Changeset 232499 in webkit


Ignore:
Timestamp:
Jun 4, 2018 9:11:49 PM (6 years ago)
Author:
Chris Dumez
Message:

Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
https://bugs.webkit.org/show_bug.cgi?id=186287
<rdar://problem/40783352>

Reviewed by Youenn Fablet.

Source/WebCore:

Tests: http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html

http/wpt/cross-origin-window-policy/allow-postmessage.html
http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html
http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html
http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html

  • bindings/js/JSDOMBindingSecurity.cpp:

(WebCore::BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy):

  • bindings/js/JSDOMBindingSecurity.h:
  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::effectiveCrossOriginWindowPolicyForAccess):
(WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
(WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
(WebCore::addCrossOriginWindowPropertyNames):
(WebCore::addScopedChildrenIndexes):

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateAttributeGetterBodyDefinition):
(GetCrossOriginsOptionsFromExtendedAttributeValue):
(GenerateAttributeSetterBodyDefinition):
(GenerateOperationBodyDefinition):

  • bindings/scripts/IDLAttributes.json:
  • dom/Document.cpp:

(WebCore::Document::canNavigate):

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::didBeginDocument):

  • page/AbstractDOMWindow.cpp:

(WebCore::AbstractDOMWindow::AbstractDOMWindow):

  • page/AbstractDOMWindow.h:

(WebCore::AbstractDOMWindow::crossOriginWindowPolicy):
(WebCore::AbstractDOMWindow::setCrossOriginWindowPolicy):

  • page/DOMWindow.idl:
  • page/Settings.yaml:
  • platform/network/HTTPHeaderNames.in:
  • platform/network/HTTPParsers.cpp:

(WebCore::parseCrossOriginWindowPolicyHeader):

  • platform/network/HTTPParsers.h:

Source/WebKit:

  • Shared/WebPreferences.yaml:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::frameBecameRemote):

Source/WebKitLegacy/mac:

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences crossOriginWindowPolicySupportEnabled]):
(-[WebPreferences setCrossOriginWindowPolicySupportEnabled:]):

  • WebView/WebPreferencesPrivate.h:
  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Source/WebKitLegacy/win:

  • Interfaces/IWebPreferencesPrivate.idl:
  • WebPreferenceKeysPrivate.h:
  • WebPreferences.cpp:

(WebPreferences::initializeDefaultSettings):
(WebPreferences::crossOriginWindowPolicySupportEnabled):
(WebPreferences::setCrossOriginWindowPolicySupportEnabled):

  • WebPreferences.h:
  • WebView.cpp:

(WebView::notifyPreferencesChanged):

Tools:

  • DumpRenderTree/mac/DumpRenderTree.mm:

(enableExperimentalFeatures):

  • DumpRenderTree/win/DumpRenderTree.cpp:

(enableExperimentalFeatures):

LayoutTests:

  • http/wpt/cross-origin-options/allow-postmessage-expected.txt: Removed.
  • http/wpt/cross-origin-options/allow-postmessage-from-deny-expected.txt: Removed.
  • http/wpt/cross-origin-options/allow-postmessage-from-deny.html.headers: Removed.
  • http/wpt/cross-origin-options/cross-origin-options-header-expected.txt: Removed.
  • http/wpt/cross-origin-options/navigation-from-opener-via-open-target-expected.txt: Removed.
  • http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt: Removed.
  • http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.headers: Removed.
  • http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt: Added.
  • http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt: Added.
  • http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html: Renamed from LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny.html.
  • http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers: Added.
  • http/wpt/cross-origin-window-policy/allow-postmessage.html: Renamed from LayoutTests/http/wpt/cross-origin-options/allow-postmessage.html.
  • http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt: Added.
  • http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html: Renamed from LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html.
  • http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt: Added.
  • http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html: Renamed from LayoutTests/http/wpt/cross-origin-options/navigation-from-opener-via-open-target.html.
  • http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt: Added.
  • http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html: Renamed from LayoutTests/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target.html.
  • http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.
  • http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers: Added.
  • http/wpt/cross-origin-window-policy/resources/destination.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/destination.html.
  • http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/navigate-parent-via-anchor.html.
  • http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/navigation-from-subframe-frame.py.

(main):

  • http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/serve-cross-origin-options-header.py.

(main):

  • http/wpt/cross-origin-window-policy/resources/utils.js: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/utils.js.
Location:
trunk
Files:
11 added
2 deleted
33 edited
11 copied

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r232488 r232499  
     12018-06-04  Chris Dumez  <cdumez@apple.com>
     2
     3        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
     4        https://bugs.webkit.org/show_bug.cgi?id=186287
     5        <rdar://problem/40783352>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        * http/wpt/cross-origin-options/allow-postmessage-expected.txt: Removed.
     10        * http/wpt/cross-origin-options/allow-postmessage-from-deny-expected.txt: Removed.
     11        * http/wpt/cross-origin-options/allow-postmessage-from-deny.html.headers: Removed.
     12        * http/wpt/cross-origin-options/cross-origin-options-header-expected.txt: Removed.
     13        * http/wpt/cross-origin-options/navigation-from-opener-via-open-target-expected.txt: Removed.
     14        * http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt: Removed.
     15        * http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.headers: Removed.
     16        * http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt: Added.
     17        * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt: Added.
     18        * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html: Renamed from LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny.html.
     19        * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers: Added.
     20        * http/wpt/cross-origin-window-policy/allow-postmessage.html: Renamed from LayoutTests/http/wpt/cross-origin-options/allow-postmessage.html.
     21        * http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt: Added.
     22        * http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html: Renamed from LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html.
     23        * http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt: Added.
     24        * http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html: Renamed from LayoutTests/http/wpt/cross-origin-options/navigation-from-opener-via-open-target.html.
     25        * http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt: Added.
     26        * http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html: Renamed from LayoutTests/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target.html.
     27        * http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.
     28        * http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers: Added.
     29        * http/wpt/cross-origin-window-policy/resources/destination.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/destination.html.
     30        * http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/navigate-parent-via-anchor.html.
     31        * http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/navigation-from-subframe-frame.py.
     32        (main):
     33        * http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/serve-cross-origin-options-header.py.
     34        (main):
     35        * http/wpt/cross-origin-window-policy/resources/utils.js: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/utils.js.
     36
    1372018-06-04  Ryosuke Niwa  <rniwa@webkit.org>
    238

  • trunk/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html

    r232498 r232499  
    33<head>
    44<meta charset="utf-8">
    5 <title>Tests calling postMessage() on a window with 'Cross-Origin-Options: allow-postmessage' from a window with 'Cross-Origin-Options: deny'</title>
     5<title>Tests calling postMessage() on a window with 'Cross-Origin-Window-Policy: allow-postmessage' from a window with 'Cross-Origin-Window-Policy: deny'</title>
    66<script src="/resources/testharness.js"></script>
    77<script src="/resources/testharnessreport.js"></script>
     
    1414
    1515promise_test(function(test) {
    16     return withIframe("cross-origin-options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
     16    return withIframe("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
    1717        assert_throws("SecurityError", function() { f.contentWindow.length }, "length property access");
    1818        assert_throws("SecurityError", function() { f.contentWindow.postMessage("PING", "*"); }, "Calling postMessage() should throw");
    1919    });
    20 }, "postMessage() on Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' but current window has 'deny' option");
     20}, "postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option");
    2121
    2222promise_test(function(test) {
    23     return withPopup("cross-origin-options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
     23    return withPopup("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
    2424        assert_throws("SecurityError", function() { result.window.length }, "length property access");
    2525        assert_throws("SecurityError", function() { result.window.postMessage("PING", "*"); }, "Calling postMessage() should throw");
    2626    });
    27 }, "postMessage() on Cross-origin popup with 'Cross-Origin-Options: allow-postmessage' but current window has 'deny' option");
     27}, "postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option");
    2828
    2929</script>

  • trunk/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage.html

    r232498 r232499  
    33<head>
    44<meta charset="utf-8">
    5 <title>Tests that postMessage() works when 'Cross-Origin-Options: allow-postmessage' HTTP header is served</title>
     5<title>Tests that postMessage() works when 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header is served</title>
    66<script src="/resources/testharness.js"></script>
    77<script src="/resources/testharnessreport.js"></script>
     
    1414
    1515promise_test(function(test) {
    16     return withIframe("cross-origin-options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
     16    return withIframe("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
    1717        return new Promise((resolve) => {
    1818            window.onmessage = (msg) => {
     
    2626        });
    2727    });
    28 }, "postMessage() on Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header");
     28}, "postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
    2929
    3030promise_test(function(test) {
    31     return withPopup("cross-origin-options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
     31    return withPopup("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
    3232        return new Promise((resolve) => {
    3333            window.onmessage = (msg) => {
     
    4141        });
    4242    });
    43 }, "postMessage() on Cross-origin popup with 'Cross-Origin-Options: allow-postmessage' HTTP header");
     43}, "postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
    4444
    4545</script>

  • trunk/LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html

    r232498 r232499  
    33<head>
    44<meta charset="utf-8">
    5 <title>Basic testing for Cross-Origin-Options HTTP header</title>
     5<title>Basic testing for Cross-Origin-Window-Policy HTTP header</title>
    66<script src="/resources/testharness.js"></script>
    77<script src="/resources/testharnessreport.js"></script>
     
    3737
    3838promise_test(function(test) {
    39     return withIframe("serve-cross-origin-options-header.py?value=deny", true /* isCrossOrigin */).then((f) => {
     39    return withIframe("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */).then((f) => {
    4040        testCrossOriginOption(f.contentWindow, "deny", true /* isCrossOrigin */);
    4141    });
    42 }, "Cross-origin iframe with 'Cross-Origin-Options: deny' HTTP header");
     42}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header");
    4343
    4444promise_test(function(test) {
    45     return withIframe("serve-cross-origin-options-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((f) => {
     45    return withIframe("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((f) => {
    4646        testCrossOriginOption(f.contentWindow, "allow-postmessage", true /* isCrossOrigin */);
    4747    });
    48 }, "Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header");
     48}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
    4949
    5050promise_test(function(test) {
    51     return withIframe("serve-cross-origin-options-header.py?value=alLoW-postMessAgE", true /* isCrossOrigin */).then((f) => {
     51    return withIframe("serve-cross-origin-window-policy-header.py?value=alLoW-postMessAgE", true /* isCrossOrigin */).then((f) => {
    5252        testCrossOriginOption(f.contentWindow, "allow-postmessage", true /* isCrossOrigin */);
    5353    });
    54 }, "Cross-origin iframe with 'Cross-Origin-Options: alLoW-postMessAgE' HTTP header (mixed case)");
     54}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: alLoW-postMessAgE' HTTP header (mixed case)");
    5555
    5656promise_test(function(test) {
    57     return withIframe("serve-cross-origin-options-header.py?value=deny,allow", true /* isCrossOrigin */).then((f) => {
     57    return withIframe("serve-cross-origin-window-policy-header.py?value=deny,allow", true /* isCrossOrigin */).then((f) => {
    5858        const w = f.contentWindow;
    5959        // Invalid input: should be treated as "allow".
     
    6262        checkIframePropertyValues(w);
    6363    });
    64 }, "Cross-origin iframe with 'Cross-Origin-Options: deny,allow' HTTP header (multiple values is invalid)");
     64}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: deny,allow' HTTP header (multiple values is invalid)");
    6565
    6666promise_test(function(test) {
    67     return withIframe("serve-cross-origin-options-header.py?value=", true /* isCrossOrigin */).then((f) => {
     67    return withIframe("serve-cross-origin-window-policy-header.py?value=", true /* isCrossOrigin */).then((f) => {
    6868        const w = f.contentWindow;
    6969        // Empty value: should be treated as "allow".
     
    7272        checkIframePropertyValues(w);
    7373    });
    74 }, "Cross-origin iframe with 'Cross-Origin-Options:' HTTP header (empty value)");
     74}, "Cross-origin iframe with 'Cross-Origin-Window-Policy:' HTTP header (empty value)");
    7575
    7676promise_test(function(test) {
    77     return withIframe("serve-cross-origin-options-header.py?value=allow", true /* isCrossOrigin */).then((f) => {
     77    return withIframe("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */).then((f) => {
    7878        const w = f.contentWindow;
    7979        testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
     
    8181        checkIframePropertyValues(w);
    8282    });
    83 }, "Cross-origin iframe with 'Cross-Origin-Options: allow' HTTP header");
     83}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header");
    8484
    8585promise_test(function(test) {
    86     return withIframe("serve-cross-origin-options-header.py?value=invalid", true /* isCrossOrigin */).then((f) => {
     86    return withIframe("serve-cross-origin-window-policy-header.py?value=invalid", true /* isCrossOrigin */).then((f) => {
    8787        const w = f.contentWindow;
    8888        testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
     
    9090        checkIframePropertyValues(w);
    9191    });
    92 }, "Cross-origin iframe with 'Cross-Origin-Options: invalid' HTTP header");
     92}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header");
    9393
    9494promise_test(function(test) {
    95     return withIframe("serve-cross-origin-options-header.py?value=deny", false /* isCrossOrigin */).then((f) => {
     95    return withIframe("serve-cross-origin-window-policy-header.py?value=deny", false /* isCrossOrigin */).then((f) => {
    9696         const w = f.contentWindow;
    9797        testCrossOriginOption(w, "deny", false /* isCrossOrigin */);
     
    9999        checkIframePropertyValues(w);
    100100    });
    101 }, "Same-origin iframe with 'Cross-Origin-Options: deny' HTTP header");
     101}, "Same-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header");
    102102
    103103promise_test(function(test) {
    104     return withIframe("serve-cross-origin-options-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((f) => {
     104    return withIframe("serve-cross-origin-window-policy-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((f) => {
    105105         const w = f.contentWindow;
    106106        testCrossOriginOption(w, "allow-postmessage", false /* isCrossOrigin */);
     
    108108        checkIframePropertyValues(w);
    109109    });
    110 }, "Same-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header");
     110}, "Same-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
    111111
    112112promise_test(function(test) {
    113     return withIframe("serve-cross-origin-options-header.py?value=allow", false /* isCrossOrigin */).then((f) => {
     113    return withIframe("serve-cross-origin-window-policy-header.py?value=allow", false /* isCrossOrigin */).then((f) => {
    114114         const w = f.contentWindow;
    115115        testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
     
    117117        checkIframePropertyValues(w);
    118118    });
    119 }, "Same-origin iframe with 'Cross-Origin-Options: allow' HTTP header");
     119}, "Same-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header");
    120120
    121121promise_test(function(test) {
    122     return withIframe("serve-cross-origin-options-header.py?value=invalid", false /* isCrossOrigin */).then((f) => {
     122    return withIframe("serve-cross-origin-window-policy-header.py?value=invalid", false /* isCrossOrigin */).then((f) => {
    123123         const w = f.contentWindow;
    124124        testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
     
    126126        checkIframePropertyValues(w);
    127127    });
    128 }, "Same-origin iframe with 'Cross-Origin-Options: invalid' HTTP header");
     128}, "Same-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header");
    129129
    130130promise_test(function(test) {
    131     return withPopup("serve-cross-origin-options-header.py?value=deny", true /* isCrossOrigin */).then((result) => {
     131    return withPopup("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */).then((result) => {
    132132        testCrossOriginOption(result.window, "deny", true /* isCrossOrigin */);
    133133    });
    134 }, "Cross-origin popup with 'Cross-Origin-Options: deny' HTTP header");
     134}, "Cross-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header");
    135135
    136136promise_test(function(test) {
    137     return withPopup("serve-cross-origin-options-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((result) => {
     137    return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((result) => {
    138138        testCrossOriginOption(result.window, "allow-postmessage", true /* isCrossOrigin */);
    139139    });
    140 }, "Cross-origin popup with 'Cross-Origin-Options: allow-postmessage' HTTP header");
     140}, "Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
    141141
    142142promise_test(function(test) {
    143     return withPopup("serve-cross-origin-options-header.py?value=allow", true /* isCrossOrigin */).then((result) => {
     143    return withPopup("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */).then((result) => {
    144144        const w = result.window;
    145145        testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
     
    147147        checkPopupPropertyValues(w);
    148148    });
    149 }, "Cross-origin popup with 'Cross-Origin-Options: allow' HTTP header");
     149}, "Cross-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header");
    150150
    151151promise_test(function(test) {
    152     return withPopup("serve-cross-origin-options-header.py?value=invalid", true /* isCrossOrigin */).then((result) => {
     152    return withPopup("serve-cross-origin-window-policy-header.py?value=invalid", true /* isCrossOrigin */).then((result) => {
    153153        const w = result.window;
    154154        testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
     
    156156        checkPopupPropertyValues(w);
    157157    });
    158 }, "Cross-origin popup with 'Cross-Origin-Options: invalid' HTTP header");
     158}, "Cross-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header");
    159159
    160160promise_test(function(test) {
    161     return withPopup("serve-cross-origin-options-header.py?value=deny", false /* isCrossOrigin */).then((result) => {
     161    return withPopup("serve-cross-origin-window-policy-header.py?value=deny", false /* isCrossOrigin */).then((result) => {
    162162         const w = result.window;
    163163        testCrossOriginOption(w, "deny", false /* isCrossOrigin */);
     
    165165        checkPopupPropertyValues(w);
    166166    });
    167 }, "Same-origin popup with 'Cross-Origin-Options: deny' HTTP header");
     167}, "Same-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header");
    168168
    169169promise_test(function(test) {
    170     return withPopup("serve-cross-origin-options-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((result) => {
     170    return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((result) => {
    171171         const w = result.window;
    172172        testCrossOriginOption(w, "allow-postmessage", false /* isCrossOrigin */);
     
    174174        checkPopupPropertyValues(w);
    175175    });
    176 }, "Same-origin popup with 'Cross-Origin-Options: allow-postmessage' HTTP header");
     176}, "Same-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
    177177
    178178promise_test(function(test) {
    179     return withPopup("serve-cross-origin-options-header.py?value=allow", false /* isCrossOrigin */).then((result) => {
     179    return withPopup("serve-cross-origin-window-policy-header.py?value=allow", false /* isCrossOrigin */).then((result) => {
    180180         const w = result.window;
    181181        testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
     
    183183        checkPopupPropertyValues(w);
    184184    });
    185 }, "Same-origin popup with 'Cross-Origin-Options: allow' HTTP header");
     185}, "Same-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header");
    186186
    187187promise_test(function(test) {
    188     return withPopup("serve-cross-origin-options-header.py?value=invalid", false /* isCrossOrigin */).then((result) => {
     188    return withPopup("serve-cross-origin-window-policy-header.py?value=invalid", false /* isCrossOrigin */).then((result) => {
    189189         const w = result.window;
    190190        testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
     
    192192        checkPopupPropertyValues(w);
    193193    });
    194 }, "Same-origin popup with 'Cross-Origin-Options: invalid' HTTP header");
     194}, "Same-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header");
    195195
    196196</script>

  • trunk/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html

    r232498 r232499  
    33<head>
    44<meta charset="utf-8">
    5 <title>Tests that 'Cross-Origin-Options: deny / allow-postmessage' prevents a cross-origin opener from navigating us</title>
     5<title>Tests that 'Cross-Origin-Window-Policy: deny / allow-postmessage' prevents a cross-origin opener from navigating us</title>
    66<script src="/resources/testharness.js"></script>
    77<script src="/resources/testharnessreport.js"></script>
     
    1414
    1515promise_test(t => {
    16     return withPopup("serve-cross-origin-options-header.py?value=deny", true /* isCrossOrigin */, "foo1").then((result) => {
     16    return withPopup("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */, "foo1").then((result) => {
    1717        return new Promise((resolve) => {
    1818            window.onmessage = (msg) => {
     
    2020            }
    2121
    22             let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-options/resources/destination.html";
     22            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html";
    2323            w = open(destinationURL, "foo1");
    2424            // If a window with the given name is found but cannot be navigated, a new one is created, as if we could
     
    3232        });
    3333    });
    34 }, "'Cross-Origin-Options: deny' prevents navigation from opener via open() target");
     34}, "'Cross-Origin-Window-Policy: deny' prevents navigation from opener via open() target");
    3535
    3636promise_test(t => {
    37     return withPopup("serve-cross-origin-options-header.py?value=allow-postmessage", true /* isCrossOrigin */, "foo2").then((result) => {
     37    return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */, "foo2").then((result) => {
    3838        return new Promise((resolve) => {
    3939            window.onmessage = (msg) => {
     
    4141            }
    4242
    43             let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-options/resources/destination.html";
     43            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html";
    4444            w = open(destinationURL, "foo2");
    4545            // If a window with the given name is found but cannot be navigated, a new one is created, as if we could
     
    5353        });
    5454    });
    55 }, "'Cross-Origin-Options: allow-postmessage' prevents navigation from opener via open() target");
     55}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from opener via open() target");
    5656
    5757promise_test(t => {
    58     return withPopup("serve-cross-origin-options-header.py?value=allow", true /* isCrossOrigin */, "foo3").then((result) => {
     58    return withPopup("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */, "foo3").then((result) => {
    5959        return new Promise((resolve) => {
    6060            window.onmessage = () => {
     
    6363            }
    6464
    65             let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-options/resources/destination.html";
     65            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html";
    6666            w = open(destinationURL, "foo3");
    6767            assert_equals(w, result.window, "open() should return the same window");
    6868        });
    6969    });
    70 }, "'Cross-Origin-Options: allow' does not prevent navigation from opener via open() target");
     70}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from opener via open() target");
    7171</script>
    7272</body>

  • trunk/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html

    r232498 r232499  
    33<head>
    44<meta charset="utf-8">
    5 <title>Tests that 'Cross-Origin-Options: deny / allow-postmessage' prevents a cross-origin iframe from navigating us</title>
     5<title>Tests that 'Cross-Origin-Window-Policy: deny / allow-postmessage' prevents a cross-origin iframe from navigating us</title>
    66<script src="/resources/testharness.js"></script>
    77<script src="/resources/testharnessreport.js"></script>
     
    2323        });
    2424    });
    25 }, "'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>)");
     25}, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>)");
    2626
    2727promise_test(t => {
     
    3535        });
    3636    });
    37 }, "'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>)");
     37}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>)");
    3838
    3939promise_test(t => {
     
    4545        });
    4646    });
    47 }, "'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>)");
     47}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>)");
    4848
    4949promise_test(t => {
     
    5757        });
    5858    });
    59 }, "'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");
     59}, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");
    6060
    6161promise_test(t => {
     
    6969        });
    7070    });
    71 }, "'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");
     71}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");
    7272
    7373promise_test(t => {
     
    7979        });
    8080    });
    81 }, "'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>)");
     81}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>)");
    8282
    8383promise_test(t => {
     
    9191        });
    9292    });
    93 }, "'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName)");
     93}, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName)");
    9494
    9595promise_test(t => {
     
    103103        });
    104104    });
    105 }, "'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName)");
     105}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName)");
    106106
    107107promise_test(t => {
     
    113113        });
    114114    });
    115 }, "'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>)");
     115}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>)");
    116116
    117117</script>

  • trunk/LayoutTests/http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html

    r232498 r232499  
    77<a id="testAnchor">Click me</a>
    88<script>
    9 const RESOURCES_DIR = "/WebKit/cross-origin-options/resources/";
     9const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/";
    1010onload = () => {
    1111    let params = new URLSearchParams(location.search);

  • trunk/LayoutTests/http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py

    r232498 r232499  
    11def main(request, response):
    22    headers = [("Content-Type", "text/html"),
    3                ("Cross-Origin-Options", request.GET['value']),]
     3               ("Cross-Origin-Window-Policy", request.GET['value']),]
    44    return 200, headers, """<!DOCTYPE html>
    55<html>
     
    99<body>
    1010<script>
    11 const RESOURCES_DIR = "/WebKit/cross-origin-options/resources/";
     11const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/";
    1212let f = document.createElement("iframe");
    1313f.src = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR + "navigate-parent-via-anchor.html?target=%s";

  • trunk/LayoutTests/http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py

    r232498 r232499  
    11def main(request, response):
    22    headers = [("Content-Type", "text/html"),
    3                ("Cross-Origin-Options", request.GET['value']),]
     3               ("Cross-Origin-Window-Policy", request.GET['value']),]
    44    return 200, headers, """TEST
    55        <iframe name="subframe"></iframe>

  • trunk/LayoutTests/http/wpt/cross-origin-window-policy/resources/utils.js

    r232498 r232499  
    1 const RESOURCES_DIR = "/WebKit/cross-origin-options/resources/";
     1const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/";
    22
    33function isCrossOriginWindow(w)

  • trunk/Source/WebCore/ChangeLog

    r232496 r232499  
     12018-06-04  Chris Dumez  <cdumez@apple.com>
     2
     3        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
     4        https://bugs.webkit.org/show_bug.cgi?id=186287
     5        <rdar://problem/40783352>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        Tests: http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html
     10               http/wpt/cross-origin-window-policy/allow-postmessage.html
     11               http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html
     12               http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html
     13               http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html
     14
     15        * bindings/js/JSDOMBindingSecurity.cpp:
     16        (WebCore::BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy):
     17        * bindings/js/JSDOMBindingSecurity.h:
     18        * bindings/js/JSDOMWindowCustom.cpp:
     19        (WebCore::effectiveCrossOriginWindowPolicyForAccess):
     20        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
     21        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
     22        (WebCore::addCrossOriginWindowPropertyNames):
     23        (WebCore::addScopedChildrenIndexes):
     24        * bindings/scripts/CodeGeneratorJS.pm:
     25        (GenerateAttributeGetterBodyDefinition):
     26        (GetCrossOriginsOptionsFromExtendedAttributeValue):
     27        (GenerateAttributeSetterBodyDefinition):
     28        (GenerateOperationBodyDefinition):
     29        * bindings/scripts/IDLAttributes.json:
     30        * dom/Document.cpp:
     31        (WebCore::Document::canNavigate):
     32        * loader/FrameLoader.cpp:
     33        (WebCore::FrameLoader::didBeginDocument):
     34        * page/AbstractDOMWindow.cpp:
     35        (WebCore::AbstractDOMWindow::AbstractDOMWindow):
     36        * page/AbstractDOMWindow.h:
     37        (WebCore::AbstractDOMWindow::crossOriginWindowPolicy):
     38        (WebCore::AbstractDOMWindow::setCrossOriginWindowPolicy):
     39        * page/DOMWindow.idl:
     40        * page/Settings.yaml:
     41        * platform/network/HTTPHeaderNames.in:
     42        * platform/network/HTTPParsers.cpp:
     43        (WebCore::parseCrossOriginWindowPolicyHeader):
     44        * platform/network/HTTPParsers.h:
     45
    1462018-06-04  Brent Fulgham  <bfulgham@apple.com>
    247

  • trunk/Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp

    r231622 r232499  
    101101}
    102102
    103 bool BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions(JSC::ExecState* state, DOMWindow& target, CrossOriginOptions minimumCrossOriginOptions, SecurityReportingOption reportingOption)
     103bool BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(JSC::ExecState* state, DOMWindow& target, CrossOriginWindowPolicy minimumCrossOriginWindowPolicy, SecurityReportingOption reportingOption)
    104104{
    105105    DOMWindow& source = activeDOMWindow(*state);
    106     ASSERT(minimumCrossOriginOptions > CrossOriginOptions::Deny);
     106    ASSERT(minimumCrossOriginWindowPolicy > CrossOriginWindowPolicy::Deny);
    107107
    108     static_assert(CrossOriginOptions::Deny < CrossOriginOptions::AllowPostMessage && CrossOriginOptions::AllowPostMessage < CrossOriginOptions::Allow, "More restrictive cross-origin options should have lower values");
     108    static_assert(CrossOriginWindowPolicy::Deny < CrossOriginWindowPolicy::AllowPostMessage && CrossOriginWindowPolicy::AllowPostMessage < CrossOriginWindowPolicy::Allow, "More restrictive cross-origin options should have lower values");
    109109
    110110    // Fast path.
    111     auto effectiveCrossOriginOptions = std::min(source.crossOriginOptions(), target.crossOriginOptions());
    112     if (effectiveCrossOriginOptions >= minimumCrossOriginOptions)
     111    auto effectiveCrossOriginWindowPolicy = std::min(source.crossOriginWindowPolicy(), target.crossOriginWindowPolicy());
     112    if (effectiveCrossOriginWindowPolicy >= minimumCrossOriginWindowPolicy)
    113113        return true;
    114114

  • trunk/Source/WebCore/bindings/js/JSDOMBindingSecurity.h

    r231622 r232499  
    3737class Node;
    3838
    39 enum class CrossOriginOptions;
     39enum class CrossOriginWindowPolicy;
    4040
    4141void printErrorMessageForFrame(Frame*, const String& message);
     
    5656bool shouldAllowAccessToNode(JSC::ExecState&, Node*);
    5757
    58 bool shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions(JSC::ExecState*, DOMWindow&, CrossOriginOptions, SecurityReportingOption = LogSecurityError);
     58bool shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(JSC::ExecState*, DOMWindow&, CrossOriginWindowPolicy, SecurityReportingOption = LogSecurityError);
    5959
    6060};

  • trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp

    r231622 r232499  
    5757using namespace JSC;
    5858
    59 static CrossOriginOptions effectiveCrossOriginOptionsForAccess(ExecState& state, AbstractDOMWindow& target)
    60 {
    61     static_assert(CrossOriginOptions::Deny < CrossOriginOptions::AllowPostMessage && CrossOriginOptions::AllowPostMessage < CrossOriginOptions::Allow, "More restrictive cross-origin options should have lower values");
    62     return std::min(activeDOMWindow(state).crossOriginOptions(), target.crossOriginOptions());
     59static CrossOriginWindowPolicy effectiveCrossOriginWindowPolicyForAccess(ExecState& state, AbstractDOMWindow& target)
     60{
     61    static_assert(CrossOriginWindowPolicy::Deny < CrossOriginWindowPolicy::AllowPostMessage && CrossOriginWindowPolicy::AllowPostMessage < CrossOriginWindowPolicy::Allow, "More restrictive cross-origin options should have lower values");
     62    return std::min(activeDOMWindow(state).crossOriginWindowPolicy(), target.crossOriginWindowPolicy());
    6363}
    6464
     
    101101    }
    102102
    103     switch (effectiveCrossOriginOptionsForAccess(state, window)) {
    104     case CrossOriginOptions::AllowPostMessage:
     103    switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) {
     104    case CrossOriginWindowPolicy::AllowPostMessage:
    105105        if (propertyName == builtinNames.postMessagePublicName()) {
    106106            slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontEnum), windowType == DOMWindowType::Remote ? nonCachingStaticFunctionGetter<jsRemoteDOMWindowInstanceFunctionPostMessage, 0> : nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionPostMessage, 2>);
     
    108108        }
    109109        FALLTHROUGH;
    110     case CrossOriginOptions::Deny:
     110    case CrossOriginWindowPolicy::Deny:
    111111        throwSecurityError(state, scope, errorMessage);
    112112        slot.setUndefined();
    113113        return false;
    114     case CrossOriginOptions::Allow:
     114    case CrossOriginWindowPolicy::Allow:
    115115        break;
    116116    }
     
    254254    // (1) First, indexed properties.
    255255    // These are also allowed cross-origin, so come before the access check.
    256     switch (effectiveCrossOriginOptionsForAccess(*state, window)) {
    257     case CrossOriginOptions::Deny:
    258     case CrossOriginOptions::AllowPostMessage:
     256    switch (effectiveCrossOriginWindowPolicyForAccess(*state, window)) {
     257    case CrossOriginWindowPolicy::Deny:
     258    case CrossOriginWindowPolicy::AllowPostMessage:
    259259        if (isCrossOriginAccess())
    260260            break;
    261261        FALLTHROUGH;
    262     case CrossOriginOptions::Allow:
     262    case CrossOriginWindowPolicy::Allow:
    263263        if (frame && index < frame->tree().scopedChildCount()) {
    264264            slot.setValue(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly), toJS(state, frame->tree().scopedChild(index)->document()->domWindow()));
     
    349349    };
    350350
    351     switch (effectiveCrossOriginOptionsForAccess(state, window)) {
    352     case CrossOriginOptions::Allow:
     351    switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) {
     352    case CrossOriginWindowPolicy::Allow:
    353353        for (auto* property : properties)
    354354            propertyNames.add(*property);
    355355        break;
    356     case CrossOriginOptions::AllowPostMessage:
     356    case CrossOriginWindowPolicy::AllowPostMessage:
    357357        propertyNames.add(static_cast<JSVMClientData*>(vm.clientData)->builtinNames().postMessagePublicName());
    358358        break;
    359     case CrossOriginOptions::Deny:
     359    case CrossOriginWindowPolicy::Deny:
    360360        break;
    361361    }
     
    372372        return;
    373373
    374     switch (effectiveCrossOriginOptionsForAccess(state, window)) {
    375     case CrossOriginOptions::Allow:
     374    switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) {
     375    case CrossOriginWindowPolicy::Allow:
    376376        break;
    377     case CrossOriginOptions::Deny:
    378     case CrossOriginOptions::AllowPostMessage:
     377    case CrossOriginWindowPolicy::Deny:
     378    case CrossOriginWindowPolicy::AllowPostMessage:
    379379        return;
    380380    }

  • trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm

    r231839 r232499  
    47084708        if ($interface->type->name eq "DOMWindow") {
    47094709            if ($attribute->extendedAttributes->{DoNotCheckSecurityIf}) {
    4710                 my $crossOriginOptions = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});
     4710                my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});
    47114711                AddToImplIncludes("HTTPParsers.h", $conditional);
    4712                 push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions(&state, thisObject.wrapped(), $crossOriginOptions, ThrowSecurityError))\n");
     4712                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(&state, thisObject.wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n");
    47134713            } else {
    47144714                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(&state, thisObject.wrapped(), ThrowSecurityError))\n");
     
    48254825    my $extendedAttributeValue = shift;
    48264826
    4827     return "CrossOriginOptions::Allow" if $extendedAttributeValue eq "CrossOriginOptionsAllow";
    4828     return "CrossOriginOptions::AllowPostMessage" if $extendedAttributeValue eq "CrossOriginOptionsAllowPostMessage";
    4829     die "Unsupported CrossOriginOptions: " + $extendedAttributeValue;
     4827    return "CrossOriginWindowPolicy::Allow" if $extendedAttributeValue eq "CrossOriginWindowPolicyAllow";
     4828    return "CrossOriginWindowPolicy::AllowPostMessage" if $extendedAttributeValue eq "CrossOriginWindowPolicyAllowPostMessage";
     4829    die "Unsupported CrossOriginWindowPolicy: " + $extendedAttributeValue;
    48304830}
    48314831
     
    48534853        if ($interface->type->name eq "DOMWindow") {
    48544854            if ($attribute->extendedAttributes->{DoNotCheckSecurityIf}) {
    4855                 my $crossOriginOptions = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});
     4855                my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});
    48564856                AddToImplIncludes("HTTPParsers.h", $conditional);
    4857                 push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions(&state, thisObject.wrapped(), $crossOriginOptions, ThrowSecurityError))\n");
     4857                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(&state, thisObject.wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n");
    48584858            } else {
    48594859                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(&state, thisObject.wrapped(), ThrowSecurityError))\n");
     
    50805080            if ($interface->type->name eq "DOMWindow") {
    50815081                if ($operation->extendedAttributes->{DoNotCheckSecurityIf}) {
    5082                     my $crossOriginOptions = GetCrossOriginsOptionsFromExtendedAttributeValue($operation->extendedAttributes->{DoNotCheckSecurityIf});
     5082                    my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($operation->extendedAttributes->{DoNotCheckSecurityIf});
    50835083                    AddToImplIncludes("HTTPParsers.h", $conditional);
    5084                     push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions(state, castedThis->wrapped(), $crossOriginOptions, ThrowSecurityError))\n");
     5084                    push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(state, castedThis->wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n");
    50855085                } else {
    50865086                    push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped(), ThrowSecurityError))\n");

  • trunk/Source/WebCore/bindings/scripts/IDLAttributes.json

    r231622 r232499  
    164164        "DoNotCheckSecurityIf": {
    165165            "contextsAllowed": ["attribute", "operation"],
    166             "values": ["CrossOriginOptionsAllow", "CrossOriginOptionsAllowPostMessage"]
     166            "values": ["CrossOriginWindowPolicyAllow", "CrossOriginWindowPolicyAllowPostMessage"]
    167167        },
    168168        "DoNotCheckSecurityOnGetter": {

  • trunk/Source/WebCore/dom/Document.cpp

    r232310 r232499  
    31863186
    31873187    if (m_frame != targetFrame) {
    3188         auto sourceCrossOriginOptions = m_frame->window() ? m_frame->window()->crossOriginOptions() : CrossOriginOptions::Allow;
    3189         auto destinationCrossOriginOptions = targetFrame->window() ? targetFrame->window()->crossOriginOptions() : CrossOriginOptions::Allow;
    3190         if (sourceCrossOriginOptions != CrossOriginOptions::Allow || destinationCrossOriginOptions != CrossOriginOptions::Allow) {
     3188        auto sourceCrossOriginWindowPolicy = m_frame->window() ? m_frame->window()->crossOriginWindowPolicy() : CrossOriginWindowPolicy::Allow;
     3189        auto destinationCrossOriginWindowPolicy = targetFrame->window() ? targetFrame->window()->crossOriginWindowPolicy() : CrossOriginWindowPolicy::Allow;
     3190        if (sourceCrossOriginWindowPolicy != CrossOriginWindowPolicy::Allow || destinationCrossOriginWindowPolicy != CrossOriginWindowPolicy::Allow) {
    31913191            if (m_frame->document() && targetFrame->document() && !m_frame->document()->securityOrigin().canAccess(targetFrame->document()->securityOrigin())) {
    3192                 printNavigationErrorMessage(targetFrame, url(), ASCIILiteral("Navigation was not allowed due to Cross-Origin-Options header."));
     3192                printNavigationErrorMessage(targetFrame, url(), ASCIILiteral("Navigation was not allowed due to Cross-Origin-Window-Policy header."));
    31933193                return false;
    31943194            }

  • trunk/Source/WebCore/loader/FrameLoader.cpp

    r232419 r232499  
    748748        }
    749749
    750         if (m_frame.settings().crossOriginOptionsSupportEnabled()) {
    751             String crossOriginOptionsHeader = m_documentLoader->response().httpHeaderField(HTTPHeaderName::CrossOriginOptions);
    752             if (!crossOriginOptionsHeader.isNull()) {
     750        if (m_frame.settings().crossOriginWindowPolicySupportEnabled()) {
     751            String crossOriginWindowPolicyHeader = m_documentLoader->response().httpHeaderField(HTTPHeaderName::CrossOriginWindowPolicy);
     752            if (!crossOriginWindowPolicyHeader.isNull()) {
    753753                ASSERT(m_frame.window());
    754                 m_frame.window()->setCrossOriginOptions(parseCrossOriginOptionsHeader(crossOriginOptionsHeader));
     754                m_frame.window()->setCrossOriginWindowPolicy(parseCrossOriginWindowPolicyHeader(crossOriginWindowPolicyHeader));
    755755            }
    756756        }

  • trunk/Source/WebCore/page/AbstractDOMWindow.cpp

    r231654 r232499  
    4141AbstractDOMWindow::AbstractDOMWindow(GlobalWindowIdentifier&& identifier)
    4242    : m_identifier(WTFMove(identifier))
    43     , m_crossOriginOptions(CrossOriginOptions::Allow)
     43    , m_crossOriginWindowPolicy(CrossOriginWindowPolicy::Allow)
    4444{
    4545    ASSERT(!allWindows().contains(identifier));

  • trunk/Source/WebCore/page/AbstractDOMWindow.h

    r231654 r232499  
    3636class AbstractFrame;
    3737
    38 enum class CrossOriginOptions;
     38enum class CrossOriginWindowPolicy;
    3939
    4040// FIXME: Rename DOMWindow to LocalWindow and AbstractDOMWindow to DOMWindow.
     
    5555    using RefCounted::deref;
    5656
    57     CrossOriginOptions crossOriginOptions() { return m_crossOriginOptions; }
    58     void setCrossOriginOptions(CrossOriginOptions value) { m_crossOriginOptions = value; }
     57    CrossOriginWindowPolicy crossOriginWindowPolicy() const { return m_crossOriginWindowPolicy; }
     58    void setCrossOriginWindowPolicy(CrossOriginWindowPolicy value) { m_crossOriginWindowPolicy = value; }
    5959
    6060protected:
     
    6767private:
    6868    GlobalWindowIdentifier m_identifier;
    69     CrossOriginOptions m_crossOriginOptions;
     69    CrossOriginWindowPolicy m_crossOriginWindowPolicy;
    7070};
    7171

  • trunk/Source/WebCore/page/DOMWindow.idl

    r231622 r232499  
    5050] interface DOMWindow : EventTarget {
    5151    // The current browsing context.
    52     [DoNotCheckSecurityIf=CrossOriginOptionsAllow, Unforgeable, ImplementedAs=self] readonly attribute WindowProxy window;
    53     [Replaceable, DoNotCheckSecurityIf=CrossOriginOptionsAllow] readonly attribute WindowProxy self;
     52    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, Unforgeable, ImplementedAs=self] readonly attribute WindowProxy window;
     53    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute WindowProxy self;
    5454    [Unforgeable] readonly attribute Document document;
    5555    attribute DOMString name;
    56     [DoNotCheckSecurityIf=CrossOriginOptionsAllow, PutForwards=href, Unforgeable] readonly attribute Location? location; // FIXME: Should not be nullable.
     56    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, PutForwards=href, Unforgeable] readonly attribute Location? location; // FIXME: Should not be nullable.
    5757    readonly attribute History history;
    5858    [EnabledAtRuntime=CustomElements, ImplementedAs=ensureCustomElementRegistry] readonly attribute CustomElementRegistry customElements;
     
    6464    [Replaceable] readonly attribute BarProp toolbar;
    6565    attribute DOMString status;
    66     [DoNotCheckSecurityIf=CrossOriginOptionsAllow, CallWith=IncumbentDocument, ForwardDeclareInHeader] void close();
    67     [DoNotCheckSecurityIf=CrossOriginOptionsAllow, ForwardDeclareInHeader] readonly attribute boolean closed;
     66    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CallWith=IncumbentDocument, ForwardDeclareInHeader] void close();
     67    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ForwardDeclareInHeader] readonly attribute boolean closed;
    6868    void stop();
    69     [DoNotCheckSecurityIf=CrossOriginOptionsAllow, CallWith=IncumbentWindow, ForwardDeclareInHeader] void focus();
    70     [DoNotCheckSecurityIf=CrossOriginOptionsAllow, ForwardDeclareInHeader] void blur();
     69    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CallWith=IncumbentWindow, ForwardDeclareInHeader] void focus();
     70    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ForwardDeclareInHeader] void blur();
    7171
    7272    // Other browsing contexts.
    73     [Replaceable, DoNotCheckSecurityIf=CrossOriginOptionsAllow, ImplementedAs=self] readonly attribute WindowProxy frames;
    74     [Replaceable, DoNotCheckSecurityIf=CrossOriginOptionsAllow] readonly attribute unsigned long length;
    75     [DoNotCheckSecurityIf=CrossOriginOptionsAllow, Unforgeable] readonly attribute WindowProxy? top;
    76     [DoNotCheckSecurityIf=CrossOriginOptionsAllow, CustomSetter] attribute WindowProxy? opener;
    77     [Replaceable, DoNotCheckSecurityIf=CrossOriginOptionsAllow] readonly attribute WindowProxy? parent;
     73    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ImplementedAs=self] readonly attribute WindowProxy frames;
     74    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute unsigned long length;
     75    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, Unforgeable] readonly attribute WindowProxy? top;
     76    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CustomSetter] attribute WindowProxy? opener;
     77    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute WindowProxy? parent;
    7878    [CheckSecurityForNode] readonly attribute Element? frameElement;
    7979    [CallWith=ActiveWindow&FirstWindow] WindowProxy? open(optional USVString url = "about:blank", optional DOMString target = "_blank", optional [TreatNullAs=EmptyString] DOMString features = "");
     
    9393    void cancelAnimationFrame(long handle); // FIXME: handle should be an unsigned long.
    9494
    95     [CallWith=ScriptState&IncumbentWindow, DoNotCheckSecurityIf=CrossOriginOptionsAllowPostMessage, ForwardDeclareInHeader, MayThrowException] void postMessage(any message, USVString targetOrigin, optional sequence<object> transfer = []);
     95    [CallWith=ScriptState&IncumbentWindow, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllowPostMessage, ForwardDeclareInHeader, MayThrowException] void postMessage(any message, USVString targetOrigin, optional sequence<object> transfer = []);
    9696
    9797    // Obsolete members, still part of the HTML specification (https://html.spec.whatwg.org/#Window-partial).

  • trunk/Source/WebCore/page/Settings.yaml

    r232424 r232499  
    745745  onChange: setNeedsRecalcStyleInAllFrames
    746746
    747 crossOriginOptionsSupportEnabled:
     747crossOriginWindowPolicySupportEnabled:
    748748  initial: true
    749749

  • trunk/Source/WebCore/platform/network/HTTPHeaderNames.in

    r232217 r232499  
    5151Cookie
    5252Cookie2
    53 Cross-Origin-Options
    5453Cross-Origin-Resource-Policy
     54Cross-Origin-Window-Policy
    5555Date
    5656DNT

  • trunk/Source/WebCore/platform/network/HTTPParsers.cpp

    r232309 r232499  
    914914}
    915915
    916 CrossOriginOptions parseCrossOriginOptionsHeader(StringView header)
     916CrossOriginWindowPolicy parseCrossOriginWindowPolicyHeader(StringView header)
    917917{
    918918    header = stripLeadingAndTrailingHTTPSpaces(header);
    919919    if (header.isEmpty())
    920         return CrossOriginOptions::Allow;
     920        return CrossOriginWindowPolicy::Allow;
    921921
    922922    if (equalLettersIgnoringASCIICase(header, "deny"))
    923         return CrossOriginOptions::Deny;
     923        return CrossOriginWindowPolicy::Deny;
    924924
    925925    if (equalLettersIgnoringASCIICase(header, "allow-postmessage"))
    926         return CrossOriginOptions::AllowPostMessage;
    927 
    928     return CrossOriginOptions::Allow;
    929 }
    930 
    931 }
     926        return CrossOriginWindowPolicy::AllowPostMessage;
     927
     928    return CrossOriginWindowPolicy::Allow;
     929}
     930
     931}

  • trunk/Source/WebCore/platform/network/HTTPParsers.h

    r232309 r232499  
    7373
    7474// Should be sorted from most restrictive to most permissive.
    75 enum class CrossOriginOptions {
     75enum class CrossOriginWindowPolicy {
    7676    Deny,
    7777    AllowPostMessage,
     
    119119
    120120WEBCORE_EXPORT CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView);
    121 CrossOriginOptions parseCrossOriginOptionsHeader(StringView);
     121CrossOriginWindowPolicy parseCrossOriginWindowPolicyHeader(StringView);
    122122
    123123inline bool isHTTPSpace(UChar character)

  • trunk/Source/WebKit/ChangeLog

    r232492 r232499  
     12018-06-04  Chris Dumez  <cdumez@apple.com>
     2
     3        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
     4        https://bugs.webkit.org/show_bug.cgi?id=186287
     5        <rdar://problem/40783352>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        * Shared/WebPreferences.yaml:
     10        * WebProcess/WebPage/WebPage.cpp:
     11        (WebKit::WebPage::frameBecameRemote):
     12
    1132018-06-04  Dan Bernstein  <mitz@apple.com>
    214

  • trunk/Source/WebKit/Shared/WebPreferences.yaml

    r232372 r232499  
    10981098  category: experimental
    10991099
    1100 CrossOriginOptionsSupportEnabled:
    1101   type: bool
    1102   defaultValue: true
    1103   humanReadableName: "Cross-Origin-Options HTTP Header"
    1104   humanReadableDescription: "Enable support for Cross-Origin-Options HTTP Header"
     1100CrossOriginWindowPolicySupportEnabled:
     1101  type: bool
     1102  defaultValue: true
     1103  humanReadableName: "Cross-Origin-Window-Policy HTTP Header"
     1104  humanReadableDescription: "Enable support for Cross-Origin-Window-Policy HTTP Header"
    11051105  category: experimental
    11061106

  • trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp

    r232451 r232499  
    59525952    auto remoteFrame = RemoteFrame::create(WTFMove(remoteFrameIdentifier));
    59535953    auto remoteWindow = RemoteDOMWindow::create(remoteFrame.copyRef(), WTFMove(remoteWindowIdentifier));
    5954     remoteWindow->setCrossOriginOptions(previousWindow->crossOriginOptions());
     5954    remoteWindow->setCrossOriginWindowPolicy(previousWindow->crossOriginWindowPolicy());
    59555955
    59565956    remoteFrame->setOpener(frame->coreFrame()->loader().opener());

  • trunk/Source/WebKitLegacy/mac/ChangeLog

    r232452 r232499  
     12018-06-04  Chris Dumez  <cdumez@apple.com>
     2
     3        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
     4        https://bugs.webkit.org/show_bug.cgi?id=186287
     5        <rdar://problem/40783352>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        * WebView/WebPreferenceKeysPrivate.h:
     10        * WebView/WebPreferences.mm:
     11        (+[WebPreferences initialize]):
     12        (-[WebPreferences crossOriginWindowPolicySupportEnabled]):
     13        (-[WebPreferences setCrossOriginWindowPolicySupportEnabled:]):
     14        * WebView/WebPreferencesPrivate.h:
     15        * WebView/WebView.mm:
     16        (-[WebView _preferencesChanged:]):
     17
    1182018-06-02  Darin Adler  <darin@apple.com>
    219

  • trunk/Source/WebKitLegacy/mac/WebView/WebPreferenceKeysPrivate.h

    r231798 r232499  
    174174#define WebKitCustomPasteboardDataEnabledPreferenceKey @"WebKitCustomPasteboardDataEnabled"
    175175#define WebKitCacheAPIEnabledPreferenceKey @"WebKitCacheAPIEnabled"
    176 #define WebKitCrossOriginOptionsSupportEnabledPreferenceKey @"WebKitCrossOriginOptionsSupportEnabled"
     176#define WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey @"WebKitCrossOriginWindowPolicySupportEnabled"
    177177#define WebKitFetchAPIEnabledPreferenceKey @"WebKitFetchAPIEnabled"
    178178#define WebKitWritableStreamAPIEnabledPreferenceKey @"WebKitWritableStreamAPIEnabled"

  • trunk/Source/WebKitLegacy/mac/WebView/WebPreferences.mm

    r231798 r232499  
    635635#endif
    636636        [NSNumber numberWithBool:NO], WebKitCacheAPIEnabledPreferenceKey,
    637         [NSNumber numberWithBool:NO], WebKitCrossOriginOptionsSupportEnabledPreferenceKey,
     637        [NSNumber numberWithBool:YES], WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey,
    638638        [NSNumber numberWithBool:YES], WebKitFetchAPIEnabledPreferenceKey,
    639639
     
    30123012}
    30133013
    3014 - (BOOL)crossOriginOptionsSupportEnabled
    3015 {
    3016     return [self _boolValueForKey:WebKitCrossOriginOptionsSupportEnabledPreferenceKey];
    3017 }
    3018 
    3019 - (void)setCrossOriginOptionsSupportEnabled:(BOOL)flag
    3020 {
    3021     [self _setBoolValue:flag forKey:WebKitCrossOriginOptionsSupportEnabledPreferenceKey];
     3014- (BOOL)crossOriginWindowPolicySupportEnabled
     3015{
     3016    return [self _boolValueForKey:WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey];
     3017}
     3018
     3019- (void)setCrossOriginWindowPolicySupportEnabled:(BOOL)flag
     3020{
     3021    [self _setBoolValue:flag forKey:WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey];
    30223022}
    30233023

  • trunk/Source/WebKitLegacy/mac/WebView/WebPreferencesPrivate.h

    r231798 r232499  
    544544- (void)setCacheAPIEnabled:(BOOL)enabled;
    545545
    546 - (BOOL)crossOriginOptionsSupportEnabled;
    547 - (void)setCrossOriginOptionsSupportEnabled:(BOOL)enabled;
     546- (BOOL)crossOriginWindowPolicySupportEnabled;
     547- (void)setCrossOriginWindowPolicySupportEnabled:(BOOL)enabled;
    548548
    549549- (void)setFetchAPIEnabled:(BOOL)flag;

  • trunk/Source/WebKitLegacy/mac/WebView/WebView.mm

    r232424 r232499  
    30713071    settings.setViewportFitEnabled([preferences viewportFitEnabled]);
    30723072    settings.setConstantPropertiesEnabled([preferences constantPropertiesEnabled]);
    3073     settings.setCrossOriginOptionsSupportEnabled([preferences crossOriginOptionsSupportEnabled]);
     3073    settings.setCrossOriginWindowPolicySupportEnabled([preferences crossOriginWindowPolicySupportEnabled]);
    30743074
    30753075#if ENABLE(GAMEPAD)

  • trunk/Source/WebKitLegacy/win/ChangeLog

    r232337 r232499  
     12018-06-04  Chris Dumez  <cdumez@apple.com>
     2
     3        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
     4        https://bugs.webkit.org/show_bug.cgi?id=186287
     5        <rdar://problem/40783352>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        * Interfaces/IWebPreferencesPrivate.idl:
     10        * WebPreferenceKeysPrivate.h:
     11        * WebPreferences.cpp:
     12        (WebPreferences::initializeDefaultSettings):
     13        (WebPreferences::crossOriginWindowPolicySupportEnabled):
     14        (WebPreferences::setCrossOriginWindowPolicySupportEnabled):
     15        * WebPreferences.h:
     16        * WebView.cpp:
     17        (WebView::notifyPreferencesChanged):
     18
    1192018-05-30  Yusuke Suzuki  <utatane.tea@gmail.com>
    220

  • trunk/Source/WebKitLegacy/win/Interfaces/IWebPreferencesPrivate.idl

    r231798 r232499  
    235235interface IWebPreferencesPrivate7 : IWebPreferencesPrivate6
    236236{
    237     HRESULT crossOriginOptionsSupportEnabled([out, retval] BOOL* enabled);
    238     HRESULT setCrossOriginOptionsSupportEnabled([in] BOOL enabled);
    239 }
     237    HRESULT crossOriginWindowPolicySupportEnabled([out, retval] BOOL* enabled);
     238    HRESULT setCrossOriginWindowPolicySupportEnabled([in] BOOL enabled);
     239}

  • trunk/Source/WebKitLegacy/win/WebPreferenceKeysPrivate.h

    r231798 r232499  
    181181#define WebKitMenuItemElementEnabledPreferenceKey "WebKitMenuItemElementEnabled"
    182182
    183 #define WebKitCrossOriginOptionsSupportEnabledPreferenceKey "WebKitCrossOriginOptionsSupportEnabled"
     183#define WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey "WebKitCrossOriginWindowPolicySupportEnabled"
    184184
    185185#define WebKitModernMediaControlsEnabledPreferenceKey "WebKitModernMediaControlsEnabled"

  • trunk/Source/WebKitLegacy/win/WebPreferences.cpp

    r231798 r232499  
    250250    CFDictionaryAddValue(defaults, CFSTR(WebKitShouldDisplayCaptionsPreferenceKey), kCFBooleanFalse);
    251251    CFDictionaryAddValue(defaults, CFSTR(WebKitShouldDisplayTextDescriptionsPreferenceKey), kCFBooleanFalse);
    252     CFDictionaryAddValue(defaults, CFSTR(WebKitCrossOriginOptionsSupportEnabledPreferenceKey), kCFBooleanFalse);
     252    CFDictionaryAddValue(defaults, CFSTR(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey), kCFBooleanTrue);
    253253
    254254    RetainPtr<CFStringRef> linkBehaviorStringRef = adoptCF(CFStringCreateWithFormat(0, 0, CFSTR("%d"), WebKitEditableLinkDefaultBehavior));
     
    20352035}
    20362036
    2037 HRESULT WebPreferences::crossOriginOptionsSupportEnabled(_Out_ BOOL* enabled)
    2038 {
    2039     if (!enabled)
    2040         return E_POINTER;
    2041     *enabled = boolValueForKey(WebKitCrossOriginOptionsSupportEnabledPreferenceKey);
    2042     return S_OK;
    2043 }
    2044 
    2045 HRESULT WebPreferences::setCrossOriginOptionsSupportEnabled(BOOL enabled)
    2046 {
    2047     setBoolValue(WebKitCrossOriginOptionsSupportEnabledPreferenceKey, enabled);
     2037HRESULT WebPreferences::crossOriginWindowPolicySupportEnabled(_Out_ BOOL* enabled)
     2038{
     2039    if (!enabled)
     2040        return E_POINTER;
     2041    *enabled = boolValueForKey(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey);
     2042    return S_OK;
     2043}
     2044
     2045HRESULT WebPreferences::setCrossOriginWindowPolicySupportEnabled(BOOL enabled)
     2046{
     2047    setBoolValue(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey, enabled);
    20482048    return S_OK;
    20492049}

  • trunk/Source/WebKitLegacy/win/WebPreferences.h

    r231798 r232499  
    280280
    281281    // IWebPreferencesPrivate7
    282     virtual HRESULT STDMETHODCALLTYPE crossOriginOptionsSupportEnabled(_Out_ BOOL*);
    283     virtual HRESULT STDMETHODCALLTYPE setCrossOriginOptionsSupportEnabled(BOOL);
     282    virtual HRESULT STDMETHODCALLTYPE crossOriginWindowPolicySupportEnabled(_Out_ BOOL*);
     283    virtual HRESULT STDMETHODCALLTYPE setCrossOriginWindowPolicySupportEnabled(BOOL);
    284284
    285285    // WebPreferences

  • trunk/Source/WebKitLegacy/win/WebView.cpp

    r231798 r232499  
    52805280    settings.setVisualViewportAPIEnabled(!!enabled);
    52815281
    5282     hr = prefsPrivate->crossOriginOptionsSupportEnabled(&enabled);
    5283     if (FAILED(hr))
    5284         return hr;
    5285     settings.setCrossOriginOptionsSupportEnabled(!!enabled);
     5282    hr = prefsPrivate->crossOriginWindowPolicySupportEnabled(&enabled);
     5283    if (FAILED(hr))
     5284        return hr;
     5285    settings.setCrossOriginWindowPolicySupportEnabled(!!enabled);
    52865286
    52875287    hr = preferences->privateBrowsingEnabled(&enabled);

  • trunk/Tools/ChangeLog

    r232498 r232499  
     12018-06-04  Chris Dumez  <cdumez@apple.com>
     2
     3        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
     4        https://bugs.webkit.org/show_bug.cgi?id=186287
     5        <rdar://problem/40783352>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        * DumpRenderTree/mac/DumpRenderTree.mm:
     10        (enableExperimentalFeatures):
     11        * DumpRenderTree/win/DumpRenderTree.cpp:
     12        (enableExperimentalFeatures):
     13
    1142018-06-04  Daniel Bates  <dabates@apple.com>
    215

  • trunk/Tools/DumpRenderTree/mac/DumpRenderTree.mm

    r232452 r232499  
    863863    [preferences setVisualViewportAPIEnabled:YES];
    864864    [preferences setColorFilterEnabled:YES];
    865     [preferences setCrossOriginOptionsSupportEnabled:YES];
     865    [preferences setCrossOriginWindowPolicySupportEnabled:YES];
    866866    [preferences setServerTimingEnabled:YES];
    867867}

  • trunk/Tools/DumpRenderTree/win/DumpRenderTree.cpp

    r231709 r232499  
    790790    // FIXME: WebGL2
    791791    // FIXME: WebRTC
    792     prefsPrivate->setCrossOriginOptionsSupportEnabled(TRUE);
     792    prefsPrivate->setCrossOriginWindowPolicySupportEnabled(TRUE);
    793793}
    794794
Note: See TracChangeset for help on using the changeset viewer.