Changeset 246647 in webkit
- Timestamp:
- Jun 20, 2019 1:03:58 PM (5 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r246644 r246647 1 2019-06-20 John Wilander <wilander@apple.com> 2 3 Storage Access API: Cap the number of times an iframe document can request access 4 https://bugs.webkit.org/show_bug.cgi?id=199074 5 <rdar://problem/51857195> 6 7 Reviewed by Brent Fulgham. 8 9 Tested manually. 10 11 This change just adds a counter to the number of times the user explicitly 12 denies storage access and returns early if the counter has reached the limit 13 of 2. 14 15 We hoped that iframes that request storage access would count the number 16 of times the user has been asked and not repeat the request over and over. 17 However, we're seeing pretty aggressive use of the API and users are 18 complaining. Therefore, we need a cap on how many times an iframed 19 document can ask if it is explicitly denied access by the user. 20 21 This is a first measure. If we see continued aggressive use of the API, 22 we'll have to consider more drastic measures. 23 24 * dom/DocumentStorageAccess.cpp: 25 (WebCore::DocumentStorageAccess::requestStorageAccess): 26 * dom/DocumentStorageAccess.h: 27 1 28 2019-06-20 Youenn Fablet <youenn@apple.com> 2 29 -
trunk/Source/WebCore/dom/DocumentStorageAccess.cpp
r245025 r246647 129 129 } 130 130 131 if (!m_document.frame() || m_document.securityOrigin().isUnique() ) {131 if (!m_document.frame() || m_document.securityOrigin().isUnique() || !isAllowedToRequestFrameSpecificStorageAccess()) { 132 132 promise->reject(); 133 133 return; … … 193 193 document->setHasFrameSpecificStorageAccess(true); 194 194 promise->resolve(); 195 } else 195 } else { 196 if (promptWasShown == StorageAccessPromptWasShown::Yes) 197 document->setWasExplicitlyDeniedFrameSpecificStorageAccess(); 196 198 promise->reject(); 199 } 197 200 198 201 if (shouldPreserveUserGesture) { -
trunk/Source/WebCore/dom/DocumentStorageAccess.h
r245025 r246647 47 47 }; 48 48 49 const unsigned maxNumberOfTimesExplicitlyDeniedFrameSpecificStorageAccess = 2; 50 49 51 class DocumentStorageAccess final : public Supplement<Document>, public CanMakeWeakPtr<DocumentStorageAccess> { 50 52 WTF_MAKE_FAST_ALLOCATED; … … 65 67 bool hasFrameSpecificStorageAccess() const; 66 68 void setHasFrameSpecificStorageAccess(bool); 69 void setWasExplicitlyDeniedFrameSpecificStorageAccess() { ++m_numberOfTimesExplicitlyDeniedFrameSpecificStorageAccess; }; 70 bool isAllowedToRequestFrameSpecificStorageAccess() { return m_numberOfTimesExplicitlyDeniedFrameSpecificStorageAccess < maxNumberOfTimesExplicitlyDeniedFrameSpecificStorageAccess; }; 67 71 void enableTemporaryTimeUserGesture(); 68 72 void consumeTemporaryTimeUserGesture(); … … 71 75 72 76 Document& m_document; 77 78 uint8_t m_numberOfTimesExplicitlyDeniedFrameSpecificStorageAccess = 0; 73 79 }; 74 80
Note: See TracChangeset
for help on using the changeset viewer.