Changeset 232217 in webkit

Timestamp:

May 25, 2018 5:06:08 PM (6 years ago)

Author:

youenn@apple.com

Message:

Migrate From-Origin to Cross-Origin-Resource-Policy
​https://bugs.webkit.org/show_bug.cgi?id=185840

Reviewed by Chris Dumez.

Source/WebCore:

Tests: http/wpt/cross-origin-resource-policy/fetch-in-iframe.html

http/wpt/cross-origin-resource-policy/fetch.html
http/wpt/cross-origin-resource-policy/iframe-loads.html
http/wpt/cross-origin-resource-policy/image-loads.html
http/wpt/cross-origin-resource-policy/script-loads.html

• platform/network/HTTPHeaderNames.in:
• platform/network/HTTPParsers.cpp:

(WebCore::parseCrossOriginResourcePolicyHeader):

• platform/network/HTTPParsers.h:

Source/WebKit:

Do Cross-Origin-Resource-Policy (CORP) checks in NetworkLoadChecker instead of NetworkResourceLoader directly.
Make sure CORP only applies to no-cors loads.
Remove ancestor checks and only consider the document origin making the load.
This means that in case of cross-origin redirection to same-origin, the redirection will be CORP-checked,
the final response will not be CORP-checked but will be opaque.

• NetworkProcess/NetworkLoadChecker.cpp:

(WebKit::NetworkLoadChecker::validateCrossOriginResourcePolicyPolicy):
(WebKit::NetworkLoadChecker::validateResponse):

• NetworkProcess/NetworkLoadChecker.h:
• NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::retrieveCacheEntry):
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest):
(WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
(WebKit::NetworkResourceLoader::dispatchWillSendRequestForCacheEntry):

• NetworkProcess/NetworkResourceLoader.h:
• WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
Send ancestor information for navigation loads only.

LayoutTests:

Migrating From-Origin tests to Cross-Origin-Resource-Policy tests.
Given the scope of the header is reduced to no-cors and no ancestor checks,
We cover the new header with fetch/image/script loads.

• TestExpectations:
• http/tests/from-origin: Removed.
• http/wpt/cross-origin-resource-policy/fetch-expected.txt: Added.
• http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt: Added.
• http/wpt/cross-origin-resource-policy/fetch-in-iframe.html: Added.
• http/wpt/cross-origin-resource-policy/fetch.html: Added.
• http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt: Added.
• http/wpt/cross-origin-resource-policy/iframe-loads.html: Added.
• http/wpt/cross-origin-resource-policy/image-loads-expected.txt: Added.
• http/wpt/cross-origin-resource-policy/image-loads.html: Added.
• http/wpt/cross-origin-resource-policy/resources/green.png: Added.
• http/wpt/cross-origin-resource-policy/resources/hello.py: Added.
• http/wpt/cross-origin-resource-policy/resources/iframe.py: Added.
• http/wpt/cross-origin-resource-policy/resources/iframeFetch.html: Added.
• http/wpt/cross-origin-resource-policy/resources/image.py: Added.
• http/wpt/cross-origin-resource-policy/resources/redirect.py: Added.
• http/wpt/cross-origin-resource-policy/resources/script.py: Added.
• http/wpt/cross-origin-resource-policy/script-loads-expected.txt: Added.
• http/wpt/cross-origin-resource-policy/script-loads.html: Added.
• platform/wk2/TestExpectations:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/TestExpectations (modified) (1 diff)
• LayoutTests/http/tests/from-origin (deleted)
• LayoutTests/http/wpt/cross-origin-resource-policy (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/fetch-expected.txt (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe.html (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/fetch.html (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads.html (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/image-loads-expected.txt (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/image-loads.html (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/resources (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/resources/green.png (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/resources/hello.py (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframe.py (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframeFetch.html (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/resources/image.py (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/resources/redirect.py (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/resources/script.py (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/script-loads-expected.txt (added)
• LayoutTests/http/wpt/cross-origin-resource-policy/script-loads.html (added)
• LayoutTests/platform/wk2/TestExpectations (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/platform/network/HTTPHeaderNames.in (modified) (2 diffs)
• Source/WebCore/platform/network/HTTPParsers.cpp (modified) (1 diff)
• Source/WebCore/platform/network/HTTPParsers.h (modified) (2 diffs)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (modified) (2 diffs)
• Source/WebKit/NetworkProcess/NetworkLoadChecker.h (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (modified) (4 diffs)
• Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2018-05-25  Youenn Fablet  <youenn@apple.com>
+
+        Migrate From-Origin to Cross-Origin-Resource-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=185840
+
+        Reviewed by Chris Dumez.
+
+        Migrating From-Origin tests to Cross-Origin-Resource-Policy tests.
+        Given the scope of the header is reduced to no-cors and no ancestor checks,
+        We cover the new header with fetch/image/script loads.
+
+        * TestExpectations:
+        * http/tests/from-origin: Removed.
+        * http/wpt/cross-origin-resource-policy/fetch-expected.txt: Added.
+        * http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt: Added.
+        * http/wpt/cross-origin-resource-policy/fetch-in-iframe.html: Added.
+        * http/wpt/cross-origin-resource-policy/fetch.html: Added.
+        * http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt: Added.
+        * http/wpt/cross-origin-resource-policy/iframe-loads.html: Added.
+        * http/wpt/cross-origin-resource-policy/image-loads-expected.txt: Added.
+        * http/wpt/cross-origin-resource-policy/image-loads.html: Added.
+        * http/wpt/cross-origin-resource-policy/resources/green.png: Added.
+        * http/wpt/cross-origin-resource-policy/resources/hello.py: Added.
+        * http/wpt/cross-origin-resource-policy/resources/iframe.py: Added.
+        * http/wpt/cross-origin-resource-policy/resources/iframeFetch.html: Added.
+        * http/wpt/cross-origin-resource-policy/resources/image.py: Added.
+        * http/wpt/cross-origin-resource-policy/resources/redirect.py: Added.
+        * http/wpt/cross-origin-resource-policy/resources/script.py: Added.
+        * http/wpt/cross-origin-resource-policy/script-loads-expected.txt: Added.
+        * http/wpt/cross-origin-resource-policy/script-loads.html: Added.
+        * platform/wk2/TestExpectations:
+
 2018-05-25  David Fenton  <david_fenton@apple.com>
 

trunk/LayoutTests/TestExpectations

@@ -370 +370 @@
 
 # Only supported in WebKit2.
-http/tests/from-origin/ [ Skip ]
+http/wpt/cross-origin-resource-policy/ [ Skip ]
 
 #//////////////////////////////////////////////////////////////////////////////////////////

trunk/LayoutTests/platform/wk2/TestExpectations

@@ -711 +711 @@
 http/tests/navigation/process-swap-window-open.html [ Pass ]
 
-# From-Origin response header is only implemented in WebKit2.
-http/tests/from-origin/ [ Pass ]
+# Cross-Origin-Resource-Policy response header is only implemented in WebKit2.
+http/wpt/cross-origin-resource-policy/ [ Pass ]
 
 ### END OF (5) Progressions, expected successes that are expected failures in WebKit1.

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-05-25  Youenn Fablet  <youenn@apple.com>
+
+        Migrate From-Origin to Cross-Origin-Resource-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=185840
+
+        Reviewed by Chris Dumez.
+
+        Tests: http/wpt/cross-origin-resource-policy/fetch-in-iframe.html
+               http/wpt/cross-origin-resource-policy/fetch.html
+               http/wpt/cross-origin-resource-policy/iframe-loads.html
+               http/wpt/cross-origin-resource-policy/image-loads.html
+               http/wpt/cross-origin-resource-policy/script-loads.html
+
+        * platform/network/HTTPHeaderNames.in:
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::parseCrossOriginResourcePolicyHeader):
+        * platform/network/HTTPParsers.h:
+
 2018-05-25  Daniel Bates  <dabates@apple.com>
 

trunk/Source/WebCore/platform/network/HTTPHeaderNames.in

@@ -52 +52 @@
 Cookie2
 Cross-Origin-Options
+Cross-Origin-Resource-Policy
 Date
 DNT
@@ -58 +59 @@
 Expect
 Expires
-From-Origin
 Host
 If-Match

trunk/Source/WebCore/platform/network/HTTPParsers.cpp

@@ -898 +898 @@
 }
 
-FromOriginDisposition parseFromOriginHeader(const String& header)
+CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView header)
 {
     auto strippedHeader = stripLeadingAndTrailingHTTPSpaces(header);
 
     if (strippedHeader.isEmpty())
-        return FromOriginDisposition::None;
+        return CrossOriginResourcePolicy::None;
 
     if (equalLettersIgnoringASCIICase(strippedHeader, "same"))
-        return FromOriginDisposition::Same;
+        return CrossOriginResourcePolicy::Same;
 
     if (equalLettersIgnoringASCIICase(strippedHeader, "same-site"))
-        return FromOriginDisposition::SameSite;
-
-    return FromOriginDisposition::Invalid;
+        return CrossOriginResourcePolicy::SameSite;
+
+    return CrossOriginResourcePolicy::Invalid;
 }
 

trunk/Source/WebCore/platform/network/HTTPParsers.h

@@ -65 +65 @@
 };
 
-enum class FromOriginDisposition {
+enum class CrossOriginResourcePolicy {
     None,
     Same,
@@ -118 +118 @@
 String normalizeHTTPMethod(const String&);
 
-WEBCORE_EXPORT FromOriginDisposition parseFromOriginHeader(const String&);
+WEBCORE_EXPORT CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView);
 CrossOriginOptions parseCrossOriginOptionsHeader(StringView);
 

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-05-25  Youenn Fablet  <youenn@apple.com>
+
+        Migrate From-Origin to Cross-Origin-Resource-Policy
+        https://bugs.webkit.org/show_bug.cgi?id=185840
+
+        Reviewed by Chris Dumez.
+
+        Do Cross-Origin-Resource-Policy (CORP) checks in NetworkLoadChecker instead of NetworkResourceLoader directly.
+        Make sure CORP only applies to no-cors loads.
+        Remove ancestor checks and only consider the document origin making the load.
+        This means that in case of cross-origin redirection to same-origin, the redirection will be CORP-checked,
+        the final response will not be CORP-checked but will be opaque.
+
+        * NetworkProcess/NetworkLoadChecker.cpp:
+        (WebKit::NetworkLoadChecker::validateCrossOriginResourcePolicyPolicy):
+        (WebKit::NetworkLoadChecker::validateResponse):
+        * NetworkProcess/NetworkLoadChecker.h:
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::retrieveCacheEntry):
+        (WebKit::NetworkResourceLoader::didReceiveResponse):
+        (WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest):
+        (WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
+        (WebKit::NetworkResourceLoader::dispatchWillSendRequestForCacheEntry):
+        * NetworkProcess/NetworkResourceLoader.h:
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
+        Send ancestor information for navigation loads only.
+
 2018-05-25  Daniel Bates  <dabates@apple.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp

@@ -132 +132 @@
 }
 
+bool NetworkLoadChecker::shouldCrossOriginResourcePolicyPolicyCancelLoad(const ResourceResponse& response)
+{
+    if (m_origin->canRequest(response.url()))
+        return false;
+
+    auto policy = parseCrossOriginResourcePolicyHeader(response.httpHeaderField(HTTPHeaderName::CrossOriginResourcePolicy));
+    switch (policy) {
+    case CrossOriginResourcePolicy::None:
+    case CrossOriginResourcePolicy::Invalid:
+        return false;
+    case CrossOriginResourcePolicy::Same:
+        return true;
+    case CrossOriginResourcePolicy::SameSite: {
+#if ENABLE(PUBLIC_SUFFIX_LIST)
+        return m_origin->isUnique() || !registrableDomainsAreEqual(response.url(), ResourceRequest::partitionName(m_origin->host()));
+#else
+        return true;
+#endif
+    }}
+
+    RELEASE_ASSERT_NOT_REACHED();
+}
+
 ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response)
 {
@@ -148 +171 @@
 
     if (m_options.mode == FetchOptions::Mode::NoCors) {
+        if (shouldCrossOriginResourcePolicyPolicyCancelLoad(response))
+            return ResourceError { errorDomainWebKitInternal, 0, m_url, makeString("Cancelled load to ", response.url().stringCenterEllipsizedToLength(), " because it violates the resource's Cross-Origin-Resource-Policy response header."), ResourceError::Type::AccessControl };
         response.setTainting(ResourceResponse::Tainting::Opaque);
         return { };

trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.h

@@ -111 +111 @@
     ResourceLoadIdentifier m_loadIdentifier;
 
+    bool shouldCrossOriginResourcePolicyPolicyCancelLoad(const WebCore::ResourceResponse&);
+
     WebCore::FetchOptions m_options;
     WebCore::StoredCredentialsPolicy m_storedCredentialsPolicy;

trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

@@ -362 +362 @@
 }
 
-static bool areFrameAncestorsSameSite(const ResourceResponse& response, const Vector<RefPtr<SecurityOrigin>>& frameAncestorOrigins)
-{
-#if ENABLE(PUBLIC_SUFFIX_LIST)
-    auto responsePartition = ResourceRequest::partitionName(response.url().host().toString());
-    return frameAncestorOrigins.findMatching([&](const auto& item) {
-        return item->isUnique() || ResourceRequest::partitionName(item->host()) != responsePartition;
-    }) == notFound;
-#else
-    UNUSED_PARAM(response);
-    UNUSED_PARAM(frameAncestorOrigins);
-    return false;
-#endif
-}
-
-static bool areFrameAncestorsSameOrigin(const ResourceResponse& response, const Vector<RefPtr<SecurityOrigin>>& frameAncestorOrigins)
-{
-    return frameAncestorOrigins.findMatching([responseOrigin = SecurityOrigin::create(response.url())](const auto& item) {
-        return !item->isSameOriginAs(responseOrigin);
-    }) == notFound;
-}
-
-static bool shouldCancelCrossOriginLoad(const ResourceResponse& response, const Vector<RefPtr<SecurityOrigin>>& frameAncestorOrigins)
-{
-    auto fromOriginDirective = WebCore::parseFromOriginHeader(response.httpHeaderField(WebCore::HTTPHeaderName::FromOrigin));
-    switch (fromOriginDirective) {
-    case WebCore::FromOriginDisposition::None:
-    case WebCore::FromOriginDisposition::Invalid:
-        return false;
-    case WebCore::FromOriginDisposition::Same:
-        return !areFrameAncestorsSameOrigin(response, frameAncestorOrigins);
-    case WebCore::FromOriginDisposition::SameSite:
-        return !areFrameAncestorsSameSite(response, frameAncestorOrigins);
-    }
-
-    RELEASE_ASSERT_NOT_REACHED();
-}
-
-static ResourceError fromOriginResourceError(const URL& url)
-{
-    return { errorDomainWebKitInternal, 0, url, ASCIILiteral { "Cancelled load because it violates the resource's From-Origin response header." }, ResourceError::Type::AccessControl };
-}
-
 bool NetworkResourceLoader::shouldInterruptLoadForXFrameOptions(const String& xFrameOptions, const URL& url)
 {
@@ -492 +450 @@
         return ShouldContinueDidReceiveResponse::Yes;
 
-    ResourceError error;
-    if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(m_response, m_parameters.frameAncestorOrigins))
-        error = fromOriginResourceError(m_response.url());
-    if (error.isNull() && isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(m_response)) {
+    if (isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(m_response)) {
         send(Messages::WebResourceLoader::StopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied { });
         return ShouldContinueDidReceiveResponse::No;
     }
-    if (error.isNull() && m_networkLoadChecker)
-        error = m_networkLoadChecker->validateResponse(m_response);
-    if (!error.isNull()) {
-        RunLoop::main().dispatch([protectedThis = makeRef(*this), error = WTFMove(error)] {
-            if (protectedThis->m_networkLoad)
-                protectedThis->didFailLoading(error);
-        });
-        return ShouldContinueDidReceiveResponse::No;
+
+    if (m_networkLoadChecker) {
+        auto error = m_networkLoadChecker->validateResponse(m_response);
+        if (!error.isNull()) {
+            RunLoop::main().dispatch([protectedThis = makeRef(*this), error = WTFMove(error)] {
+                if (protectedThis->m_networkLoad)
+                    protectedThis->didFailLoading(error);
+            });
+            return ShouldContinueDidReceiveResponse::No;
+        }
     }
 
@@ -662 +619 @@
 {
     ASSERT(!isSynchronous());
-
-    if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(redirectResponse, m_parameters.frameAncestorOrigins) && m_networkLoad) {
-        didFailLoading(fromOriginResourceError(redirectResponse.url()));
-        return;
-    }
 
     send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, sanitizeResponseIfPossible(WTFMove(redirectResponse), ResourceResponse::SanitizationType::Redirection)));
@@ -805 +757 @@
     auto response = entry->response();
 
-    ResourceError error;
-    if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(response, m_parameters.frameAncestorOrigins))
-        error = fromOriginResourceError(response.url());
-    if (error.isNull() && isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(response)) {
+    if (isMainResource() && shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions(response)) {
         send(Messages::WebResourceLoader::StopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied { });
         return;
     }
-    if (error.isNull() && m_networkLoadChecker)
-        error = m_networkLoadChecker->validateResponse(response);
-
-    if (!error.isNull()) {
-        didFailLoading(error);
-        return;
+    if (m_networkLoadChecker) {
+        auto error = m_networkLoadChecker->validateResponse(response);
+        if (!error.isNull()) {
+            didFailLoading(error);
+            return;
+        }
     }
 

trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp

@@ -330 +330 @@
     loadParameters.shouldEnableFromOriginResponseHeader = RuntimeEnabledFeatures::sharedFeatures().fromOriginResponseHeaderEnabled() && !loadParameters.isMainFrameNavigation;
 
-    Vector<RefPtr<SecurityOrigin>> frameAncestorOrigins;
-    for (auto* frame = resourceLoader.frame(); frame; frame = frame->tree().parent())
-        frameAncestorOrigins.append(makeRefPtr(frame->document()->securityOrigin()));
-    loadParameters.frameAncestorOrigins = WTFMove(frameAncestorOrigins);
+    if (resourceLoader.options().mode == FetchOptions::Mode::Navigate) {
+        Vector<RefPtr<SecurityOrigin>> frameAncestorOrigins;
+        for (auto* frame = resourceLoader.frame(); frame; frame = frame->tree().parent())
+            frameAncestorOrigins.append(makeRefPtr(frame->document()->securityOrigin()));
+        loadParameters.frameAncestorOrigins = WTFMove(frameAncestorOrigins);
+    }
 
     ASSERT((loadParameters.webPageID && loadParameters.webFrameID) || loadParameters.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials);

trunk/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp

@@ -33 +33 @@
 namespace TestWebKitAPI {
 
-TEST(HTTPParsers, ParseFromOriginHeader)
+TEST(HTTPParsers, ParseCrossOriginResourcePolicyHeader)
 {
-    EXPECT_TRUE(parseFromOriginHeader("") == FromOriginDisposition::None);
-    EXPECT_TRUE(parseFromOriginHeader(" ") == FromOriginDisposition::None);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("") == CrossOriginResourcePolicy::None);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" ") == CrossOriginResourcePolicy::None);
 
-    EXPECT_TRUE(parseFromOriginHeader("same") == FromOriginDisposition::Same);
-    EXPECT_TRUE(parseFromOriginHeader("Same") == FromOriginDisposition::Same);
-    EXPECT_TRUE(parseFromOriginHeader("SAME") == FromOriginDisposition::Same);
-    EXPECT_TRUE(parseFromOriginHeader(" same ") == FromOriginDisposition::Same);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same") == CrossOriginResourcePolicy::Same);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same") == CrossOriginResourcePolicy::Same);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME") == CrossOriginResourcePolicy::Same);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same ") == CrossOriginResourcePolicy::Same);
 
-    EXPECT_TRUE(parseFromOriginHeader("same-site") == FromOriginDisposition::SameSite);
-    EXPECT_TRUE(parseFromOriginHeader("Same-Site") == FromOriginDisposition::SameSite);
-    EXPECT_TRUE(parseFromOriginHeader("SAME-SITE") == FromOriginDisposition::SameSite);
-    EXPECT_TRUE(parseFromOriginHeader(" same-site ") == FromOriginDisposition::SameSite);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same-site") == CrossOriginResourcePolicy::SameSite);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Site") == CrossOriginResourcePolicy::SameSite);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-SITE") == CrossOriginResourcePolicy::SameSite);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same-site ") == CrossOriginResourcePolicy::SameSite);
 
-    EXPECT_TRUE(parseFromOriginHeader("zame") == FromOriginDisposition::Invalid);
-    EXPECT_TRUE(parseFromOriginHeader("samesite") == FromOriginDisposition::Invalid);
-    EXPECT_TRUE(parseFromOriginHeader("same site") == FromOriginDisposition::Invalid);
-    EXPECT_TRUE(parseFromOriginHeader("same–site") == FromOriginDisposition::Invalid);
-    EXPECT_TRUE(parseFromOriginHeader("SAMESITE") == FromOriginDisposition::Invalid);
-    EXPECT_TRUE(parseFromOriginHeader("") == FromOriginDisposition::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("zame") == CrossOriginResourcePolicy::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("samesite") == CrossOriginResourcePolicy::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same site") == CrossOriginResourcePolicy::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same–site") == CrossOriginResourcePolicy::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAMESITE") == CrossOriginResourcePolicy::Invalid);
+    EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("") == CrossOriginResourcePolicy::Invalid);
 }