Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 389048b3fa78d076fdf31b5705dd43b088882a32
https://github.com/WebKit/WebKit/commit/389048b3fa78d076fdf31b5705dd43b088882a32
Author: Ronan Turner <[email protected]>
Date: 2025-12-03 (Wed, 03 Dec 2025)
Changed paths:
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
A Source/WebKit/Shared/EnhancedSecurity.h
M Source/WebKit/Shared/WebBackForwardListItem.h
M Source/WebKit/Sources.txt
M Source/WebKit/UIProcess/API/APIPageConfiguration.cpp
M Source/WebKit/UIProcess/API/APIPageConfiguration.h
M Source/WebKit/UIProcess/API/APIWebsitePolicies.cpp
M Source/WebKit/UIProcess/API/APIWebsitePolicies.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferences.mm
M Source/WebKit/UIProcess/BrowsingContextGroup.cpp
M Source/WebKit/UIProcess/BrowsingContextGroup.h
A Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp
A Source/WebKit/UIProcess/EnhancedSecurityTracking.h
M Source/WebKit/UIProcess/Media/RemoteMediaSessionManagerProxy.cpp
M Source/WebKit/UIProcess/Media/RemoteMediaSessionProxy.h
M Source/WebKit/UIProcess/SuspendedPageProxy.cpp
M Source/WebKit/UIProcess/SuspendedPageProxy.h
M Source/WebKit/UIProcess/WebBackForwardList.cpp
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxyInternals.h
M Source/WebKit/UIProcess/WebProcessCache.cpp
M Source/WebKit/UIProcess/WebProcessCache.h
M Source/WebKit/UIProcess/WebProcessPool.cpp
M Source/WebKit/UIProcess/WebProcessPool.h
M Source/WebKit/UIProcess/WebProcessProxy.h
M Source/WebKit/UIProcess/mac/WKImmediateActionController.h
M Source/WebKit/UIProcess/mac/WKTextFinderClient.mm
M Source/WebKit/UIProcess/mac/WebViewImpl.h
M Source/WebKit/UIProcess/mac/WebViewImpl.mm
M Source/WebKit/WebKit.xcodeproj/project.pbxproj
M Tools/TestWebKitAPI/SourcesCocoa.txt
M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
A Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/FindInPageUtilities.mm
M Tools/WebKitTestRunner/TestOptions.cpp
Log Message:
-----------
Implement usage of Enhanced Security for HTTP requests.
https://bugs.webkit.org/show_bug.cgi?id=303389
rdar://165692467
Reviewed by Matthew Finkel.
This change adopts the Enhanced Security configuration for WebContent
processes which are being used to handle insecure HTTP navigations, or
subsequent related navigations that originate from such a navigation.
Once in Enhanced Security, only a UI-related navigation will drop us out
of Enhanced Security (entering a URL in the URL bar, e.g.). BackForward
and Refresh actions are treated specially, where BackForward will instead
use the Enhanced Security state that originally occurred for this navigation,
and Refresh will remain in Enhanced Security if already present.
This adds an initial suite of tests in EnhancedSecurityPolicies.mm which
may be used to test this feature - although a current limitation has these
only running on Apple Internal builds (see radar in this file). These also
test with and without site isolation enabled, purposefully, as this feature
ties in quite heavily with site isolation.
Tests: Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebKit/Shared/EnhancedSecurity.h: Added.
(WebKit::isEnhancedSecurityEnabledForState):
(WebKit::enhancedSecurityStatesAreConsistent):
* Source/WebKit/Shared/WebBackForwardListItem.h:
(WebKit::WebBackForwardListItem::setEnhancedSecurity):
(WebKit::WebBackForwardListItem::enhancedSecurity const):
* Source/WebKit/Sources.txt:
* Source/WebKit/UIProcess/API/APIPageConfiguration.cpp:
(API::PageConfiguration::isEnhancedSecurityEnabled const):
(API::PageConfiguration::enhancedSecurityEnabled const): Deleted.
* Source/WebKit/UIProcess/API/APIPageConfiguration.h:
* Source/WebKit/UIProcess/API/APIWebsitePolicies.cpp:
(API::WebsitePolicies::copy const):
* Source/WebKit/UIProcess/API/APIWebsitePolicies.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebpagePreferences.mm:
(-[WKWebpagePreferences _setEnhancedSecurityEnabled:]):
(-[WKWebpagePreferences _enhancedSecurityEnabled]):
(-[WKWebpagePreferences setSecurityRestrictionMode:]):
(-[WKWebpagePreferences securityRestrictionMode]):
* Source/WebKit/UIProcess/BrowsingContextGroup.cpp:
(WebKit::BrowsingContextGroup::sharedProcessForSite):
* Source/WebKit/UIProcess/BrowsingContextGroup.h:
* Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp: Added.
(WebKit::EnhancedSecurityTracking::initializeFrom):
(WebKit::EnhancedSecurityTracking::enhancedSecurityState const):
(WebKit::EnhancedSecurityTracking::reset):
(WebKit::EnhancedSecurityTracking::makeDormant):
(WebKit::EnhancedSecurityTracking::makeActive):
(WebKit::reasonForEnhancedSecurity):
(WebKit::EnhancedSecurityTracking::enableFor):
(WebKit::EnhancedSecurityTracking::trackChangingSiteNavigation):
(WebKit::EnhancedSecurityTracking::trackSameSiteNavigation):
(WebKit::EnhancedSecurityTracking::enableIfRequired):
(WebKit::EnhancedSecurityTracking::handleBackForwardNavigation):
(WebKit::EnhancedSecurityTracking::trackNavigation):
* Source/WebKit/UIProcess/EnhancedSecurityTracking.h: Added.
* Source/WebKit/UIProcess/Media/RemoteMediaSessionManagerProxy.cpp:
* Source/WebKit/UIProcess/Media/RemoteMediaSessionProxy.h:
* Source/WebKit/UIProcess/SuspendedPageProxy.cpp:
(WebKit::SuspendedPageProxy::findReusableSuspendedPageProcess):
* Source/WebKit/UIProcess/SuspendedPageProxy.h:
* Source/WebKit/UIProcess/WebBackForwardList.cpp:
(WebKit::WebBackForwardList::backForwardAddItemShared):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::launchProcess):
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
(WebKit::WebPageProxy::createNewPage):
(WebKit::WebPageProxy::currentEnhancedSecurityState const):
(WebKit::WebPageProxy::shouldEnableEnhancedSecurity const): Deleted.
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxyInternals.h:
* Source/WebKit/UIProcess/WebProcessCache.cpp:
(WebKit::WebProcessCache::takeProcess):
(WebKit::WebProcessCache::takeSharedProcess):
* Source/WebKit/UIProcess/WebProcessCache.h:
* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::establishRemoteWorkerContextConnectionToNetworkProcess):
(WebKit::WebProcessPool::createNewWebProcess):
(WebKit::WebProcessPool::tryTakePrewarmedProcess):
(WebKit::WebProcessPool::prewarmProcess):
(WebKit::WebProcessPool::processForSite):
(WebKit::WebProcessPool::createWebPage):
(WebKit::WebProcessPool::processForNavigation):
(WebKit::WebProcessPool::prepareProcessForNavigation):
(WebKit::WebProcessPool::processForNavigationInternal):
* Source/WebKit/UIProcess/WebProcessPool.h:
* Source/WebKit/UIProcess/WebProcessProxy.h:
* Source/WebKit/UIProcess/mac/WKImmediateActionController.h:
* Source/WebKit/UIProcess/mac/WKTextFinderClient.mm:
* Source/WebKit/UIProcess/mac/WebViewImpl.h:
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::showCaptionDisplaySettings):
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/SourcesCocoa.txt:
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/EnhancedSecurityPolicies.mm: Added.
(-[TestUIDelegate waitForAlertWithEnhancedSecurity]):
(-[WKWebView _test_waitForAlertWithEnhancedSecurity]):
(testAlertWithEnhancedSecurity):
(enhancedSecurityTestConfiguration):
(runActionAndCheckEnhancedSecurityAlerts):
(loadRequestAndCheckEnhancedSecurityAlerts):
(runHttpLoad):
(runHttpsLoad):
(runSameSiteHttpsUpgrade):
(runHttpEmbeddingHttpIframe):
(runHttpEmbedHttpsIframe):
(runCrossSiteHttpRedirect):
(runCrossSiteHttpToHttpsRedirect):
(runHttpOpeningHttpsWindow):
(runHttpOpeningHttpsTargetSelf):
(runHttpOpeningHttpsNoOpener):
(runHttpLocationRedirectsHttps):
(runHttpThenUserNavigateToHttps):
(runHttpThenClickLinkToHttps):
(runHttpsToHttpsThenBack):
(runHttpNavigateToHttpsThenBack):
(runMultiHopThenBack):
(runMultiHopThenBackJavascript):
(runMultiHopThenBackToSecure):
(runMultiHopThenBackToSecureJavascript):
(runReloadEnhancedSecurityRemains):
(runJavascriptRefreshEnhancedSecurityRemains):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/FindInPageUtilities.mm:
* Tools/WebKitTestRunner/TestOptions.cpp:
(WTR::TestOptions::defaults):
Canonical link: https://commits.webkit.org/303873@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
