Changeset 260962 in webkit


Ignore:
Timestamp:
Apr 30, 2020, 1:03:26 PM (5 years ago)
Author:
commit-queue@webkit.org
Message:

Add SPI to change a WKWebView's CORS disabling pattern after initialization
https://bugs.webkit.org/show_bug.cgi?id=211211
<rdar://problem/61837474>

Patch by Alex Christensen <achristensen@webkit.org> on 2020-04-30
Reviewed by Chris Dumez.

Source/WebCore:

  • page/Page.h:

(WebCore::Page::setCORSDisablingPatterns):

Source/WebKit:

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _corsDisablingPatterns]):
(-[WKWebView _setCORSDisablingPatterns:]):

  • UIProcess/API/Cocoa/WKWebViewPrivate.h:
  • UIProcess/WebPageProxy.cpp:
  • UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::corsDisablingPatterns const):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::parseAndAllowAccessToCORSDisablingPatterns):
(WebKit::m_isNavigatingToAppBoundDomain):
(WebKit::WebPage::updateCORSDisablingPatterns):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:

Tools:

  • TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
Location:
trunk
Files:
12 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r260960 r260962  
     12020-04-30  Alex Christensen  <achristensen@webkit.org>
     2
     3        Add SPI to change a WKWebView's CORS disabling pattern after initialization
     4        https://bugs.webkit.org/show_bug.cgi?id=211211
     5        <rdar://problem/61837474>
     6
     7        Reviewed by Chris Dumez.
     8
     9        * page/Page.h:
     10        (WebCore::Page::setCORSDisablingPatterns):
     11
    1122020-04-30  Chris Dumez  <cdumez@apple.com>
    213

  • trunk/Source/WebCore/page/Page.h

    r260684 r260962  
    522522    double customHTMLTokenizerTimeDelay() const;
    523523
     524    void setCORSDisablingPatterns(Vector<UserContentURLPattern>&& patterns) { m_corsDisablingPatterns = WTFMove(patterns); }
     525
    524526    WEBCORE_EXPORT void setMemoryCacheClientCallsEnabled(bool);
    525527    bool areMemoryCacheClientCallsEnabled() const { return m_areMemoryCacheClientCallsEnabled; }

  • trunk/Source/WebKit/ChangeLog

    r260952 r260962  
     12020-04-30  Alex Christensen  <achristensen@webkit.org>
     2
     3        Add SPI to change a WKWebView's CORS disabling pattern after initialization
     4        https://bugs.webkit.org/show_bug.cgi?id=211211
     5        <rdar://problem/61837474>
     6
     7        Reviewed by Chris Dumez.
     8
     9        * UIProcess/API/Cocoa/WKWebView.mm:
     10        (-[WKWebView _corsDisablingPatterns]):
     11        (-[WKWebView _setCORSDisablingPatterns:]):
     12        * UIProcess/API/Cocoa/WKWebViewPrivate.h:
     13        * UIProcess/WebPageProxy.cpp:
     14        * UIProcess/WebPageProxy.h:
     15        (WebKit::WebPageProxy::corsDisablingPatterns const):
     16        * WebProcess/WebPage/WebPage.cpp:
     17        (WebKit::parseAndAllowAccessToCORSDisablingPatterns):
     18        (WebKit::m_isNavigatingToAppBoundDomain):
     19        (WebKit::WebPage::updateCORSDisablingPatterns):
     20        * WebProcess/WebPage/WebPage.h:
     21        * WebProcess/WebPage/WebPage.messages.in:
     22
    1232020-04-30  Daniel Bates  <dabates@apple.com>
    224

  • trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm

    r260865 r260962  
    28132813}
    28142814
     2815- (NSArray<NSString *> *)_corsDisablingPatterns
     2816{
     2817    return createNSArray(_page->corsDisablingPatterns()).autorelease();
     2818}
     2819
     2820- (void)_setCORSDisablingPatterns:(NSArray<NSString *> *)patterns
     2821{
     2822    _page->setCORSDisablingPatterns(makeVector<String>(patterns));
     2823}
     2824
    28152825- (void)_getProcessDisplayNameWithCompletionHandler:(void (^)(NSString *))completionHandler
    28162826{

  • trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h

    r260334 r260962  
    222222@property (nonatomic, setter=_setViewScale:) CGFloat _viewScale WK_API_AVAILABLE(macos(10.11), ios(9.0));
    223223
     224@property (nonatomic, copy, setter=_setCORSDisablingPatterns:) NSArray<NSString *> *_corsDisablingPatterns WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
     225
    224226@property (nonatomic, setter=_setMinimumEffectiveDeviceWidth:) CGFloat _minimumEffectiveDeviceWidth WK_API_AVAILABLE(macos(10.14.4), ios(12.2));
    225227

  • trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

    r260932 r260962  
    484484    , m_resetRecentCrashCountTimer(RunLoop::main(), this, &WebPageProxy::resetRecentCrashCount)
    485485    , m_tryCloseTimeoutTimer(RunLoop::main(), this, &WebPageProxy::tryCloseTimedOut)
     486    , m_corsDisablingPatterns(m_configuration->corsDisablingPatterns())
    486487#if PLATFORM(COCOA)
    487488    , m_ignoresAppBoundDomains(m_configuration->ignoresAppBoundDomains() || WTF::processHasEntitlement("com.apple.private.applemediaservices"))
     
    78237824
    78247825    parameters.overriddenMediaType = m_overriddenMediaType;
    7825     parameters.corsDisablingPatterns = m_configuration->corsDisablingPatterns();
     7826    parameters.corsDisablingPatterns = corsDisablingPatterns();
    78267827    parameters.userScriptsShouldWaitUntilNotification = m_configuration->userScriptsShouldWaitUntilNotification();
    78277828    parameters.loadsFromNetwork = m_configuration->loadsFromNetwork();
     
    1008610087}
    1008710088
     10089void WebPageProxy::setCORSDisablingPatterns(Vector<String>&& patterns)
     10090{
     10091    m_corsDisablingPatterns = WTFMove(patterns);
     10092    send(Messages::WebPage::UpdateCORSDisablingPatterns(m_corsDisablingPatterns));
     10093}
     10094
    1008810095void WebPageProxy::setOverriddenMediaType(const String& mediaType)
    1008910096{

  • trunk/Source/WebKit/UIProcess/WebPageProxy.h

    r260857 r260962  
    17141714    void setOverriddenMediaType(const String&);
    17151715
     1716    void setCORSDisablingPatterns(Vector<String>&&);
     1717    const Vector<String>& corsDisablingPatterns() const { return m_corsDisablingPatterns; }
     1718
    17161719    void getProcessDisplayName(CompletionHandler<void(String&&)>&&);
    17171720
     
    27912794    String m_overriddenMediaType;
    27922795
     2796    Vector<String> m_corsDisablingPatterns;
     2797
    27932798    struct InjectedBundleMessage {
    27942799        String messageName;

  • trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp

    r260932 r260962  
    394394}
    395395
     396static Vector<UserContentURLPattern> parseAndAllowAccessToCORSDisablingPatterns(Vector<String>&& input)
     397{
     398    Vector<UserContentURLPattern> parsedPatterns;
     399    parsedPatterns.reserveInitialCapacity(input.size());
     400    for (auto&& pattern : WTFMove(input)) {
     401        UserContentURLPattern parsedPattern(WTFMove(pattern));
     402        if (parsedPattern.isValid()) {
     403            WebCore::SecurityPolicy::allowAccessTo(parsedPattern);
     404            parsedPatterns.uncheckedAppend(WTFMove(parsedPattern));
     405        }
     406    }
     407    parsedPatterns.shrinkToFit();
     408    return parsedPatterns;
     409}
     410
    396411WebPage::WebPage(PageIdentifier pageID, WebPageCreationParameters&& parameters)
    397412    : m_identifier(pageID)
     
    531546    pageConfiguration.deviceOrientationUpdateProvider = WebDeviceOrientationUpdateProvider::create(*this);
    532547#endif
    533 
    534     Vector<UserContentURLPattern> parsedPatterns;
    535     parsedPatterns.reserveInitialCapacity(parameters.corsDisablingPatterns.size());
    536     for (auto&& pattern : WTFMove(parameters.corsDisablingPatterns)) {
    537         UserContentURLPattern parsedPattern(WTFMove(pattern));
    538         if (parsedPattern.isValid()) {
    539             WebCore::SecurityPolicy::allowAccessTo(parsedPattern);
    540             parsedPatterns.uncheckedAppend(WTFMove(parsedPattern));
    541         }
    542     }
    543     parsedPatterns.shrinkToFit();
    544548   
    545     pageConfiguration.corsDisablingPatterns = WTFMove(parsedPatterns);
     549    pageConfiguration.corsDisablingPatterns = parseAndAllowAccessToCORSDisablingPatterns(WTFMove(parameters.corsDisablingPatterns));
    546550    pageConfiguration.userScriptsShouldWaitUntilNotification = parameters.userScriptsShouldWaitUntilNotification;
    547551    pageConfiguration.loadsSubresources = parameters.loadsSubresources;
     
    70517055}
    70527056
     7057void WebPage::updateCORSDisablingPatterns(Vector<String>&& patterns)
     7058{
     7059    if (m_page)
     7060        m_page->setCORSDisablingPatterns(parseAndAllowAccessToCORSDisablingPatterns(WTFMove(patterns)));
     7061}
     7062
    70537063bool WebPage::shouldUseRemoteRenderingFor(RenderingPurpose purpose)
    70547064{

  • trunk/Source/WebKit/WebProcess/WebPage/WebPage.h

    r260857 r260962  
    13021302    void setOverriddenMediaType(const String&);
    13031303
     1304    void updateCORSDisablingPatterns(Vector<String>&&);
     1305
    13041306    void getProcessDisplayName(CompletionHandler<void(String&&)>&&);
    13051307

  • trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in

    r260857 r260962  
    602602    GetProcessDisplayName() -> (String displayName) Async
    603603
     604    UpdateCORSDisablingPatterns(Vector<String> patterns)
     605
    604606    SetShouldFireEvents(bool shouldFireEvents)
    605607    SetNeedsDOMWindowResizeEvent()

  • trunk/Tools/ChangeLog

    r260961 r260962  
     12020-04-30  Alex Christensen  <achristensen@webkit.org>
     2
     3        Add SPI to change a WKWebView's CORS disabling pattern after initialization
     4        https://bugs.webkit.org/show_bug.cgi?id=211211
     5        <rdar://problem/61837474>
     6
     7        Reviewed by Chris Dumez.
     8
     9        * TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
     10
    1112020-04-30  Alex Christensen  <achristensen@webkit.org>
    212

  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm

    r259772 r260962  
    849849    [configuration setURLSchemeHandler:handler.get() forURLScheme:@"cors"];
    850850
     851    NSString *testJS = [NSString stringWithFormat:
     852        @"fetch('http://127.0.0.1:%d/subresource').then(function(r){"
     853            "r.json().then(function(object) {"
     854                "if (object.testkey == 'testvalue') {"
     855                    "fetch('/corssuccess')"
     856                "} else {"
     857                    "fetch('/corsfailure')"
     858                "}"
     859            "}).catch(function(){fetch('/corsfailure')})"
     860        "}).catch(function(){fetch('/corsfailure')})"
     861        , server.port()];
     862
    851863    [handler setStartURLSchemeTaskHandler:[&](WKWebView *, id<WKURLSchemeTask> task) {
    852864        if ([task.request.URL.path isEqualToString:@"/main.html"]) {
    853865            NSData *data = [[NSString stringWithFormat:
    854                 @"<script>"
    855                     "fetch('http://127.0.0.1:%d/subresource').then(function(r){"
    856                         "r.json().then(function(object) {"
    857                             "if (object.testkey == 'testvalue') {"
    858                                 "fetch('/corssuccess')"
    859                             "} else {"
    860                                 "fetch('/corsfailure')"
    861                             "}"
    862                         "}).catch(function(){fetch('/corsfailure')})"
    863                     "}).catch(function(){fetch('/corsfailure')})"
    864                 "</script>", server.port()] dataUsingEncoding:NSUTF8StringEncoding];
     866                @"<script>%@</script>", testJS] dataUsingEncoding:NSUTF8StringEncoding];
    865867            [task didReceiveResponse:[[[NSURLResponse alloc] initWithURL:task.request.URL MIMEType:@"text/html" expectedContentLength:data.length textEncodingName:nil] autorelease]];
    866868            [task didReceiveData:data];
     
    889891
    890892    configuration._corsDisablingPatterns = @[@"*://*/*"];
    891     {
    892         auto webView = adoptNS([[WKWebView alloc] initWithFrame:CGRectMake(0, 0, 800, 600) configuration:configuration]);
    893         [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"cors://host1/main.html"]]];
    894         TestWebKitAPI::Util::run(&done);
    895     }
     893    auto webView = adoptNS([[WKWebView alloc] initWithFrame:CGRectMake(0, 0, 800, 600) configuration:configuration]);
     894    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"cors://host1/main.html"]]];
     895    TestWebKitAPI::Util::run(&done);
     896    EXPECT_TRUE(corssuccess);
     897    EXPECT_FALSE(corsfailure);
     898
     899    corssuccess = false;
     900    corsfailure = false;
     901    done = false;
     902
     903    webView.get()._corsDisablingPatterns = @[];
     904    [webView evaluateJavaScript:testJS completionHandler:nil];
     905    TestWebKitAPI::Util::run(&done);
     906    EXPECT_FALSE(corssuccess);
     907    EXPECT_TRUE(corsfailure);
     908
     909    corssuccess = false;
     910    corsfailure = false;
     911    done = false;
     912
     913    webView.get()._corsDisablingPatterns = @[@"*://*/*"];
     914    [webView evaluateJavaScript:testJS completionHandler:nil];
     915    TestWebKitAPI::Util::run(&done);
    896916    EXPECT_TRUE(corssuccess);
    897917    EXPECT_FALSE(corsfailure);
Note: See TracChangeset for help on using the changeset viewer.