[iOS 17] Remote inspection should be disabled for service workers use…

…d only in locked private tabs https://bugs.webkit.org/show_bug.cgi?id=260400 rdar://108476513 Reviewed by Patrick Angle and Chris Dumez. Safari 17 introduces the ability to lock tabs in private browsing mode, such that they require some form of authentication before they're visible to the user. Aside from obscuring the web views, one of the other (myriad) ways we hide these private tabs is by making them non-web-inspectable, via `-[WKWebView setInspectable:]`. However, there's currently a corner case where service workers that are loaded as a part of these locked private browsing tabs will still be inspectable, even if the page itself is not; this is because service workers are currently _always_ inspectable, regardless of whether inspection is enabled via web view API. To address this corner case, we propagate `WKWebView` inspectability over to service workers by letting a website datastore allow inspection for service workers only if at least one web view using the data store is inspectable. In practice, because private browsing tabs always use a separate, ephemeral data stores, making web views in private tabs non-inspectable is equivalent to making any of their service workers non-inspectable. At a high level, the inspection state plumbing takes the following route through WebKit: 1. UI Process ↳ `WKWebView`/`WebPageProxy` (source of truth) ↳ `WebsiteDataStore` ↳ `NetworkProcessProxy` 2. Network Process ↳ `NetworkProcess` ↳ `NetworkSession` ↳ `SWServer` ↳ `WebSWServerToContextConnection` 3. Web Process ↳ `WebSWContextManagerConnection` ↳ `SWContextManager` ↳ `ServiceWorkerThreadProxy` (final destination) * Source/WebCore/workers/service/ServiceWorkerTypes.h: Add a boolean `enum class ServiceWorkerIsInspectable` so that we can use it in `SWServer` and adjacent code, so that the last argument to `installContextData` isn't just a plain `bool`. * Source/WebCore/workers/service/context/SWContextManager.cpp: (WebCore::SWContextManager::setInspectable): Iterate over all `ServiceWorkerThreadProxy`s and plumb the updated inspectability state over to each worker. * Source/WebCore/workers/service/context/SWContextManager.h: * Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp: Take the inspectability state from the given `WebCore::Page`, which should now have an inspection state that's consistent with the associated service worker. (WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy): (WebCore::ServiceWorkerThreadProxy::setInspectable): * Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h: * Source/WebCore/workers/service/server/SWServer.cpp: (WebCore::SWServer::SWServer): (WebCore::SWServer::contextConnectionCreated): Plumb initial inspectability state through `SWServer` into the context connection. (WebCore::SWServer::setInspectable): Update all context connections when inspectability changes. * Source/WebCore/workers/service/server/SWServer.h: * Source/WebCore/workers/service/server/SWServerToContextConnection.h: * Source/WebKit/NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::setInspectionForServiceWorkersAllowed): * Source/WebKit/NetworkProcess/NetworkProcess.h: * Source/WebKit/NetworkProcess/NetworkProcess.messages.in: * Source/WebKit/NetworkProcess/NetworkSession.cpp: (WebKit::NetworkSession::NetworkSession): (WebKit::NetworkSession::ensureSWServer): (WebKit::NetworkSession::setInspectionForServiceWorkersAllowed): * Source/WebKit/NetworkProcess/NetworkSession.h: * Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp: (WebKit::NetworkSessionCreationParameters::encode const): (WebKit::NetworkSessionCreationParameters::decode): Add a new flag to `NetworkSession`'s creation parameters to indicate whether or not inspection should be enabled. This is necessary in the case where we avoided sending any inspectability updates eagerly, in order to avoid needlessly launching the network process. * Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h: * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp: (WebKit::WebSWServerToContextConnection::installServiceWorkerContext): (WebKit::WebSWServerToContextConnection::setInspectable): * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h: * Source/WebKit/Scripts/webkit/messages.py: (headers_for_type): * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: * Source/WebKit/UIProcess/ProvisionalPageProxy.cpp: (WebKit::ProvisionalPageProxy::ProvisionalPageProxy): (WebKit::ProvisionalPageProxy::~ProvisionalPageProxy): * Source/WebKit/UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::setInspectable): * Source/WebKit/UIProcess/WebProcessPool.cpp: (WebKit::WebProcessPool::pageBeginUsingWebsiteDataStore): (WebKit::WebProcessPool::pageEndUsingWebsiteDataStore): Update the data store's set of pages when pages begin or end use; we also adjust these to take `WebPageProxy&`, so that we can pass them directly into `WebsiteDataStore`. * Source/WebKit/UIProcess/WebProcessPool.h: * Source/WebKit/UIProcess/WebProcessProxy.cpp: (WebKit::WebProcessProxy::addExistingWebPage): (WebKit::WebProcessProxy::removeWebPage): * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp: Maintain state on each data store, that determines whether or not service workers associated with that data store should allow inspection. To achieve this, we maintain the set of `m_pages` currently associated with this data store; whenever pages are added or removed, or when a page changes inspectability, we recompute inspectability state on the data store and update the network session if it changes. (WebKit::WebsiteDataStore::parameters): (WebKit::WebsiteDataStore::updateServiceWorkerInspectability): (WebKit::WebsiteDataStore::addPage): (WebKit::WebsiteDataStore::removePage): Update `m_pages` when `WebPageProxy`s start or stop using the data store. * Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h: * Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp: (WebKit::WebSWContextManagerConnection::installServiceWorker): (WebKit::WebSWContextManagerConnection::setThrottleState): (WebKit::WebSWContextManagerConnection::setInspectable): Plumb inspectability state through to `SWContextManager`. * Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h: * Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in: Canonical link: https://commits.webkit.org/267118@main
WebKit · Aug 22, 2023 · 519e459 · 519e459
1 parent e5cffaf
commit 519e459
Show file tree

Hide file tree

Showing 29 changed files with 194 additions and 23 deletions.
diff --git a/Source/WebCore/workers/service/ServiceWorkerTypes.h b/Source/WebCore/workers/service/ServiceWorkerTypes.h
@@ -64,6 +64,7 @@ enum class ServiceWorkerClientFrameType : uint8_t {
     None
 };
 
+enum class ServiceWorkerIsInspectable : bool { No, Yes };
 enum class ShouldNotifyWhenResolved : bool { No, Yes };
 
 enum ServiceWorkerRegistrationIdentifierType { };

diff --git a/Source/WebCore/workers/service/context/SWContextManager.cpp b/Source/WebCore/workers/service/context/SWContextManager.cpp
@@ -270,6 +270,17 @@ void SWContextManager::setAsInspected(ServiceWorkerIdentifier identifier, bool i
         m_connection->setAsInspected(identifier, isInspected);
 }
 
+void SWContextManager::setInspectable(bool inspectable)
+{
+    Vector<Ref<ServiceWorkerThreadProxy>> workers;
+    {
+        Locker locker { m_workerMapLock };
+        workers = copyToVector(m_workerMap.values());
+    }
+    for (auto& serviceWorker : workers)
+        serviceWorker->setInspectable(inspectable);
+}
+
 } // namespace WebCore
 
 #endif
diff --git a/Source/WebCore/workers/service/context/SWContextManager.h b/Source/WebCore/workers/service/context/SWContextManager.h
@@ -126,6 +126,7 @@ class SWContextManager {
     static constexpr Seconds syncWorkerTerminationTimeout { 100_ms }; // Only used by layout tests.
 
     WEBCORE_EXPORT void setAsInspected(ServiceWorkerIdentifier, bool);
+    WEBCORE_EXPORT void setInspectable(bool);
 
 private:
     SWContextManager() = default;

diff --git a/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp b/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp
@@ -84,7 +84,7 @@ ServiceWorkerThreadProxy::ServiceWorkerThreadProxy(UniqueRef<Page>&& page, Servi
     allServiceWorkerThreadProxies().add(this);
 
 #if ENABLE(REMOTE_INSPECTOR)
-    m_remoteDebuggable->setInspectable(true);
+    m_remoteDebuggable->setInspectable(m_page->inspectable());
     m_remoteDebuggable->init();
 #endif
 }
@@ -477,6 +477,13 @@ void ServiceWorkerThreadProxy::setAppBadge(std::optional<uint64_t> badge)
     });
 }
 
+void ServiceWorkerThreadProxy::setInspectable(bool inspectable)
+{
+    ASSERT(isMainThread());
+    m_page->setInspectable(inspectable);
+    m_remoteDebuggable->setInspectable(inspectable);
+}
+
 } // namespace WebCore
 
 #endif // ENABLE(SERVICE_WORKER)
diff --git a/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h b/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h
@@ -98,6 +98,8 @@ class ServiceWorkerThreadProxy final : public ThreadSafeRefCounted<ServiceWorker
     WEBCORE_EXPORT void setLastNavigationWasAppInitiated(bool);
     WEBCORE_EXPORT bool lastNavigationWasAppInitiated();
 
+    WEBCORE_EXPORT void setInspectable(bool);
+
 private:
     WEBCORE_EXPORT ServiceWorkerThreadProxy(UniqueRef<Page>&&, ServiceWorkerContextData&&, ServiceWorkerData&&, String&& userAgent, WorkerThreadMode, CacheStorageProvider&, std::unique_ptr<NotificationClient>&&);
 

diff --git a/Source/WebCore/workers/service/server/SWServer.cpp b/Source/WebCore/workers/service/server/SWServer.cpp
@@ -388,14 +388,15 @@ void SWServer::Connection::removeServiceWorkerRegistrationInServer(ServiceWorker
     m_server.removeClientServiceWorkerRegistration(*this, identifier);
 }
 
-SWServer::SWServer(SWServerDelegate& delegate, UniqueRef<SWOriginStore>&& originStore, bool processTerminationDelayEnabled, String&& registrationDatabaseDirectory, PAL::SessionID sessionID, bool shouldRunServiceWorkersOnMainThreadForTesting, bool hasServiceWorkerEntitlement, std::optional<unsigned> overrideServiceWorkerRegistrationCountTestingValue)
+SWServer::SWServer(SWServerDelegate& delegate, UniqueRef<SWOriginStore>&& originStore, bool processTerminationDelayEnabled, String&& registrationDatabaseDirectory, PAL::SessionID sessionID, bool shouldRunServiceWorkersOnMainThreadForTesting, bool hasServiceWorkerEntitlement, std::optional<unsigned> overrideServiceWorkerRegistrationCountTestingValue, ServiceWorkerIsInspectable inspectable)
     : m_delegate(delegate)
     , m_originStore(WTFMove(originStore))
     , m_sessionID(sessionID)
     , m_isProcessTerminationDelayEnabled(processTerminationDelayEnabled)
     , m_shouldRunServiceWorkersOnMainThreadForTesting(shouldRunServiceWorkersOnMainThreadForTesting)
     , m_hasServiceWorkerEntitlement(hasServiceWorkerEntitlement)
     , m_overrideServiceWorkerRegistrationCountTestingValue(overrideServiceWorkerRegistrationCountTestingValue)
+    , m_isInspectable(inspectable)
 {
     RELEASE_LOG_IF(registrationDatabaseDirectory.isEmpty(), ServiceWorker, "No path to store the service worker registrations");
 
@@ -867,6 +868,8 @@ void SWServer::contextConnectionCreated(SWServerToContextConnection& contextConn
     for (auto& connection : m_connections.values())
         connection->contextConnectionCreated(contextConnection);
 
+    contextConnection.setInspectable(m_isInspectable);
+
     auto pendingContextDatas = m_pendingContextDatas.take(contextConnection.registrableDomain());
     for (auto& data : pendingContextDatas) {
         m_delegate->addAllowedFirstPartyForCookies(contextConnection.webProcessIdentifier(), requestingProcessIdentifier, data.registration.key.firstPartyForCookies());
@@ -1713,6 +1716,17 @@ Vector<ServiceWorkerClientPendingMessage> SWServer::releaseServiceWorkerClientPe
     return m_clientPendingMessagesById.take(contextIdentifier);
 }
 
+void SWServer::setInspectable(ServiceWorkerIsInspectable inspectable)
+{
+    if (m_isInspectable == inspectable)
+        return;
+
+    m_isInspectable = inspectable;
+
+    for (auto* connection : m_contextConnections.values())
+        connection->setInspectable(inspectable);
+}
+
 void SWServer::Connection::startBackgroundFetch(ServiceWorkerRegistrationIdentifier registrationIdentifier, const String& backgroundFetchIdentifier, Vector<BackgroundFetchRequest>&& requests, BackgroundFetchOptions&& options, ExceptionOrBackgroundFetchInformationCallback&& callback)
 {
     auto* registration = server().getRegistration(registrationIdentifier);

diff --git a/Source/WebCore/workers/service/server/SWServer.h b/Source/WebCore/workers/service/server/SWServer.h
@@ -67,8 +67,6 @@ class SWServerToContextConnection;
 class Timer;
 
 enum class NotificationEventType : bool;
-enum class ServiceWorkerRegistrationState : uint8_t;
-enum class ServiceWorkerState : uint8_t;
 
 struct BackgroundFetchInformation;
 struct BackgroundFetchOptions;
@@ -157,13 +155,15 @@ class SWServer : public CanMakeWeakPtr<SWServer> {
         Vector<RegistrationReadyRequest> m_registrationReadyRequests;
     };
 
-    WEBCORE_EXPORT SWServer(SWServerDelegate&, UniqueRef<SWOriginStore>&&, bool processTerminationDelayEnabled, String&& registrationDatabaseDirectory, PAL::SessionID, bool shouldRunServiceWorkersOnMainThreadForTesting, bool hasServiceWorkerEntitlement, std::optional<unsigned> overrideServiceWorkerRegistrationCountTestingValue);
+    WEBCORE_EXPORT SWServer(SWServerDelegate&, UniqueRef<SWOriginStore>&&, bool processTerminationDelayEnabled, String&& registrationDatabaseDirectory, PAL::SessionID, bool shouldRunServiceWorkersOnMainThreadForTesting, bool hasServiceWorkerEntitlement, std::optional<unsigned> overrideServiceWorkerRegistrationCountTestingValue, ServiceWorkerIsInspectable);
     WEBCORE_EXPORT ~SWServer();
 
     WEBCORE_EXPORT void clearAll(CompletionHandler<void()>&&);
     WEBCORE_EXPORT void clear(const SecurityOriginData&, CompletionHandler<void()>&&);
     WEBCORE_EXPORT void clear(const ClientOrigin&, CompletionHandler<void()>&&);
 
+    WEBCORE_EXPORT void setInspectable(ServiceWorkerIsInspectable);
+
     SWServerRegistration* getRegistration(ServiceWorkerRegistrationIdentifier identifier) { return m_registrations.get(identifier); }
     WEBCORE_EXPORT SWServerRegistration* getRegistration(const ServiceWorkerRegistrationKey&);
     void addRegistration(std::unique_ptr<SWServerRegistration>&&);
@@ -369,6 +369,7 @@ class SWServer : public CanMakeWeakPtr<SWServer> {
     unsigned m_uniqueRegistrationCount { 0 };
     std::optional<unsigned> m_overrideServiceWorkerRegistrationCountTestingValue;
     uint64_t m_focusOrder { 0 };
+    ServiceWorkerIsInspectable m_isInspectable { ServiceWorkerIsInspectable::Yes };
 
     std::unique_ptr<BackgroundFetchEngine> m_backgroundFetchEngine;
 };

diff --git a/Source/WebCore/workers/service/server/SWServerToContextConnection.h b/Source/WebCore/workers/service/server/SWServerToContextConnection.h
@@ -98,6 +98,8 @@ class SWServerToContextConnection {
     virtual void connectionIsNoLongerNeeded() = 0;
     virtual void terminateDueToUnresponsiveness() = 0;
 
+    virtual void setInspectable(ServiceWorkerIsInspectable) = 0;
+
 protected:
     WEBCORE_EXPORT SWServerToContextConnection(SWServer&, RegistrableDomain&&, std::optional<ScriptExecutionContextIdentifier> serviceWorkerPageIdentifier);
 

diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.cpp b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
@@ -3000,4 +3000,14 @@ void NetworkProcess::setIsHoldingLockedFiles(bool isHoldingLockedFiles)
 }
 #endif
 
+#if ENABLE(SERVICE_WORKER)
+
+void NetworkProcess::setInspectionForServiceWorkersAllowed(PAL::SessionID sessionID, bool inspectable)
+{
+    if (auto* session = networkSession(sessionID))
+        session->setInspectionForServiceWorkersAllowed(inspectable);
+}
+
+#endif // ENABLE(SERVICE_WORKER)
+
 } // namespace WebKit
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.h b/Source/WebKit/NetworkProcess/NetworkProcess.h
@@ -423,6 +423,7 @@ class NetworkProcess : public AuxiliaryProcess, private DownloadManager::Client,
 
 #if ENABLE(SERVICE_WORKER)
     void requestBackgroundFetchPermission(PAL::SessionID, const WebCore::ClientOrigin&, CompletionHandler<void(bool)>&&);
+    void setInspectionForServiceWorkersAllowed(PAL::SessionID, bool);
 #endif
 
 private:

diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.messages.in b/Source/WebKit/NetworkProcess/NetworkProcess.messages.in
@@ -81,6 +81,10 @@ messages -> NetworkProcess LegacyReceiver {
 
     PreconnectTo(PAL::SessionID sessionID, WebKit::WebPageProxyIdentifier webPageProxyID, WebCore::PageIdentifier webPageID, WebCore::ResourceRequest request, enum:uint8_t WebCore::StoredCredentialsPolicy storedCredentialsPolicy, std::optional<WebKit::NavigatingToAppBoundDomain> isNavigatingToAppBoundDomain);
 
+#if ENABLE(SERVICE_WORKER)
+    SetInspectionForServiceWorkersAllowed(PAL::SessionID sessionID, bool inspectable)
+#endif
+
 #if ENABLE(TRACKING_PREVENTION)
     ClearPrevalentResource(PAL::SessionID sessionID, WebCore::RegistrableDomain resourceDomain) -> ()
     ClearUserInteraction(PAL::SessionID sessionID, WebCore::RegistrableDomain resourceDomain) -> ()

diff --git a/Source/WebKit/NetworkProcess/NetworkSession.cpp b/Source/WebKit/NetworkProcess/NetworkSession.cpp
@@ -142,6 +142,9 @@ NetworkSession::NetworkSession(NetworkProcess& networkProcess, const NetworkSess
     , m_allowsServerPreconnect(parameters.allowsServerPreconnect)
     , m_shouldRunServiceWorkersOnMainThreadForTesting(parameters.shouldRunServiceWorkersOnMainThreadForTesting)
     , m_overrideServiceWorkerRegistrationCountTestingValue(parameters.overrideServiceWorkerRegistrationCountTestingValue)
+#if ENABLE(SERVICE_WORKER)
+    , m_inspectionForServiceWorkersAllowed(parameters.inspectionForServiceWorkersAllowed)
+#endif
     , m_storageManager(createNetworkStorageManager(networkProcess, parameters))
 #if ENABLE(BUILT_IN_NOTIFICATIONS)
     , m_notificationManager(*this, parameters.webPushMachServiceName, WebPushD::WebPushDaemonConnectionConfiguration { parameters.webPushDaemonConnectionConfiguration })
@@ -676,7 +679,8 @@ SWServer& NetworkSession::ensureSWServer()
         // There should already be a registered path for this PAL::SessionID.
         // If there's not, then where did this PAL::SessionID come from?
         ASSERT(m_sessionID.isEphemeral() || !path.isEmpty());
-        m_swServer = makeUnique<SWServer>(*this, makeUniqueRef<WebSWOriginStore>(), info.processTerminationDelayEnabled, WTFMove(path), m_sessionID, shouldRunServiceWorkersOnMainThreadForTesting(), m_networkProcess->parentProcessHasServiceWorkerEntitlement(), overrideServiceWorkerRegistrationCountTestingValue());
+        auto inspectable = m_inspectionForServiceWorkersAllowed ? ServiceWorkerIsInspectable::Yes : ServiceWorkerIsInspectable::No;
+        m_swServer = makeUnique<SWServer>(*this, makeUniqueRef<WebSWOriginStore>(), info.processTerminationDelayEnabled, WTFMove(path), m_sessionID, shouldRunServiceWorkersOnMainThreadForTesting(), m_networkProcess->parentProcessHasServiceWorkerEntitlement(), overrideServiceWorkerRegistrationCountTestingValue(), inspectable);
     }
     return *m_swServer;
 }
@@ -815,6 +819,18 @@ void NetworkSession::clickBackgroundFetch(const String& identifier, CompletionHa
 {
     ensureBackgroundFetchStore().clickBackgroundFetch(identifier, WTFMove(callback));
 }
+
+void NetworkSession::setInspectionForServiceWorkersAllowed(bool inspectable)
+{
+    if (m_inspectionForServiceWorkersAllowed == inspectable)
+        return;
+
+    m_inspectionForServiceWorkersAllowed = inspectable;
+
+    if (m_swServer)
+        m_swServer->setInspectable(inspectable ? ServiceWorkerIsInspectable::Yes : ServiceWorkerIsInspectable::No);
+}
+
 #endif // ENABLE(SERVICE_WORKER)
 
 } // namespace WebKit
diff --git a/Source/WebKit/NetworkProcess/NetworkSession.h b/Source/WebKit/NetworkProcess/NetworkSession.h
@@ -276,6 +276,10 @@ class NetworkSession
     virtual void clearProxyConfigData() { }
     virtual void setProxyConfigData(Vector<std::pair<Vector<uint8_t>, WTF::UUID>>&&) { };
 #endif
+
+#if ENABLE(SERVICE_WORKER)
+    void setInspectionForServiceWorkersAllowed(bool);
+#endif
 
 protected:
     NetworkSession(NetworkProcess&, const NetworkSessionCreationParameters&);
@@ -361,6 +365,7 @@ class NetworkSession
     std::optional<ServiceWorkerInfo> m_serviceWorkerInfo;
     std::unique_ptr<WebCore::SWServer> m_swServer;
     RefPtr<BackgroundFetchStoreImpl> m_backgroundFetchStore;
+    bool m_inspectionForServiceWorkersAllowed { true };
 #endif
     std::unique_ptr<WebSharedWorkerServer> m_sharedWorkerServer;
 

diff --git a/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp b/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp
@@ -106,7 +106,7 @@ void NetworkSessionCreationParameters::encode(IPC::Encoder& encoder) const
     encoder << cacheStorageDirectory << cacheStorageDirectoryExtensionHandle;
     encoder << generalStorageDirectory << generalStorageDirectoryHandle;
 #if ENABLE(SERVICE_WORKER)
-    encoder << serviceWorkerRegistrationDirectory << serviceWorkerRegistrationDirectoryExtensionHandle << serviceWorkerProcessTerminationDelayEnabled;
+    encoder << serviceWorkerRegistrationDirectory << serviceWorkerRegistrationDirectoryExtensionHandle << serviceWorkerProcessTerminationDelayEnabled << inspectionForServiceWorkersAllowed;
 #endif
     encoder << resourceLoadStatisticsParameters;
 }
@@ -447,6 +447,11 @@ std::optional<NetworkSessionCreationParameters> NetworkSessionCreationParameters
     decoder >> serviceWorkerProcessTerminationDelayEnabled;
     if (!serviceWorkerProcessTerminationDelayEnabled)
         return std::nullopt;
+
+    std::optional<bool> inspectionForServiceWorkersAllowed;
+    decoder >> inspectionForServiceWorkersAllowed;
+    if (!inspectionForServiceWorkersAllowed)
+        return std::nullopt;
 #endif
 
     std::optional<ResourceLoadStatisticsParameters> resourceLoadStatisticsParameters;
@@ -531,6 +536,7 @@ std::optional<NetworkSessionCreationParameters> NetworkSessionCreationParameters
         , WTFMove(*serviceWorkerRegistrationDirectory)
         , WTFMove(*serviceWorkerRegistrationDirectoryExtensionHandle)
         , *serviceWorkerProcessTerminationDelayEnabled
+        , *inspectionForServiceWorkersAllowed
 #endif
         , WTFMove(*resourceLoadStatisticsParameters)
     }};

diff --git a/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h b/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h
@@ -135,6 +135,7 @@ struct NetworkSessionCreationParameters {
     String serviceWorkerRegistrationDirectory;
     SandboxExtension::Handle serviceWorkerRegistrationDirectoryExtensionHandle;
     bool serviceWorkerProcessTerminationDelayEnabled { true };
+    bool inspectionForServiceWorkersAllowed { true };
 #endif
 
     ResourceLoadStatisticsParameters resourceLoadStatisticsParameters;

diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp
@@ -108,7 +108,7 @@ void WebSWServerToContextConnection::close()
 
 void WebSWServerToContextConnection::installServiceWorkerContext(const ServiceWorkerContextData& contextData, const ServiceWorkerData& workerData, const String& userAgent, WorkerThreadMode workerThreadMode)
 {
-    send(Messages::WebSWContextManagerConnection::InstallServiceWorker { contextData, workerData, userAgent, workerThreadMode });
+    send(Messages::WebSWContextManagerConnection::InstallServiceWorker { contextData, workerData, userAgent, workerThreadMode, m_isInspectable });
 }
 
 void WebSWServerToContextConnection::updateAppInitiatedValue(ServiceWorkerIdentifier serviceWorkerIdentifier, WebCore::LastNavigationWasAppInitiated lastNavigationWasAppInitiated)
@@ -375,6 +375,15 @@ void WebSWServerToContextConnection::navigate(ScriptExecutionContextIdentifier c
     }, 0);
 }
 
+void WebSWServerToContextConnection::setInspectable(ServiceWorkerIsInspectable inspectable)
+{
+    if (m_isInspectable == inspectable)
+        return;
+
+    m_isInspectable = inspectable;
+    send(Messages::WebSWContextManagerConnection::SetInspectable { inspectable });
+}
+
 } // namespace WebKit
 
 #endif // ENABLE(SERVICE_WORKER)
diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h
@@ -113,12 +113,15 @@ class WebSWServerToContextConnection final: public WebCore::SWServerToContextCon
 
     void connectionClosed();
 
+    void setInspectable(WebCore::ServiceWorkerIsInspectable) final;
+
     NetworkConnectionToWebProcess& m_connection;
     HashMap<WebCore::FetchIdentifier, WeakPtr<ServiceWorkerFetchTask>> m_ongoingFetches;
     HashMap<WebCore::FetchIdentifier, ThreadSafeWeakPtr<ServiceWorkerDownloadTask>> m_ongoingDownloads;
     bool m_isThrottleable { true };
     WebPageProxyIdentifier m_webPageProxyID;
     size_t m_processingFunctionalEventCount { 0 };
+    WebCore::ServiceWorkerIsInspectable m_isInspectable { WebCore::ServiceWorkerIsInspectable::Yes };
 }; // class WebSWServerToContextConnection
 
 } // namespace WebKit

diff --git a/Source/WebKit/Scripts/webkit/messages.py b/Source/WebKit/Scripts/webkit/messages.py
@@ -781,6 +781,7 @@ def headers_for_type(type):
         'WebCore::SecurityPolicyViolationEventInit': ['<WebCore/SecurityPolicyViolationEvent.h>'],
         'WebCore::SelectionDirection': ['<WebCore/VisibleSelection.h>'],
         'WebCore::SelectionGeometry': ['"EditorState.h"'],
+        'WebCore::ServiceWorkerIsInspectable': ['<WebCore/ServiceWorkerTypes.h>'],
         'WebCore::ServiceWorkerJobIdentifier': ['<WebCore/ServiceWorkerTypes.h>'],
         'WebCore::ServiceWorkerOrClientData': ['<WebCore/ServiceWorkerTypes.h>', '<WebCore/ServiceWorkerClientData.h>', '<WebCore/ServiceWorkerData.h>'],
         'WebCore::ServiceWorkerOrClientIdentifier': ['<WebCore/ServiceWorkerTypes.h>'],

diff --git a/Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in b/Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
@@ -4429,6 +4429,7 @@ enum class WebCore::ServiceWorkerClientFrameType : uint8_t {
     None
 };
 
+enum class WebCore::ServiceWorkerIsInspectable : bool
 enum class WebCore::ShouldNotifyWhenResolved : bool
 
 enum class WebCore::ServiceWorkerUpdateViaCache : uint8_t {

diff --git a/Source/WebKit/UIProcess/ProvisionalPageProxy.cpp b/Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
@@ -93,7 +93,7 @@ ProvisionalPageProxy::ProvisionalPageProxy(WebPageProxy& page, Ref<WebProcessPro
     m_websiteDataStore = m_process->websiteDataStore();
     ASSERT(m_websiteDataStore);
     if (m_websiteDataStore && m_websiteDataStore != &m_page->websiteDataStore())
-        m_process->processPool().pageBeginUsingWebsiteDataStore(m_page->identifier(), *m_websiteDataStore);
+        m_process->processPool().pageBeginUsingWebsiteDataStore(m_page.get(), *m_websiteDataStore);
 
     // If we are reattaching to a SuspendedPage, then the WebProcess' WebPage already exists and
     // WebPageProxy::didCreateMainFrame() will not be called to initialize m_mainFrame. In such
@@ -123,7 +123,7 @@ ProvisionalPageProxy::~ProvisionalPageProxy()
 
         auto dataStore = m_process->websiteDataStore();
         if (dataStore && dataStore!= &m_page->websiteDataStore())
-            m_process->processPool().pageEndUsingWebsiteDataStore(m_page->identifier(), *dataStore);
+            m_process->processPool().pageEndUsingWebsiteDataStore(m_page.get(), *dataStore);
 
         if (m_process->hasConnection())
             send(Messages::WebPage::Close());

diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -2195,8 +2195,14 @@ bool WebPageProxy::inspectable() const
 
 void WebPageProxy::setInspectable(bool inspectable)
 {
-    if (m_inspectorDebuggable)
-        m_inspectorDebuggable->setInspectable(inspectable);
+    if (!m_inspectorDebuggable || m_inspectorDebuggable->inspectable() == inspectable)
+        return;
+
+    m_inspectorDebuggable->setInspectable(inspectable);
+
+#if ENABLE(SERVICE_WORKER)
+    websiteDataStore().updateServiceWorkerInspectability();
+#endif
 }
 
 String WebPageProxy::remoteInspectionNameOverride() const