blob: URL from https://127.0.0.1:9443 in subframe via subframe Test timed out
+TIMEOUT Cross-Origin-Embedder-Policy and blob: URL from https://127.0.0.1:9443 in subframe via navigate Test timed out
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/coep-frame-javascript.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html due to access control checks.
 
-FAIL Cross-Origin-Embedder-Policy frame and javascript: URLs assert_true: Cross-origin without CORP did not fail expected true got false
+PASS Cross-Origin-Embedder-Policy frame and javascript: URLs
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/coep-on-response-from-service-worker.https-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt because it violates the resource's Cross-Origin-Resource-Policy response header.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html due to access control checks.
 CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt?passthrough because it violates the resource's Cross-Origin-Resource-Policy response header.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt?passthrough due to access control checks.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html?passthrough because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html?passthrough due to access control checks.
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html.
@@ -11 +15 @@
 PASS making a same-origin request for CORP: cross-origin
 PASS making a cross-origin request for CORP: same-origin
-FAIL making a cross-origin request for no CORP assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS making a cross-origin request for no CORP
 PASS making a cross-origin request for CORP: cross-origin
 PASS making a cross-origin request for CORP: same-origin [PASS THROUGH]
-FAIL making a cross-origin request for no CORP [PASS THROUGH] assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS making a cross-origin request for no CORP [PASS THROUGH]
 PASS making a cross-origin request for CORP: cross-origin [PASS THROUGH]
 PASS making a cross-origin request with CORS without ACAO

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/html/cross-origin-embedder-policy/credentialless/resources/executor.html?pipe=|header(Cross-Origin-Embedder-Policy,none)&uuid=48c5cd5d-1a04-4b22-b367-348626e3e72f' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'https://127.0.0.1:9443/html/cross-origin-embedder-policy/credentialless/resources/executor.html?pipe=|header(Cross-Origin-Embedder-Policy,none)&uuid=dc38ab59-60a5-4ca7-846e-07f347cbb88b' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'https://127.0.0.1:9443/html/cross-origin-embedder-policy/credentialless/resources/executor.html?pipe=|header(Cross-Origin-Embedder-Policy,credentialless)&uuid=3bc9c936-138c-44a8-b89a-22d5348db081' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/credentialless/resources/executor.html?pipe=|header(Cross-Origin-Embedder-Policy,require-corp)&uuid=9b4fc8a0-7c1b-4ced-9055-368e754dc376 because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/html/cross-origin-embedder-policy/credentialless/resources/executor.html?pipe=|header(Cross-Origin-Embedder-Policy,credentialless)&uuid=7f8abf5e-9254-4d23-b288-ed44441c26aa' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/html/cross-origin-embedder-policy/credentialless/resources/executor.html?pipe=|header(Cross-Origin-Embedder-Policy,none)|header(Cross-Origin-Resource-Policy,cross-origin)&uuid=9bda0fd6-29fb-4c8f-acf4-04b6db9ebf7f' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'https://127.0.0.1:9443/html/cross-origin-embedder-policy/credentialless/resources/executor.html?pipe=|header(Cross-Origin-Embedder-Policy,none)|header(Cross-Origin-Resource-Policy,cross-origin)&uuid=14602c93-2124-4abb-9de9-5f98cb106608' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'https://127.0.0.1:9443/html/cross-origin-embedder-policy/credentialless/resources/executor.html?pipe=|header(Cross-Origin-Embedder-Policy,credentialless)|header(Cross-Origin-Resource-Policy,cross-origin)&uuid=c90ebc7d-77ed-486d-8b4f-5af18771d6f2' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/html/cross-origin-embedder-policy/credentialless/resources/executor.html?pipe=|header(Cross-Origin-Embedder-Policy,credentialless)|header(Cross-Origin-Resource-Policy,cross-origin)&uuid=95a65629-9a80-4aa5-81fc-ae7e7d8c2d52' in a frame because of Cross-Origin-Embedder-Policy.
 
-FAIL COEP:require-corp embeds same-origin COEP:none assert_equals: expected "block" but got "load"
-FAIL COEP:require-corp embeds cross-origin COEP:none assert_equals: expected "block" but got "load"
-PASS COEP:require-corp embeds same-origin COEP:credentialless
-FAIL COEP:require-corp embeds cross-origin COEP:credentialless assert_equals: expected "block" but got "load"
+Harness Error (TIMEOUT), message = null
+
+PASS COEP:require-corp embeds same-origin COEP:none
+PASS COEP:require-corp embeds cross-origin COEP:none
+TIMEOUT COEP:require-corp embeds same-origin COEP:credentialless Test timed out
+PASS COEP:require-corp embeds cross-origin COEP:credentialless
 PASS COEP:require-corp embeds same-origin COEP:require-corp
-FAIL COEP:require-corp embeds cross-origin COEP:require-corp assert_equals: expected "block" but got "load"
-FAIL COEP:require-corp embeds same-origin COEP:none, CORP:cross-origin assert_equals: expected "block" but got "load"
-FAIL COEP:require-corp embeds cross-origin COEP:none, CORP:cross-origin assert_equals: expected "block" but got "load"
-PASS COEP:require-corp embeds same-origin COEP:credentialless, CORP:cross-origin
-PASS COEP:require-corp embeds cross-origin COEP:credentialless, CORP:cross-origin
+PASS COEP:require-corp embeds cross-origin COEP:require-corp
+PASS COEP:require-corp embeds same-origin COEP:none, CORP:cross-origin
+PASS COEP:require-corp embeds cross-origin COEP:none, CORP:cross-origin
+TIMEOUT COEP:require-corp embeds same-origin COEP:credentialless, CORP:cross-origin Test timed out
+TIMEOUT COEP:require-corp embeds cross-origin COEP:credentialless, CORP:cross-origin Test timed out
 PASS COEP:require-corp embeds same-origin COEP:require-corp, CORP:cross-origin
 PASS COEP:require-corp embeds cross-origin COEP:require-corp, CORP:cross-origin

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Refused to load 'blob:https://localhost:9443/0626116e-3414-4f35-bd1e-007f1312b79e' worker because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Worker load was blocked by Cross-Origin-Embedder-Policy
+CONSOLE MESSAGE: Cannot load blob:https://localhost:9443/0626116e-3414-4f35-bd1e-007f1312b79e due to access control checks.
+CONSOLE MESSAGE: Refused to load 'blob:https://localhost:9443/a99eb341-4640-403a-a8f4-c2fcf28ede20' worker because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Worker load was blocked by Cross-Origin-Embedder-Policy
+CONSOLE MESSAGE: Cannot load blob:https://localhost:9443/a99eb341-4640-403a-a8f4-c2fcf28ede20 due to access control checks.
+CONSOLE MESSAGE: Refused to load 'blob:https://localhost:9443/929d633e-ce48-43ff-b89d-e4e20fca6753' worker because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Worker load was blocked by Cross-Origin-Embedder-Policy
+CONSOLE MESSAGE: Cannot load blob:https://localhost:9443/929d633e-ce48-43ff-b89d-e4e20fca6753 due to access control checks.
+CONSOLE MESSAGE: Refused to load 'blob:https://localhost:9443/0c8b6914-58db-417c-9e0c-e7ecacc4a16a' worker because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Worker load was blocked by Cross-Origin-Embedder-Policy
+CONSOLE MESSAGE: Cannot load blob:https://localhost:9443/0c8b6914-58db-417c-9e0c-e7ecacc4a16a due to access control checks.
+
+
+Harness Error (TIMEOUT), message = null
 
 FAIL frame: origin = https://localhost:9443, value = undefined assert_equals: expected true but got false
@@ -16 +31 @@
 PASS dedicated worker: scheme = data, value = self
 PASS dedicated worker: scheme = data, value = (\)
-FAIL dedicated worker: scheme = blob, value = undefined assert_equals: expected true but got false
-FAIL dedicated worker: scheme = blob, value = * assert_equals: expected true but got false
-FAIL dedicated worker: scheme = blob, value = self assert_equals: expected true but got false
-PASS dedicated worker: scheme = blob, value = (\)
+TIMEOUT dedicated worker: scheme = blob, value = undefined Test timed out
+TIMEOUT dedicated worker: scheme = blob, value = * Test timed out
+TIMEOUT dedicated worker: scheme = blob, value = self Test timed out
+TIMEOUT dedicated worker: scheme = blob, value = (\) Test timed out
 FAIL shared worker: withCoopCoep = false Can't find variable: SharedWorker
 FAIL shared worker: withCoopCoep = true Can't find variable: SharedWorker

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/data.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Cancelled load to https://localhost:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/common/blank.html due to access control checks.
 
-FAIL Cross-Origin-Embedder-Policy and data: URLs assert_true: Cross-origin without CORP did not fail expected true got false
+PASS Cross-Origin-Embedder-Policy and data: URLs
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Refused to load 'https://localhost:9443/html/cross-origin-embedder-policy/resources/universal-worker.js?pipe=' worker because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Worker load was blocked by Cross-Origin-Embedder-Policy
+CONSOLE MESSAGE: Cannot load https://localhost:9443/html/cross-origin-embedder-policy/resources/universal-worker.js?pipe= due to access control checks.
+CONSOLE MESSAGE: Refused to load 'https://localhost:9443/html/cross-origin-embedder-policy/resources/universal-worker.js?pipe=' worker because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Worker load was blocked by Cross-Origin-Embedder-Policy
+CONSOLE MESSAGE: Cannot load https://localhost:9443/html/cross-origin-embedder-policy/resources/universal-worker.js?pipe= due to access control checks.
 
 PASS coep-none coep-none corp-cross-origin
 PASS coep-none coep-none corp-undefined
 PASS coep-none coep-require-corp corp-cross-origin
-FAIL coep-none coep-require-corp corp-undefined assert_equals: expected "failure" but got "success"
-FAIL coep-require-corp coep-none corp-cross-origin assert_equals: expected "error" but got "success"
-FAIL coep-require-corp coep-none corp-undefined assert_equals: expected "error" but got "success"
+PASS coep-none coep-require-corp corp-undefined
+PASS coep-require-corp coep-none corp-cross-origin
+PASS coep-require-corp coep-none corp-undefined
 PASS coep-require-corp coep-require-corp corp-cross-origin
-FAIL coep-require-corp coep-require-corp corp-undefined assert_equals: expected "failure" but got "success"
+PASS coep-require-corp coep-require-corp corp-undefined
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https-expected.txt

@@ -1 @@
-
-
-Harness Error (TIMEOUT), message = null
+CONSOLE MESSAGE: Refused to load 'https://localhost:9443/html/cross-origin-embedder-policy/resources/dedicated-worker.js' worker because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Worker load was blocked by Cross-Origin-Embedder-Policy
+CONSOLE MESSAGE: Cannot load https://localhost:9443/html/cross-origin-embedder-policy/resources/dedicated-worker.js due to access control checks.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Refused to load 'https://localhost:9443/html/cross-origin-embedder-policy/resources/dedicated-worker.js' worker because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Worker load was blocked by Cross-Origin-Embedder-Policy
+CONSOLE MESSAGE: Cannot load https://localhost:9443/html/cross-origin-embedder-policy/resources/dedicated-worker.js due to access control checks.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
 
 PASS COEP: none worker in COEP: none frame
-TIMEOUT COEP: none worker in COEP: require-corp frame Test timed out
-NOTRUN COEP: require-corp worker in COEP: none frame
-NOTRUN COEP: require-corp worker in COEP: require-corp frame
-NOTRUN COEP: none module worker in COEP: none frame
-NOTRUN COEP: none module worker in COEP: require-corp frame
-NOTRUN COEP: require-corp module worker in COEP: none frame
-NOTRUN COEP: require-corp module worker in COEP: require-corp frame
+PASS COEP: none worker in COEP: require-corp frame
+PASS COEP: require-corp worker in COEP: none frame
+PASS COEP: require-corp worker in COEP: require-corp frame
+PASS COEP: none module worker in COEP: none frame
+PASS COEP: none module worker in COEP: require-corp frame
+PASS COEP: require-corp module worker in COEP: none frame
+PASS COEP: require-corp module worker in COEP: require-corp frame
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/header-parsing.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
 
-PASS navigation allowed for PASS navigation allowed for [""]
+PASS navigation allowed for []
+PASS navigation allowed for [""]
 PASS navigation allowed for ["jibberish"]
 PASS navigation allowed for [{"percentEncoded":"require%FFcorp"}]
@@ -16 +33 @@
 PASS navigation allowed for ["","require-corp"]
 PASS navigation allowed for ["require-corp",""]
-FAIL navigation blocked for ["require-corp"] assert_equals: expected null but got Document node with 1 child
-FAIL navigation blocked for [" require-corp "] assert_equals: expected null but got Document node with 1 child
-FAIL navigation blocked for ["\trequire-corp\t"] assert_equals: expected null but got Document node with 1 child
-FAIL navigation blocked for [" \trequire-corp"] assert_equals: expected null but got Document node with 1 child
-FAIL navigation blocked for ["require-corp\t "] assert_equals: expected null but got Document node with 1 child
-FAIL navigation blocked for ["require-corp; foo=bar"] assert_equals: expected null but got Document node with 1 child
-FAIL navigation blocked for ["require-corp;require-corp"] assert_equals: expected null but got Document node with 1 child
-FAIL navigation blocked for ["require-corp; report-to=\"data:","\""] assert_equals: expected null but got Document node with 1 child
+PASS navigation blocked for ["require-corp"]
+PASS navigation blocked for [" require-corp "]
+PASS navigation blocked for ["\trequire-corp\t"]
+PASS navigation blocked for [" \trequire-corp"]
+PASS navigation blocked for ["require-corp\t "]
+PASS navigation blocked for ["require-corp; foo=bar"]
+PASS navigation blocked for ["require-corp;require-corp"]
+PASS navigation blocked for ["require-corp; report-to=\"data:","\""]
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/javascript.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html due to access control checks.
 
-FAIL Cross-Origin-Embedder-Policy and javascript: URLs assert_true: Cross-origin without CORP did not fail expected true got false
+PASS Cross-Origin-Embedder-Policy and javascript: URLs
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/multi-globals/workers-coep-report.https-expected.txt

@@ -4 +4 @@
     }
   })')
+CONSOLE MESSAGE: Refused to load 'https://localhost:9443/html/cross-origin-embedder-policy/multi-globals/current/worker.js' worker because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Worker load was blocked by Cross-Origin-Embedder-Policy
+CONSOLE MESSAGE: Cannot load https://localhost:9443/html/cross-origin-embedder-policy/multi-globals/current/worker.js due to access control checks.
  Hello
 
@@ -12 +15 @@
   })')
 
-FAIL Multiple globals for Worker constructor: COEP reports assert_unreached: worker should have been blocked by COEP Reached unreachable code
+TIMEOUT Multiple globals for Worker constructor: COEP reports Test timed out
 
+Harness Error (FAIL), message = Unhandled rejection: undefined is not a constructor (evaluating 'new global.ReportingObserver((rs) => {
+    for (const r of rs) {
+      reports.push(r.toJSON());
+    }
+  })')
+
+TIMEOUT Multiple globals for Worker constructor: COEP reports Test timed out
+

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/no-secure-context-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8800/html/cross-origin-embedder-policy/resources/iframe.html' in a frame because of Cross-Origin-Embedder-Policy.
 
-PASS COEP requires a secure context
+Harness Error (TIMEOUT), message = null
 
+TIMEOUT COEP requires a secure context Test timed out
+

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/none-sw-from-require-corp.https-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt because it violates the resource's Cross-Origin-Resource-Policy response header.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html due to access control checks.
 CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt?passthrough because it violates the resource's Cross-Origin-Resource-Policy response header.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt?passthrough due to access control checks.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html?passthrough because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html?passthrough due to access control checks.
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html.
@@ -11 +15 @@
 PASS making a same-origin request for CORP: cross-origin
 PASS making a cross-origin request for CORP: same-origin
-FAIL making a cross-origin request for no CORP assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS making a cross-origin request for no CORP
 PASS making a cross-origin request for CORP: cross-origin
 PASS making a cross-origin request for CORP: same-origin [PASS THROUGH]
-FAIL making a cross-origin request for no CORP [PASS THROUGH] assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS making a cross-origin request for no CORP [PASS THROUGH]
 PASS making a cross-origin request for CORP: cross-origin [PASS THROUGH]
 PASS making a cross-origin request with CORS without ACAO

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/none.https-expected.txt

@@ -1 @@
-
-Harness Error (TIMEOUT), message = null
 
 PASS "none" top-level: navigating a frame to "none" should succeed
 PASS "none" top-level: navigating a frame from "require-corp" to "none" should succeed
-TIMEOUT "none" top-level: navigating a frame back from "require-corp" should succeed Test timed out
-FAIL "require-corp" top-level noopener popup: navigating to "none" should succeed Can't find variable: BroadcastChannel
+PASS "none" top-level: navigating a frame back from "require-corp" should succeed
+PASS "require-corp" top-level noopener popup: navigating to "none" should succeed
 PASS CORP: same-site is not checked.
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https-expected.txt

@@ -1 @@
-$
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/text-plain.txt?5770c451-7494-433b-8c09-b31f6ee4ffc8 because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/text-plain.txt?5770c451-7494-433b-8c09-b31f6ee4ffc8 due to access control checks.
+CONSOLE MESSAGE: Refused to display 'https://127.0.0.1:9443/common/blank.html?61cf891c-f480-4336-8e40-08917296c4b1' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html?99e6eced-bb02-418a-b988-2339189a16a2' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html?03fa3aa7-2433-4e5d-af85-f3b4581de86a' in a frame because of Cross-Origin-Embedder-Policy.
 
-FAIL subresource CORP assert_unreached: A report whose blocked-url is https://127.0.0.1:9443/common/text-plain.txt?5b94c235-d74d-4e80-b363-aa9bd466b1a6 and url is https://localhost:9443/html/cross-origin-embedder-policy/resources/reporting-empty-frame.html is not found. Reached unreachable code
-FAIL navigation CORP assert_unreached: A report whose blocked-url is https://127.0.0.1:9443/common/blank.html?6f615216-f22f-41cb-a707-0b977efc3d6d and url is https://localhost:9443/html/cross-origin-embedder-policy/resources/reporting-empty-frame.html is not found. Reached unreachable code
-FAIL COEP violation on nested frame navigation assert_unreached: A report whose blocked-url is https://localhost:9443/common/blank.html?f967cac2-4283-4ea6-8667-040244e52336 and url is https://localhost:9443/html/cross-origin-embedder-policy/resources/reporting-empty-frame.html is not found. Reached unreachable code
+FAIL subresource CORP assert_unreached: A report whose blockedURL is https://127.0.0.1:9443/common/text-plain.txt?5770c451-7494-433b-8c09-b31f6ee4ffc8 and url is https://localhost:9443/html/cross-origin-embedder-policy/resources/reporting-empty-frame.html?pipe=header(cross-origin-embedder-policy,require-corp;report-to=%22endpoint%22)|header(cross-origin-embedder-policy-report-only,require-corp;report-to=%22report-only-endpoint%22) is not found. Reached unreachable code
+FAIL navigation CORP assert_unreached: A report whose blockedURL is https://127.0.0.1:9443/common/blank.html?61cf891c-f480-4336-8e40-08917296c4b1 and url is https://localhost:9443/html/cross-origin-embedder-policy/resources/reporting-empty-frame.html?pipe=header(cross-origin-embedder-policy,require-corp;report-to=%22endpoint%22)|header(cross-origin-embedder-policy-report-only,require-corp;report-to=%22report-only-endpoint%22) is not found. Reached unreachable code
+FAIL COEP violation on nested frame navigation assert_unreached: A report whose blockedURL is https://localhost:9443/common/blank.html?99e6eced-bb02-418a-b988-2339189a16a2 and url is https://localhost:9443/html/cross-origin-embedder-policy/resources/reporting-empty-frame.html?pipe=header(cross-origin-embedder-policy,require-corp;report-to=%22endpoint%22)|header(cross-origin-embedder-policy-report-only,require-corp;report-to=%22report-only-endpoint%22) is not found. Reached unreachable code
+FAIL Two COEP headers, split inside report-to value assert_unreached: A report whose blockedURL is https://localhost:9443/common/blank.html?03fa3aa7-2433-4e5d-af85-f3b4581de86a and url is https://localhost:9443/html/cross-origin-embedder-policy/resources/reporting-empty-frame-multiple-headers.html.asis is not found. Reached unreachable code
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-blank.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
 
 
 PASS Wait for the DOM to be built.
 PASS about:blank can always be embedded by a 'require-corp' document
-FAIL A(B(C)) A=require-corp, B=about:blank, C=no-require-corp => C can't load step_wait_func: Timed out waiting on condition
+PASS A(B(C)) A=require-corp, B=about:blank, C=no-require-corp => C can't load
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-srcdoc.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
 
 
 PASS Wait for the DOM to be built.
 PASS about:srcdoc can always be embedded by a 'require-corp' document
-FAIL A(B(C)) A=require-corp, B=about:srcdoc, C=no-require-corp => C can't load step_wait_func: Timed out waiting on condition
+PASS A(B(C)) A=require-corp, B=about:srcdoc, C=no-require-corp => C can't load
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Cache API operation failed: Cross-Origin-Resource-Policy failure
+CONSOLE MESSAGE: Cache API operation failed: Cross-Origin-Resource-Policy failure
 
 
@@ -26 +28 @@
 PASS Fetch cross-origin no-cors cors-disabled corp-cross-origin from network and CacheStorage.
 PASS Fetch cross-origin no-cors cors-disabled corp-same-origin from network and CacheStorage.
-FAIL Fetch cross-origin no-cors cors-disabled corp-undefined from network and CacheStorage. assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Fetch cross-origin no-cors cors-disabled corp-undefined from network and CacheStorage.
 PASS Fetch cross-origin no-cors cors-enabled corp-cross-origin from network and CacheStorage.
 PASS Fetch cross-origin no-cors cors-enabled corp-same-origin from network and CacheStorage.
-FAIL Fetch cross-origin no-cors cors-enabled corp-undefined from network and CacheStorage. assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Fetch cross-origin no-cors cors-enabled corp-undefined from network and CacheStorage.
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-none.https-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt because it violates the resource's Cross-Origin-Resource-Policy response header.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt.
+CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html.
 CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt?passthrough because it violates the resource's Cross-Origin-Resource-Policy response header.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt?passthrough due to access control checks.
@@ -11 +13 @@
 PASS making a same-origin request for CORP: cross-origin
 PASS making a cross-origin request for CORP: same-origin
-FAIL making a cross-origin request for no CORP assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS making a cross-origin request for no CORP
 PASS making a cross-origin request for CORP: cross-origin
 PASS making a cross-origin request for CORP: same-origin [PASS THROUGH]

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-require-corp.https-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt because it violates the resource's Cross-Origin-Resource-Policy response header.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt.
+CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html.
 CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt?passthrough because it violates the resource's Cross-Origin-Resource-Policy response header.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/nothing-same-origin-corp.txt?passthrough due to access control checks.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html?passthrough because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html?passthrough due to access control checks.
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html.
@@ -11 +15 @@
 PASS making a same-origin request for CORP: cross-origin
 PASS making a cross-origin request for CORP: same-origin
-FAIL making a cross-origin request for no CORP assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS making a cross-origin request for no CORP
 PASS making a cross-origin request for CORP: cross-origin
 PASS making a cross-origin request for CORP: same-origin [PASS THROUGH]
-FAIL making a cross-origin request for no CORP [PASS THROUGH] assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS making a cross-origin request for no CORP [PASS THROUGH]
 PASS making a cross-origin request for CORP: cross-origin [PASS THROUGH]
 PASS making a cross-origin request with CORS without ACAO

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw.https-expected.txt

@@ -2 +2 @@
 PASS Set up global state
 PASS fetch() to 'CORP: cross-origin' response should succeed.
-FAIL fetch() to no CORP response should not succeed. assert_equals: expected "Exception: TypeError" but got "opaque"
-FAIL importScripts() fails for a script with no corp. assert_unreached: Should have rejected: register() should fail. Reached unreachable code
+PASS fetch() to no CORP response should not succeed.
+PASS importScripts() fails for a script with no corp.
 PASS importScripts() succeeds for a script with corp: cross-origin.
 PASS Clean up global state

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "null" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/navigate-require-corp-same-site.sub.html?token=5dcc16cb-9469-4bec-9602-a97aea5d9615 because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/navigate-require-corp-same-site.sub.html?token=b26287fc-8f3f-4acc-8a8e-8a644072bf73 because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/navigate-require-corp-same-site.sub.html?to=https%3A%2F%2Flocalhost%3A9443%2Fhtml%2Fcross-origin-embedder-policy%2Fresources%2Fnavigate-require-corp.sub.html%3FchannelName%3D8b07c736-9199-41a7-904c-4efbb7dfa027 because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/navigate-require-corp-same-site.sub.html?to=https%3A%2F%2F127.0.0.1%3A9443%2Fhtml%2Fcross-origin-embedder-policy%2Fresources%2Fnavigate-require-corp.sub.html%3FchannelName%3Ddda15abf-6fbe-457f-a03d-ee8d6c919d65 because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Refused to display 'https://127.0.0.1:9443/common/redirect.py?location=https%3A%2F%2Flocalhost%3A9443%2Fhtml%2Fcross-origin-embedder-policy%2Fresources%2Fnavigate-require-corp.sub.html%3FchannelName%3D8f6cafbd-6cff-4b57-b369-4045fca85b49' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Redirection was blocked by Cross-Origin-Embedder-Policy
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html due to access control checks.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html due to access control checks.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: Refused to display 'https://localhost:9443/common/blank.html' in a frame because of Cross-Origin-Embedder-Policy.
+CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "https://localhost:9443" from accessing a frame at "https://localhost:9443".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
 
-FAIL "require-corp" top-level: navigating a frame to "none" should fail step_wait_func: Timed out waiting on condition
-FAIL "require-corp" top-level: navigating a frame from "require-corp" to "none" should fail step_wait_func: Timed out waiting on condition
+Harness Error (TIMEOUT), message = null
+
+PASS "require-corp" top-level: navigating a frame to "none" should fail
+PASS "require-corp" top-level: navigating a frame from "require-corp" to "none" should fail
 PASS "require-corp" top-level: creating a noopener "none" popup should succeed
 PASS "require-corp" top-level: creating a "none" popup should succeed.
@@ -8 +26 @@
 PASS "require-corp" top-level (as popup with opener set to null): navigating to "none" should succeed
 PASS "require-corp" top-level: fetch() to CORP: cross-origin response should succeed
-FAIL "require-corp" top-level: fetch() to response without CORP should fail assert_unreached: Should have rejected: undefined Reached unreachable code
-FAIL "require-corp" top-level: fetch() to response without CORP through a WindowProxy should fail assert_unreached: Should have rejected: undefined Reached unreachable code
-FAIL "require-corp" top-level: navigating an iframe to a page without CORP, through a WindowProxy, should fail step_wait_func: Timed out waiting on condition
-PASS CORP: same-site is checked and allowed.
-FAIL CORP: same-site is checked and blocked. assert_false: expected false got true
-PASS navigation CORP is checked with the parent frame, not the navigation source - to be allowed
+PASS "require-corp" top-level: fetch() to response without CORP should fail
+PASS "require-corp" top-level: fetch() to response without CORP through a WindowProxy should fail
+PASS "require-corp" top-level: navigating an iframe to a page without CORP, through a WindowProxy, should fail
+TIMEOUT CORP: same-site is checked and allowed. Test timed out
+PASS CORP: same-site is checked and blocked.
+TIMEOUT navigation CORP is checked with the parent frame, not the navigation source - to be allowed Test timed out
 PASS navigation CORP is checked with the parent frame, not the navigation source - to be blocked
-FAIL navigation CORP is checked for each redirect assert_false: expected false got true
+PASS navigation CORP is checked for each redirect
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/sandbox.https-expected.txt

@@ -1 +1 @@
 
-FAIL Cross-Origin-Embedder-Policy and sandbox assert_true: Request to same-origin resource without CORP did not fail expected true got false
+PASS Cross-Origin-Embedder-Policy and sandbox
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/service-worker-cache-storage.https-expected.txt

@@ -2 +2 @@
 PASS A ServiceWorker with coep-none use CacheStorage to get a corp-undefined response.
 PASS A ServiceWorker with coep-none use CacheStorage to get a corp-cross-origin response.
-FAIL A ServiceWorker with coep-require-corp use CacheStorage to get a corp-undefined response. assert_equals: expected false but got true
+PASS A ServiceWorker with coep-require-corp use CacheStorage to get a corp-undefined response.
 PASS A ServiceWorker with coep-require-corp use CacheStorage to get a corp-cross-origin response.
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/srcdoc.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:9443/common/blank.html due to access control checks.
 
-FAIL Cross-Origin-Embedder-Policy and srcdoc assert_true: Cross-origin without CORP did not fail expected true got false
+PASS Cross-Origin-Embedder-Policy and srcdoc
 

trunk/LayoutTests/platform/mac-wk1/TestExpectations

@@ -355 +355 @@
 imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy [ Skip ]
 imported/w3c/web-platform-tests/fetch/range/sw.https.window.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting-dedicated-worker.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting-document.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting-shared-worker.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/coep-on-response-from-service-worker.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.tentative.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.tentative.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-subresource-corp.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/service-worker-cache-storage.https.html [ Skip ]
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/popup-coop-by-sw-from-coop.https.html [ Skip ]
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/popup-coop-by-sw.https.html [ Skip ]
@@ -384 +373 @@
 http/wpt/webrtc/transfer-datachannel-service-worker.https.html [ Skip ]
 
+# No Cross-Origin-Embedder-Policy in WK1.
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy [ Skip ]
+http/wpt/html/cross-origin-embedder-policy/require-corp.https.html [ Skip ]
+
 # Quota check missing in WK1
 http/tests/IndexedDB/storage-limit.https.html [ Skip ]

trunk/LayoutTests/platform/win/TestExpectations

@@ -3722 +3722 @@
 imported/w3c/web-platform-tests/fetch/api/request/destination [ Skip ]
 imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting-dedicated-worker.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting-document.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting-shared-worker.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/coep-on-response-from-service-worker.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-subresource-corp.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw.https.html [ Skip ]
-imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/service-worker-cache-storage.https.html [ Skip ]
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/popup-coop-by-sw-from-coop.https.html [ Skip ]
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/popup-coop-by-sw.https.html [ Skip ]
@@ -3739 +3731 @@
 imported/w3c/web-platform-tests/worklets/layout-worklet-service-worker-interception.https.html [ Skip ]
 imported/w3c/web-platform-tests/worklets/paint-worklet-service-worker-interception.https.html [ Skip ]
+
+# No Cross-Origin-Embedder-Policy in WK1.
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy [ Skip ]
+http/wpt/html/cross-origin-embedder-policy/require-corp.https.html [ Skip ]
 
 # No header filtering for WK1

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2021-08-11  Chris Dumez  <cdumez@apple.com>
+
+        Add initial support for Cross-Origin-Embedder-Policy (COEP)
+        https://bugs.webkit.org/show_bug.cgi?id=228754
+
+        Reviewed by Alex Christensen.
+
+        Add experimental feature flag for Cross-Origin-Embedder-Policy (COEP), off by default.
+
+        * Scripts/Preferences/WebPreferencesExperimental.yaml:
+
 2021-08-11  Darin Adler  <darin@apple.com>
 

trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml

@@ -322 +322 @@
       default: false
 
+CrossOriginEmbedderPolicyEnabled:
+  type: bool
+  humanReadableName: "Cross-Origin-Embedder-Policy (COEP) header"
+  humanReadableDescription: "Support for Cross-Origin-Embedder-Policy (COEP) header"
+  defaultValue:
+    WebKitLegacy:
+      default: false
+    WebKit:
+      default: false
+    WebCore:
+      default: false
+
 CrossOriginOpenerPolicyEnabled:
   type: bool

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2021-08-11  Chris Dumez  <cdumez@apple.com>
+
+        Add initial support for Cross-Origin-Embedder-Policy (COEP)
+        https://bugs.webkit.org/show_bug.cgi?id=228754
+
+        Reviewed by Alex Christensen.
+
+        Add initial support for Cross-Origin-Embedder-Policy (COEP) behind a runtime feature flag, off by default:
+        - https://html.spec.whatwg.org/multipage/origin.html#coep
+
+        The COEP header has the following impacts:
+        - When a document with `Cross-Origin-Embedder-Policy: require-corp` loads an iframe or a worker script, if the network
+          response for that iframe doesn't also contain `Cross-Origin-Embedder-Policy: require-corp`, then we fail the load.
+        - When a document with `Cross-Origin-Embedder-Policy: require-corp` loads cross-origin subresources, then either CORS
+          must be used or the resource response must be allowed by Cross-Origin-Resource-Policy (CORP) header.
+
+        Support is only for WK2 and checks are done in the network process for better security. Support for workers and service
+        workers (including cache storage) is included.
+
+        Most of the Web-Platform-Tests for COEP are passing with this patch. The exceptions are:
+        - Some tests relying on Blob are failing. Similarly to COOP, Blobs need to inherit COEP from their
+          creator. This is currently unimplemented as the change will likely be non-trivial. I will follow-up
+          to fix Blob support for both COOP and COEP.
+        - Tests in the credentialless/ folder are failing because we do not support `Cross-Origin-Embedder-Policy: credentialless`.
+          This seems to be a fairly recent extension proposed by Google and it is not part of the HTML specification yet.
+        - Some tests expect violation reporting and they are failing and we do not implement reporting yet.
+
+        Note that `self.crossOriginIsolated` still returns false, even if the pages opts into both COOP & COEP, and APIs such
+        as SharedArrayBuffer still are not permitted to use. In order to support this, we will have to actually implement process
+        swapping so that we know a process is not actually shared by several origins.
+
+        Test: http/wpt/html/cross-origin-embedder-policy/require-corp.https.html
+
+        * Modules/cache/DOMCache.cpp:
+        (WebCore::DOMCache::queryCache):
+        * Modules/cache/DOMCacheEngine.cpp:
+        (WebCore::DOMCacheEngine::convertToException):
+        * Modules/cache/DOMCacheEngine.h:
+        * Modules/cache/RetrieveRecordsOptions.h:
+        (WebCore::RetrieveRecordsOptions::isolatedCopy const):
+        (WebCore::RetrieveRecordsOptions::encode const):
+        (WebCore::RetrieveRecordsOptions::decode):
+        * dom/Document.cpp:
+        (WebCore::Document::initSecurityContext):
+        * dom/SecurityContext.h:
+        (WebCore::SecurityContext::crossOriginEmbedderPolicy const):
+        (WebCore::SecurityContext::setCrossOriginEmbedderPolicy):
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::shouldCrossOriginResourcePolicyCancelLoad):
+        (WebCore::validateCrossOriginResourcePolicy):
+        * loader/CrossOriginAccessControl.h:
+        * loader/CrossOriginEmbedderPolicy.cpp:
+        (WebCore::obtainCrossOriginEmbedderPolicy):
+        (WebCore::CrossOriginEmbedderPolicy::isolatedCopy const):
+        * loader/CrossOriginEmbedderPolicy.h:
+        (WebCore::CrossOriginEmbedderPolicy::encode const):
+        (WebCore::CrossOriginEmbedderPolicy::decode):
+        * loader/CrossOriginOpenerPolicy.cpp:
+        (WebCore::obtainCrossOriginOpenerPolicy):
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::loadResourceSynchronously):
+        (WebCore::DocumentThreadableLoader::create):
+        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
+        (WebCore::DocumentThreadableLoader::crossOriginEmbedderPolicy const):
+        * loader/DocumentThreadableLoader.h:
+        * loader/DocumentWriter.cpp:
+        (WebCore::DocumentWriter::begin):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::didBeginDocument):
+        * loader/ResourceLoaderOptions.h:
+        * loader/WorkerThreadableLoader.cpp:
+        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::requestResource):
+        * page/SecurityOrigin.h:
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::parseCrossOriginResourcePolicyHeader):
+        * platform/network/HTTPParsers.h:
+        * workers/Worker.cpp:
+        (WebCore::Worker::notifyFinished):
+        * workers/WorkerGlobalScope.cpp:
+        (WebCore::WorkerGlobalScope::WorkerGlobalScope):
+        * workers/WorkerGlobalScopeProxy.h:
+        * workers/WorkerMessagingProxy.cpp:
+        (WebCore::WorkerMessagingProxy::startWorkerGlobalScope):
+        * workers/WorkerMessagingProxy.h:
+        * workers/WorkerScriptLoader.cpp:
+        (WebCore::WorkerScriptLoader::loadSynchronously):
+        (WebCore::WorkerScriptLoader::loadAsynchronously):
+        (WebCore::WorkerScriptLoader::didReceiveResponse):
+        * workers/WorkerScriptLoader.h:
+        (WebCore::WorkerScriptLoader::crossOriginEmbedderPolicy const):
+        * workers/WorkerThread.cpp:
+        (WebCore::WorkerParameters::isolatedCopy const):
+        * workers/WorkerThread.h:
+        * workers/service/ServiceWorkerContainer.cpp:
+        (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
+        * workers/service/ServiceWorkerContainer.h:
+        * workers/service/ServiceWorkerContextData.cpp:
+        (WebCore::ServiceWorkerContextData::isolatedCopy const):
+        * workers/service/ServiceWorkerContextData.h:
+        (WebCore::ServiceWorkerContextData::encode const):
+        (WebCore::ServiceWorkerContextData::decode):
+        * workers/service/ServiceWorkerFetchResult.h:
+        (WebCore::ServiceWorkerFetchResult::isolatedCopy const):
+        (WebCore::serviceWorkerFetchError):
+        (WebCore::ServiceWorkerFetchResult::encode const):
+        (WebCore::ServiceWorkerFetchResult::decode):
+        * workers/service/ServiceWorkerJob.cpp:
+        (WebCore::ServiceWorkerJob::notifyFinished):
+        * workers/service/ServiceWorkerJobClient.h:
+        * workers/service/context/ServiceWorkerThread.cpp:
+        (WebCore::ServiceWorkerThread::ServiceWorkerThread):
+        * workers/service/server/RegistrationDatabase.cpp:
+        (WebCore::RegistrationDatabase::doPushChanges):
+        (WebCore::RegistrationDatabase::importRecords):
+        * workers/service/server/SWServer.cpp:
+        (WebCore::SWServer::addRegistrationFromStore):
+        (WebCore::SWServer::updateWorker):
+        (WebCore::SWServer::installContextData):
+        * workers/service/server/SWServer.h:
+        * workers/service/server/SWServerJobQueue.cpp:
+        (WebCore::SWServerJobQueue::scriptFetchFinished):
+        * workers/service/server/SWServerWorker.cpp:
+        (WebCore::SWServerWorker::SWServerWorker):
+        (WebCore::SWServerWorker::contextData const):
+        * workers/service/server/SWServerWorker.h:
+
 2021-08-11  Jean-Yves Avenard  <jya@apple.com>
 

trunk/Source/WebCore/Modules/cache/DOMCache.cpp

@@ -453 +453 @@
 void DOMCache::queryCache(ResourceRequest&& request, const CacheQueryOptions& options, ShouldRetrieveResponses shouldRetrieveResponses, RecordsCallback&& callback)
 {
-    RetrieveRecordsOptions retrieveOptions { WTFMove(request), options.ignoreSearch, options.ignoreMethod, options.ignoreVary, shouldRetrieveResponses == ShouldRetrieveResponses::Yes };
+    RetrieveRecordsOptions retrieveOptions { WTFMove(request), scriptExecutionContext()->crossOriginEmbedderPolicy(), *scriptExecutionContext()->securityOrigin(), options.ignoreSearch, options.ignoreMethod, options.ignoreVary, shouldRetrieveResponses == ShouldRetrieveResponses::Yes };
     m_connection->retrieveRecords(m_identifier, retrieveOptions, [this, pendingActivity = makePendingActivity(*this), callback = WTFMove(callback)](auto&& result) mutable {
         if (m_isStopped) {

trunk/Source/WebCore/Modules/cache/DOMCacheEngine.cpp

@@ -29 +29 @@
 
 #include "CacheQueryOptions.h"
+#include "CrossOriginAccessControl.h"
 #include "Exception.h"
 #include "HTTPParsers.h"
@@ -52 +53 @@
     case Error::Stopped:
         return Exception { TypeError, "Context is stopped"_s };
+    case Error::CORP:
+        return Exception { TypeError, "Cross-Origin-Resource-Policy failure"_s };
     }
     ASSERT_NOT_REACHED();

trunk/Source/WebCore/Modules/cache/DOMCacheEngine.h

@@ -42 +42 @@
 namespace DOMCacheEngine {
 
-enum class Error {
+enum class Error : uint8_t {
     NotImplemented,
     ReadDisk,
@@ -48 +48 @@
     QuotaExceeded,
     Internal,
-    Stopped
+    Stopped,
+    CORP
 };
 
@@ -171 +172 @@
         WebCore::DOMCacheEngine::Error::WriteDisk,
         WebCore::DOMCacheEngine::Error::QuotaExceeded,
-        WebCore::DOMCacheEngine::Error::Internal
+        WebCore::DOMCacheEngine::Error::Internal,
+        WebCore::DOMCacheEngine::Error::Stopped,
+        WebCore::DOMCacheEngine::Error::CORP
     >;
 };

trunk/Source/WebCore/Modules/cache/RetrieveRecordsOptions.h

@@ -27 +27 @@
 #pragma once
 
+#include "CrossOriginEmbedderPolicy.h"
 #include "ResourceRequest.h"
+#include "SecurityOrigin.h"
 
 namespace WebCore {
 
 struct RetrieveRecordsOptions {
-    RetrieveRecordsOptions isolatedCopy() const { return { request.isolatedCopy(), ignoreSearch, ignoreMethod, ignoreVary, shouldProvideResponse }; }
+    RetrieveRecordsOptions isolatedCopy() const { return { request.isolatedCopy(), crossOriginEmbedderPolicy.isolatedCopy(), sourceOrigin->isolatedCopy(), ignoreSearch, ignoreMethod, ignoreVary, shouldProvideResponse }; }
 
     template<class Encoder> void encode(Encoder&) const;
@@ -38 +40 @@
 
     ResourceRequest request;
+    CrossOriginEmbedderPolicy crossOriginEmbedderPolicy;
+    Ref<SecurityOrigin> sourceOrigin;
     bool ignoreSearch { false };
     bool ignoreMethod { false };
@@ -46 +50 @@
 template<class Encoder> inline void RetrieveRecordsOptions::encode(Encoder& encoder) const
 {
-    encoder << request << ignoreSearch << ignoreMethod << ignoreVary << shouldProvideResponse;
+    encoder << request << crossOriginEmbedderPolicy << sourceOrigin.get() << ignoreSearch << ignoreMethod << ignoreVary << shouldProvideResponse;
 }
 
@@ -54 +58 @@
     decoder >> request;
     if (!request)
+        return std::nullopt;
+
+    std::optional<CrossOriginEmbedderPolicy> crossOriginEmbedderPolicy;
+    decoder >> crossOriginEmbedderPolicy;
+    if (!crossOriginEmbedderPolicy)
+        return std::nullopt;
+
+    auto sourceOrigin = SecurityOrigin::decode(decoder);
+    if (!sourceOrigin)
         return std::nullopt;
 
@@ -76 +89 @@
         return std::nullopt;
 
-    return { { WTFMove(*request), WTFMove(*ignoreSearch), WTFMove(*ignoreMethod), WTFMove(*ignoreVary), WTFMove(*shouldProvideResponse) } };
+    return { { WTFMove(*request), WTFMove(*crossOriginEmbedderPolicy), sourceOrigin.releaseNonNull(), WTFMove(*ignoreSearch), WTFMove(*ignoreMethod), WTFMove(*ignoreVary), WTFMove(*shouldProvideResponse) } };
 }
 

trunk/Source/WebCore/dom/Document.cpp

@@ -6271 +6271 @@
     contentSecurityPolicy()->updateSourceSelf(ownerFrame->document()->securityOrigin());
 
+    setCrossOriginEmbedderPolicy(ownerFrame->document()->crossOriginEmbedderPolicy());
+
     // https://html.spec.whatwg.org/multipage/browsers.html#creating-a-new-browsing-context (Step 12)
     // If creator is non-null and creator's origin is same origin with creator's relevant settings object's top-level origin, then set coop

trunk/Source/WebCore/dom/SecurityContext.h

@@ -28 +28 @@
 #pragma once
 
+#include "CrossOriginEmbedderPolicy.h"
 #include <memory>
 #include <wtf/Forward.h>
@@ -88 +89 @@
     void setContentSecurityPolicy(std::unique_ptr<ContentSecurityPolicy>&&);
 
+    const CrossOriginEmbedderPolicy& crossOriginEmbedderPolicy() const { return m_crossOriginEmbedderPolicy; }
+    void setCrossOriginEmbedderPolicy(const CrossOriginEmbedderPolicy& crossOriginEmbedderPolicy) { m_crossOriginEmbedderPolicy = crossOriginEmbedderPolicy; }
+
     WEBCORE_EXPORT SecurityOrigin* securityOrigin() const;
 
@@ -131 +135 @@
     RefPtr<SecurityOriginPolicy> m_securityOriginPolicy;
     std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
+    CrossOriginEmbedderPolicy m_crossOriginEmbedderPolicy;
     SandboxFlags m_creationSandboxFlags { SandboxNone };
     SandboxFlags m_sandboxFlags { SandboxNone };

trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp

@@ -29 +29 @@
 
 #include "CachedResourceRequest.h"
+#include "CrossOriginEmbedderPolicy.h"
 #include "CrossOriginPreflightResultCache.h"
 #include "HTTPHeaderNames.h"
@@ -281 +282 @@
 }
 
-static inline bool shouldCrossOriginResourcePolicyCancelLoad(const SecurityOrigin& origin, const ResourceResponse& response)
-{
-    if (origin.canRequest(response.url()))
+// https://fetch.spec.whatwg.org/#cross-origin-resource-policy-internal-check
+static inline bool shouldCrossOriginResourcePolicyCancelLoad(CrossOriginEmbedderPolicyValue coep, const SecurityOrigin& origin, const ResourceResponse& response, ForNavigation forNavigation)
+{
+    if (forNavigation == ForNavigation::Yes && coep != CrossOriginEmbedderPolicyValue::RequireCORP)
         return false;
 
+    if (response.isNull() || origin.canRequest(response.url()))
+        return false;
+
     auto policy = parseCrossOriginResourcePolicyHeader(response.httpHeaderField(HTTPHeaderName::CrossOriginResourcePolicy));
+
+    // https://fetch.spec.whatwg.org/#cross-origin-resource-policy-internal-check (step 4).
+    if ((policy == CrossOriginResourcePolicy::None || policy == CrossOriginResourcePolicy::Invalid) && coep == CrossOriginEmbedderPolicyValue::RequireCORP)
+        return true;
 
     if (policy == CrossOriginResourcePolicy::SameOrigin)
@@ -305 +314 @@
 }
 
-std::optional<ResourceError> validateCrossOriginResourcePolicy(const SecurityOrigin& origin, const URL& requestURL, const ResourceResponse& response)
-{
-    if (shouldCrossOriginResourcePolicyCancelLoad(origin, response))
+std::optional<ResourceError> validateCrossOriginResourcePolicy(CrossOriginEmbedderPolicyValue coep, const SecurityOrigin& origin, const URL& requestURL, const ResourceResponse& response, ForNavigation forNavigation)
+{
+    if (shouldCrossOriginResourcePolicyCancelLoad(coep, origin, response, forNavigation))
         return ResourceError { errorDomainWebKitInternal, 0, requestURL, makeString("Cancelled load to ", response.url().stringCenterEllipsizedToLength(), " because it violates the resource's Cross-Origin-Resource-Policy response header."), ResourceError::Type::AccessControl };
     return std::nullopt;

trunk/Source/WebCore/loader/CrossOriginAccessControl.h

@@ -50 +50 @@
 struct ResourceLoaderOptions;
 
+enum class CrossOriginEmbedderPolicyValue : bool;
+
 WEBCORE_EXPORT bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap&);
 bool isOnAccessControlSimpleRequestMethodAllowlist(const String&);
@@ -85 +87 @@
 WEBCORE_EXPORT Expected<void, String> validatePreflightResponse(PAL::SessionID, const ResourceRequest&, const ResourceResponse&, StoredCredentialsPolicy, const SecurityOrigin&, const CrossOriginAccessControlCheckDisabler*);
 
-WEBCORE_EXPORT std::optional<ResourceError> validateCrossOriginResourcePolicy(const SecurityOrigin&, const URL&, const ResourceResponse&);
+enum class ForNavigation : bool { No, Yes };
+WEBCORE_EXPORT std::optional<ResourceError> validateCrossOriginResourcePolicy(CrossOriginEmbedderPolicyValue, const SecurityOrigin&, const URL&, const ResourceResponse&, ForNavigation);
 std::optional<ResourceError> validateRangeRequestedFlag(const ResourceRequest&, const ResourceResponse&);
 String validateCrossOriginRedirectionURL(const URL&);

trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.cpp

@@ -31 +31 @@
 #include "ResourceResponse.h"
 #include "ScriptExecutionContext.h"
+#include "SecurityOrigin.h"
 
 namespace WebCore {
 
 // https://html.spec.whatwg.org/multipage/origin.html#obtain-an-embedder-policy
-CrossOriginEmbedderPolicy obtainCrossOriginEmbedderPolicy(const ResourceResponse& response, const ScriptExecutionContext& context)
+CrossOriginEmbedderPolicy obtainCrossOriginEmbedderPolicy(const ResourceResponse& response, IsSecureContext isSecureContext)
 {
     auto parseCOEPHeader = [&response](HTTPHeaderName headerName, auto& value, auto& reportingEndpoint) {
@@ -46 +47 @@
 
     CrossOriginEmbedderPolicy policy;
-    // FIXME: about:blank should be marked as secure as per https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url.
-    if (!context.isSecureContext() && context.url() != aboutBlankURL() && !context.url().isEmpty())
+    if (isSecureContext == IsSecureContext::No)
         return policy;
 
@@ -55 +55 @@
 }
 
+CrossOriginEmbedderPolicy obtainCrossOriginEmbedderPolicy(const ResourceResponse& response, const ScriptExecutionContext& context)
+{
+    if (!context.settingsValues().crossOriginEmbedderPolicyEnabled)
+        return { };
+
+    // FIXME: about:blank should be marked as secure as per https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url.
+    auto isSecureContext = context.isSecureContext() || context.url() == aboutBlankURL() || context.url().isEmpty() ? IsSecureContext::Yes : IsSecureContext::No;
+    return obtainCrossOriginEmbedderPolicy(response, isSecureContext);
+}
+
+CrossOriginEmbedderPolicy CrossOriginEmbedderPolicy::isolatedCopy() const
+{
+    return {
+        value,
+        reportingEndpoint.isolatedCopy(),
+        reportOnlyValue,
+        reportOnlyReportingEndpoint.isolatedCopy()
+    };
+}
+
 } // namespace WebCore

trunk/Source/WebCore/loader/CrossOriginEmbedderPolicy.h

@@ -45 +45 @@
     CrossOriginEmbedderPolicyValue reportOnlyValue { CrossOriginEmbedderPolicyValue::UnsafeNone };
     String reportOnlyReportingEndpoint;
+
+    CrossOriginEmbedderPolicy isolatedCopy() const;
+    template<class Encoder> void encode(Encoder&) const;
+    template<class Decoder> static std::optional<CrossOriginEmbedderPolicy> decode(Decoder&);
 };
+
+template<class Encoder>
+void CrossOriginEmbedderPolicy::encode(Encoder& encoder) const
+{
+    encoder << value << reportingEndpoint << reportOnlyValue << reportOnlyReportingEndpoint;
+}
+
+template<class Decoder>
+std::optional<CrossOriginEmbedderPolicy> CrossOriginEmbedderPolicy::decode(Decoder& decoder)
+{
+    std::optional<CrossOriginEmbedderPolicyValue> value;
+    decoder >> value;
+    if (!value)
+        return std::nullopt;
+
+    std::optional<String> reportingEndpoint;
+    decoder >> reportingEndpoint;
+    if (!reportingEndpoint)
+        return std::nullopt;
+
+    std::optional<CrossOriginEmbedderPolicyValue> reportOnlyValue;
+    decoder >> reportOnlyValue;
+    if (!reportOnlyValue)
+        return std::nullopt;
+
+    std::optional<String> reportOnlyReportingEndpoint;
+    decoder >> reportOnlyReportingEndpoint;
+    if (!reportOnlyReportingEndpoint)
+        return std::nullopt;
+
+    return {{
+        *value,
+        WTFMove(*reportingEndpoint),
+        *reportOnlyValue,
+        WTFMove(*reportOnlyReportingEndpoint)
+    }};
+}
 
 CrossOriginEmbedderPolicy obtainCrossOriginEmbedderPolicy(const ResourceResponse&, const ScriptExecutionContext&);
 
+enum class IsSecureContext : bool { No, Yes };
+WEBCORE_EXPORT CrossOriginEmbedderPolicy obtainCrossOriginEmbedderPolicy(const ResourceResponse&, IsSecureContext);
+
 } // namespace WebCore

trunk/Source/WebCore/loader/CrossOriginOpenerPolicy.cpp

@@ -76 +76 @@
 
     CrossOriginOpenerPolicy policy;
+    if (!context.settingsValues().crossOriginOpenerPolicyEnabled)
+        return policy;
     // FIXME: about:blank should be marked as secure as per https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url.
     if (!context.isSecureContext() && context.url() != aboutBlankURL() && !context.url().isEmpty())

trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

@@ -71 +71 @@
 namespace WebCore {
 
-void DocumentThreadableLoader::loadResourceSynchronously(Document& document, ResourceRequest&& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options, RefPtr<SecurityOrigin>&& origin, std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy)
+void DocumentThreadableLoader::loadResourceSynchronously(Document& document, ResourceRequest&& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options, RefPtr<SecurityOrigin>&& origin, std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy, std::optional<CrossOriginEmbedderPolicy>&& crossOriginEmbedderPolicy)
 {
     // The loader will be deleted as soon as this function exits.
-    Ref<DocumentThreadableLoader> loader = adoptRef(*new DocumentThreadableLoader(document, client, LoadSynchronously, WTFMove(request), options, WTFMove(origin), WTFMove(contentSecurityPolicy), String(), ShouldLogError::Yes));
+    Ref<DocumentThreadableLoader> loader = adoptRef(*new DocumentThreadableLoader(document, client, LoadSynchronously, WTFMove(request), options, WTFMove(origin), WTFMove(contentSecurityPolicy), WTFMove(crossOriginEmbedderPolicy), String(), ShouldLogError::Yes));
     ASSERT(loader->hasOneRef());
 }
@@ -80 +80 @@
 void DocumentThreadableLoader::loadResourceSynchronously(Document& document, ResourceRequest&& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options)
 {
-    loadResourceSynchronously(document, WTFMove(request), client, options, nullptr, nullptr);
+    loadResourceSynchronously(document, WTFMove(request), client, options, nullptr, nullptr, std::nullopt);
 }
 
 RefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient& client,
 ResourceRequest&& request, const ThreadableLoaderOptions& options, RefPtr<SecurityOrigin>&& origin,
-std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy, String&& referrer, ShouldLogError shouldLogError)
-{
-    RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, WTFMove(request), options, WTFMove(origin), WTFMove(contentSecurityPolicy), WTFMove(referrer), shouldLogError));
+std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy, std::optional<CrossOriginEmbedderPolicy>&& crossOriginEmbedderPolicy, String&& referrer, ShouldLogError shouldLogError)
+{
+    RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, WTFMove(request), options, WTFMove(origin), WTFMove(contentSecurityPolicy), WTFMove(crossOriginEmbedderPolicy), WTFMove(referrer), shouldLogError));
     if (!loader->isLoading())
         loader = nullptr;
@@ -95 +95 @@
 RefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient& client, ResourceRequest&& request, const ThreadableLoaderOptions& options, String&& referrer)
 {
-    return create(document, client, WTFMove(request), options, nullptr, nullptr, WTFMove(referrer), ShouldLogError::Yes);
+    return create(document, client, WTFMove(request), options, nullptr, nullptr, std::nullopt, WTFMove(referrer), ShouldLogError::Yes);
 }
 
@@ -116 +116 @@
 }
 
-DocumentThreadableLoader::DocumentThreadableLoader(Document& document, ThreadableLoaderClient& client, BlockingBehavior blockingBehavior, ResourceRequest&& request, const ThreadableLoaderOptions& options, RefPtr<SecurityOrigin>&& origin, std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy, String&& referrer, ShouldLogError shouldLogError)
+DocumentThreadableLoader::DocumentThreadableLoader(Document& document, ThreadableLoaderClient& client, BlockingBehavior blockingBehavior, ResourceRequest&& request, const ThreadableLoaderOptions& options, RefPtr<SecurityOrigin>&& origin, std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy, std::optional<CrossOriginEmbedderPolicy>&& crossOriginEmbedderPolicy, String&& referrer, ShouldLogError shouldLogError)
     : m_client(&client)
     , m_document(document)
@@ -127 +127 @@
     , m_delayCallbacksForIntegrityCheck(!m_options.integrity.isEmpty())
     , m_contentSecurityPolicy(WTFMove(contentSecurityPolicy))
+    , m_crossOriginEmbedderPolicy(WTFMove(crossOriginEmbedderPolicy))
     , m_shouldLogError(shouldLogError)
 {
@@ -167 +168 @@
 
     m_options.cspResponseHeaders = m_options.contentSecurityPolicyEnforcement != ContentSecurityPolicyEnforcement::DoNotEnforce ? this->contentSecurityPolicy().responseHeaders() : ContentSecurityPolicyResponseHeaders { };
+    m_options.crossOriginEmbedderPolicy = this->crossOriginEmbedderPolicy();
 
     // As per step 11 of https://fetch.spec.whatwg.org/#main-fetch, data scheme (if same-origin data-URL flag is set) and about scheme are considered same-origin.
@@ -711 +713 @@
 }
 
+const CrossOriginEmbedderPolicy& DocumentThreadableLoader::crossOriginEmbedderPolicy() const
+{
+    if (m_crossOriginEmbedderPolicy)
+        return *m_crossOriginEmbedderPolicy;
+    return m_document.crossOriginEmbedderPolicy();
+}
+
 void DocumentThreadableLoader::reportRedirectionWithBadScheme(const URL& url)
 {

trunk/Source/WebCore/loader/DocumentThreadableLoader.h

@@ -48 +48 @@
         WTF_MAKE_FAST_ALLOCATED;
     public:
-        static void loadResourceSynchronously(Document&, ResourceRequest&&, ThreadableLoaderClient&, const ThreadableLoaderOptions&, RefPtr<SecurityOrigin>&&, std::unique_ptr<ContentSecurityPolicy>&&);
+        static void loadResourceSynchronously(Document&, ResourceRequest&&, ThreadableLoaderClient&, const ThreadableLoaderOptions&, RefPtr<SecurityOrigin>&&, std::unique_ptr<ContentSecurityPolicy>&&, std::optional<CrossOriginEmbedderPolicy>&&);
         static void loadResourceSynchronously(Document&, ResourceRequest&&, ThreadableLoaderClient&, const ThreadableLoaderOptions&);
 
         enum class ShouldLogError { No, Yes };
-        static RefPtr<DocumentThreadableLoader> create(Document&, ThreadableLoaderClient&, ResourceRequest&&, const ThreadableLoaderOptions&, RefPtr<SecurityOrigin>&&, std::unique_ptr<ContentSecurityPolicy>&&, String&& referrer, ShouldLogError);
+        static RefPtr<DocumentThreadableLoader> create(Document&, ThreadableLoaderClient&, ResourceRequest&&, const ThreadableLoaderOptions&, RefPtr<SecurityOrigin>&&, std::unique_ptr<ContentSecurityPolicy>&&, std::optional<CrossOriginEmbedderPolicy>&&, String&& referrer, ShouldLogError);
         static RefPtr<DocumentThreadableLoader> create(Document&, ThreadableLoaderClient&, ResourceRequest&&, const ThreadableLoaderOptions&, String&& referrer = String());
 
@@ -79 +79 @@
         };
 
-        DocumentThreadableLoader(Document&, ThreadableLoaderClient&, BlockingBehavior, ResourceRequest&&, const ThreadableLoaderOptions&, RefPtr<SecurityOrigin>&&, std::unique_ptr<ContentSecurityPolicy>&&, String&&, ShouldLogError);
+        DocumentThreadableLoader(Document&, ThreadableLoaderClient&, BlockingBehavior, ResourceRequest&&, const ThreadableLoaderOptions&, RefPtr<SecurityOrigin>&&, std::unique_ptr<ContentSecurityPolicy>&&, std::optional<CrossOriginEmbedderPolicy>&&, String&&, ShouldLogError);
 
         void clearResource();
@@ -108 +108 @@
         SecurityOrigin& securityOrigin() const;
         const ContentSecurityPolicy& contentSecurityPolicy() const;
+        const CrossOriginEmbedderPolicy& crossOriginEmbedderPolicy() const;
 
         Document& document() { return m_document; }
@@ -135 +136 @@
         bool m_delayCallbacksForIntegrityCheck;
         std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
+        std::optional<CrossOriginEmbedderPolicy> m_crossOriginEmbedderPolicy;
         std::optional<CrossOriginPreflightChecker> m_preflightChecker;
         std::optional<HTTPHeaderMap> m_originalHeaders;

trunk/Source/WebCore/loader/DocumentWriter.cpp

@@ -176 +176 @@
         document->setSecurityOriginPolicy(ownerDocument->securityOriginPolicy());
         document->setStrictMixedContentMode(ownerDocument->isStrictMixedContentMode());
+        document->setCrossOriginEmbedderPolicy(ownerDocument->crossOriginEmbedderPolicy());
 
         document->setContentSecurityPolicy(makeUnique<ContentSecurityPolicy>(URL { url }, document));
@@ -184 +185 @@
             document->setContentSecurityPolicy(makeUnique<ContentSecurityPolicy>(URL { url }, document));
             document->contentSecurityPolicy()->copyStateFrom(existingDocument->contentSecurityPolicy());
+            document->setCrossOriginEmbedderPolicy(existingDocument->crossOriginEmbedderPolicy());
 
             // Fix up 'self' for blob: and data:, which is inherited from its embedding document or opener.

trunk/Source/WebCore/loader/FrameLoader.cpp

@@ -51 +51 @@
 #include "ContentSecurityPolicy.h"
 #include "CrossOriginAccessControl.h"
+#include "CrossOriginEmbedderPolicy.h"
 #include "DOMWindow.h"
 #include "DatabaseManager.h"
@@ -751 +752 @@
         m_frame.document()->contentSecurityPolicy()->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(m_documentLoader->response()), referrer(), ContentSecurityPolicy::ReportParsingErrors::No);
 
+        if (m_frame.document()->url().protocolIsInHTTPFamily())
+            m_frame.document()->setCrossOriginEmbedderPolicy(obtainCrossOriginEmbedderPolicy(m_documentLoader->response(), *m_frame.document()));
+
         String referrerPolicy = m_documentLoader->response().httpHeaderField(HTTPHeaderName::ReferrerPolicy);
         if (!referrerPolicy.isNull())

trunk/Source/WebCore/loader/ResourceLoaderOptions.h

@@ -33 +33 @@
 #include "ContentSecurityPolicyResponseHeaders.h"
 #include "CrossOriginAccessControl.h"
+#include "CrossOriginEmbedderPolicy.h"
 #include "FetchOptions.h"
 #include "HTTPHeaderNames.h"
@@ -201 +202 @@
 #endif
     Markable<ContentSecurityPolicyResponseHeaders, ContentSecurityPolicyResponseHeaders::MarkableTraits> cspResponseHeaders;
+    std::optional<CrossOriginEmbedderPolicy> crossOriginEmbedderPolicy;
     OptionSet<HTTPHeadersToKeepFromCleaning> httpHeadersToKeep;
     uint8_t maxRedirectCount { 20 };

trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp

@@ -125 +125 @@
     contentSecurityPolicyCopy->copyStateFrom(contentSecurityPolicy);
     contentSecurityPolicyCopy->copyUpgradeInsecureRequestStateFrom(*contentSecurityPolicy);
+    auto crossOriginEmbedderPolicyCopy = globalScope.crossOriginEmbedderPolicy().isolatedCopy();
 
     auto optionsCopy = makeUnique<LoaderTaskOptions>(options, request.httpReferrer().isNull() ? outgoingReferrer : request.httpReferrer(), WTFMove(securityOriginCopy));
@@ -142 +143 @@
 
     // Can we benefit from request being an r-value to create more efficiently its isolated copy?
-    m_loaderProxy.postTaskToLoader([this, request = request.isolatedCopy(), options = WTFMove(optionsCopy), contentSecurityPolicyCopy = WTFMove(contentSecurityPolicyCopy)](ScriptExecutionContext& context) mutable {
+    m_loaderProxy.postTaskToLoader([this, request = request.isolatedCopy(), options = WTFMove(optionsCopy), contentSecurityPolicyCopy = WTFMove(contentSecurityPolicyCopy), crossOriginEmbedderPolicyCopy = WTFMove(crossOriginEmbedderPolicyCopy)](ScriptExecutionContext& context) mutable {
         ASSERT(isMainThread());
         Document& document = downcast<Document>(context);
@@ -148 +149 @@
         // FIXME: If the site requests a local resource, then this will return a non-zero value but the sync path will return a 0 value.
         // Either this should return 0 or the other code path should call a failure callback.
-        m_mainThreadLoader = DocumentThreadableLoader::create(document, *this, WTFMove(request), options->options, WTFMove(options->origin), WTFMove(contentSecurityPolicyCopy), WTFMove(options->referrer), DocumentThreadableLoader::ShouldLogError::No);
+        m_mainThreadLoader = DocumentThreadableLoader::create(document, *this, WTFMove(request), options->options, WTFMove(options->origin), WTFMove(contentSecurityPolicyCopy), WTFMove(crossOriginEmbedderPolicyCopy), WTFMove(options->referrer), DocumentThreadableLoader::ShouldLogError::No);
         ASSERT(m_mainThreadLoader || m_loadingFinished);
     });

trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

@@ -1006 +1006 @@
     case Use:
         ASSERT(resource);
+        if (request.options().mode == FetchOptions::Mode::Navigate && !frame.isMainFrame()) {
+            if (auto* parentDocument = frame.tree().parent() ? frame.tree().parent()->document() : nullptr) {
+                auto coep = parentDocument->crossOriginEmbedderPolicy().value;
+                if (auto error = validateCrossOriginResourcePolicy(coep, parentDocument->securityOrigin(), request.resourceRequest().url(), resource->response(), ForNavigation::Yes))
+                    return makeUnexpected(WTFMove(*error));
+            }
+        }
         if (request.options().mode == FetchOptions::Mode::NoCors) {
-            if (auto error = validateCrossOriginResourcePolicy(*request.origin(), request.resourceRequest().url(), resource->response()))
+            auto coep = document() ? document()->crossOriginEmbedderPolicy().value : CrossOriginEmbedderPolicyValue::UnsafeNone;
+            if (auto error = validateCrossOriginResourcePolicy(coep, *request.origin(), request.resourceRequest().url(), resource->response(), ForNavigation::No))
                 return makeUnexpected(WTFMove(*error));
 

trunk/Source/WebCore/page/SecurityOrigin.h

@@ -90 +90 @@
     // own protocol, or, when relevant, on the protocol of its "inner URL"
     // Protocols like blob: and filesystem: fall into this latter category.
-    static bool isSecure(const URL&);
+    WEBCORE_EXPORT static bool isSecure(const URL&);
 
     // This method implements the "same origin-domain" algorithm from the HTML Standard:

trunk/Source/WebCore/platform/network/HTTPParsers.cpp

@@ -1026 +1026 @@
         return CrossOriginResourcePolicy::SameSite;
 
+    if (strippedHeader == "cross-origin")
+        return CrossOriginResourcePolicy::CrossOrigin;
+
     return CrossOriginResourcePolicy::Invalid;
 }

trunk/Source/WebCore/platform/network/HTTPParsers.h

@@ -62 +62 @@
 };
 
-enum class CrossOriginResourcePolicy {
+enum class CrossOriginResourcePolicy : uint8_t {
     None,
+    CrossOrigin,
     SameOrigin,
     SameSite,

trunk/Source/WebCore/workers/Worker.cpp

@@ -229 +229 @@
             responseURL.setFragmentIdentifier(m_scriptLoader->url().fragmentIdentifier());
     }
-    m_contextProxy.startWorkerGlobalScope(responseURL, m_name, context->userAgent(responseURL), isOnline, m_scriptLoader->script(), contentSecurityPolicyResponseHeaders, m_shouldBypassMainWorldContentSecurityPolicy, m_workerCreationTime, referrerPolicy, m_type, m_credentials, m_runtimeFlags);
+    m_contextProxy.startWorkerGlobalScope(responseURL, m_name, context->userAgent(responseURL), isOnline, m_scriptLoader->script(), contentSecurityPolicyResponseHeaders, m_shouldBypassMainWorldContentSecurityPolicy, m_scriptLoader->crossOriginEmbedderPolicy(), m_workerCreationTime, referrerPolicy, m_type, m_credentials, m_runtimeFlags);
     InspectorInstrumentation::scriptImported(*context, m_scriptLoader->identifier(), m_scriptLoader->script().toString());
 }

trunk/Source/WebCore/workers/WorkerGlobalScope.cpp

@@ -103 +103 @@
     setSecurityOriginPolicy(SecurityOriginPolicy::create(WTFMove(origin)));
     setContentSecurityPolicy(makeUnique<ContentSecurityPolicy>(URL { m_url }, *this));
+    setCrossOriginEmbedderPolicy(params.crossOriginEmbedderPolicy);
 }
 

trunk/Source/WebCore/workers/WorkerGlobalScopeProxy.h

@@ -52 +52 @@
     static WorkerGlobalScopeProxy& create(Worker&);
 
-    virtual void startWorkerGlobalScope(const URL& scriptURL, const String& name, const String& userAgent, bool isOnline, const ScriptBuffer& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, MonotonicTime timeOrigin, ReferrerPolicy, WorkerType, FetchRequestCredentials, JSC::RuntimeFlags) = 0;
+    virtual void startWorkerGlobalScope(const URL& scriptURL, const String& name, const String& userAgent, bool isOnline, const ScriptBuffer& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, const CrossOriginEmbedderPolicy&, MonotonicTime timeOrigin, ReferrerPolicy, WorkerType, FetchRequestCredentials, JSC::RuntimeFlags) = 0;
     virtual void terminateWorkerGlobalScope() = 0;
     virtual void postMessageToWorkerGlobalScope(MessageWithMessagePorts&&) = 0;

trunk/Source/WebCore/workers/WorkerMessagingProxy.cpp

@@ -76 +76 @@
 }
 
-void WorkerMessagingProxy::startWorkerGlobalScope(const URL& scriptURL, const String& name, const String& userAgent, bool isOnline, const ScriptBuffer& sourceCode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, MonotonicTime timeOrigin, ReferrerPolicy referrerPolicy, WorkerType workerType, FetchRequestCredentials credentials, JSC::RuntimeFlags runtimeFlags)
+void WorkerMessagingProxy::startWorkerGlobalScope(const URL& scriptURL, const String& name, const String& userAgent, bool isOnline, const ScriptBuffer& sourceCode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, const CrossOriginEmbedderPolicy& crossOriginEmbedderPolicy, MonotonicTime timeOrigin, ReferrerPolicy referrerPolicy, WorkerType workerType, FetchRequestCredentials credentials, JSC::RuntimeFlags runtimeFlags)
 {
     // FIXME: This need to be revisited when we support nested worker one day
@@ -88 +88 @@
     SocketProvider* socketProvider = document.socketProvider();
 
-    WorkerParameters params = { scriptURL, name, identifier, userAgent, isOnline, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, timeOrigin, referrerPolicy, workerType, credentials, document.settingsValues() };
+    WorkerParameters params = { scriptURL, name, identifier, userAgent, isOnline, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, crossOriginEmbedderPolicy, timeOrigin, referrerPolicy, workerType, credentials, document.settingsValues() };
     auto thread = DedicatedWorkerThread::create(params, sourceCode, *this, *this, *this, startMode, document.topOrigin(), proxy, socketProvider, runtimeFlags);
 

trunk/Source/WebCore/workers/WorkerMessagingProxy.h

@@ -51 +51 @@
     // Implementations of WorkerGlobalScopeProxy.
     // (Only use these functions in the worker object thread.)
-    void startWorkerGlobalScope(const URL& scriptURL, const String& name, const String& userAgent, bool isOnline, const ScriptBuffer& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, MonotonicTime timeOrigin, ReferrerPolicy, WorkerType, FetchRequestCredentials, JSC::RuntimeFlags) final;
+    void startWorkerGlobalScope(const URL& scriptURL, const String& name, const String& userAgent, bool isOnline, const ScriptBuffer& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, const CrossOriginEmbedderPolicy&, MonotonicTime timeOrigin, ReferrerPolicy, WorkerType, FetchRequestCredentials, JSC::RuntimeFlags) final;
     void terminateWorkerGlobalScope() final;
     void postMessageToWorkerGlobalScope(MessageWithMessagePorts&&) final;

trunk/Source/WebCore/workers/WorkerScriptLoader.cpp

@@ -59 +59 @@
     m_url = url;
     m_destination = FetchOptions::Destination::Script;
+    m_isSecureContext = workerGlobalScope.isSecureContext();
 
 #if ENABLE(SERVICE_WORKER)
@@ -117 +118 @@
     m_url = scriptRequest.url();
     m_destination = fetchOptions.destination;
+    m_isSecureContext = scriptExecutionContext.isSecureContext();
 
     ASSERT(scriptRequest.httpMethod() == "GET");
@@ -192 +194 @@
     m_isRedirected = response.isRedirected();
     m_contentSecurityPolicy = ContentSecurityPolicyResponseHeaders { response };
+    m_crossOriginEmbedderPolicy = obtainCrossOriginEmbedderPolicy(response, m_isSecureContext ? IsSecureContext::Yes : IsSecureContext::No);
     m_referrerPolicy = response.httpHeaderField(HTTPHeaderName::ReferrerPolicy);
     if (m_client)

trunk/Source/WebCore/workers/WorkerScriptLoader.h

@@ -29 +29 @@
 #include "CertificateInfo.h"
 #include "ContentSecurityPolicyResponseHeaders.h"
+#include "CrossOriginEmbedderPolicy.h"
 #include "FetchOptions.h"
 #include "ResourceError.h"
@@ -67 +68 @@
     const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy() const { return m_contentSecurityPolicy; }
     const String& referrerPolicy() const { return m_referrerPolicy; }
+    const CrossOriginEmbedderPolicy& crossOriginEmbedderPolicy() const { return m_crossOriginEmbedderPolicy; }
     const URL& url() const { return m_url; }
     const URL& responseURL() const;
@@ -108 +110 @@
     ContentSecurityPolicyResponseHeaders m_contentSecurityPolicy;
     String m_referrerPolicy;
+    CrossOriginEmbedderPolicy m_crossOriginEmbedderPolicy;
     unsigned long m_identifier { 0 };
     bool m_failed { false };
     bool m_finishing { false };
     bool m_isRedirected { false };
+    bool m_isSecureContext { false };
     ResourceResponse::Source m_responseSource { ResourceResponse::Source::Unknown };
     ResourceError m_error;

trunk/Source/WebCore/workers/WorkerThread.cpp

@@ -56 +56 @@
         contentSecurityPolicyResponseHeaders,
         shouldBypassMainWorldContentSecurityPolicy,
+        crossOriginEmbedderPolicy.isolatedCopy(),
         timeOrigin,
         referrerPolicy,

trunk/Source/WebCore/workers/WorkerThread.h

@@ -27 +27 @@
 
 #include "ContentSecurityPolicyResponseHeaders.h"
+#include "CrossOriginEmbedderPolicy.h"
 #include "FetchRequestCredentials.h"
 #include "WorkerOrWorkletThread.h"
@@ -66 +67 @@
     ContentSecurityPolicyResponseHeaders contentSecurityPolicyResponseHeaders;
     bool shouldBypassMainWorldContentSecurityPolicy;
+    CrossOriginEmbedderPolicy crossOriginEmbedderPolicy;
     MonotonicTime timeOrigin;
     ReferrerPolicy referrerPolicy;

trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp

@@ -458 +458 @@
 }
 
-void ServiceWorkerContainer::jobFinishedLoadingScript(ServiceWorkerJob& job, const ScriptBuffer& script, const CertificateInfo& certificateInfo, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy, const String& referrerPolicy)
+void ServiceWorkerContainer::jobFinishedLoadingScript(ServiceWorkerJob& job, const ScriptBuffer& script, const CertificateInfo& certificateInfo, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy, const CrossOriginEmbedderPolicy& coep, const String& referrerPolicy)
 {
     ASSERT(m_creationThread.ptr() == &Thread::current());
@@ -464 +464 @@
     CONTAINER_RELEASE_LOG("jobFinishedLoadingScript: Successfuly finished fetching script for job %" PRIu64, job.identifier().toUInt64());
 
-    ensureSWClientConnection().finishFetchingScriptInServer(ServiceWorkerFetchResult { job.data().identifier(), job.data().registrationKey(), script, certificateInfo, contentSecurityPolicy, referrerPolicy, { } });
+    ensureSWClientConnection().finishFetchingScriptInServer(ServiceWorkerFetchResult { job.data().identifier(), job.data().registrationKey(), script, certificateInfo, contentSecurityPolicy, coep, referrerPolicy, { } });
 }
 

trunk/Source/WebCore/workers/service/ServiceWorkerContainer.h

@@ -101 +101 @@
     void jobResolvedWithUnregistrationResult(ServiceWorkerJob&, bool unregistrationResult) final;
     void startScriptFetchForJob(ServiceWorkerJob&, FetchOptions::Cache) final;
-    void jobFinishedLoadingScript(ServiceWorkerJob&, const ScriptBuffer&, const CertificateInfo&, const ContentSecurityPolicyResponseHeaders&, const String& referrerPolicy) final;
+    void jobFinishedLoadingScript(ServiceWorkerJob&, const ScriptBuffer&, const CertificateInfo&, const ContentSecurityPolicyResponseHeaders&, const CrossOriginEmbedderPolicy&, const String& referrerPolicy) final;
     void jobFailedLoadingScript(ServiceWorkerJob&, const ResourceError&, Exception&&) final;
 

trunk/Source/WebCore/workers/service/ServiceWorkerContextData.cpp

@@ -41 +41 @@
         certificateInfo.isolatedCopy(),
         contentSecurityPolicy.isolatedCopy(),
+        crossOriginEmbedderPolicy.isolatedCopy(),
         referrerPolicy.isolatedCopy(),
         scriptURL.isolatedCopy(),

trunk/Source/WebCore/workers/service/ServiceWorkerContextData.h

@@ -28 +28 @@
 #include "CertificateInfo.h"
 #include "ContentSecurityPolicyResponseHeaders.h"
+#include "CrossOriginEmbedderPolicy.h"
 #include "ScriptBuffer.h"
 #include "ServiceWorkerIdentifier.h"
@@ -86 +87 @@
     CertificateInfo certificateInfo;
     ContentSecurityPolicyResponseHeaders contentSecurityPolicy;
+    CrossOriginEmbedderPolicy crossOriginEmbedderPolicy;
     String referrerPolicy;
     URL scriptURL;
@@ -102 +104 @@
 void ServiceWorkerContextData::encode(Encoder& encoder) const
 {
-    encoder << jobDataIdentifier << registration << serviceWorkerIdentifier << script << contentSecurityPolicy << referrerPolicy
+    encoder << jobDataIdentifier << registration << serviceWorkerIdentifier << script << contentSecurityPolicy << crossOriginEmbedderPolicy << referrerPolicy
         << scriptURL << workerType << loadedFromDisk << lastNavigationWasAppInitiated << scriptResourceMap << certificateInfo;
 }
@@ -130 +132 @@
     ContentSecurityPolicyResponseHeaders contentSecurityPolicy;
     if (!decoder.decode(contentSecurityPolicy))
+        return std::nullopt;
+
+    std::optional<CrossOriginEmbedderPolicy> crossOriginEmbedderPolicy;
+    decoder >> crossOriginEmbedderPolicy;
+    if (!crossOriginEmbedderPolicy)
         return std::nullopt;
 
@@ -168 +175 @@
         WTFMove(*certificateInfo),
         WTFMove(contentSecurityPolicy),
+        WTFMove(*crossOriginEmbedderPolicy),
         WTFMove(referrerPolicy),
         WTFMove(scriptURL),

trunk/Source/WebCore/workers/service/ServiceWorkerFetchResult.h

@@ -29 +29 @@
 
 #include "ContentSecurityPolicyResponseHeaders.h"
+#include "CrossOriginEmbedderPolicy.h"
 #include "ResourceError.h"
 #include "ScriptBuffer.h"
@@ -42 +43 @@
     CertificateInfo certificateInfo;
     ContentSecurityPolicyResponseHeaders contentSecurityPolicy;
+    CrossOriginEmbedderPolicy crossOriginEmbedderPolicy;
     String referrerPolicy;
     ResourceError scriptError;
 
-    ServiceWorkerFetchResult isolatedCopy() const { return { jobDataIdentifier, registrationKey.isolatedCopy(), script.isolatedCopy(), certificateInfo.isolatedCopy(), contentSecurityPolicy.isolatedCopy(), referrerPolicy.isolatedCopy(), scriptError.isolatedCopy() }; }
+    ServiceWorkerFetchResult isolatedCopy() const { return { jobDataIdentifier, registrationKey.isolatedCopy(), script.isolatedCopy(), certificateInfo.isolatedCopy(), contentSecurityPolicy.isolatedCopy(), crossOriginEmbedderPolicy.isolatedCopy(), referrerPolicy.isolatedCopy(), scriptError.isolatedCopy() }; }
 
     template<class Encoder> void encode(Encoder&) const;
@@ -53 +55 @@
 inline ServiceWorkerFetchResult serviceWorkerFetchError(ServiceWorkerJobDataIdentifier jobDataIdentifier, ServiceWorkerRegistrationKey&& registrationKey, ResourceError&& error)
 {
-    return { jobDataIdentifier, WTFMove(registrationKey), { }, { }, { }, { }, WTFMove(error) };
+    return { jobDataIdentifier, WTFMove(registrationKey), { }, { }, { }, { }, { }, WTFMove(error) };
 }
 
@@ -59 +61 @@
 void ServiceWorkerFetchResult::encode(Encoder& encoder) const
 {
-    encoder << jobDataIdentifier << registrationKey << script << contentSecurityPolicy << referrerPolicy << scriptError;
+    encoder << jobDataIdentifier << registrationKey << script << contentSecurityPolicy << crossOriginEmbedderPolicy << referrerPolicy << scriptError;
     encoder << certificateInfo;
 }
@@ -81 +83 @@
     if (!decoder.decode(result.contentSecurityPolicy))
         return false;
+    if (!decoder.decode(result.crossOriginEmbedderPolicy))
+        return false;
     if (!decoder.decode(result.referrerPolicy))
         return false;

trunk/Source/WebCore/workers/service/ServiceWorkerJob.cpp

@@ -166 +166 @@
 
     if (!scriptLoader->failed()) {
-        m_client.jobFinishedLoadingScript(*this, scriptLoader->script(), scriptLoader->certificateInfo(), scriptLoader->contentSecurityPolicy(), scriptLoader->referrerPolicy());
+        m_client.jobFinishedLoadingScript(*this, scriptLoader->script(), scriptLoader->certificateInfo(), scriptLoader->contentSecurityPolicy(), scriptLoader->crossOriginEmbedderPolicy(), scriptLoader->referrerPolicy());
         return;
     }

trunk/Source/WebCore/workers/service/ServiceWorkerJobClient.h

@@ -38 +38 @@
 class ScriptBuffer;
 class ServiceWorkerJob;
+struct CrossOriginEmbedderPolicy;
 struct ServiceWorkerRegistrationData;
 
@@ -50 +51 @@
     virtual void jobResolvedWithUnregistrationResult(ServiceWorkerJob&, bool unregistrationResult) = 0;
     virtual void startScriptFetchForJob(ServiceWorkerJob&, FetchOptions::Cache) = 0;
-    virtual void jobFinishedLoadingScript(ServiceWorkerJob&, const ScriptBuffer&, const CertificateInfo&, const ContentSecurityPolicyResponseHeaders&, const String& referrerPolicy) = 0;
+    virtual void jobFinishedLoadingScript(ServiceWorkerJob&, const ScriptBuffer&, const CertificateInfo&, const ContentSecurityPolicyResponseHeaders&, const CrossOriginEmbedderPolicy&, const String& referrerPolicy) = 0;
     virtual void jobFailedLoadingScript(ServiceWorkerJob&, const ResourceError&, Exception&&) = 0;
 };

trunk/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp

@@ -75 +75 @@
 
 ServiceWorkerThread::ServiceWorkerThread(ServiceWorkerContextData&& data, String&& userAgent, const Settings::Values& settingsValues, WorkerLoaderProxy& loaderProxy, WorkerDebuggerProxy& debuggerProxy, IDBClient::IDBConnectionProxy* idbConnectionProxy, SocketProvider* socketProvider)
-    : WorkerThread({ data.scriptURL, emptyString(), "serviceworker:" + Inspector::IdentifiersFactory::createIdentifier(), WTFMove(userAgent), platformStrategies()->loaderStrategy()->isOnLine(), data.contentSecurityPolicy, false, MonotonicTime::now(), { }, data.workerType, FetchRequestCredentials::Omit, settingsValues }, data.script, loaderProxy, debuggerProxy, DummyServiceWorkerThreadProxy::shared(), WorkerThreadStartMode::Normal, data.registration.key.topOrigin().securityOrigin().get(), idbConnectionProxy, socketProvider, JSC::RuntimeFlags::createAllEnabled())
+    : WorkerThread({ data.scriptURL, emptyString(), "serviceworker:" + Inspector::IdentifiersFactory::createIdentifier(), WTFMove(userAgent), platformStrategies()->loaderStrategy()->isOnLine(), data.contentSecurityPolicy, false, data.crossOriginEmbedderPolicy, MonotonicTime::now(), { }, data.workerType, FetchRequestCredentials::Omit, settingsValues }, data.script, loaderProxy, debuggerProxy, DummyServiceWorkerThreadProxy::shared(), WorkerThreadStartMode::Normal, data.registration.key.topOrigin().securityOrigin().get(), idbConnectionProxy, socketProvider, JSC::RuntimeFlags::createAllEnabled())
     , m_serviceWorkerIdentifier(data.serviceWorkerIdentifier)
     , m_jobDataIdentifier(data.jobDataIdentifier)

trunk/Source/WebCore/workers/service/server/RegistrationDatabase.cpp

@@ -51 +51 @@
 namespace WebCore {
 
-static const uint64_t schemaVersion = 6;
+static const uint64_t schemaVersion = 7;
 
 #define RECORDS_TABLE_SCHEMA_PREFIX "CREATE TABLE "
@@ -64 +64 @@
     ", workerType TEXT NOT NULL ON CONFLICT FAIL" \
     ", contentSecurityPolicy BLOB NOT NULL ON CONFLICT FAIL" \
+    ", crossOriginEmbedderPolicy BLOB NOT NULL ON CONFLICT FAIL" \
     ", referrerPolicy TEXT NOT NULL ON CONFLICT FAIL" \
     ", scriptResourceMap BLOB NOT NULL ON CONFLICT FAIL" \
@@ -422 +423 @@
     transaction.begin();
 
-    auto insertStatement = m_database->prepareStatement("INSERT INTO Records VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"_s);
+    auto insertStatement = m_database->prepareStatement("INSERT INTO Records VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"_s);
     if (!insertStatement) {
         RELEASE_LOG_ERROR(ServiceWorker, "Failed to prepare statement to store registration data into records table (%i) - %s", m_database->lastError(), m_database->lastErrorMsg());
@@ -443 +444 @@
         WTF::Persistence::Encoder cspEncoder;
         data.contentSecurityPolicy.encode(cspEncoder);
+
+        WTF::Persistence::Encoder coepEncoder;
+        data.crossOriginEmbedderPolicy.encode(coepEncoder);
 
         // We don't actually encode the script sources to the database. They will be stored separately in the ScriptStorage.
@@ -461 +465 @@
             || insertStatement->bindText(8, workerTypeToString(data.workerType)) != SQLITE_OK
             || insertStatement->bindBlob(9, Span { cspEncoder.buffer(), cspEncoder.bufferSize() }) != SQLITE_OK
-            || insertStatement->bindText(10, data.referrerPolicy) != SQLITE_OK
-            || insertStatement->bindBlob(11, Span { scriptResourceMapEncoder.buffer(), scriptResourceMapEncoder.bufferSize() }) != SQLITE_OK
-            || insertStatement->bindBlob(12, Span { certificateInfoEncoder.buffer(), certificateInfoEncoder.bufferSize() }) != SQLITE_OK
+            || insertStatement->bindBlob(10, Span { coepEncoder.buffer(), coepEncoder.bufferSize() }) != SQLITE_OK
+            || insertStatement->bindText(11, data.referrerPolicy) != SQLITE_OK
+            || insertStatement->bindBlob(12, Span { scriptResourceMapEncoder.buffer(), scriptResourceMapEncoder.bufferSize() }) != SQLITE_OK
+            || insertStatement->bindBlob(13, Span { certificateInfoEncoder.buffer(), certificateInfoEncoder.bufferSize() }) != SQLITE_OK
             || insertStatement->step() != SQLITE_DONE) {
             RELEASE_LOG_ERROR(ServiceWorker, "Failed to store registration data into records table (%i) - %s", m_database->lastError(), m_database->lastErrorMsg());
@@ -526 +531 @@
         }
 
-        auto referrerPolicy = sql->columnText(9);
+        std::optional<CrossOriginEmbedderPolicy> coep;
+        auto coepDataSpan = sql->columnBlobAsSpan(9);
+        if (coepDataSpan.size()) {
+            WTF::Persistence::Decoder coepDecoder(coepDataSpan);
+            coepDecoder >> coep;
+            if (!coep) {
+                RELEASE_LOG_ERROR(ServiceWorker, "RegistrationDatabase::importRecords: Failed to decode crossOriginEmbedderPolicy");
+                continue;
+            }
+        }
+
+        auto referrerPolicy = sql->columnText(10);
 
         HashMap<URL, ServiceWorkerContextData::ImportedScript> scriptResourceMap;
-        auto scriptResourceMapDataSpan = sql->columnBlobAsSpan(10);
+        auto scriptResourceMapDataSpan = sql->columnBlobAsSpan(11);
         if (scriptResourceMapDataSpan.size()) {
             WTF::Persistence::Decoder scriptResourceMapDecoder(scriptResourceMapDataSpan);
@@ -541 +557 @@
         }
 
-        auto certificateInfoDataSpan = sql->columnBlobAsSpan(11);
+        auto certificateInfoDataSpan = sql->columnBlobAsSpan(12);
         std::optional<CertificateInfo> certificateInfo;
 
@@ -570 +586 @@
         auto serviceWorkerData = ServiceWorkerData { workerIdentifier, scriptURL, ServiceWorkerState::Activated, *workerType, registrationIdentifier };
         auto registration = ServiceWorkerRegistrationData { WTFMove(*key), registrationIdentifier, WTFMove(scopeURL), *updateViaCache, lastUpdateCheckTime, std::nullopt, std::nullopt, WTFMove(serviceWorkerData) };
-        auto contextData = ServiceWorkerContextData { std::nullopt, WTFMove(registration), workerIdentifier, WTFMove(script), WTFMove(*certificateInfo), WTFMove(*contentSecurityPolicy), WTFMove(referrerPolicy), WTFMove(scriptURL), *workerType, true, LastNavigationWasAppInitiated::Yes, WTFMove(scriptResourceMap) };
+        auto contextData = ServiceWorkerContextData { std::nullopt, WTFMove(registration), workerIdentifier, WTFMove(script), WTFMove(*certificateInfo), WTFMove(*contentSecurityPolicy), WTFMove(*coep), WTFMove(referrerPolicy), WTFMove(scriptURL), *workerType, true, LastNavigationWasAppInitiated::Yes, WTFMove(scriptResourceMap) };
 
         callOnMainThread([protectedThis = makeRef(*this), contextData = contextData.isolatedCopy()]() mutable {

trunk/Source/WebCore/workers/service/server/SWServer.cpp

@@ -170 +170 @@
             addRegistration(WTFMove(registration));
 
-            auto worker = SWServerWorker::create(*this, *registrationPtr, data.scriptURL, data.script, data.certificateInfo, data.contentSecurityPolicy, WTFMove(data.referrerPolicy), data.workerType, data.serviceWorkerIdentifier, WTFMove(data.scriptResourceMap));
+            auto worker = SWServerWorker::create(*this, *registrationPtr, data.scriptURL, data.script, data.certificateInfo, data.contentSecurityPolicy, data.crossOriginEmbedderPolicy, WTFMove(data.referrerPolicy), data.workerType, data.serviceWorkerIdentifier, WTFMove(data.scriptResourceMap));
             registrationPtr->updateRegistrationState(ServiceWorkerRegistrationState::Active, worker.ptr());
             worker->setState(ServiceWorkerState::Activated);
@@ -653 +653 @@
 }
 
-void SWServer::updateWorker(const ServiceWorkerJobDataIdentifier& jobDataIdentifier, SWServerRegistration& registration, const URL& url, const ScriptBuffer& script, const CertificateInfo& certificateInfo, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy, const String& referrerPolicy, WorkerType type, HashMap<URL, ServiceWorkerContextData::ImportedScript>&& scriptResourceMap)
-{
-    tryInstallContextData(ServiceWorkerContextData { jobDataIdentifier, registration.data(), ServiceWorkerIdentifier::generate(), script, certificateInfo, contentSecurityPolicy, referrerPolicy, url, type, false, clientIsAppInitiatedForRegistrableDomain(RegistrableDomain(url)), WTFMove(scriptResourceMap) });
+void SWServer::updateWorker(const ServiceWorkerJobDataIdentifier& jobDataIdentifier, SWServerRegistration& registration, const URL& url, const ScriptBuffer& script, const CertificateInfo& certificateInfo, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy, const CrossOriginEmbedderPolicy& coep, const String& referrerPolicy, WorkerType type, HashMap<URL, ServiceWorkerContextData::ImportedScript>&& scriptResourceMap)
+{
+    tryInstallContextData(ServiceWorkerContextData { jobDataIdentifier, registration.data(), ServiceWorkerIdentifier::generate(), script, certificateInfo, contentSecurityPolicy, coep, referrerPolicy, url, type, false, clientIsAppInitiatedForRegistrableDomain(RegistrableDomain(url)), WTFMove(scriptResourceMap) });
 }
 
@@ -720 +720 @@
 
     auto* registration = m_scopeToRegistrationMap.get(data.registration.key).get();
-    auto worker = SWServerWorker::create(*this, *registration, data.scriptURL, data.script, data.certificateInfo, data.contentSecurityPolicy, String { data.referrerPolicy }, data.workerType, data.serviceWorkerIdentifier, HashMap<URL, ServiceWorkerContextData::ImportedScript> { data.scriptResourceMap });
+    auto worker = SWServerWorker::create(*this, *registration, data.scriptURL, data.script, data.certificateInfo, data.contentSecurityPolicy, data.crossOriginEmbedderPolicy, String { data.referrerPolicy }, data.workerType, data.serviceWorkerIdentifier, HashMap<URL, ServiceWorkerContextData::ImportedScript> { data.scriptResourceMap });
 
     auto* connection = worker->contextConnection();

trunk/Source/WebCore/workers/service/server/SWServer.h

@@ -153 +153 @@
     void startScriptFetch(const ServiceWorkerJobData&, SWServerRegistration&);
 
-    void updateWorker(const ServiceWorkerJobDataIdentifier&, SWServerRegistration&, const URL&, const ScriptBuffer&, const CertificateInfo&, const ContentSecurityPolicyResponseHeaders&, const String& referrerPolicy, WorkerType, HashMap<URL, ServiceWorkerContextData::ImportedScript>&&);
+    void updateWorker(const ServiceWorkerJobDataIdentifier&, SWServerRegistration&, const URL&, const ScriptBuffer&, const CertificateInfo&, const ContentSecurityPolicyResponseHeaders&, const CrossOriginEmbedderPolicy&, const String& referrerPolicy, WorkerType, HashMap<URL, ServiceWorkerContextData::ImportedScript>&&);
     void fireInstallEvent(SWServerWorker&);
     void fireActivateEvent(SWServerWorker&);

trunk/Source/WebCore/workers/service/server/SWServerJobQueue.cpp

@@ -115 +115 @@
     // FIXME: Update all the imported scripts as per spec. For now, we just do as if there is none.
 
-    m_server.updateWorker(job.identifier(), *registration, job.scriptURL, result.script, result.certificateInfo, result.contentSecurityPolicy, result.referrerPolicy, job.workerType, { });
+    m_server.updateWorker(job.identifier(), *registration, job.scriptURL, result.script, result.certificateInfo, result.contentSecurityPolicy, result.crossOriginEmbedderPolicy, result.referrerPolicy, job.workerType, { });
 }
 

trunk/Source/WebCore/workers/service/server/SWServerWorker.cpp

@@ -51 +51 @@
 
 // FIXME: Use r-value references for script and contentSecurityPolicy
-SWServerWorker::SWServerWorker(SWServer& server, SWServerRegistration& registration, const URL& scriptURL, const ScriptBuffer& script, const CertificateInfo& certificateInfo, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy, String&& referrerPolicy, WorkerType type, ServiceWorkerIdentifier identifier, HashMap<URL, ServiceWorkerContextData::ImportedScript>&& scriptResourceMap)
+SWServerWorker::SWServerWorker(SWServer& server, SWServerRegistration& registration, const URL& scriptURL, const ScriptBuffer& script, const CertificateInfo& certificateInfo, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy, const CrossOriginEmbedderPolicy& crossOriginEmbedderPolicy, String&& referrerPolicy, WorkerType type, ServiceWorkerIdentifier identifier, HashMap<URL, ServiceWorkerContextData::ImportedScript>&& scriptResourceMap)
     : m_server(makeWeakPtr(server))
     , m_registrationKey(registration.key())
@@ -59 +59 @@
     , m_certificateInfo(certificateInfo)
     , m_contentSecurityPolicy(contentSecurityPolicy)
+    , m_crossOriginEmbedderPolicy(crossOriginEmbedderPolicy)
     , m_referrerPolicy(WTFMove(referrerPolicy))
     , m_registrableDomain(m_data.scriptURL)
@@ -88 +89 @@
     ASSERT(m_registration);
 
-    return { std::nullopt, m_registration->data(), m_data.identifier, m_script, m_certificateInfo, m_contentSecurityPolicy, m_referrerPolicy, m_data.scriptURL, m_data.type, false, m_lastNavigationWasAppInitiated, m_scriptResourceMap };
+    return { std::nullopt, m_registration->data(), m_data.identifier, m_script, m_certificateInfo, m_contentSecurityPolicy, m_crossOriginEmbedderPolicy, m_referrerPolicy, m_data.scriptURL, m_data.type, false, m_lastNavigationWasAppInitiated, m_scriptResourceMap };
 }
 

trunk/Source/WebCore/workers/service/server/SWServerWorker.h

@@ -30 +30 @@
 #include "ClientOrigin.h"
 #include "ContentSecurityPolicyResponseHeaders.h"
+#include "CrossOriginEmbedderPolicy.h"
 #include "RegistrableDomain.h"
 #include "ServiceWorkerClientData.h"
@@ -131 +132 @@
 
 private:
-    SWServerWorker(SWServer&, SWServerRegistration&, const URL&, const ScriptBuffer&, const CertificateInfo&, const ContentSecurityPolicyResponseHeaders&, String&& referrerPolicy, WorkerType, ServiceWorkerIdentifier, HashMap<URL, ServiceWorkerContextData::ImportedScript>&&);
+    SWServerWorker(SWServer&, SWServerRegistration&, const URL&, const ScriptBuffer&, const CertificateInfo&, const ContentSecurityPolicyResponseHeaders&, const CrossOriginEmbedderPolicy&, String&& referrerPolicy, WorkerType, ServiceWorkerIdentifier, HashMap<URL, ServiceWorkerContextData::ImportedScript>&&);
 
     void callWhenActivatedHandler(bool success);
@@ -147 +148 @@
     CertificateInfo m_certificateInfo;
     ContentSecurityPolicyResponseHeaders m_contentSecurityPolicy;
+    CrossOriginEmbedderPolicy m_crossOriginEmbedderPolicy;
     String m_referrerPolicy;
     bool m_hasPendingEvents { false };

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2021-08-11  Chris Dumez  <cdumez@apple.com>
+
+        Add initial support for Cross-Origin-Embedder-Policy (COEP)
+        https://bugs.webkit.org/show_bug.cgi?id=228754
+
+        Reviewed by Alex Christensen.
+
+        As mentioned in the WebCore changelog, we do all the COEP checks in the network process
+        instead of WebCore for added security. As a result, we need to pass more information
+        to the network process when doing loads in order to do those checks. The checks are done
+        in NetworkResourceLoader for navigations & worker script loads (similarly to CSP,
+        X-FrameOptions) and in NetworkLoadChecker for CORP checks of subresource loads (similarly
+        to CORS checks).
+
+        * NetworkProcess/NetworkLoadChecker.cpp:
+        (WebKit::NetworkLoadChecker::NetworkLoadChecker):
+        (WebKit::NetworkLoadChecker::validateResponse):
+        * NetworkProcess/NetworkLoadChecker.h:
+        (WebKit::NetworkLoadChecker::setParentCrossOriginEmbedderPolicy):
+        (WebKit::NetworkLoadChecker::setCrossOriginEmbedderPolicy):
+        * NetworkProcess/NetworkResourceLoadParameters.cpp:
+        (WebKit::NetworkResourceLoadParameters::parentOrigin const):
+        (WebKit::NetworkResourceLoadParameters::encode const):
+        (WebKit::NetworkResourceLoadParameters::decode):
+        * NetworkProcess/NetworkResourceLoadParameters.h:
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions):
+        (WebKit::NetworkResourceLoader::shouldInterruptNavigationForCrossOriginEmbedderPolicy):
+        (WebKit::NetworkResourceLoader::shouldInterruptWorkerLoadForCrossOriginEmbedderPolicy):
+        (WebKit::NetworkResourceLoader::didReceiveResponse):
+        (WebKit::NetworkResourceLoader::willSendRedirectedRequest):
+        * NetworkProcess/NetworkResourceLoader.h:
+        * NetworkProcess/PingLoad.cpp:
+        (WebKit::PingLoad::PingLoad):
+        (WebKit::PingLoad::initialize):
+        * NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp:
+        (WebKit::ServiceWorkerFetchTask::didReceiveResponse):
+        * NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp:
+        (WebKit::ServiceWorkerSoftUpdateLoader::processResponse):
+        (WebKit::ServiceWorkerSoftUpdateLoader::didFinishLoading):
+        * NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h:
+        * NetworkProcess/cache/CacheStorageEngineCache.cpp:
+        (WebKit::CacheStorage::Cache::retrieveRecords):
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::addParametersShared):
+        (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
+
 2021-08-11  Darin Adler  <darin@apple.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp

@@ -51 +51 @@
 }
 
-NetworkLoadChecker::NetworkLoadChecker(NetworkProcess& networkProcess, NetworkResourceLoader* networkResourceLoader, NetworkSchemeRegistry* schemeRegistry, FetchOptions&& options, PAL::SessionID sessionID, WebPageProxyIdentifier webPageProxyID, HTTPHeaderMap&& originalRequestHeaders, URL&& url, DocumentURL&& documentURL, RefPtr<SecurityOrigin>&& sourceOrigin, RefPtr<SecurityOrigin>&& topOrigin, PreflightPolicy preflightPolicy, String&& referrer, bool shouldCaptureExtraNetworkLoadMetrics, LoadType requestLoadType)
+NetworkLoadChecker::NetworkLoadChecker(NetworkProcess& networkProcess, NetworkResourceLoader* networkResourceLoader, NetworkSchemeRegistry* schemeRegistry, FetchOptions&& options, PAL::SessionID sessionID, WebPageProxyIdentifier webPageProxyID, HTTPHeaderMap&& originalRequestHeaders, URL&& url, DocumentURL&& documentURL, RefPtr<SecurityOrigin>&& sourceOrigin, RefPtr<SecurityOrigin>&& topOrigin, RefPtr<SecurityOrigin>&& parentOrigin, PreflightPolicy preflightPolicy, String&& referrer, bool shouldCaptureExtraNetworkLoadMetrics, LoadType requestLoadType)
     : m_options(WTFMove(options))
     , m_sessionID(sessionID)
@@ -61 +61 @@
     , m_origin(WTFMove(sourceOrigin))
     , m_topOrigin(WTFMove(topOrigin))
+    , m_parentOrigin(WTFMove(parentOrigin))
     , m_preflightPolicy(preflightPolicy)
     , m_referrer(WTFMove(referrer))
@@ -169 +170 @@
 
     if (m_options.mode == FetchOptions::Mode::Navigate || m_isSameOriginRequest) {
+        if (m_options.mode == FetchOptions::Mode::Navigate && m_parentOrigin) {
+            if (auto error = validateCrossOriginResourcePolicy(m_parentCrossOriginEmbedderPolicy.value, *m_parentOrigin, m_url, response, ForNavigation::Yes))
+                return WTFMove(*error);
+        }
         response.setTainting(ResourceResponse::Tainting::Basic);
         return { };
@@ -177 +182 @@
 
     if (m_options.mode == FetchOptions::Mode::NoCors) {
-        if (auto error = validateCrossOriginResourcePolicy(*m_origin, m_url, response))
+        if (auto error = validateCrossOriginResourcePolicy(m_crossOriginEmbedderPolicy.value, *m_origin, m_url, response, ForNavigation::No))
             return WTFMove(*error);
 

trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.h

@@ -30 +30 @@
 #include <WebCore/ContentExtensionActions.h>
 #include <WebCore/ContentSecurityPolicyResponseHeaders.h>
+#include <WebCore/CrossOriginEmbedderPolicy.h>
 #include <WebCore/FetchOptions.h>
 #include <WebCore/NetworkLoadInformation.h>
@@ -61 +62 @@
     enum class LoadType : bool { MainFrame, Other };
 
-    NetworkLoadChecker(NetworkProcess&, NetworkResourceLoader*, NetworkSchemeRegistry*, WebCore::FetchOptions&&, PAL::SessionID, WebPageProxyIdentifier, WebCore::HTTPHeaderMap&&, URL&&, DocumentURL&&,  RefPtr<WebCore::SecurityOrigin>&&, RefPtr<WebCore::SecurityOrigin>&& topOrigin, WebCore::PreflightPolicy, String&& referrer, bool shouldCaptureExtraNetworkLoadMetrics = false, LoadType requestLoadType = LoadType::Other);
+    NetworkLoadChecker(NetworkProcess&, NetworkResourceLoader*, NetworkSchemeRegistry*, WebCore::FetchOptions&&, PAL::SessionID, WebPageProxyIdentifier, WebCore::HTTPHeaderMap&&, URL&&, DocumentURL&&,  RefPtr<WebCore::SecurityOrigin>&&, RefPtr<WebCore::SecurityOrigin>&& topOrigin, RefPtr<WebCore::SecurityOrigin>&& parentOrigin, WebCore::PreflightPolicy, String&& referrer, bool shouldCaptureExtraNetworkLoadMetrics = false, LoadType requestLoadType = LoadType::Other);
     ~NetworkLoadChecker();
 
@@ -81 +82 @@
 
     void setCSPResponseHeaders(WebCore::ContentSecurityPolicyResponseHeaders&& headers) { m_cspResponseHeaders = WTFMove(headers); }
+    void setParentCrossOriginEmbedderPolicy(const WebCore::CrossOriginEmbedderPolicy& parentCrossOriginEmbedderPolicy) { m_parentCrossOriginEmbedderPolicy = parentCrossOriginEmbedderPolicy; }
+    void setCrossOriginEmbedderPolicy(const WebCore::CrossOriginEmbedderPolicy& crossOriginEmbedderPolicy) { m_crossOriginEmbedderPolicy = crossOriginEmbedderPolicy; }
 #if ENABLE(CONTENT_EXTENSIONS)
     void setContentExtensionController(URL&& mainDocumentURL, std::optional<UserContentControllerIdentifier> identifier)
@@ -139 +142 @@
     RefPtr<WebCore::SecurityOrigin> m_origin;
     RefPtr<WebCore::SecurityOrigin> m_topOrigin;
+    RefPtr<WebCore::SecurityOrigin> m_parentOrigin;
     std::optional<WebCore::ContentSecurityPolicyResponseHeaders> m_cspResponseHeaders;
+    WebCore::CrossOriginEmbedderPolicy m_parentCrossOriginEmbedderPolicy;
+    WebCore::CrossOriginEmbedderPolicy m_crossOriginEmbedderPolicy;
 #if ENABLE(CONTENT_EXTENSIONS)
     URL m_mainDocumentURL;

trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp

@@ -32 +32 @@
 using namespace WebCore;
 
+RefPtr<SecurityOrigin> NetworkResourceLoadParameters::parentOrigin() const
+{
+    if (frameAncestorOrigins.isEmpty())
+        return nullptr;
+    return frameAncestorOrigins.first();
+}
+
 void NetworkResourceLoadParameters::encode(IPC::Encoder& encoder) const
 {
@@ -97 +104 @@
     encoder << options;
     encoder << cspResponseHeaders;
+    encoder << parentCrossOriginEmbedderPolicy;
+    encoder << crossOriginEmbedderPolicy;
     encoder << originalRequestHeaders;
 
@@ -232 +241 @@
     if (!decoder.decode(result.cspResponseHeaders))
         return std::nullopt;
+
+    std::optional<WebCore::CrossOriginEmbedderPolicy> parentCrossOriginEmbedderPolicy;
+    decoder >> parentCrossOriginEmbedderPolicy;
+    if (!parentCrossOriginEmbedderPolicy)
+        return std::nullopt;
+    result.parentCrossOriginEmbedderPolicy = WTFMove(*parentCrossOriginEmbedderPolicy);
+
+    std::optional<WebCore::CrossOriginEmbedderPolicy> crossOriginEmbedderPolicy;
+    decoder >> crossOriginEmbedderPolicy;
+    if (!crossOriginEmbedderPolicy)
+        return std::nullopt;
+    result.crossOriginEmbedderPolicy = WTFMove(*crossOriginEmbedderPolicy);
+
     if (!decoder.decode(result.originalRequestHeaders))
         return std::nullopt;

trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h

@@ -32 +32 @@
 #include <WebCore/ContentSecurityPolicyResponseHeaders.h>
 #include <WebCore/CrossOriginAccessControl.h>
+#include <WebCore/CrossOriginEmbedderPolicy.h>
 #include <WebCore/FetchOptions.h>
 #include <wtf/Seconds.h>
@@ -49 +50 @@
     static std::optional<NetworkResourceLoadParameters> decode(IPC::Decoder&);
 
+    RefPtr<WebCore::SecurityOrigin> parentOrigin() const;
+
     ResourceLoadIdentifier identifier { 0 };
     Vector<RefPtr<SandboxExtension>> requestBodySandboxExtensions; // Created automatically for the sender.
@@ -55 +58 @@
     WebCore::FetchOptions options;
     std::optional<WebCore::ContentSecurityPolicyResponseHeaders> cspResponseHeaders;
+    WebCore::CrossOriginEmbedderPolicy parentCrossOriginEmbedderPolicy;
+    WebCore::CrossOriginEmbedderPolicy crossOriginEmbedderPolicy;
     WebCore::HTTPHeaderMap originalRequestHeaders;
     bool shouldRestrictHTTPResponseAccess { false };

trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

@@ -121 +121 @@
     if (synchronousReply || parameters.shouldRestrictHTTPResponseAccess || parameters.options.keepAlive) {
         NetworkLoadChecker::LoadType requestLoadType = isMainFrameLoad() ? NetworkLoadChecker::LoadType::MainFrame : NetworkLoadChecker::LoadType::Other;
-        m_networkLoadChecker = makeUnique<NetworkLoadChecker>(connection.networkProcess(), this,  &connection.schemeRegistry(), FetchOptions { m_parameters.options }, sessionID(), m_parameters.webPageProxyID, HTTPHeaderMap { m_parameters.originalRequestHeaders }, URL { m_parameters.request.url() }, URL { m_parameters.documentURL }, m_parameters.sourceOrigin.copyRef(), m_parameters.topOrigin.copyRef(), m_parameters.preflightPolicy, originalRequest().httpReferrer(), shouldCaptureExtraNetworkLoadMetrics(), requestLoadType);
+        m_networkLoadChecker = makeUnique<NetworkLoadChecker>(connection.networkProcess(), this,  &connection.schemeRegistry(), FetchOptions { m_parameters.options }, sessionID(), m_parameters.webPageProxyID, HTTPHeaderMap { m_parameters.originalRequestHeaders }, URL { m_parameters.request.url() }, URL { m_parameters.documentURL }, m_parameters.sourceOrigin.copyRef(), m_parameters.topOrigin.copyRef(), m_parameters.parentOrigin(), m_parameters.preflightPolicy, originalRequest().httpReferrer(), shouldCaptureExtraNetworkLoadMetrics(), requestLoadType);
         if (m_parameters.cspResponseHeaders)
             m_networkLoadChecker->setCSPResponseHeaders(ContentSecurityPolicyResponseHeaders { m_parameters.cspResponseHeaders.value() });
+        m_networkLoadChecker->setParentCrossOriginEmbedderPolicy(m_parameters.parentCrossOriginEmbedderPolicy);
+        m_networkLoadChecker->setCrossOriginEmbedderPolicy(m_parameters.crossOriginEmbedderPolicy);
 #if ENABLE(CONTENT_EXTENSIONS)
         m_networkLoadChecker->setContentExtensionController(URL { m_parameters.mainDocumentURL }, m_parameters.userContentControllerIdentifier);
@@ -576 +578 @@
         String xFrameOptions = m_response.httpHeaderField(HTTPHeaderName::XFrameOptions);
         if (!xFrameOptions.isNull() && shouldInterruptLoadForXFrameOptions(xFrameOptions, response.url())) {
-            String errorMessage = "Refused to display '" + response.url().stringCenterEllipsizedToLength() + "' in a frame because it set 'X-Frame-Options' to '" + xFrameOptions + "'.";
+            String errorMessage = makeString("Refused to display '", response.url().stringCenterEllipsizedToLength(), "' in a frame because it set 'X-Frame-Options' to '", xFrameOptions, "'.");
+            send(Messages::WebPage::AddConsoleMessage { m_parameters.webFrameID,  MessageSource::Security, MessageLevel::Error, errorMessage, identifier() }, m_parameters.webPageID);
+            return true;
+        }
+    }
+
+    return shouldInterruptNavigationForCrossOriginEmbedderPolicy(m_response);
+}
+
+bool NetworkResourceLoader::shouldInterruptNavigationForCrossOriginEmbedderPolicy(const ResourceResponse& response)
+{
+    ASSERT(isMainResource());
+
+    // https://html.spec.whatwg.org/multipage/origin.html#check-a-navigation-response's-adherence-to-its-embedder-policy
+    if (m_parameters.parentCrossOriginEmbedderPolicy.value != WebCore::CrossOriginEmbedderPolicyValue::UnsafeNone && m_parameters.sourceOrigin) {
+        auto responseCOEP = WebCore::obtainCrossOriginEmbedderPolicy(response, m_parameters.sourceOrigin->isPotentiallyTrustworthy() ? IsSecureContext::Yes : IsSecureContext::No);
+        if (responseCOEP.value != WebCore::CrossOriginEmbedderPolicyValue::RequireCORP) {
+            String errorMessage = makeString("Refused to display '", response.url().stringCenterEllipsizedToLength(), "' in a frame because of Cross-Origin-Embedder-Policy.");
+            send(Messages::WebPage::AddConsoleMessage { m_parameters.webFrameID,  MessageSource::Security, MessageLevel::Error, errorMessage, identifier() }, m_parameters.webPageID);
+            return true;
+        }
+    }
+    return false;
+}
+
+bool NetworkResourceLoader::shouldInterruptWorkerLoadForCrossOriginEmbedderPolicy(const ResourceResponse& response)
+{
+    if (m_parameters.options.destination != FetchOptions::Destination::Worker)
+        return false;
+
+    if (m_parameters.crossOriginEmbedderPolicy.value != WebCore::CrossOriginEmbedderPolicyValue::UnsafeNone && m_parameters.sourceOrigin) {
+        auto responseCOEP = WebCore::obtainCrossOriginEmbedderPolicy(response, m_parameters.sourceOrigin->isPotentiallyTrustworthy() ? IsSecureContext::Yes : IsSecureContext::No);
+        if (responseCOEP.value != WebCore::CrossOriginEmbedderPolicyValue::RequireCORP) {
+            String errorMessage = makeString("Refused to load '", response.url().stringCenterEllipsizedToLength(), "' worker because of Cross-Origin-Embedder-Policy.");
             send(Messages::WebPage::AddConsoleMessage { m_parameters.webFrameID,  MessageSource::Security, MessageLevel::Error, errorMessage, identifier() }, m_parameters.webPageID);
             return true;
@@ -624 +659 @@
         auto response = sanitizeResponseIfPossible(ResourceResponse { m_response }, ResourceResponse::SanitizationType::CrossOriginSafe);
         send(Messages::WebResourceLoader::StopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied { response });
+        return completionHandler(PolicyAction::Ignore);
+    }
+
+    // https://html.spec.whatwg.org/multipage/origin.html#check-a-global-object's-embedder-policy
+    if (shouldInterruptWorkerLoadForCrossOriginEmbedderPolicy(m_response)) {
+        LOADER_RELEASE_LOG_ERROR("didReceiveResponse: Interrupting worker load due to Cross-Origin-Opener-Policy");
+        RunLoop::main().dispatch([protectedThis = makeRef(*this), url = m_response.url()] {
+            if (protectedThis->m_networkLoad)
+                protectedThis->didFailLoading(ResourceError { errorDomainWebKitInternal, 0, url, "Worker load was blocked by Cross-Origin-Embedder-Policy"_s, ResourceError::Type::AccessControl });
+        });
         return completionHandler(PolicyAction::Ignore);
     }
@@ -834 +879 @@
     if (redirectResponse.source() == ResourceResponse::Source::Network && canUseCachedRedirect(request))
         m_cache->storeRedirect(request, redirectResponse, redirectRequest, maxAgeCap);
+
+    if (isMainResource() && shouldInterruptNavigationForCrossOriginEmbedderPolicy(redirectResponse)) {
+        this->didFailLoading(ResourceError { errorDomainWebKitInternal, 0, redirectRequest.url(), "Redirection was blocked by Cross-Origin-Embedder-Policy"_s, ResourceError::Type::AccessControl });
+        return;
+    }
 
     if (m_networkLoadChecker) {

trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h

@@ -164 +164 @@
     bool shouldInterruptLoadForXFrameOptions(const String&, const URL&);
     bool shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(const WebCore::ResourceResponse&);
+    bool shouldInterruptNavigationForCrossOriginEmbedderPolicy(const WebCore::ResourceResponse&);
+    bool shouldInterruptWorkerLoadForCrossOriginEmbedderPolicy(const WebCore::ResourceResponse&);
 
     enum class FirstLoad { No, Yes };

trunk/Source/WebKit/NetworkProcess/PingLoad.cpp

@@ -46 +46 @@
     , m_completionHandler(WTFMove(completionHandler))
     , m_timeoutTimer(*this, &PingLoad::timeoutTimerFired)
-    , m_networkLoadChecker(makeUniqueRef<NetworkLoadChecker>(networkProcess, nullptr, nullptr, FetchOptions { m_parameters.options}, m_sessionID, m_parameters.webPageProxyID, WTFMove(m_parameters.originalRequestHeaders), URL { m_parameters.request.url() }, URL { m_parameters.documentURL }, m_parameters.sourceOrigin.copyRef(), m_parameters.topOrigin.copyRef(), m_parameters.preflightPolicy, m_parameters.request.httpReferrer()))
+    , m_networkLoadChecker(makeUniqueRef<NetworkLoadChecker>(networkProcess, nullptr, nullptr, FetchOptions { m_parameters.options}, m_sessionID, m_parameters.webPageProxyID, WTFMove(m_parameters.originalRequestHeaders), URL { m_parameters.request.url() }, URL { m_parameters.documentURL }, m_parameters.sourceOrigin.copyRef(), m_parameters.topOrigin.copyRef(), m_parameters.parentOrigin(), m_parameters.preflightPolicy, m_parameters.request.httpReferrer()))
 {
     initialize(networkProcess);
@@ -56 +56 @@
     , m_completionHandler(WTFMove(completionHandler))
     , m_timeoutTimer(*this, &PingLoad::timeoutTimerFired)
-    , m_networkLoadChecker(makeUniqueRef<NetworkLoadChecker>(connection.networkProcess(), nullptr,  &connection.schemeRegistry(), FetchOptions { m_parameters.options}, m_sessionID, m_parameters.webPageProxyID, WTFMove(m_parameters.originalRequestHeaders), URL { m_parameters.request.url() }, URL { m_parameters.documentURL }, m_parameters.sourceOrigin.copyRef(), m_parameters.topOrigin.copyRef(), m_parameters.preflightPolicy, m_parameters.request.httpReferrer()))
+    , m_networkLoadChecker(makeUniqueRef<NetworkLoadChecker>(connection.networkProcess(), nullptr,  &connection.schemeRegistry(), FetchOptions { m_parameters.options}, m_sessionID, m_parameters.webPageProxyID, WTFMove(m_parameters.originalRequestHeaders), URL { m_parameters.request.url() }, URL { m_parameters.documentURL }, m_parameters.sourceOrigin.copyRef(), m_parameters.topOrigin.copyRef(), m_parameters.parentOrigin(), m_parameters.preflightPolicy, m_parameters.request.httpReferrer()))
     , m_blobFiles(connection.resolveBlobReferences(m_parameters))
 {
@@ -72 +72 @@
     if (m_parameters.cspResponseHeaders)
         m_networkLoadChecker->setCSPResponseHeaders(WTFMove(m_parameters.cspResponseHeaders.value()));
+    m_networkLoadChecker->setParentCrossOriginEmbedderPolicy(m_parameters.parentCrossOriginEmbedderPolicy);
+    m_networkLoadChecker->setCrossOriginEmbedderPolicy(m_parameters.crossOriginEmbedderPolicy);
 #if ENABLE(CONTENT_EXTENSIONS)
     m_networkLoadChecker->setContentExtensionController(WTFMove(m_parameters.mainDocumentURL), m_parameters.userContentControllerIdentifier);

trunk/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp

@@ -146 +146 @@
     softUpdateIfNeeded();
 
+    if (m_loader.parameters().options.mode == FetchOptions::Mode::Navigate) {
+        if (auto parentOrigin = m_loader.parameters().parentOrigin()) {
+            if (auto error = validateCrossOriginResourcePolicy(m_loader.parameters().parentCrossOriginEmbedderPolicy.value, *parentOrigin, m_currentRequest.url(), response, ForNavigation::Yes)) {
+                didFail(*error);
+                return;
+            }
+        }
+    }
+    if (m_loader.parameters().options.mode == FetchOptions::Mode::NoCors) {
+        if (auto error = validateCrossOriginResourcePolicy(m_loader.parameters().crossOriginEmbedderPolicy.value, *m_loader.parameters().sourceOrigin, m_currentRequest.url(), response, ForNavigation::No)) {
+            didFail(*error);
+            return;
+        }
+    }
+
     response.setSource(ResourceResponse::Source::ServiceWorker);
     sendToClient(Messages::WebResourceLoader::DidReceiveResponse { response, needsContinueDidReceiveResponseMessage });

trunk/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp

@@ -170 +170 @@
 
     m_contentSecurityPolicy = ContentSecurityPolicyResponseHeaders { response };
+    // Service workers are always secure contexts.
+    m_crossOriginEmbedderPolicy = obtainCrossOriginEmbedderPolicy(response, IsSecureContext::Yes);
     m_referrerPolicy = response.httpHeaderField(HTTPHeaderName::ReferrerPolicy);
     m_responseEncoding = response.textEncodingName();
@@ -193 +195 @@
     if (m_decoder)
         m_script.append(m_decoder->flush());
-    m_completionHandler({ m_jobData.identifier(), m_jobData.registrationKey(), ScriptBuffer { m_script.toString() }, m_certificateInfo, m_contentSecurityPolicy, m_referrerPolicy, { } });
+    m_completionHandler({ m_jobData.identifier(), m_jobData.registrationKey(), ScriptBuffer { m_script.toString() }, m_certificateInfo, m_contentSecurityPolicy, m_crossOriginEmbedderPolicy, m_referrerPolicy, { } });
     didComplete();
 }

trunk/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h

@@ -31 +31 @@
 #include "NetworkLoadClient.h"
 #include <WebCore/ContentSecurityPolicyResponseHeaders.h>
+#include <WebCore/CrossOriginEmbedderPolicy.h>
 #include <WebCore/FetchOptions.h>
 #include <WebCore/ServiceWorkerJobData.h>
@@ -82 +83 @@
     String m_referrerPolicy;
     WebCore::ContentSecurityPolicyResponseHeaders m_contentSecurityPolicy;
+    WebCore::CrossOriginEmbedderPolicy m_crossOriginEmbedderPolicy;
 
     std::unique_ptr<NetworkCache::Entry> m_cacheEntry;

trunk/Source/WebKit/NetworkProcess/cache/CacheStorageEngineCache.cpp

@@ -34 +34 @@
 #include "WebCoreArgumentCoders.h"
 #include <WebCore/CacheQueryOptions.h>
+#include <WebCore/CrossOriginAccessControl.h>
 #include <WebCore/HTTPParsers.h>
 #include <WebCore/RetrieveRecordsOptions.h>
@@ -287 +288 @@
     ASSERT(m_state == State::Open);
 
-    auto taskCounter = ReadRecordTaskCounter::create([caches = makeRef(m_caches), identifier = m_identifier, shouldProvideResponse = options.shouldProvideResponse, callback = WTFMove(callback)](Vector<Record>&& records, Vector<uint64_t>&& failedRecordIdentifiers) mutable {
+    auto taskCounter = ReadRecordTaskCounter::create([caches = makeRef(m_caches), identifier = m_identifier, options, callback = WTFMove(callback)](Vector<Record>&& records, Vector<uint64_t>&& failedRecordIdentifiers) mutable {
         auto* cache = caches->find(identifier);
         if (cache)
             cache->removeFromRecordList(failedRecordIdentifiers);
 
-        if (!shouldProvideResponse) {
+        // https://w3c.github.io/ServiceWorker/#dom-cache-matchall (Step 5.4)
+        for (auto& record : records) {
+            if (record.response.type() != ResourceResponse::Type::Opaque)
+                continue;
+
+            if (validateCrossOriginResourcePolicy(options.crossOriginEmbedderPolicy.value, options.sourceOrigin, record.request.url(), record.response, ForNavigation::No)) {
+                callback(makeUnexpected(DOMCacheEngine::Error::CORP));
+                return;
+            }
+        }
+
+        if (!options.shouldProvideResponse) {
             for (auto& record : records) {
                 record.response = { };

trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp

@@ -277 +277 @@
         return;
 
+    if (auto* document = frame->document())
+        parameters.crossOriginEmbedderPolicy = document->crossOriginEmbedderPolicy();
+
     if (auto* page = frame->page()) {
         parameters.pageHasResourceLoadClient = page->hasResourceLoadClient();
@@ -284 +287 @@
 
     if (auto* ownerElement = frame->ownerElement()) {
-        if (auto* parentFrame = ownerElement->document().frame())
+        if (auto* parentFrame = ownerElement->document().frame()) {
             parameters.parentFrameID = parentFrame->loader().frameID();
+            parameters.parentCrossOriginEmbedderPolicy = ownerElement->document().crossOriginEmbedderPolicy();
+        }
     }
 }
@@ -337 +342 @@
             loadParameters.cspResponseHeaders = contentSecurityPolicy->responseHeaders();
     }
+
+    if (resourceLoader.options().crossOriginEmbedderPolicy)
+        loadParameters.crossOriginEmbedderPolicy = *resourceLoader.options().crossOriginEmbedderPolicy;
     
 #if ENABLE(APP_BOUND_DOMAINS) || ENABLE(CONTENT_EXTENSIONS)

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm

@@ -1944 +1944 @@
 
     NSURL* directory = [NSURL fileURLWithPath:path isDirectory:YES];
-    NSURL *swDBPath = [directory URLByAppendingPathComponent:@"ServiceWorkerRegistrations-6.sqlite3"];
+    NSURL *swDBPath = [directory URLByAppendingPathComponent:@"ServiceWorkerRegistrations-7.sqlite3"];
 
     EXPECT_TRUE([[NSFileManager defaultManager] fileExistsAtPath:swDBPath.path]);
@@ -1971 +1971 @@
 
     [[NSFileManager defaultManager] createDirectoryAtURL:swPath withIntermediateDirectories:YES attributes:nil error:nil];
-    [[NSFileManager defaultManager] copyItemAtURL:url1 toURL:[swPath URLByAppendingPathComponent:@"ServiceWorkerRegistrations-6.sqlite3"] error:nil];
+    [[NSFileManager defaultManager] copyItemAtURL:url1 toURL:[swPath URLByAppendingPathComponent:@"ServiceWorkerRegistrations-7.sqlite3"] error:nil];
 
     auto websiteDataStoreConfiguration = adoptNS([[_WKWebsiteDataStoreConfiguration alloc] init]);
@@ -2380 +2380 @@
 
     unsigned timeout = 0;
-    while (![[NSFileManager defaultManager] fileExistsAtPath:[swPath URLByAppendingPathComponent:@"ServiceWorkerRegistrations-6.sqlite3"].path] && ++timeout < 20)
+    while (![[NSFileManager defaultManager] fileExistsAtPath:[swPath URLByAppendingPathComponent:@"ServiceWorkerRegistrations-7.sqlite3"].path] && ++timeout < 20)
         TestWebKitAPI::Util::sleep(0.1);
-    EXPECT_TRUE([[NSFileManager defaultManager] fileExistsAtPath:[swPath URLByAppendingPathComponent:@"ServiceWorkerRegistrations-6.sqlite3"].path]);
+    EXPECT_TRUE([[NSFileManager defaultManager] fileExistsAtPath:[swPath URLByAppendingPathComponent:@"ServiceWorkerRegistrations-7.sqlite3"].path]);
 
     // Fetch SW records