Changeset 284819 in webkit

Timestamp:

Oct 25, 2021, 1:24:45 PM (4 years ago)

Author:

Kate Cheney

Message:

[App Privacy Report] CORS preflight requests attributed incorrectly
​https://bugs.webkit.org/show_bug.cgi?id=232221
<rdar://problem/84116159>

Reviewed by Brent Fulgham.

Source/WebKit:

HTTP redirects should already be marked as app-initiated or not based
on the NSURLRequest that initiated the redirect, either because the
same NSURLRequest is used or because it is set in the completion
handler of the networkDataTask->willPerformHTTPRedirection call in
NetworkSessionCocoa.

However, checking the request before calling the completion handler
can initiate CORS preflight checks that create loads that are incorrectly
marked for App Privacy Report. This patch sets the app initiated value
in the ResourceRequest object before the new NetworkDataTask is created to fix this.

• NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):

LayoutTests:

Layout test coverage.

• http/tests/app-privacy-report/app-attribution-cors-preflight-redirect-expected.txt: Added.
• http/tests/app-privacy-report/app-attribution-cors-preflight-redirect.html: Added.
• http/tests/app-privacy-report/resources/cors-preflight.py: Added.
• http/tests/app-privacy-report/resources/redirect-with-cors-preflight-check.py: Added.
• http/tests/app-privacy-report/user-attribution-cors-preflight-redirect-expected.txt: Added.
• http/tests/app-privacy-report/user-attribution-cors-preflight-redirect.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/app-privacy-report/app-attribution-cors-preflight-redirect-expected.txt (added)
• LayoutTests/http/tests/app-privacy-report/app-attribution-cors-preflight-redirect.html (added)
• LayoutTests/http/tests/app-privacy-report/resources/cors-preflight.py (added)
• LayoutTests/http/tests/app-privacy-report/resources/redirect-with-cors-preflight-check.py (added)
• LayoutTests/http/tests/app-privacy-report/user-attribution-cors-preflight-redirect-expected.txt (added)
• LayoutTests/http/tests/app-privacy-report/user-attribution-cors-preflight-redirect.html (added)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2021-10-25  Kate Cheney  <katherine_cheney@apple.com>
+
+        [App Privacy Report] CORS preflight requests attributed incorrectly
+        https://bugs.webkit.org/show_bug.cgi?id=232221
+        <rdar://problem/84116159>
+
+        Reviewed by Brent Fulgham.
+
+        Layout test coverage.
+
+        * http/tests/app-privacy-report/app-attribution-cors-preflight-redirect-expected.txt: Added.
+        * http/tests/app-privacy-report/app-attribution-cors-preflight-redirect.html: Added.
+        * http/tests/app-privacy-report/resources/cors-preflight.py: Added.
+        * http/tests/app-privacy-report/resources/redirect-with-cors-preflight-check.py: Added.
+        * http/tests/app-privacy-report/user-attribution-cors-preflight-redirect-expected.txt: Added.
+        * http/tests/app-privacy-report/user-attribution-cors-preflight-redirect.html: Added.
+
 2021-10-25  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2021-10-25  Kate Cheney  <katherine_cheney@apple.com>
+
+        [App Privacy Report] CORS preflight requests attributed incorrectly
+        https://bugs.webkit.org/show_bug.cgi?id=232221
+        <rdar://problem/84116159>
+
+        Reviewed by Brent Fulgham.
+
+        HTTP redirects should already be marked as app-initiated or not based
+        on the NSURLRequest that initiated the redirect, either because the
+        same NSURLRequest is used or because it is set in the completion
+        handler of the networkDataTask->willPerformHTTPRedirection call in
+        NetworkSessionCocoa.
+
+        However, checking the request before calling the completion handler
+        can initiate CORS preflight checks that create loads that are incorrectly
+        marked for App Privacy Report. This patch sets the app initiated value
+        in the ResourceRequest object before the new NetworkDataTask is created to fix this.
+
+        * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+        (WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
+
 2021-10-25  Wenson Hsieh  <wenson_hsieh@apple.com>
 

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm

@@ -520 +520 @@
         request.setFirstPartyForCookies(request.url());
 
+#if ENABLE(APP_PRIVACY_REPORT)
+    request.setIsAppInitiated(request.nsURLRequest(WebCore::HTTPBodyUpdatePolicy::DoNotUpdateHTTPBody).attribution == NSURLRequestAttributionDeveloper);
+#endif
+
 #if ENABLE(INTELLIGENT_TRACKING_PREVENTION)
 #if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)