[Private Browsing] Noise injection doesn't apply when using Offscreen…

…Canvas in shared/service workers https://bugs.webkit.org/show_bug.cgi?id=271159 rdar://124702163 Reviewed by Sihui Liu and Chris Dumez. In Private Browsing mode in Safari 17, each `ScriptExecutionContext` has a noise injection hash salt (unique by security origin) and `AdvancedPrivacyProtections` flags, sourced from the document loader. These are used to generate noise when reading pixels back from `canvas` or `OffscreenCanvas`. For dedicated workers, plumbing already exists to propagate the hash salt via `WorkerParameters` to `WorkerGlobalScope`, where they apply to `OffscreenCanvas`. However, for both shared workers and service workers, this is insufficient, since the `OffscreenCanvas` APIs are called in a separate, potentially-remote `Page` (which currently has neither a hash salt nor the requisite `AdvancedPrivacyProtections` flags). To fix this, we extend `AdvancedPrivacyProtection` flag plumbing to work for these two remaining types of workers; see below for more details. Test: AdvancedPrivacyProtections.NoiseInjectionForOffscreenCanvasInSharedWorker * Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp: (WebCore::generateWorkletParameters): * Source/WebCore/dom/Document.cpp: (WebCore::Document::noiseInjectionPolicy const): (WebCore::Document::advancedPrivacyProtections const): * Source/WebCore/dom/Document.h: * Source/WebCore/dom/EmptyScriptExecutionContext.h: * Source/WebCore/dom/ScriptExecutionContext.h: Add an override point to return the set of active advanced privacy protection flags. For `Document`, this goes through the top document's loader. For worklets and workers, this state is passed in via `WorkerParameters` and `WorkletParameters`. * Source/WebCore/page/Page.cpp: (WebCore::Page::setupForRemoteWorker): Allow shared/service workers to pass in privacy protections when initializing the remote `Page`. * Source/WebCore/page/Page.h: * Source/WebCore/workers/Worker.cpp: (WebCore::Worker::notifyFinished): * Source/WebCore/workers/WorkerGlobalScope.cpp: (WebCore::WorkerGlobalScope::WorkerGlobalScope): * Source/WebCore/workers/WorkerInitializationData.h: (WebCore::WorkerInitializationData::isolatedCopy const): * Source/WebCore/workers/WorkerMessagingProxy.cpp: (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): * Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp: (WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope): * Source/WebCore/workers/WorkerOrWorkletGlobalScope.h: (WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope): * Source/WebCore/workers/WorkerScriptLoader.cpp: (WebCore::WorkerScriptLoader::loadSynchronously): (WebCore::WorkerScriptLoader::loadAsynchronously): * Source/WebCore/workers/WorkerScriptLoader.h: (WebCore::WorkerScriptLoader::advancedPrivacyProtections const): Add a member as well as a getter to keep track of the active privacy protections for the currently loading (or loaded) worker. Later consulted in `SharedWorkerScriptLoader` to plumb the protection options into `WorkerInitializationData`, when spinning up shared workers. * Source/WebCore/workers/WorkerThread.cpp: (WebCore::WorkerParameters::isolatedCopy const): * Source/WebCore/workers/WorkerThread.h: * Source/WebCore/workers/service/ServiceWorkerClientData.cpp: (WebCore::ServiceWorkerClientData::isolatedCopy const): (WebCore::ServiceWorkerClientData::isolatedCopy): (WebCore::ServiceWorkerClientData::from): * Source/WebCore/workers/service/ServiceWorkerClientData.h: * Source/WebCore/workers/service/context/ServiceWorkerThread.cpp: (WebCore::generateWorkerParameters): (WebCore::ServiceWorkerThread::ServiceWorkerThread): * Source/WebCore/workers/service/context/ServiceWorkerThread.h: * Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp: (WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy): * Source/WebCore/workers/service/server/SWServer.cpp: (WebCore::forEachClientForOriginImpl): (WebCore::SWServer::forEachClientForOrigin const): (WebCore::SWServer::forEachClientForOrigin): (WebCore::SWServer::advancedPrivacyProtectionsFromClient const): When installing a new service worker, consult the set of matching clients (by client origin), to check if any clients of the service worker have active privacy protections; pass along the union of these active policies when installing the service worker. (WebCore::SWServer::installContextData): Pass in `AdvancedPrivacyProtections` when spinning up a new service worker. (WebCore::SWServer::runServiceWorker): * Source/WebCore/workers/service/server/SWServer.h: * Source/WebCore/workers/service/server/SWServerToContextConnection.h: * Source/WebCore/workers/shared/SharedWorkerScriptLoader.cpp: (WebCore::SharedWorkerScriptLoader::notifyFinished): * Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp: (WebCore::generateWorkerParameters): * Source/WebCore/worklets/WorkletGlobalScope.cpp: (WebCore::WorkletGlobalScope::WorkletGlobalScope): * Source/WebCore/worklets/WorkletParameters.h: (WebCore::WorkletParameters::isolatedCopy const): (WebCore::WorkletParameters::isolatedCopy): * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp: (WebKit::WebSWServerConnection::controlClient): * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp: (WebKit::WebSWServerToContextConnection::installServiceWorkerContext): * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h: * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: * Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp: (WebKit::WebSWContextManagerConnection::installServiceWorker): Call `setupForRemoteWorker` with the privacy protection flags. * Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h: * Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in: * Source/WebKit/WebProcess/Storage/WebSharedWorkerContextManagerConnection.cpp: (WebKit::WebSharedWorkerContextManagerConnection::launchSharedWorker): Call `setupForRemoteWorker` with the privacy protection flags. * Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm: (TestWebKitAPI::sharedWorkerMainBytes): Add a new API test. Originally-landed-as: 272448.764@safari-7618-branch (e285de6). rdar://128550109 Canonical link: https://commits.webkit.org/279267@main
WebKit · May 24, 2024 · c33df2d · c33df2d
1 parent 4aea4a2
commit c33df2d
Show file tree

Hide file tree

Showing 38 changed files with 215 additions and 41 deletions.
diff --git a/Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp b/Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp
@@ -60,6 +60,7 @@ static WorkletParameters generateWorkletParameters(AudioWorklet& worklet)
         document->settingsValues(),
         document->referrerPolicy(),
         worklet.audioContext() ? !worklet.audioContext()->isOfflineContext() : false,
+        document->advancedPrivacyProtections(),
         document->noiseInjectionHashSalt()
     };
 }

diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
@@ -10463,13 +10463,18 @@ void Document::resetObservationSizeForContainIntrinsicSize(Element& target)
 
 NoiseInjectionPolicy Document::noiseInjectionPolicy() const
 {
-    if (RefPtr loader = topDocument().loader()) {
-        if (loader->advancedPrivacyProtections().contains(AdvancedPrivacyProtections::FingerprintingProtections))
-            return NoiseInjectionPolicy::Minimal;
-    }
+    if (advancedPrivacyProtections().contains(AdvancedPrivacyProtections::FingerprintingProtections))
+        return NoiseInjectionPolicy::Minimal;
     return NoiseInjectionPolicy::None;
 }
 
+OptionSet<AdvancedPrivacyProtections> Document::advancedPrivacyProtections() const
+{
+    if (RefPtr loader = topDocument().loader())
+        return loader->advancedPrivacyProtections();
+    return { };
+}
+
 std::optional<uint64_t> Document::noiseInjectionHashSalt() const
 {
     if (!page() || noiseInjectionPolicy() == NoiseInjectionPolicy::None)

diff --git a/Source/WebCore/dom/Document.h b/Source/WebCore/dom/Document.h
@@ -1401,6 +1401,8 @@ class Document
     WEBCORE_EXPORT void exitPointerLock();
 #endif
 
+    OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections() const final;
+
     std::optional<uint64_t> noiseInjectionHashSalt() const final;
     NoiseInjectionPolicy noiseInjectionPolicy() const;
 

diff --git a/Source/WebCore/dom/EmptyScriptExecutionContext.h b/Source/WebCore/dom/EmptyScriptExecutionContext.h
@@ -25,6 +25,7 @@
 
 #pragma once
 
+#include "AdvancedPrivacyProtections.h"
 #include "EventLoop.h"
 #include "Microtasks.h"
 #include "ReferrerPolicy.h"
@@ -69,6 +70,7 @@ class EmptyScriptExecutionContext final : public RefCounted<EmptyScriptExecution
 
     SecurityOrigin& topOrigin() const final { return m_origin.get(); };
 
+    OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections() const final { return { }; }
     std::optional<uint64_t> noiseInjectionHashSalt() const { return std::nullopt; }
 
     void postTask(Task&&) final { ASSERT_NOT_REACHED(); }

diff --git a/Source/WebCore/dom/ScriptExecutionContext.h b/Source/WebCore/dom/ScriptExecutionContext.h
@@ -44,6 +44,7 @@
 #include <wtf/HashSet.h>
 #include <wtf/NativePromise.h>
 #include <wtf/ObjectIdentifier.h>
+#include <wtf/OptionSet.h>
 #include <wtf/URL.h>
 #include <wtf/WeakPtr.h>
 #include <wtf/text/WTFString.h>
@@ -84,6 +85,7 @@ class ServiceWorker;
 class ServiceWorkerContainer;
 class SocketProvider;
 class WebCoreOpaqueRoot;
+enum class AdvancedPrivacyProtections : uint16_t;
 enum class LoadedFromOpaqueSource : bool;
 enum class TaskSource : uint8_t;
 
@@ -141,6 +143,7 @@ class ScriptExecutionContext : public SecurityContext, public TimerAlignment {
 
     virtual GraphicsClient* graphicsClient() { return nullptr; }
 
+    virtual OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections() const = 0;
     virtual std::optional<uint64_t> noiseInjectionHashSalt() const = 0;
 
     virtual RefPtr<RTCDataChannelRemoteHandlerConnection> createRTCDataChannelRemoteHandlerConnection();

diff --git a/Source/WebCore/page/Page.cpp b/Source/WebCore/page/Page.cpp
@@ -21,6 +21,7 @@
 #include "Page.h"
 
 #include "ActivityStateChangeObserver.h"
+#include "AdvancedPrivacyProtections.h"
 #include "AlternativeTextClient.h"
 #include "AnimationFrameRate.h"
 #include "AppHighlightStorage.h"
@@ -4546,7 +4547,7 @@ ModelPlayerProvider& Page::modelPlayerProvider()
     return m_modelPlayerProvider.get();
 }
 
-void Page::setupForRemoteWorker(const URL& scriptURL, const SecurityOriginData& topOrigin, const String& referrerPolicy)
+void Page::setupForRemoteWorker(const URL& scriptURL, const SecurityOriginData& topOrigin, const String& referrerPolicy, OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections)
 {
     RefPtr localMainFrame = dynamicDowncast<LocalFrame>(mainFrame());
     if (!localMainFrame)
@@ -4562,6 +4563,9 @@ void Page::setupForRemoteWorker(const URL& scriptURL, const SecurityOriginData&
     document->setSiteForCookies(originAsURL);
     document->setFirstPartyForCookies(originAsURL);
 
+    if (RefPtr documentLoader = localMainFrame->checkedLoader()->documentLoader())
+        documentLoader->setAdvancedPrivacyProtections(advancedPrivacyProtections);
+
     if (document->settings().storageBlockingPolicy() != StorageBlockingPolicy::BlockThirdParty)
         document->setDomainForCachePartition(String { emptyString() });
     else

diff --git a/Source/WebCore/page/Page.h b/Source/WebCore/page/Page.h
@@ -187,6 +187,7 @@ using PlatformDisplayID = uint32_t;
 using SharedStringHash = uint32_t;
 
 enum class ActivityState : uint16_t;
+enum class AdvancedPrivacyProtections : uint16_t;
 enum class CanWrap : bool;
 enum class DidWrap : bool;
 enum class DisabledAdaptations : uint8_t;
@@ -301,7 +302,7 @@ class Page : public RefCounted<Page>, public Supplementable<Page>, public CanMak
     WEBCORE_EXPORT static void updateStyleForAllPagesAfterGlobalChangeInEnvironment();
     WEBCORE_EXPORT static void clearPreviousItemFromAllPages(HistoryItem*);
 
-    WEBCORE_EXPORT void setupForRemoteWorker(const URL& scriptURL, const SecurityOriginData& topOrigin, const String& referrerPolicy);
+    WEBCORE_EXPORT void setupForRemoteWorker(const URL& scriptURL, const SecurityOriginData& topOrigin, const String& referrerPolicy, OptionSet<AdvancedPrivacyProtections>);
 
     WEBCORE_EXPORT void updateStyleAfterChangeInEnvironment();
 

diff --git a/Source/WebCore/workers/Worker.cpp b/Source/WebCore/workers/Worker.cpp
@@ -217,6 +217,7 @@ void Worker::notifyFinished()
     WorkerInitializationData initializationData {
         m_scriptLoader->takeServiceWorkerData(),
         m_clientIdentifier,
+        m_scriptLoader->advancedPrivacyProtections(),
         context->userAgent(m_scriptLoader->responseURL())
     };
     m_contextProxy.startWorkerGlobalScope(m_scriptLoader->responseURL(), *sessionID, m_options.name, WTFMove(initializationData), m_scriptLoader->script(), contentSecurityPolicyResponseHeaders, m_shouldBypassMainWorldContentSecurityPolicy, m_scriptLoader->crossOriginEmbedderPolicy(), m_workerCreationTime, referrerPolicy, m_options.type, m_options.credentials, m_runtimeFlags);

diff --git a/Source/WebCore/workers/WorkerGlobalScope.cpp b/Source/WebCore/workers/WorkerGlobalScope.cpp
@@ -100,7 +100,7 @@ static WorkQueue& sharedFileSystemStorageQueue()
 WTF_MAKE_ISO_ALLOCATED_IMPL(WorkerGlobalScope);
 
 WorkerGlobalScope::WorkerGlobalScope(WorkerThreadType type, const WorkerParameters& params, Ref<SecurityOrigin>&& origin, WorkerThread& thread, Ref<SecurityOrigin>&& topOrigin, IDBClient::IDBConnectionProxy* connectionProxy, SocketProvider* socketProvider, std::unique_ptr<WorkerClient>&& workerClient)
-    : WorkerOrWorkletGlobalScope(type, params.sessionID, isMainThread() ? Ref { commonVM() } : JSC::VM::create(), params.referrerPolicy, &thread, params.noiseInjectionHashSalt, params.clientIdentifier)
+    : WorkerOrWorkletGlobalScope(type, params.sessionID, isMainThread() ? Ref { commonVM() } : JSC::VM::create(), params.referrerPolicy, &thread, params.noiseInjectionHashSalt, params.advancedPrivacyProtections, params.clientIdentifier)
     , m_url(params.scriptURL)
     , m_ownerURL(params.ownerURL)
     , m_inspectorIdentifier(params.inspectorIdentifier)

diff --git a/Source/WebCore/workers/WorkerInitializationData.h b/Source/WebCore/workers/WorkerInitializationData.h
@@ -25,16 +25,19 @@
 
 #pragma once
 
+#include "AdvancedPrivacyProtections.h"
 #include "ScriptExecutionContextIdentifier.h"
 #include "ServiceWorkerData.h"
 #include <wtf/CrossThreadCopier.h>
+#include <wtf/OptionSet.h>
 #include <wtf/text/WTFString.h>
 
 namespace WebCore {
 
 struct WorkerInitializationData {
     std::optional<ServiceWorkerData> serviceWorkerData;
     std::optional<ScriptExecutionContextIdentifier> clientIdentifier;
+    OptionSet<WebCore::AdvancedPrivacyProtections> advancedPrivacyProtections;
     String userAgent;
 
     WorkerInitializationData isolatedCopy() const;
@@ -45,6 +48,7 @@ inline WorkerInitializationData WorkerInitializationData::isolatedCopy() const
     return {
         crossThreadCopy(serviceWorkerData),
         clientIdentifier,
+        advancedPrivacyProtections,
         userAgent.isolatedCopy()
     };
 }

diff --git a/Source/WebCore/workers/WorkerMessagingProxy.cpp b/Source/WebCore/workers/WorkerMessagingProxy.cpp
@@ -149,6 +149,7 @@ void WorkerMessagingProxy::startWorkerGlobalScope(const URL& scriptURL, PAL::Ses
     WorkerParameters params { scriptURL, m_scriptExecutionContext->url(), name, identifier, WTFMove(initializationData.userAgent), isOnline, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, crossOriginEmbedderPolicy, timeOrigin, referrerPolicy, workerType, credentials, m_scriptExecutionContext->settingsValues(), WorkerThreadMode::CreateNewThread, sessionID,
         WTFMove(initializationData.serviceWorkerData),
         initializationData.clientIdentifier.value_or(ScriptExecutionContextIdentifier { }),
+        m_scriptExecutionContext->advancedPrivacyProtections(),
         m_scriptExecutionContext->noiseInjectionHashSalt()
     };
     auto thread = DedicatedWorkerThread::create(params, sourceCode, *this, *this, *this, *this, startMode, m_scriptExecutionContext->topOrigin(), proxy, socketProvider, runtimeFlags);

diff --git a/Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp b/Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp
@@ -40,7 +40,7 @@ namespace WebCore {
 
 WTF_MAKE_ISO_ALLOCATED_IMPL(WorkerOrWorkletGlobalScope);
 
-WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope(WorkerThreadType type, PAL::SessionID sessionID, Ref<JSC::VM>&& vm, ReferrerPolicy referrerPolicy, WorkerOrWorkletThread* thread, std::optional<uint64_t> noiseInjectionHashSalt, ScriptExecutionContextIdentifier contextIdentifier)
+WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope(WorkerThreadType type, PAL::SessionID sessionID, Ref<JSC::VM>&& vm, ReferrerPolicy referrerPolicy, WorkerOrWorkletThread* thread, std::optional<uint64_t> noiseInjectionHashSalt, OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections, ScriptExecutionContextIdentifier contextIdentifier)
     : ScriptExecutionContext(Type::WorkerOrWorkletGlobalScope, contextIdentifier)
     , m_script(makeUnique<WorkerOrWorkletScriptController>(type, WTFMove(vm), this))
     , m_moduleLoader(makeUnique<ScriptModuleLoader>(this, ScriptModuleLoader::OwnerType::WorkerOrWorklet))
@@ -49,6 +49,7 @@ WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope(WorkerThreadType type, PA
     , m_sessionID(sessionID)
     , m_referrerPolicy(referrerPolicy)
     , m_noiseInjectionHashSalt(noiseInjectionHashSalt)
+    , m_advancedPrivacyProtections(advancedPrivacyProtections)
 {
     relaxAdoptionRequirement();
 }

diff --git a/Source/WebCore/workers/WorkerOrWorkletGlobalScope.h b/Source/WebCore/workers/WorkerOrWorkletGlobalScope.h
@@ -39,6 +39,8 @@ class WorkerInspectorController;
 class WorkerOrWorkletScriptController;
 class WorkerOrWorkletThread;
 
+enum class AdvancedPrivacyProtections : uint16_t;
+
 class WorkerOrWorkletGlobalScope : public RefCounted<WorkerOrWorkletGlobalScope>, public ScriptExecutionContext, public EventTarget {
     WTF_MAKE_ISO_ALLOCATED(WorkerOrWorkletGlobalScope);
     WTF_MAKE_NONCOPYABLE(WorkerOrWorkletGlobalScope);
@@ -83,9 +85,10 @@ class WorkerOrWorkletGlobalScope : public RefCounted<WorkerOrWorkletGlobalScope>
     virtual FetchOptions::Destination destination() const = 0;
     ReferrerPolicy referrerPolicy() const final { return m_referrerPolicy; }
     std::optional<uint64_t> noiseInjectionHashSalt() const final { return m_noiseInjectionHashSalt; }
+    OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections() const final { return m_advancedPrivacyProtections; }
 
 protected:
-    WorkerOrWorkletGlobalScope(WorkerThreadType, PAL::SessionID, Ref<JSC::VM>&&, ReferrerPolicy, WorkerOrWorkletThread*, std::optional<uint64_t>,  ScriptExecutionContextIdentifier = { });
+    WorkerOrWorkletGlobalScope(WorkerThreadType, PAL::SessionID, Ref<JSC::VM>&&, ReferrerPolicy, WorkerOrWorkletThread*, std::optional<uint64_t>, OptionSet<AdvancedPrivacyProtections>, ScriptExecutionContextIdentifier = { });
 
     // ScriptExecutionContext.
     bool isJSExecutionForbidden() const final;
@@ -116,6 +119,7 @@ class WorkerOrWorkletGlobalScope : public RefCounted<WorkerOrWorkletGlobalScope>
     ReferrerPolicy m_referrerPolicy;
     bool m_isClosing { false };
     std::optional<uint64_t> m_noiseInjectionHashSalt;
+    OptionSet<AdvancedPrivacyProtections> m_advancedPrivacyProtections;
 };
 
 } // namespace WebCore

diff --git a/Source/WebCore/workers/WorkerScriptLoader.cpp b/Source/WebCore/workers/WorkerScriptLoader.cpp
@@ -76,6 +76,7 @@ std::optional<Exception> WorkerScriptLoader::loadSynchronously(ScriptExecutionCo
     m_source = source;
     m_destination = FetchOptions::Destination::Script;
     m_isCOEPEnabled = scriptExecutionContext->settingsValues().crossOriginEmbedderPolicyEnabled;
+    m_advancedPrivacyProtections = scriptExecutionContext->advancedPrivacyProtections();
 
     auto* serviceWorkerGlobalScope = dynamicDowncast<ServiceWorkerGlobalScope>(workerGlobalScope);
     if (serviceWorkerGlobalScope) {
@@ -131,6 +132,7 @@ void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext& scriptExecut
     m_destination = fetchOptions.destination;
     m_isCOEPEnabled = scriptExecutionContext.settingsValues().crossOriginEmbedderPolicyEnabled;
     m_clientIdentifier = clientIdentifier;
+    m_advancedPrivacyProtections = scriptExecutionContext.advancedPrivacyProtections();
 
     ASSERT(scriptRequest.httpMethod() == "GET"_s);
 

diff --git a/Source/WebCore/workers/WorkerScriptLoader.h b/Source/WebCore/workers/WorkerScriptLoader.h
@@ -26,6 +26,7 @@
 
 #pragma once
 
+#include "AdvancedPrivacyProtections.h"
 #include "CertificateInfo.h"
 #include "ContentSecurityPolicyResponseHeaders.h"
 #include "CrossOriginEmbedderPolicy.h"
@@ -40,6 +41,7 @@
 #include "ThreadableLoaderClient.h"
 #include <memory>
 #include <wtf/FastMalloc.h>
+#include <wtf/OptionSet.h>
 #include <wtf/RefCounted.h>
 #include <wtf/RefPtr.h>
 #include <wtf/URL.h>
@@ -71,6 +73,8 @@ class WorkerScriptLoader final : public RefCounted<WorkerScriptLoader>, public T
 
     void notifyError();
 
+    OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections() const { return m_advancedPrivacyProtections; }
+
     const ScriptBuffer& script() const { return m_script; }
     const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy() const { return m_contentSecurityPolicy; }
     const String& referrerPolicy() const { return m_referrerPolicy; }
@@ -161,6 +165,7 @@ class WorkerScriptLoader final : public RefCounted<WorkerScriptLoader>, public T
     RefPtr<ServiceWorkerDataManager> m_serviceWorkerDataManager;
     WeakPtr<ScriptExecutionContext> m_context;
     String m_userAgentForSharedWorker;
+    OptionSet<AdvancedPrivacyProtections> m_advancedPrivacyProtections;
 };
 
 } // namespace WebCore
diff --git a/Source/WebCore/workers/WorkerThread.cpp b/Source/WebCore/workers/WorkerThread.cpp
@@ -27,6 +27,7 @@
 #include "config.h"
 #include "WorkerThread.h"
 
+#include "AdvancedPrivacyProtections.h"
 #include "IDBConnectionProxy.h"
 #include "ScriptSourceCode.h"
 #include "SecurityOrigin.h"
@@ -67,6 +68,7 @@ WorkerParameters WorkerParameters::isolatedCopy() const
         sessionID,
         crossThreadCopy(serviceWorkerData),
         clientIdentifier,
+        advancedPrivacyProtections,
         noiseInjectionHashSalt
     };
 }

diff --git a/Source/WebCore/workers/WorkerThread.h b/Source/WebCore/workers/WorkerThread.h
@@ -62,6 +62,8 @@ namespace IDBClient {
 class IDBConnectionProxy;
 }
 
+enum class AdvancedPrivacyProtections : uint16_t;
+
 struct WorkerThreadStartupData;
 
 struct WorkerParameters {
@@ -84,6 +86,7 @@ struct WorkerParameters {
     PAL::SessionID sessionID;
     std::optional<ServiceWorkerData> serviceWorkerData;
     ScriptExecutionContextIdentifier clientIdentifier;
+    OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections;
     std::optional<uint64_t> noiseInjectionHashSalt;
 
     WorkerParameters isolatedCopy() const;

diff --git a/Source/WebCore/workers/service/ServiceWorkerClientData.cpp b/Source/WebCore/workers/service/ServiceWorkerClientData.cpp
@@ -26,6 +26,7 @@
 #include "config.h"
 #include "ServiceWorkerClientData.h"
 
+#include "AdvancedPrivacyProtections.h"
 #include "Document.h"
 #include "DocumentLoader.h"
 #include "FrameDestructionObserverInlines.h"
@@ -59,12 +60,12 @@ static ServiceWorkerClientFrameType toServiceWorkerClientFrameType(ScriptExecuti
 
 ServiceWorkerClientData ServiceWorkerClientData::isolatedCopy() const &
 {
-    return { identifier, type, frameType, url.isolatedCopy(), ownerURL.isolatedCopy(), pageIdentifier, frameIdentifier, lastNavigationWasAppInitiated, isVisible, isFocused, focusOrder, crossThreadCopy(ancestorOrigins) };
+    return { identifier, type, frameType, url.isolatedCopy(), ownerURL.isolatedCopy(), pageIdentifier, frameIdentifier, lastNavigationWasAppInitiated, advancedPrivacyProtections, isVisible, isFocused, focusOrder, crossThreadCopy(ancestorOrigins) };
 }
 
 ServiceWorkerClientData ServiceWorkerClientData::isolatedCopy() &&
 {
-    return { identifier, type, frameType, WTFMove(url).isolatedCopy(), WTFMove(ownerURL).isolatedCopy(), pageIdentifier, frameIdentifier, lastNavigationWasAppInitiated, isVisible, isFocused, focusOrder, crossThreadCopy(WTFMove(ancestorOrigins)) };
+    return { identifier, type, frameType, WTFMove(url).isolatedCopy(), WTFMove(ownerURL).isolatedCopy(), pageIdentifier, frameIdentifier, lastNavigationWasAppInitiated, advancedPrivacyProtections, isVisible, isFocused, focusOrder, crossThreadCopy(WTFMove(ancestorOrigins)) };
 }
 
 ServiceWorkerClientData ServiceWorkerClientData::from(ScriptExecutionContext& context)
@@ -89,6 +90,7 @@ ServiceWorkerClientData ServiceWorkerClientData::from(ScriptExecutionContext& co
             document->pageID(),
             document->frameID(),
             lastNavigationWasAppInitiated,
+            context.advancedPrivacyProtections(),
             !document->hidden(),
             document->hasFocus(),
             0,
@@ -107,6 +109,7 @@ ServiceWorkerClientData ServiceWorkerClientData::from(ScriptExecutionContext& co
         { },
         { },
         LastNavigationWasAppInitiated::No,
+        context.advancedPrivacyProtections(),
         false,
         false,
         0,

diff --git a/Source/WebCore/workers/service/ServiceWorkerClientData.h b/Source/WebCore/workers/service/ServiceWorkerClientData.h
@@ -38,6 +38,7 @@ namespace WebCore {
 class SWClientConnection;
 class ScriptExecutionContext;
 
+enum class AdvancedPrivacyProtections : uint16_t;
 enum class LastNavigationWasAppInitiated : bool { No, Yes };
 
 struct ServiceWorkerClientData {
@@ -51,6 +52,7 @@ struct ServiceWorkerClientData {
     std::optional<PageIdentifier> pageIdentifier;
     std::optional<FrameIdentifier> frameIdentifier;
     LastNavigationWasAppInitiated lastNavigationWasAppInitiated;
+    OptionSet<WebCore::AdvancedPrivacyProtections> advancedPrivacyProtections;
     bool isVisible { false };
     bool isFocused { false };
     uint64_t focusOrder { 0 };