Add an isThirdParty argument when calling into `enableNetworkConnec…

…tionIntegrity` https://bugs.webkit.org/show_bug.cgi?id=246722 rdar://101316400 Reviewed by Youenn Fablet. Refactor some code that calls into `enableNetworkConnectionIntegrity`, such that we also pass in whether or not the resource request is third party. See below for more details. * Source/WebCore/platform/network/ResourceRequestBase.cpp: (WebCore::ResourceRequestBase::isThirdParty const): Move `NetworkDataTask::isThirdPartyRequest(const ResourceRequest&)` down into `ResourceRequestBase` as a const method, so that we don't need to reach into `NetworkDataTask` in order to perform this check. * Source/WebCore/platform/network/ResourceRequestBase.h: * Source/WebKit/NetworkProcess/NetworkDataTask.cpp: (WebKit::NetworkDataTask::restrictRequestReferrerToOriginIfNeeded): (WebKit::NetworkDataTask::isThirdPartyRequest const): Deleted. Moved to `ResourceRequestBase` (see above). * Source/WebKit/NetworkProcess/NetworkDataTask.h: * Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h: * Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: (WebKit::enableNetworkConnectionIntegrity): Add a boolean argument to represent whether or not the request is third party. (WebKit::NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCNAMECloaking): Adopt the `isThirdParty()` method. (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa): * Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm: (WebKit::NetworkSessionCocoa::createWebSocketTask): Pass in whether or not the given request is third party. Canonical link: https://commits.webkit.org/255734@main
WebKit · Oct 19, 2022 · 11e75f8 · 11e75f8
1 parent 394f41a
commit 11e75f8
Show file tree

Hide file tree

Showing 7 changed files with 14 additions and 12 deletions.
diff --git a/Source/WebCore/platform/network/ResourceRequestBase.cpp b/Source/WebCore/platform/network/ResourceRequestBase.cpp
@@ -29,6 +29,7 @@
 #include "HTTPHeaderNames.h"
 #include "Logging.h"
 #include "PublicSuffix.h"
+#include "RegistrableDomain.h"
 #include "ResourceRequest.h"
 #include "ResourceResponse.h"
 #include "SecurityOrigin.h"
@@ -802,4 +803,9 @@ String ResourceRequestBase::partitionName(const String& domain)
 #endif
 }
 
+bool ResourceRequestBase::isThirdParty() const
+{
+    return !areRegistrableDomainsEqual(url(), firstPartyForCookies());
+}
+
 }
diff --git a/Source/WebCore/platform/network/ResourceRequestBase.h b/Source/WebCore/platform/network/ResourceRequestBase.h
@@ -81,6 +81,8 @@ class ResourceRequestBase {
     WEBCORE_EXPORT const URL& firstPartyForCookies() const;
     WEBCORE_EXPORT void setFirstPartyForCookies(const URL&);
 
+    WEBCORE_EXPORT bool isThirdParty() const;
+
     // Same-Site cookies; see <https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-2.1>
     // and <https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-5.2>.
     // FIXME: For some reason the main resource request may be updated more than once. We start off as Unspecified

diff --git a/Source/WebKit/NetworkProcess/NetworkDataTask.cpp b/Source/WebKit/NetworkProcess/NetworkDataTask.cpp
@@ -177,15 +177,10 @@ NetworkSession* NetworkDataTask::networkSession()
     return m_session.get();
 }
 
-bool NetworkDataTask::isThirdPartyRequest(const WebCore::ResourceRequest& request) const
-{
-    return !WebCore::areRegistrableDomainsEqual(request.url(), request.firstPartyForCookies());
-}
-
 void NetworkDataTask::restrictRequestReferrerToOriginIfNeeded(WebCore::ResourceRequest& request)
 {
 #if ENABLE(TRACKING_PREVENTION)
-    if ((m_session->sessionID().isEphemeral() || m_session->isResourceLoadStatisticsEnabled()) && m_session->shouldDowngradeReferrer() && isThirdPartyRequest(request))
+    if ((m_session->sessionID().isEphemeral() || m_session->isResourceLoadStatisticsEnabled()) && m_session->shouldDowngradeReferrer() && request.isThirdParty())
         request.setExistingHTTPReferrerToOriginString();
 #endif
 }

diff --git a/Source/WebKit/NetworkProcess/NetworkDataTask.h b/Source/WebKit/NetworkProcess/NetworkDataTask.h
@@ -160,7 +160,6 @@ class NetworkDataTask : public ThreadSafeRefCounted<NetworkDataTask, WTF::Destru
     };
     void scheduleFailure(FailureType);
 
-    bool isThirdPartyRequest(const WebCore::ResourceRequest&) const;
     void restrictRequestReferrerToOriginIfNeeded(WebCore::ResourceRequest&);
 
     WeakPtr<NetworkSession> m_session;

diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h
@@ -131,6 +131,6 @@ class NetworkDataTaskCocoa final : public NetworkDataTask {
 WebCore::Credential serverTrustCredential(const WebCore::AuthenticationChallenge&);
 void setPCMDataCarriedOnRequest(WebCore::PrivateClickMeasurement::PcmDataCarried, NSMutableURLRequest *);
 
-void enableNetworkConnectionIntegrity(NSMutableURLRequest *);
+void enableNetworkConnectionIntegrity(NSMutableURLRequest *, bool isThirdParty);
 
 } // namespace WebKit
diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
@@ -59,7 +59,7 @@
 #import <WebKitAdditions/NetworkDataTaskCocoaAdditions.h>
 #else
 namespace WebKit {
-void enableNetworkConnectionIntegrity(NSMutableURLRequest *) { }
+void enableNetworkConnectionIntegrity(NSMutableURLRequest *, bool /* isThirdParty */) { }
 }
 #endif
 
@@ -191,7 +191,7 @@ static float toNSURLSessionTaskPriority(WebCore::ResourceLoadPriority priority)
     if (isTopLevelNavigation() || !shouldApplyCookiePolicyForThirdPartyCNAMECloaking())
         return;
 
-    if (isThirdPartyRequest(request)) {
+    if (request.isThirdParty()) {
         m_task.get()._cookieTransformCallback = nil;
         return;
     }
@@ -370,7 +370,7 @@ static inline bool computeIsAlwaysOnLoggingAllowed(NetworkSession& session)
 #endif
 
     if (parameters.networkConnectionIntegrityEnabled)
-        enableNetworkConnectionIntegrity(mutableRequest.get());
+        enableNetworkConnectionIntegrity(mutableRequest.get(), request.isThirdParty());
 
 #if ENABLE(APP_PRIVACY_REPORT)
     mutableRequest.get().attribution = request.isAppInitiated() ? NSURLRequestAttributionDeveloper : NSURLRequestAttributionUser;

diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
@@ -1715,7 +1715,7 @@ static void activateSessionCleanup(NetworkSessionCocoa& session, const NetworkSe
     }
 
     if (networkConnectionIntegrityEnabled)
-        enableNetworkConnectionIntegrity(ensureMutableRequest());
+        enableNetworkConnectionIntegrity(ensureMutableRequest(), request.isThirdParty());
 
     auto& sessionSet = sessionSetForPage(webPageProxyID);
     RetainPtr task = [sessionSet.sessionWithCredentialStorage.session webSocketTaskWithRequest:nsRequest.get()];