-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-pick 9e08e9d. rdar://118121639
Cookies from AppSSO extension are getting stored in iframe even when CSP restricts page to be loaded in iframe https://bugs.webkit.org/show_bug.cgi?id=264447 rdar://118121639 Reviewed by Brent Fulgham. In https://bugs.webkit.org/show_bug.cgi?id=260100, we added CSP validation when setting cookies in the response of an AppSSO request. However, in that patch, we consider CSP options that are only relevant for i-frames in the redirect case. In NetworkResourceLoader::shouldInterruptLoadForXFrameOptions, we do an early return in non-main frame cases, but do not in the check for AppSSO. In SOAuthorizationCoordinator::tryAuthorize, it can be gleamed that a non-mainframe navigation implies a SubFrameSOAuthorizationSession will be created. Therefore we only need to perform these i-frame specific CSP checks whenever we have a SubFrameSOAuthorizationSession. * Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm: (WebKit::SOAuthorizationSession::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions): * Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.h: (WebKit::SOAuthorizationSession::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions): * Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm: (WebKit::SOAuthorizationSession::shouldInterruptLoadForXFrameOptions): Deleted. (WebKit::SOAuthorizationSession::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions): Deleted. * Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.h: * Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm: (WebKit::SubFrameSOAuthorizationSession::shouldInterruptLoadForXFrameOptions): (WebKit::SubFrameSOAuthorizationSession::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions): Canonical link: https://commits.webkit.org/270422@main Identifier: 267815.554@safari-7617-branch Canonical link: https://commits.webkit.org/267815.558@safari-7617.1.17.11-branch
- Loading branch information
Showing
4 changed files
with
69 additions
and
66 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters