https://bugs.webkit.org/show_bug.cgi?id=228754
Reviewed by Alex Christensen.
LayoutTests/imported/w3c:
Rebaseline COEP WPT tests now that we are passing more checks.
* web-platform-tests/html/cross-origin-embedder-policy/blob.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/coep-frame-javascript.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/coep-on-response-from-service-worker.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/data.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker-cache-storage.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/header-parsing.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/javascript.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/multi-globals/workers-coep-report.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/no-secure-context-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/none-sw-from-require-corp.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/none.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-blank-expected.txt: Removed.
* web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-blank.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-srcdoc-expected.txt: Removed.
* web-platform-tests/html/cross-origin-embedder-policy/require-corp-about-srcdoc.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-none.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-require-corp.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/require-corp.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/sandbox.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/service-worker-cache-storage.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/srcdoc.https-expected.txt:
Source/WebCore:
Add initial support for Cross-Origin-Embedder-Policy (COEP) behind a runtime feature flag, off by default:
- https://html.spec.whatwg.org/multipage/origin.html#coep
The COEP header has the following impacts:
- When a document with `Cross-Origin-Embedder-Policy: require-corp` loads an iframe or a worker script, if the network
response for that iframe doesn't also contain `Cross-Origin-Embedder-Policy: require-corp`, then we fail the load.
- When a document with `Cross-Origin-Embedder-Policy: require-corp` loads cross-origin subresources, then either CORS
must be used or the resource response must be allowed by Cross-Origin-Resource-Policy (CORP) header.
Support is only for WK2 and checks are done in the network process for better security. Support for workers and service
workers (including cache storage) is included.
Most of the Web-Platform-Tests for COEP are passing with this patch. The exceptions are:
- Some tests relying on Blob are failing. Similarly to COOP, Blobs need to inherit COEP from their
creator. This is currently unimplemented as the change will likely be non-trivial. I will follow-up
to fix Blob support for both COOP and COEP.
- Tests in the credentialless/ folder are failing because we do not support `Cross-Origin-Embedder-Policy: credentialless`.
This seems to be a fairly recent extension proposed by Google and it is not part of the HTML specification yet.
- Some tests expect violation reporting and they are failing and we do not implement reporting yet.
Note that `self.crossOriginIsolated` still returns false, even if the pages opts into both COOP & COEP, and APIs such
as SharedArrayBuffer still are not permitted to use. In order to support this, we will have to actually implement process
swapping so that we know a process is not actually shared by several origins.
Test: http/wpt/html/cross-origin-embedder-policy/require-corp.https.html
* Modules/cache/DOMCache.cpp:
(WebCore::DOMCache::queryCache):
* Modules/cache/DOMCacheEngine.cpp:
(WebCore::DOMCacheEngine::convertToException):
* Modules/cache/DOMCacheEngine.h:
* Modules/cache/RetrieveRecordsOptions.h:
(WebCore::RetrieveRecordsOptions::isolatedCopy const):
(WebCore::RetrieveRecordsOptions::encode const):
(WebCore::RetrieveRecordsOptions::decode):
* dom/Document.cpp:
(WebCore::Document::initSecurityContext):
* dom/SecurityContext.h:
(WebCore::SecurityContext::crossOriginEmbedderPolicy const):
(WebCore::SecurityContext::setCrossOriginEmbedderPolicy):
* loader/CrossOriginAccessControl.cpp:
(WebCore::shouldCrossOriginResourcePolicyCancelLoad):
(WebCore::validateCrossOriginResourcePolicy):
* loader/CrossOriginAccessControl.h:
* loader/CrossOriginEmbedderPolicy.cpp:
(WebCore::obtainCrossOriginEmbedderPolicy):
(WebCore::CrossOriginEmbedderPolicy::isolatedCopy const):
* loader/CrossOriginEmbedderPolicy.h:
(WebCore::CrossOriginEmbedderPolicy::encode const):
(WebCore::CrossOriginEmbedderPolicy::decode):
* loader/CrossOriginOpenerPolicy.cpp:
(WebCore::obtainCrossOriginOpenerPolicy):
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadResourceSynchronously):
(WebCore::DocumentThreadableLoader::create):
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
(WebCore::DocumentThreadableLoader::crossOriginEmbedderPolicy const):
* loader/DocumentThreadableLoader.h:
* loader/DocumentWriter.cpp:
(WebCore::DocumentWriter::begin):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::didBeginDocument):
* loader/ResourceLoaderOptions.h:
* loader/WorkerThreadableLoader.cpp:
(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):
* page/SecurityOrigin.h:
* platform/network/HTTPParsers.cpp:
(WebCore::parseCrossOriginResourcePolicyHeader):
* platform/network/HTTPParsers.h:
* workers/Worker.cpp:
(WebCore::Worker::notifyFinished):
* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::WorkerGlobalScope):
* workers/WorkerGlobalScopeProxy.h:
* workers/WorkerMessagingProxy.cpp:
(WebCore::WorkerMessagingProxy::startWorkerGlobalScope):
* workers/WorkerMessagingProxy.h:
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadSynchronously):
(WebCore::WorkerScriptLoader::loadAsynchronously):
(WebCore::WorkerScriptLoader::didReceiveResponse):
* workers/WorkerScriptLoader.h:
(WebCore::WorkerScriptLoader::crossOriginEmbedderPolicy const):
* workers/WorkerThread.cpp:
(WebCore::WorkerParameters::isolatedCopy const):
* workers/WorkerThread.h:
* workers/service/ServiceWorkerContainer.cpp:
(WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
* workers/service/ServiceWorkerContainer.h:
* workers/service/ServiceWorkerContextData.cpp:
(WebCore::ServiceWorkerContextData::isolatedCopy const):
* workers/service/ServiceWorkerContextData.h:
(WebCore::ServiceWorkerContextData::encode const):
(WebCore::ServiceWorkerContextData::decode):
* workers/service/ServiceWorkerFetchResult.h:
(WebCore::ServiceWorkerFetchResult::isolatedCopy const):
(WebCore::serviceWorkerFetchError):
(WebCore::ServiceWorkerFetchResult::encode const):
(WebCore::ServiceWorkerFetchResult::decode):
* workers/service/ServiceWorkerJob.cpp:
(WebCore::ServiceWorkerJob::notifyFinished):
* workers/service/ServiceWorkerJobClient.h:
* workers/service/context/ServiceWorkerThread.cpp:
(WebCore::ServiceWorkerThread::ServiceWorkerThread):
* workers/service/server/RegistrationDatabase.cpp:
(WebCore::RegistrationDatabase::doPushChanges):
(WebCore::RegistrationDatabase::importRecords):
* workers/service/server/SWServer.cpp:
(WebCore::SWServer::addRegistrationFromStore):
(WebCore::SWServer::updateWorker):
(WebCore::SWServer::installContextData):
* workers/service/server/SWServer.h:
* workers/service/server/SWServerJobQueue.cpp:
(WebCore::SWServerJobQueue::scriptFetchFinished):
* workers/service/server/SWServerWorker.cpp:
(WebCore::SWServerWorker::SWServerWorker):
(WebCore::SWServerWorker::contextData const):
* workers/service/server/SWServerWorker.h:
Source/WebKit:
As mentioned in the WebCore changelog, we do all the COEP checks in the network process
instead of WebCore for added security. As a result, we need to pass more information
to the network process when doing loads in order to do those checks. The checks are done
in NetworkResourceLoader for navigations & worker script loads (similarly to CSP,
X-FrameOptions) and in NetworkLoadChecker for CORP checks of subresource loads (similarly
to CORS checks).
* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::NetworkLoadChecker):
(WebKit::NetworkLoadChecker::validateResponse):
* NetworkProcess/NetworkLoadChecker.h:
(WebKit::NetworkLoadChecker::setParentCrossOriginEmbedderPolicy):
(WebKit::NetworkLoadChecker::setCrossOriginEmbedderPolicy):
* NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::parentOrigin const):
(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):
* NetworkProcess/NetworkResourceLoadParameters.h:
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions):
(WebKit::NetworkResourceLoader::shouldInterruptNavigationForCrossOriginEmbedderPolicy):
(WebKit::NetworkResourceLoader::shouldInterruptWorkerLoadForCrossOriginEmbedderPolicy):
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::willSendRedirectedRequest):
* NetworkProcess/NetworkResourceLoader.h:
* NetworkProcess/PingLoad.cpp:
(WebKit::PingLoad::PingLoad):
(WebKit::PingLoad::initialize):
* NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp:
(WebKit::ServiceWorkerFetchTask::didReceiveResponse):
* NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp:
(WebKit::ServiceWorkerSoftUpdateLoader::processResponse):
(WebKit::ServiceWorkerSoftUpdateLoader::didFinishLoading):
* NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h:
* NetworkProcess/cache/CacheStorageEngineCache.cpp:
(WebKit::CacheStorage::Cache::retrieveRecords):
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::addParametersShared):
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
Source/WTF:
Add experimental feature flag for Cross-Origin-Embedder-Policy (COEP), off by default.
* Scripts/Preferences/WebPreferencesExperimental.yaml:
LayoutTests:
Update test expectations now that we support COEP on WK2.
* TestExpectations:
* http/wpt/html/cross-origin-embedder-policy/require-corp.https-expected.txt: Added.
* http/wpt/html/cross-origin-embedder-policy/require-corp.https.html: Added.
* http/wpt/html/cross-origin-embedder-policy/require-corp.https.html.headers: Added.
* platform/mac-wk1/TestExpectations:
* platform/win/TestExpectations:
Canonical link: https://commits.webkit.org/240459@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280953 268f45cc-cd09-0410-ab3c-d52691b4dbfc
e6c7e17d32