Changeset 232499 in webkit
- Timestamp:
- Jun 4, 2018 9:11:49 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 11 added
- 2 deleted
- 33 edited
- 11 copied
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r232488 r232499 1 2018-06-04 Chris Dumez <cdumez@apple.com> 2 3 Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy" 4 https://bugs.webkit.org/show_bug.cgi?id=186287 5 <rdar://problem/40783352> 6 7 Reviewed by Youenn Fablet. 8 9 * http/wpt/cross-origin-options/allow-postmessage-expected.txt: Removed. 10 * http/wpt/cross-origin-options/allow-postmessage-from-deny-expected.txt: Removed. 11 * http/wpt/cross-origin-options/allow-postmessage-from-deny.html.headers: Removed. 12 * http/wpt/cross-origin-options/cross-origin-options-header-expected.txt: Removed. 13 * http/wpt/cross-origin-options/navigation-from-opener-via-open-target-expected.txt: Removed. 14 * http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt: Removed. 15 * http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.headers: Removed. 16 * http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt: Added. 17 * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt: Added. 18 * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html: Renamed from LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny.html. 19 * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers: Added. 20 * http/wpt/cross-origin-window-policy/allow-postmessage.html: Renamed from LayoutTests/http/wpt/cross-origin-options/allow-postmessage.html. 21 * http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt: Added. 22 * http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html: Renamed from LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html. 23 * http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt: Added. 24 * http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html: Renamed from LayoutTests/http/wpt/cross-origin-options/navigation-from-opener-via-open-target.html. 25 * http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt: Added. 26 * http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html: Renamed from LayoutTests/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target.html. 27 * http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html. 28 * http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers: Added. 29 * http/wpt/cross-origin-window-policy/resources/destination.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/destination.html. 30 * http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/navigate-parent-via-anchor.html. 31 * http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/navigation-from-subframe-frame.py. 32 (main): 33 * http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/serve-cross-origin-options-header.py. 34 (main): 35 * http/wpt/cross-origin-window-policy/resources/utils.js: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/utils.js. 36 1 37 2018-06-04 Ryosuke Niwa <rniwa@webkit.org> 2 38 -
trunk/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html
r232498 r232499 3 3 <head> 4 4 <meta charset="utf-8"> 5 <title>Tests calling postMessage() on a window with 'Cross-Origin- Options: allow-postmessage' from a window with 'Cross-Origin-Options: deny'</title>5 <title>Tests calling postMessage() on a window with 'Cross-Origin-Window-Policy: allow-postmessage' from a window with 'Cross-Origin-Window-Policy: deny'</title> 6 6 <script src="/resources/testharness.js"></script> 7 7 <script src="/resources/testharnessreport.js"></script> … … 14 14 15 15 promise_test(function(test) { 16 return withIframe("cross-origin- options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {16 return withIframe("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => { 17 17 assert_throws("SecurityError", function() { f.contentWindow.length }, "length property access"); 18 18 assert_throws("SecurityError", function() { f.contentWindow.postMessage("PING", "*"); }, "Calling postMessage() should throw"); 19 19 }); 20 }, "postMessage() on Cross-origin iframe with 'Cross-Origin- Options: allow-postmessage' but current window has 'deny' option");20 }, "postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option"); 21 21 22 22 promise_test(function(test) { 23 return withPopup("cross-origin- options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {23 return withPopup("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => { 24 24 assert_throws("SecurityError", function() { result.window.length }, "length property access"); 25 25 assert_throws("SecurityError", function() { result.window.postMessage("PING", "*"); }, "Calling postMessage() should throw"); 26 26 }); 27 }, "postMessage() on Cross-origin popup with 'Cross-Origin- Options: allow-postmessage' but current window has 'deny' option");27 }, "postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option"); 28 28 29 29 </script> -
trunk/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage.html
r232498 r232499 3 3 <head> 4 4 <meta charset="utf-8"> 5 <title>Tests that postMessage() works when 'Cross-Origin- Options: allow-postmessage' HTTP header is served</title>5 <title>Tests that postMessage() works when 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header is served</title> 6 6 <script src="/resources/testharness.js"></script> 7 7 <script src="/resources/testharnessreport.js"></script> … … 14 14 15 15 promise_test(function(test) { 16 return withIframe("cross-origin- options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {16 return withIframe("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => { 17 17 return new Promise((resolve) => { 18 18 window.onmessage = (msg) => { … … 26 26 }); 27 27 }); 28 }, "postMessage() on Cross-origin iframe with 'Cross-Origin- Options: allow-postmessage' HTTP header");28 }, "postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header"); 29 29 30 30 promise_test(function(test) { 31 return withPopup("cross-origin- options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {31 return withPopup("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => { 32 32 return new Promise((resolve) => { 33 33 window.onmessage = (msg) => { … … 41 41 }); 42 42 }); 43 }, "postMessage() on Cross-origin popup with 'Cross-Origin- Options: allow-postmessage' HTTP header");43 }, "postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header"); 44 44 45 45 </script> -
trunk/LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html
r232498 r232499 3 3 <head> 4 4 <meta charset="utf-8"> 5 <title>Basic testing for Cross-Origin- OptionsHTTP header</title>5 <title>Basic testing for Cross-Origin-Window-Policy HTTP header</title> 6 6 <script src="/resources/testharness.js"></script> 7 7 <script src="/resources/testharnessreport.js"></script> … … 37 37 38 38 promise_test(function(test) { 39 return withIframe("serve-cross-origin- options-header.py?value=deny", true /* isCrossOrigin */).then((f) => {39 return withIframe("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */).then((f) => { 40 40 testCrossOriginOption(f.contentWindow, "deny", true /* isCrossOrigin */); 41 41 }); 42 }, "Cross-origin iframe with 'Cross-Origin- Options: deny' HTTP header");42 }, "Cross-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header"); 43 43 44 44 promise_test(function(test) { 45 return withIframe("serve-cross-origin- options-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((f) => {45 return withIframe("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((f) => { 46 46 testCrossOriginOption(f.contentWindow, "allow-postmessage", true /* isCrossOrigin */); 47 47 }); 48 }, "Cross-origin iframe with 'Cross-Origin- Options: allow-postmessage' HTTP header");48 }, "Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header"); 49 49 50 50 promise_test(function(test) { 51 return withIframe("serve-cross-origin- options-header.py?value=alLoW-postMessAgE", true /* isCrossOrigin */).then((f) => {51 return withIframe("serve-cross-origin-window-policy-header.py?value=alLoW-postMessAgE", true /* isCrossOrigin */).then((f) => { 52 52 testCrossOriginOption(f.contentWindow, "allow-postmessage", true /* isCrossOrigin */); 53 53 }); 54 }, "Cross-origin iframe with 'Cross-Origin- Options: alLoW-postMessAgE' HTTP header (mixed case)");54 }, "Cross-origin iframe with 'Cross-Origin-Window-Policy: alLoW-postMessAgE' HTTP header (mixed case)"); 55 55 56 56 promise_test(function(test) { 57 return withIframe("serve-cross-origin- options-header.py?value=deny,allow", true /* isCrossOrigin */).then((f) => {57 return withIframe("serve-cross-origin-window-policy-header.py?value=deny,allow", true /* isCrossOrigin */).then((f) => { 58 58 const w = f.contentWindow; 59 59 // Invalid input: should be treated as "allow". … … 62 62 checkIframePropertyValues(w); 63 63 }); 64 }, "Cross-origin iframe with 'Cross-Origin- Options: deny,allow' HTTP header (multiple values is invalid)");64 }, "Cross-origin iframe with 'Cross-Origin-Window-Policy: deny,allow' HTTP header (multiple values is invalid)"); 65 65 66 66 promise_test(function(test) { 67 return withIframe("serve-cross-origin- options-header.py?value=", true /* isCrossOrigin */).then((f) => {67 return withIframe("serve-cross-origin-window-policy-header.py?value=", true /* isCrossOrigin */).then((f) => { 68 68 const w = f.contentWindow; 69 69 // Empty value: should be treated as "allow". … … 72 72 checkIframePropertyValues(w); 73 73 }); 74 }, "Cross-origin iframe with 'Cross-Origin- Options:' HTTP header (empty value)");74 }, "Cross-origin iframe with 'Cross-Origin-Window-Policy:' HTTP header (empty value)"); 75 75 76 76 promise_test(function(test) { 77 return withIframe("serve-cross-origin- options-header.py?value=allow", true /* isCrossOrigin */).then((f) => {77 return withIframe("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */).then((f) => { 78 78 const w = f.contentWindow; 79 79 testCrossOriginOption(w, "allow", true /* isCrossOrigin */); … … 81 81 checkIframePropertyValues(w); 82 82 }); 83 }, "Cross-origin iframe with 'Cross-Origin- Options: allow' HTTP header");83 }, "Cross-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header"); 84 84 85 85 promise_test(function(test) { 86 return withIframe("serve-cross-origin- options-header.py?value=invalid", true /* isCrossOrigin */).then((f) => {86 return withIframe("serve-cross-origin-window-policy-header.py?value=invalid", true /* isCrossOrigin */).then((f) => { 87 87 const w = f.contentWindow; 88 88 testCrossOriginOption(w, "allow", true /* isCrossOrigin */); … … 90 90 checkIframePropertyValues(w); 91 91 }); 92 }, "Cross-origin iframe with 'Cross-Origin- Options: invalid' HTTP header");92 }, "Cross-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header"); 93 93 94 94 promise_test(function(test) { 95 return withIframe("serve-cross-origin- options-header.py?value=deny", false /* isCrossOrigin */).then((f) => {95 return withIframe("serve-cross-origin-window-policy-header.py?value=deny", false /* isCrossOrigin */).then((f) => { 96 96 const w = f.contentWindow; 97 97 testCrossOriginOption(w, "deny", false /* isCrossOrigin */); … … 99 99 checkIframePropertyValues(w); 100 100 }); 101 }, "Same-origin iframe with 'Cross-Origin- Options: deny' HTTP header");101 }, "Same-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header"); 102 102 103 103 promise_test(function(test) { 104 return withIframe("serve-cross-origin- options-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((f) => {104 return withIframe("serve-cross-origin-window-policy-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((f) => { 105 105 const w = f.contentWindow; 106 106 testCrossOriginOption(w, "allow-postmessage", false /* isCrossOrigin */); … … 108 108 checkIframePropertyValues(w); 109 109 }); 110 }, "Same-origin iframe with 'Cross-Origin- Options: allow-postmessage' HTTP header");110 }, "Same-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header"); 111 111 112 112 promise_test(function(test) { 113 return withIframe("serve-cross-origin- options-header.py?value=allow", false /* isCrossOrigin */).then((f) => {113 return withIframe("serve-cross-origin-window-policy-header.py?value=allow", false /* isCrossOrigin */).then((f) => { 114 114 const w = f.contentWindow; 115 115 testCrossOriginOption(w, "allow", false /* isCrossOrigin */); … … 117 117 checkIframePropertyValues(w); 118 118 }); 119 }, "Same-origin iframe with 'Cross-Origin- Options: allow' HTTP header");119 }, "Same-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header"); 120 120 121 121 promise_test(function(test) { 122 return withIframe("serve-cross-origin- options-header.py?value=invalid", false /* isCrossOrigin */).then((f) => {122 return withIframe("serve-cross-origin-window-policy-header.py?value=invalid", false /* isCrossOrigin */).then((f) => { 123 123 const w = f.contentWindow; 124 124 testCrossOriginOption(w, "allow", false /* isCrossOrigin */); … … 126 126 checkIframePropertyValues(w); 127 127 }); 128 }, "Same-origin iframe with 'Cross-Origin- Options: invalid' HTTP header");128 }, "Same-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header"); 129 129 130 130 promise_test(function(test) { 131 return withPopup("serve-cross-origin- options-header.py?value=deny", true /* isCrossOrigin */).then((result) => {131 return withPopup("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */).then((result) => { 132 132 testCrossOriginOption(result.window, "deny", true /* isCrossOrigin */); 133 133 }); 134 }, "Cross-origin popup with 'Cross-Origin- Options: deny' HTTP header");134 }, "Cross-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header"); 135 135 136 136 promise_test(function(test) { 137 return withPopup("serve-cross-origin- options-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((result) => {137 return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((result) => { 138 138 testCrossOriginOption(result.window, "allow-postmessage", true /* isCrossOrigin */); 139 139 }); 140 }, "Cross-origin popup with 'Cross-Origin- Options: allow-postmessage' HTTP header");140 }, "Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header"); 141 141 142 142 promise_test(function(test) { 143 return withPopup("serve-cross-origin- options-header.py?value=allow", true /* isCrossOrigin */).then((result) => {143 return withPopup("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */).then((result) => { 144 144 const w = result.window; 145 145 testCrossOriginOption(w, "allow", true /* isCrossOrigin */); … … 147 147 checkPopupPropertyValues(w); 148 148 }); 149 }, "Cross-origin popup with 'Cross-Origin- Options: allow' HTTP header");149 }, "Cross-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header"); 150 150 151 151 promise_test(function(test) { 152 return withPopup("serve-cross-origin- options-header.py?value=invalid", true /* isCrossOrigin */).then((result) => {152 return withPopup("serve-cross-origin-window-policy-header.py?value=invalid", true /* isCrossOrigin */).then((result) => { 153 153 const w = result.window; 154 154 testCrossOriginOption(w, "allow", true /* isCrossOrigin */); … … 156 156 checkPopupPropertyValues(w); 157 157 }); 158 }, "Cross-origin popup with 'Cross-Origin- Options: invalid' HTTP header");158 }, "Cross-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header"); 159 159 160 160 promise_test(function(test) { 161 return withPopup("serve-cross-origin- options-header.py?value=deny", false /* isCrossOrigin */).then((result) => {161 return withPopup("serve-cross-origin-window-policy-header.py?value=deny", false /* isCrossOrigin */).then((result) => { 162 162 const w = result.window; 163 163 testCrossOriginOption(w, "deny", false /* isCrossOrigin */); … … 165 165 checkPopupPropertyValues(w); 166 166 }); 167 }, "Same-origin popup with 'Cross-Origin- Options: deny' HTTP header");167 }, "Same-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header"); 168 168 169 169 promise_test(function(test) { 170 return withPopup("serve-cross-origin- options-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((result) => {170 return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((result) => { 171 171 const w = result.window; 172 172 testCrossOriginOption(w, "allow-postmessage", false /* isCrossOrigin */); … … 174 174 checkPopupPropertyValues(w); 175 175 }); 176 }, "Same-origin popup with 'Cross-Origin- Options: allow-postmessage' HTTP header");176 }, "Same-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header"); 177 177 178 178 promise_test(function(test) { 179 return withPopup("serve-cross-origin- options-header.py?value=allow", false /* isCrossOrigin */).then((result) => {179 return withPopup("serve-cross-origin-window-policy-header.py?value=allow", false /* isCrossOrigin */).then((result) => { 180 180 const w = result.window; 181 181 testCrossOriginOption(w, "allow", false /* isCrossOrigin */); … … 183 183 checkPopupPropertyValues(w); 184 184 }); 185 }, "Same-origin popup with 'Cross-Origin- Options: allow' HTTP header");185 }, "Same-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header"); 186 186 187 187 promise_test(function(test) { 188 return withPopup("serve-cross-origin- options-header.py?value=invalid", false /* isCrossOrigin */).then((result) => {188 return withPopup("serve-cross-origin-window-policy-header.py?value=invalid", false /* isCrossOrigin */).then((result) => { 189 189 const w = result.window; 190 190 testCrossOriginOption(w, "allow", false /* isCrossOrigin */); … … 192 192 checkPopupPropertyValues(w); 193 193 }); 194 }, "Same-origin popup with 'Cross-Origin- Options: invalid' HTTP header");194 }, "Same-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header"); 195 195 196 196 </script> -
trunk/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html
r232498 r232499 3 3 <head> 4 4 <meta charset="utf-8"> 5 <title>Tests that 'Cross-Origin- Options: deny / allow-postmessage' prevents a cross-origin opener from navigating us</title>5 <title>Tests that 'Cross-Origin-Window-Policy: deny / allow-postmessage' prevents a cross-origin opener from navigating us</title> 6 6 <script src="/resources/testharness.js"></script> 7 7 <script src="/resources/testharnessreport.js"></script> … … 14 14 15 15 promise_test(t => { 16 return withPopup("serve-cross-origin- options-header.py?value=deny", true /* isCrossOrigin */, "foo1").then((result) => {16 return withPopup("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */, "foo1").then((result) => { 17 17 return new Promise((resolve) => { 18 18 window.onmessage = (msg) => { … … 20 20 } 21 21 22 let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin- options/resources/destination.html";22 let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html"; 23 23 w = open(destinationURL, "foo1"); 24 24 // If a window with the given name is found but cannot be navigated, a new one is created, as if we could … … 32 32 }); 33 33 }); 34 }, "'Cross-Origin- Options: deny' prevents navigation from opener via open() target");34 }, "'Cross-Origin-Window-Policy: deny' prevents navigation from opener via open() target"); 35 35 36 36 promise_test(t => { 37 return withPopup("serve-cross-origin- options-header.py?value=allow-postmessage", true /* isCrossOrigin */, "foo2").then((result) => {37 return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */, "foo2").then((result) => { 38 38 return new Promise((resolve) => { 39 39 window.onmessage = (msg) => { … … 41 41 } 42 42 43 let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin- options/resources/destination.html";43 let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html"; 44 44 w = open(destinationURL, "foo2"); 45 45 // If a window with the given name is found but cannot be navigated, a new one is created, as if we could … … 53 53 }); 54 54 }); 55 }, "'Cross-Origin- Options: allow-postmessage' prevents navigation from opener via open() target");55 }, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from opener via open() target"); 56 56 57 57 promise_test(t => { 58 return withPopup("serve-cross-origin- options-header.py?value=allow", true /* isCrossOrigin */, "foo3").then((result) => {58 return withPopup("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */, "foo3").then((result) => { 59 59 return new Promise((resolve) => { 60 60 window.onmessage = () => { … … 63 63 } 64 64 65 let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin- options/resources/destination.html";65 let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html"; 66 66 w = open(destinationURL, "foo3"); 67 67 assert_equals(w, result.window, "open() should return the same window"); 68 68 }); 69 69 }); 70 }, "'Cross-Origin- Options: allow' does not prevent navigation from opener via open() target");70 }, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from opener via open() target"); 71 71 </script> 72 72 </body> -
trunk/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html
r232498 r232499 3 3 <head> 4 4 <meta charset="utf-8"> 5 <title>Tests that 'Cross-Origin- Options: deny / allow-postmessage' prevents a cross-origin iframe from navigating us</title>5 <title>Tests that 'Cross-Origin-Window-Policy: deny / allow-postmessage' prevents a cross-origin iframe from navigating us</title> 6 6 <script src="/resources/testharness.js"></script> 7 7 <script src="/resources/testharnessreport.js"></script> … … 23 23 }); 24 24 }); 25 }, "'Cross-Origin- Options: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>)");25 }, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>)"); 26 26 27 27 promise_test(t => { … … 35 35 }); 36 36 }); 37 }, "'Cross-Origin- Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>)");37 }, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>)"); 38 38 39 39 promise_test(t => { … … 45 45 }); 46 46 }); 47 }, "'Cross-Origin- Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>)");47 }, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>)"); 48 48 49 49 promise_test(t => { … … 57 57 }); 58 58 }); 59 }, "'Cross-Origin- Options: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");59 }, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>)"); 60 60 61 61 promise_test(t => { … … 69 69 }); 70 70 }); 71 }, "'Cross-Origin- Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");71 }, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>)"); 72 72 73 73 promise_test(t => { … … 79 79 }); 80 80 }); 81 }, "'Cross-Origin- Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>)");81 }, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>)"); 82 82 83 83 promise_test(t => { … … 91 91 }); 92 92 }); 93 }, "'Cross-Origin- Options: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName)");93 }, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName)"); 94 94 95 95 promise_test(t => { … … 103 103 }); 104 104 }); 105 }, "'Cross-Origin- Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName)");105 }, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName)"); 106 106 107 107 promise_test(t => { … … 113 113 }); 114 114 }); 115 }, "'Cross-Origin- Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>)");115 }, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>)"); 116 116 117 117 </script> -
trunk/LayoutTests/http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html
r232498 r232499 7 7 <a id="testAnchor">Click me</a> 8 8 <script> 9 const RESOURCES_DIR = "/WebKit/cross-origin- options/resources/";9 const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/"; 10 10 onload = () => { 11 11 let params = new URLSearchParams(location.search); -
trunk/LayoutTests/http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py
r232498 r232499 1 1 def main(request, response): 2 2 headers = [("Content-Type", "text/html"), 3 ("Cross-Origin- Options", request.GET['value']),]3 ("Cross-Origin-Window-Policy", request.GET['value']),] 4 4 return 200, headers, """<!DOCTYPE html> 5 5 <html> … … 9 9 <body> 10 10 <script> 11 const RESOURCES_DIR = "/WebKit/cross-origin- options/resources/";11 const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/"; 12 12 let f = document.createElement("iframe"); 13 13 f.src = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR + "navigate-parent-via-anchor.html?target=%s"; -
trunk/LayoutTests/http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py
r232498 r232499 1 1 def main(request, response): 2 2 headers = [("Content-Type", "text/html"), 3 ("Cross-Origin- Options", request.GET['value']),]3 ("Cross-Origin-Window-Policy", request.GET['value']),] 4 4 return 200, headers, """TEST 5 5 <iframe name="subframe"></iframe> -
trunk/LayoutTests/http/wpt/cross-origin-window-policy/resources/utils.js
r232498 r232499 1 const RESOURCES_DIR = "/WebKit/cross-origin- options/resources/";1 const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/"; 2 2 3 3 function isCrossOriginWindow(w) -
trunk/Source/WebCore/ChangeLog
r232496 r232499 1 2018-06-04 Chris Dumez <cdumez@apple.com> 2 3 Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy" 4 https://bugs.webkit.org/show_bug.cgi?id=186287 5 <rdar://problem/40783352> 6 7 Reviewed by Youenn Fablet. 8 9 Tests: http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html 10 http/wpt/cross-origin-window-policy/allow-postmessage.html 11 http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html 12 http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html 13 http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html 14 15 * bindings/js/JSDOMBindingSecurity.cpp: 16 (WebCore::BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy): 17 * bindings/js/JSDOMBindingSecurity.h: 18 * bindings/js/JSDOMWindowCustom.cpp: 19 (WebCore::effectiveCrossOriginWindowPolicyForAccess): 20 (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess): 21 (WebCore::JSDOMWindow::getOwnPropertySlotByIndex): 22 (WebCore::addCrossOriginWindowPropertyNames): 23 (WebCore::addScopedChildrenIndexes): 24 * bindings/scripts/CodeGeneratorJS.pm: 25 (GenerateAttributeGetterBodyDefinition): 26 (GetCrossOriginsOptionsFromExtendedAttributeValue): 27 (GenerateAttributeSetterBodyDefinition): 28 (GenerateOperationBodyDefinition): 29 * bindings/scripts/IDLAttributes.json: 30 * dom/Document.cpp: 31 (WebCore::Document::canNavigate): 32 * loader/FrameLoader.cpp: 33 (WebCore::FrameLoader::didBeginDocument): 34 * page/AbstractDOMWindow.cpp: 35 (WebCore::AbstractDOMWindow::AbstractDOMWindow): 36 * page/AbstractDOMWindow.h: 37 (WebCore::AbstractDOMWindow::crossOriginWindowPolicy): 38 (WebCore::AbstractDOMWindow::setCrossOriginWindowPolicy): 39 * page/DOMWindow.idl: 40 * page/Settings.yaml: 41 * platform/network/HTTPHeaderNames.in: 42 * platform/network/HTTPParsers.cpp: 43 (WebCore::parseCrossOriginWindowPolicyHeader): 44 * platform/network/HTTPParsers.h: 45 1 46 2018-06-04 Brent Fulgham <bfulgham@apple.com> 2 47 -
trunk/Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp
r231622 r232499 101 101 } 102 102 103 bool BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOrigin Options(JSC::ExecState* state, DOMWindow& target, CrossOriginOptions minimumCrossOriginOptions, SecurityReportingOption reportingOption)103 bool BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(JSC::ExecState* state, DOMWindow& target, CrossOriginWindowPolicy minimumCrossOriginWindowPolicy, SecurityReportingOption reportingOption) 104 104 { 105 105 DOMWindow& source = activeDOMWindow(*state); 106 ASSERT(minimumCrossOrigin Options > CrossOriginOptions::Deny);106 ASSERT(minimumCrossOriginWindowPolicy > CrossOriginWindowPolicy::Deny); 107 107 108 static_assert(CrossOrigin Options::Deny < CrossOriginOptions::AllowPostMessage && CrossOriginOptions::AllowPostMessage < CrossOriginOptions::Allow, "More restrictive cross-origin options should have lower values");108 static_assert(CrossOriginWindowPolicy::Deny < CrossOriginWindowPolicy::AllowPostMessage && CrossOriginWindowPolicy::AllowPostMessage < CrossOriginWindowPolicy::Allow, "More restrictive cross-origin options should have lower values"); 109 109 110 110 // Fast path. 111 auto effectiveCrossOrigin Options = std::min(source.crossOriginOptions(), target.crossOriginOptions());112 if (effectiveCrossOrigin Options >= minimumCrossOriginOptions)111 auto effectiveCrossOriginWindowPolicy = std::min(source.crossOriginWindowPolicy(), target.crossOriginWindowPolicy()); 112 if (effectiveCrossOriginWindowPolicy >= minimumCrossOriginWindowPolicy) 113 113 return true; 114 114 -
trunk/Source/WebCore/bindings/js/JSDOMBindingSecurity.h
r231622 r232499 37 37 class Node; 38 38 39 enum class CrossOrigin Options;39 enum class CrossOriginWindowPolicy; 40 40 41 41 void printErrorMessageForFrame(Frame*, const String& message); … … 56 56 bool shouldAllowAccessToNode(JSC::ExecState&, Node*); 57 57 58 bool shouldAllowAccessToDOMWindowGivenMinimumCrossOrigin Options(JSC::ExecState*, DOMWindow&, CrossOriginOptions, SecurityReportingOption = LogSecurityError);58 bool shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(JSC::ExecState*, DOMWindow&, CrossOriginWindowPolicy, SecurityReportingOption = LogSecurityError); 59 59 60 60 }; -
trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
r231622 r232499 57 57 using namespace JSC; 58 58 59 static CrossOrigin Options effectiveCrossOriginOptionsForAccess(ExecState& state, AbstractDOMWindow& target)60 { 61 static_assert(CrossOrigin Options::Deny < CrossOriginOptions::AllowPostMessage && CrossOriginOptions::AllowPostMessage < CrossOriginOptions::Allow, "More restrictive cross-origin options should have lower values");62 return std::min(activeDOMWindow(state).crossOrigin Options(), target.crossOriginOptions());59 static CrossOriginWindowPolicy effectiveCrossOriginWindowPolicyForAccess(ExecState& state, AbstractDOMWindow& target) 60 { 61 static_assert(CrossOriginWindowPolicy::Deny < CrossOriginWindowPolicy::AllowPostMessage && CrossOriginWindowPolicy::AllowPostMessage < CrossOriginWindowPolicy::Allow, "More restrictive cross-origin options should have lower values"); 62 return std::min(activeDOMWindow(state).crossOriginWindowPolicy(), target.crossOriginWindowPolicy()); 63 63 } 64 64 … … 101 101 } 102 102 103 switch (effectiveCrossOrigin OptionsForAccess(state, window)) {104 case CrossOrigin Options::AllowPostMessage:103 switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) { 104 case CrossOriginWindowPolicy::AllowPostMessage: 105 105 if (propertyName == builtinNames.postMessagePublicName()) { 106 106 slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontEnum), windowType == DOMWindowType::Remote ? nonCachingStaticFunctionGetter<jsRemoteDOMWindowInstanceFunctionPostMessage, 0> : nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionPostMessage, 2>); … … 108 108 } 109 109 FALLTHROUGH; 110 case CrossOrigin Options::Deny:110 case CrossOriginWindowPolicy::Deny: 111 111 throwSecurityError(state, scope, errorMessage); 112 112 slot.setUndefined(); 113 113 return false; 114 case CrossOrigin Options::Allow:114 case CrossOriginWindowPolicy::Allow: 115 115 break; 116 116 } … … 254 254 // (1) First, indexed properties. 255 255 // These are also allowed cross-origin, so come before the access check. 256 switch (effectiveCrossOrigin OptionsForAccess(*state, window)) {257 case CrossOrigin Options::Deny:258 case CrossOrigin Options::AllowPostMessage:256 switch (effectiveCrossOriginWindowPolicyForAccess(*state, window)) { 257 case CrossOriginWindowPolicy::Deny: 258 case CrossOriginWindowPolicy::AllowPostMessage: 259 259 if (isCrossOriginAccess()) 260 260 break; 261 261 FALLTHROUGH; 262 case CrossOrigin Options::Allow:262 case CrossOriginWindowPolicy::Allow: 263 263 if (frame && index < frame->tree().scopedChildCount()) { 264 264 slot.setValue(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly), toJS(state, frame->tree().scopedChild(index)->document()->domWindow())); … … 349 349 }; 350 350 351 switch (effectiveCrossOrigin OptionsForAccess(state, window)) {352 case CrossOrigin Options::Allow:351 switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) { 352 case CrossOriginWindowPolicy::Allow: 353 353 for (auto* property : properties) 354 354 propertyNames.add(*property); 355 355 break; 356 case CrossOrigin Options::AllowPostMessage:356 case CrossOriginWindowPolicy::AllowPostMessage: 357 357 propertyNames.add(static_cast<JSVMClientData*>(vm.clientData)->builtinNames().postMessagePublicName()); 358 358 break; 359 case CrossOrigin Options::Deny:359 case CrossOriginWindowPolicy::Deny: 360 360 break; 361 361 } … … 372 372 return; 373 373 374 switch (effectiveCrossOrigin OptionsForAccess(state, window)) {375 case CrossOrigin Options::Allow:374 switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) { 375 case CrossOriginWindowPolicy::Allow: 376 376 break; 377 case CrossOrigin Options::Deny:378 case CrossOrigin Options::AllowPostMessage:377 case CrossOriginWindowPolicy::Deny: 378 case CrossOriginWindowPolicy::AllowPostMessage: 379 379 return; 380 380 } -
trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
r231839 r232499 4708 4708 if ($interface->type->name eq "DOMWindow") { 4709 4709 if ($attribute->extendedAttributes->{DoNotCheckSecurityIf}) { 4710 my $crossOrigin Options= GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});4710 my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf}); 4711 4711 AddToImplIncludes("HTTPParsers.h", $conditional); 4712 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOrigin Options(&state, thisObject.wrapped(), $crossOriginOptions, ThrowSecurityError))\n");4712 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(&state, thisObject.wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n"); 4713 4713 } else { 4714 4714 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(&state, thisObject.wrapped(), ThrowSecurityError))\n"); … … 4825 4825 my $extendedAttributeValue = shift; 4826 4826 4827 return "CrossOrigin Options::Allow" if $extendedAttributeValue eq "CrossOriginOptionsAllow";4828 return "CrossOrigin Options::AllowPostMessage" if $extendedAttributeValue eq "CrossOriginOptionsAllowPostMessage";4829 die "Unsupported CrossOrigin Options: " + $extendedAttributeValue;4827 return "CrossOriginWindowPolicy::Allow" if $extendedAttributeValue eq "CrossOriginWindowPolicyAllow"; 4828 return "CrossOriginWindowPolicy::AllowPostMessage" if $extendedAttributeValue eq "CrossOriginWindowPolicyAllowPostMessage"; 4829 die "Unsupported CrossOriginWindowPolicy: " + $extendedAttributeValue; 4830 4830 } 4831 4831 … … 4853 4853 if ($interface->type->name eq "DOMWindow") { 4854 4854 if ($attribute->extendedAttributes->{DoNotCheckSecurityIf}) { 4855 my $crossOrigin Options= GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});4855 my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf}); 4856 4856 AddToImplIncludes("HTTPParsers.h", $conditional); 4857 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOrigin Options(&state, thisObject.wrapped(), $crossOriginOptions, ThrowSecurityError))\n");4857 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(&state, thisObject.wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n"); 4858 4858 } else { 4859 4859 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(&state, thisObject.wrapped(), ThrowSecurityError))\n"); … … 5080 5080 if ($interface->type->name eq "DOMWindow") { 5081 5081 if ($operation->extendedAttributes->{DoNotCheckSecurityIf}) { 5082 my $crossOrigin Options= GetCrossOriginsOptionsFromExtendedAttributeValue($operation->extendedAttributes->{DoNotCheckSecurityIf});5082 my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($operation->extendedAttributes->{DoNotCheckSecurityIf}); 5083 5083 AddToImplIncludes("HTTPParsers.h", $conditional); 5084 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOrigin Options(state, castedThis->wrapped(), $crossOriginOptions, ThrowSecurityError))\n");5084 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(state, castedThis->wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n"); 5085 5085 } else { 5086 5086 push(@$outputArray, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped(), ThrowSecurityError))\n"); -
trunk/Source/WebCore/bindings/scripts/IDLAttributes.json
r231622 r232499 164 164 "DoNotCheckSecurityIf": { 165 165 "contextsAllowed": ["attribute", "operation"], 166 "values": ["CrossOrigin OptionsAllow", "CrossOriginOptionsAllowPostMessage"]166 "values": ["CrossOriginWindowPolicyAllow", "CrossOriginWindowPolicyAllowPostMessage"] 167 167 }, 168 168 "DoNotCheckSecurityOnGetter": { -
trunk/Source/WebCore/dom/Document.cpp
r232310 r232499 3186 3186 3187 3187 if (m_frame != targetFrame) { 3188 auto sourceCrossOrigin Options = m_frame->window() ? m_frame->window()->crossOriginOptions() : CrossOriginOptions::Allow;3189 auto destinationCrossOrigin Options = targetFrame->window() ? targetFrame->window()->crossOriginOptions() : CrossOriginOptions::Allow;3190 if (sourceCrossOrigin Options != CrossOriginOptions::Allow || destinationCrossOriginOptions != CrossOriginOptions::Allow) {3188 auto sourceCrossOriginWindowPolicy = m_frame->window() ? m_frame->window()->crossOriginWindowPolicy() : CrossOriginWindowPolicy::Allow; 3189 auto destinationCrossOriginWindowPolicy = targetFrame->window() ? targetFrame->window()->crossOriginWindowPolicy() : CrossOriginWindowPolicy::Allow; 3190 if (sourceCrossOriginWindowPolicy != CrossOriginWindowPolicy::Allow || destinationCrossOriginWindowPolicy != CrossOriginWindowPolicy::Allow) { 3191 3191 if (m_frame->document() && targetFrame->document() && !m_frame->document()->securityOrigin().canAccess(targetFrame->document()->securityOrigin())) { 3192 printNavigationErrorMessage(targetFrame, url(), ASCIILiteral("Navigation was not allowed due to Cross-Origin- Optionsheader."));3192 printNavigationErrorMessage(targetFrame, url(), ASCIILiteral("Navigation was not allowed due to Cross-Origin-Window-Policy header.")); 3193 3193 return false; 3194 3194 } -
trunk/Source/WebCore/loader/FrameLoader.cpp
r232419 r232499 748 748 } 749 749 750 if (m_frame.settings().crossOrigin OptionsSupportEnabled()) {751 String crossOrigin OptionsHeader = m_documentLoader->response().httpHeaderField(HTTPHeaderName::CrossOriginOptions);752 if (!crossOrigin OptionsHeader.isNull()) {750 if (m_frame.settings().crossOriginWindowPolicySupportEnabled()) { 751 String crossOriginWindowPolicyHeader = m_documentLoader->response().httpHeaderField(HTTPHeaderName::CrossOriginWindowPolicy); 752 if (!crossOriginWindowPolicyHeader.isNull()) { 753 753 ASSERT(m_frame.window()); 754 m_frame.window()->setCrossOrigin Options(parseCrossOriginOptionsHeader(crossOriginOptionsHeader));754 m_frame.window()->setCrossOriginWindowPolicy(parseCrossOriginWindowPolicyHeader(crossOriginWindowPolicyHeader)); 755 755 } 756 756 } -
trunk/Source/WebCore/page/AbstractDOMWindow.cpp
r231654 r232499 41 41 AbstractDOMWindow::AbstractDOMWindow(GlobalWindowIdentifier&& identifier) 42 42 : m_identifier(WTFMove(identifier)) 43 , m_crossOrigin Options(CrossOriginOptions::Allow)43 , m_crossOriginWindowPolicy(CrossOriginWindowPolicy::Allow) 44 44 { 45 45 ASSERT(!allWindows().contains(identifier)); -
trunk/Source/WebCore/page/AbstractDOMWindow.h
r231654 r232499 36 36 class AbstractFrame; 37 37 38 enum class CrossOrigin Options;38 enum class CrossOriginWindowPolicy; 39 39 40 40 // FIXME: Rename DOMWindow to LocalWindow and AbstractDOMWindow to DOMWindow. … … 55 55 using RefCounted::deref; 56 56 57 CrossOrigin Options crossOriginOptions() { return m_crossOriginOptions; }58 void setCrossOrigin Options(CrossOriginOptions value) { m_crossOriginOptions= value; }57 CrossOriginWindowPolicy crossOriginWindowPolicy() const { return m_crossOriginWindowPolicy; } 58 void setCrossOriginWindowPolicy(CrossOriginWindowPolicy value) { m_crossOriginWindowPolicy = value; } 59 59 60 60 protected: … … 67 67 private: 68 68 GlobalWindowIdentifier m_identifier; 69 CrossOrigin Options m_crossOriginOptions;69 CrossOriginWindowPolicy m_crossOriginWindowPolicy; 70 70 }; 71 71 -
trunk/Source/WebCore/page/DOMWindow.idl
r231622 r232499 50 50 ] interface DOMWindow : EventTarget { 51 51 // The current browsing context. 52 [DoNotCheckSecurityIf=CrossOrigin OptionsAllow, Unforgeable, ImplementedAs=self] readonly attribute WindowProxy window;53 [Replaceable, DoNotCheckSecurityIf=CrossOrigin OptionsAllow] readonly attribute WindowProxy self;52 [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, Unforgeable, ImplementedAs=self] readonly attribute WindowProxy window; 53 [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute WindowProxy self; 54 54 [Unforgeable] readonly attribute Document document; 55 55 attribute DOMString name; 56 [DoNotCheckSecurityIf=CrossOrigin OptionsAllow, PutForwards=href, Unforgeable] readonly attribute Location? location; // FIXME: Should not be nullable.56 [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, PutForwards=href, Unforgeable] readonly attribute Location? location; // FIXME: Should not be nullable. 57 57 readonly attribute History history; 58 58 [EnabledAtRuntime=CustomElements, ImplementedAs=ensureCustomElementRegistry] readonly attribute CustomElementRegistry customElements; … … 64 64 [Replaceable] readonly attribute BarProp toolbar; 65 65 attribute DOMString status; 66 [DoNotCheckSecurityIf=CrossOrigin OptionsAllow, CallWith=IncumbentDocument, ForwardDeclareInHeader] void close();67 [DoNotCheckSecurityIf=CrossOrigin OptionsAllow, ForwardDeclareInHeader] readonly attribute boolean closed;66 [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CallWith=IncumbentDocument, ForwardDeclareInHeader] void close(); 67 [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ForwardDeclareInHeader] readonly attribute boolean closed; 68 68 void stop(); 69 [DoNotCheckSecurityIf=CrossOrigin OptionsAllow, CallWith=IncumbentWindow, ForwardDeclareInHeader] void focus();70 [DoNotCheckSecurityIf=CrossOrigin OptionsAllow, ForwardDeclareInHeader] void blur();69 [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CallWith=IncumbentWindow, ForwardDeclareInHeader] void focus(); 70 [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ForwardDeclareInHeader] void blur(); 71 71 72 72 // Other browsing contexts. 73 [Replaceable, DoNotCheckSecurityIf=CrossOrigin OptionsAllow, ImplementedAs=self] readonly attribute WindowProxy frames;74 [Replaceable, DoNotCheckSecurityIf=CrossOrigin OptionsAllow] readonly attribute unsigned long length;75 [DoNotCheckSecurityIf=CrossOrigin OptionsAllow, Unforgeable] readonly attribute WindowProxy? top;76 [DoNotCheckSecurityIf=CrossOrigin OptionsAllow, CustomSetter] attribute WindowProxy? opener;77 [Replaceable, DoNotCheckSecurityIf=CrossOrigin OptionsAllow] readonly attribute WindowProxy? parent;73 [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ImplementedAs=self] readonly attribute WindowProxy frames; 74 [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute unsigned long length; 75 [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, Unforgeable] readonly attribute WindowProxy? top; 76 [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CustomSetter] attribute WindowProxy? opener; 77 [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute WindowProxy? parent; 78 78 [CheckSecurityForNode] readonly attribute Element? frameElement; 79 79 [CallWith=ActiveWindow&FirstWindow] WindowProxy? open(optional USVString url = "about:blank", optional DOMString target = "_blank", optional [TreatNullAs=EmptyString] DOMString features = ""); … … 93 93 void cancelAnimationFrame(long handle); // FIXME: handle should be an unsigned long. 94 94 95 [CallWith=ScriptState&IncumbentWindow, DoNotCheckSecurityIf=CrossOrigin OptionsAllowPostMessage, ForwardDeclareInHeader, MayThrowException] void postMessage(any message, USVString targetOrigin, optional sequence<object> transfer = []);95 [CallWith=ScriptState&IncumbentWindow, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllowPostMessage, ForwardDeclareInHeader, MayThrowException] void postMessage(any message, USVString targetOrigin, optional sequence<object> transfer = []); 96 96 97 97 // Obsolete members, still part of the HTML specification (https://html.spec.whatwg.org/#Window-partial). -
trunk/Source/WebCore/page/Settings.yaml
r232424 r232499 745 745 onChange: setNeedsRecalcStyleInAllFrames 746 746 747 crossOrigin OptionsSupportEnabled:747 crossOriginWindowPolicySupportEnabled: 748 748 initial: true 749 749 -
trunk/Source/WebCore/platform/network/HTTPHeaderNames.in
r232217 r232499 51 51 Cookie 52 52 Cookie2 53 Cross-Origin-Options54 53 Cross-Origin-Resource-Policy 54 Cross-Origin-Window-Policy 55 55 Date 56 56 DNT -
trunk/Source/WebCore/platform/network/HTTPParsers.cpp
r232309 r232499 914 914 } 915 915 916 CrossOrigin Options parseCrossOriginOptionsHeader(StringView header)916 CrossOriginWindowPolicy parseCrossOriginWindowPolicyHeader(StringView header) 917 917 { 918 918 header = stripLeadingAndTrailingHTTPSpaces(header); 919 919 if (header.isEmpty()) 920 return CrossOrigin Options::Allow;920 return CrossOriginWindowPolicy::Allow; 921 921 922 922 if (equalLettersIgnoringASCIICase(header, "deny")) 923 return CrossOrigin Options::Deny;923 return CrossOriginWindowPolicy::Deny; 924 924 925 925 if (equalLettersIgnoringASCIICase(header, "allow-postmessage")) 926 return CrossOrigin Options::AllowPostMessage;927 928 return CrossOrigin Options::Allow;929 } 930 931 } 926 return CrossOriginWindowPolicy::AllowPostMessage; 927 928 return CrossOriginWindowPolicy::Allow; 929 } 930 931 } -
trunk/Source/WebCore/platform/network/HTTPParsers.h
r232309 r232499 73 73 74 74 // Should be sorted from most restrictive to most permissive. 75 enum class CrossOrigin Options{75 enum class CrossOriginWindowPolicy { 76 76 Deny, 77 77 AllowPostMessage, … … 119 119 120 120 WEBCORE_EXPORT CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView); 121 CrossOrigin Options parseCrossOriginOptionsHeader(StringView);121 CrossOriginWindowPolicy parseCrossOriginWindowPolicyHeader(StringView); 122 122 123 123 inline bool isHTTPSpace(UChar character) -
trunk/Source/WebKit/ChangeLog
r232492 r232499 1 2018-06-04 Chris Dumez <cdumez@apple.com> 2 3 Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy" 4 https://bugs.webkit.org/show_bug.cgi?id=186287 5 <rdar://problem/40783352> 6 7 Reviewed by Youenn Fablet. 8 9 * Shared/WebPreferences.yaml: 10 * WebProcess/WebPage/WebPage.cpp: 11 (WebKit::WebPage::frameBecameRemote): 12 1 13 2018-06-04 Dan Bernstein <mitz@apple.com> 2 14 -
trunk/Source/WebKit/Shared/WebPreferences.yaml
r232372 r232499 1098 1098 category: experimental 1099 1099 1100 CrossOrigin OptionsSupportEnabled:1101 type: bool 1102 defaultValue: true 1103 humanReadableName: "Cross-Origin- OptionsHTTP Header"1104 humanReadableDescription: "Enable support for Cross-Origin- OptionsHTTP Header"1100 CrossOriginWindowPolicySupportEnabled: 1101 type: bool 1102 defaultValue: true 1103 humanReadableName: "Cross-Origin-Window-Policy HTTP Header" 1104 humanReadableDescription: "Enable support for Cross-Origin-Window-Policy HTTP Header" 1105 1105 category: experimental 1106 1106 -
trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp
r232451 r232499 5952 5952 auto remoteFrame = RemoteFrame::create(WTFMove(remoteFrameIdentifier)); 5953 5953 auto remoteWindow = RemoteDOMWindow::create(remoteFrame.copyRef(), WTFMove(remoteWindowIdentifier)); 5954 remoteWindow->setCrossOrigin Options(previousWindow->crossOriginOptions());5954 remoteWindow->setCrossOriginWindowPolicy(previousWindow->crossOriginWindowPolicy()); 5955 5955 5956 5956 remoteFrame->setOpener(frame->coreFrame()->loader().opener()); -
trunk/Source/WebKitLegacy/mac/ChangeLog
r232452 r232499 1 2018-06-04 Chris Dumez <cdumez@apple.com> 2 3 Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy" 4 https://bugs.webkit.org/show_bug.cgi?id=186287 5 <rdar://problem/40783352> 6 7 Reviewed by Youenn Fablet. 8 9 * WebView/WebPreferenceKeysPrivate.h: 10 * WebView/WebPreferences.mm: 11 (+[WebPreferences initialize]): 12 (-[WebPreferences crossOriginWindowPolicySupportEnabled]): 13 (-[WebPreferences setCrossOriginWindowPolicySupportEnabled:]): 14 * WebView/WebPreferencesPrivate.h: 15 * WebView/WebView.mm: 16 (-[WebView _preferencesChanged:]): 17 1 18 2018-06-02 Darin Adler <darin@apple.com> 2 19 -
trunk/Source/WebKitLegacy/mac/WebView/WebPreferenceKeysPrivate.h
r231798 r232499 174 174 #define WebKitCustomPasteboardDataEnabledPreferenceKey @"WebKitCustomPasteboardDataEnabled" 175 175 #define WebKitCacheAPIEnabledPreferenceKey @"WebKitCacheAPIEnabled" 176 #define WebKitCrossOrigin OptionsSupportEnabledPreferenceKey @"WebKitCrossOriginOptionsSupportEnabled"176 #define WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey @"WebKitCrossOriginWindowPolicySupportEnabled" 177 177 #define WebKitFetchAPIEnabledPreferenceKey @"WebKitFetchAPIEnabled" 178 178 #define WebKitWritableStreamAPIEnabledPreferenceKey @"WebKitWritableStreamAPIEnabled" -
trunk/Source/WebKitLegacy/mac/WebView/WebPreferences.mm
r231798 r232499 635 635 #endif 636 636 [NSNumber numberWithBool:NO], WebKitCacheAPIEnabledPreferenceKey, 637 [NSNumber numberWithBool: NO], WebKitCrossOriginOptionsSupportEnabledPreferenceKey,637 [NSNumber numberWithBool:YES], WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey, 638 638 [NSNumber numberWithBool:YES], WebKitFetchAPIEnabledPreferenceKey, 639 639 … … 3012 3012 } 3013 3013 3014 - (BOOL)crossOrigin OptionsSupportEnabled3015 { 3016 return [self _boolValueForKey:WebKitCrossOrigin OptionsSupportEnabledPreferenceKey];3017 } 3018 3019 - (void)setCrossOrigin OptionsSupportEnabled:(BOOL)flag3020 { 3021 [self _setBoolValue:flag forKey:WebKitCrossOrigin OptionsSupportEnabledPreferenceKey];3014 - (BOOL)crossOriginWindowPolicySupportEnabled 3015 { 3016 return [self _boolValueForKey:WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey]; 3017 } 3018 3019 - (void)setCrossOriginWindowPolicySupportEnabled:(BOOL)flag 3020 { 3021 [self _setBoolValue:flag forKey:WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey]; 3022 3022 } 3023 3023 -
trunk/Source/WebKitLegacy/mac/WebView/WebPreferencesPrivate.h
r231798 r232499 544 544 - (void)setCacheAPIEnabled:(BOOL)enabled; 545 545 546 - (BOOL)crossOrigin OptionsSupportEnabled;547 - (void)setCrossOrigin OptionsSupportEnabled:(BOOL)enabled;546 - (BOOL)crossOriginWindowPolicySupportEnabled; 547 - (void)setCrossOriginWindowPolicySupportEnabled:(BOOL)enabled; 548 548 549 549 - (void)setFetchAPIEnabled:(BOOL)flag; -
trunk/Source/WebKitLegacy/mac/WebView/WebView.mm
r232424 r232499 3071 3071 settings.setViewportFitEnabled([preferences viewportFitEnabled]); 3072 3072 settings.setConstantPropertiesEnabled([preferences constantPropertiesEnabled]); 3073 settings.setCrossOrigin OptionsSupportEnabled([preferences crossOriginOptionsSupportEnabled]);3073 settings.setCrossOriginWindowPolicySupportEnabled([preferences crossOriginWindowPolicySupportEnabled]); 3074 3074 3075 3075 #if ENABLE(GAMEPAD) -
trunk/Source/WebKitLegacy/win/ChangeLog
r232337 r232499 1 2018-06-04 Chris Dumez <cdumez@apple.com> 2 3 Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy" 4 https://bugs.webkit.org/show_bug.cgi?id=186287 5 <rdar://problem/40783352> 6 7 Reviewed by Youenn Fablet. 8 9 * Interfaces/IWebPreferencesPrivate.idl: 10 * WebPreferenceKeysPrivate.h: 11 * WebPreferences.cpp: 12 (WebPreferences::initializeDefaultSettings): 13 (WebPreferences::crossOriginWindowPolicySupportEnabled): 14 (WebPreferences::setCrossOriginWindowPolicySupportEnabled): 15 * WebPreferences.h: 16 * WebView.cpp: 17 (WebView::notifyPreferencesChanged): 18 1 19 2018-05-30 Yusuke Suzuki <utatane.tea@gmail.com> 2 20 -
trunk/Source/WebKitLegacy/win/Interfaces/IWebPreferencesPrivate.idl
r231798 r232499 235 235 interface IWebPreferencesPrivate7 : IWebPreferencesPrivate6 236 236 { 237 HRESULT crossOrigin OptionsSupportEnabled([out, retval] BOOL* enabled);238 HRESULT setCrossOrigin OptionsSupportEnabled([in] BOOL enabled);239 } 237 HRESULT crossOriginWindowPolicySupportEnabled([out, retval] BOOL* enabled); 238 HRESULT setCrossOriginWindowPolicySupportEnabled([in] BOOL enabled); 239 } -
trunk/Source/WebKitLegacy/win/WebPreferenceKeysPrivate.h
r231798 r232499 181 181 #define WebKitMenuItemElementEnabledPreferenceKey "WebKitMenuItemElementEnabled" 182 182 183 #define WebKitCrossOrigin OptionsSupportEnabledPreferenceKey "WebKitCrossOriginOptionsSupportEnabled"183 #define WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey "WebKitCrossOriginWindowPolicySupportEnabled" 184 184 185 185 #define WebKitModernMediaControlsEnabledPreferenceKey "WebKitModernMediaControlsEnabled" -
trunk/Source/WebKitLegacy/win/WebPreferences.cpp
r231798 r232499 250 250 CFDictionaryAddValue(defaults, CFSTR(WebKitShouldDisplayCaptionsPreferenceKey), kCFBooleanFalse); 251 251 CFDictionaryAddValue(defaults, CFSTR(WebKitShouldDisplayTextDescriptionsPreferenceKey), kCFBooleanFalse); 252 CFDictionaryAddValue(defaults, CFSTR(WebKitCrossOrigin OptionsSupportEnabledPreferenceKey), kCFBooleanFalse);252 CFDictionaryAddValue(defaults, CFSTR(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey), kCFBooleanTrue); 253 253 254 254 RetainPtr<CFStringRef> linkBehaviorStringRef = adoptCF(CFStringCreateWithFormat(0, 0, CFSTR("%d"), WebKitEditableLinkDefaultBehavior)); … … 2035 2035 } 2036 2036 2037 HRESULT WebPreferences::crossOrigin OptionsSupportEnabled(_Out_ BOOL* enabled)2038 { 2039 if (!enabled) 2040 return E_POINTER; 2041 *enabled = boolValueForKey(WebKitCrossOrigin OptionsSupportEnabledPreferenceKey);2042 return S_OK; 2043 } 2044 2045 HRESULT WebPreferences::setCrossOrigin OptionsSupportEnabled(BOOL enabled)2046 { 2047 setBoolValue(WebKitCrossOrigin OptionsSupportEnabledPreferenceKey, enabled);2037 HRESULT WebPreferences::crossOriginWindowPolicySupportEnabled(_Out_ BOOL* enabled) 2038 { 2039 if (!enabled) 2040 return E_POINTER; 2041 *enabled = boolValueForKey(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey); 2042 return S_OK; 2043 } 2044 2045 HRESULT WebPreferences::setCrossOriginWindowPolicySupportEnabled(BOOL enabled) 2046 { 2047 setBoolValue(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey, enabled); 2048 2048 return S_OK; 2049 2049 } -
trunk/Source/WebKitLegacy/win/WebPreferences.h
r231798 r232499 280 280 281 281 // IWebPreferencesPrivate7 282 virtual HRESULT STDMETHODCALLTYPE crossOrigin OptionsSupportEnabled(_Out_ BOOL*);283 virtual HRESULT STDMETHODCALLTYPE setCrossOrigin OptionsSupportEnabled(BOOL);282 virtual HRESULT STDMETHODCALLTYPE crossOriginWindowPolicySupportEnabled(_Out_ BOOL*); 283 virtual HRESULT STDMETHODCALLTYPE setCrossOriginWindowPolicySupportEnabled(BOOL); 284 284 285 285 // WebPreferences -
trunk/Source/WebKitLegacy/win/WebView.cpp
r231798 r232499 5280 5280 settings.setVisualViewportAPIEnabled(!!enabled); 5281 5281 5282 hr = prefsPrivate->crossOrigin OptionsSupportEnabled(&enabled);5283 if (FAILED(hr)) 5284 return hr; 5285 settings.setCrossOrigin OptionsSupportEnabled(!!enabled);5282 hr = prefsPrivate->crossOriginWindowPolicySupportEnabled(&enabled); 5283 if (FAILED(hr)) 5284 return hr; 5285 settings.setCrossOriginWindowPolicySupportEnabled(!!enabled); 5286 5286 5287 5287 hr = preferences->privateBrowsingEnabled(&enabled); -
trunk/Tools/ChangeLog
r232498 r232499 1 2018-06-04 Chris Dumez <cdumez@apple.com> 2 3 Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy" 4 https://bugs.webkit.org/show_bug.cgi?id=186287 5 <rdar://problem/40783352> 6 7 Reviewed by Youenn Fablet. 8 9 * DumpRenderTree/mac/DumpRenderTree.mm: 10 (enableExperimentalFeatures): 11 * DumpRenderTree/win/DumpRenderTree.cpp: 12 (enableExperimentalFeatures): 13 1 14 2018-06-04 Daniel Bates <dabates@apple.com> 2 15 -
trunk/Tools/DumpRenderTree/mac/DumpRenderTree.mm
r232452 r232499 863 863 [preferences setVisualViewportAPIEnabled:YES]; 864 864 [preferences setColorFilterEnabled:YES]; 865 [preferences setCrossOrigin OptionsSupportEnabled:YES];865 [preferences setCrossOriginWindowPolicySupportEnabled:YES]; 866 866 [preferences setServerTimingEnabled:YES]; 867 867 } -
trunk/Tools/DumpRenderTree/win/DumpRenderTree.cpp
r231709 r232499 790 790 // FIXME: WebGL2 791 791 // FIXME: WebRTC 792 prefsPrivate->setCrossOrigin OptionsSupportEnabled(TRUE);792 prefsPrivate->setCrossOriginWindowPolicySupportEnabled(TRUE); 793 793 } 794 794
Note: See TracChangeset
for help on using the changeset viewer.