Enable SharedArrayBuffer support when COOP/COEP headers are used

https://bugs.webkit.org/show_bug.cgi?id=229559
<rdar://problem/82391945>

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline a few web-platform-tests now that window.crossOriginIsolated properly returns
true when COOP+COEP are used.

Note that SharedArrayBuffer are already forcefully enabled by run-webkit-tests.py when running
the layout tests, which is why there are not more layout test results changes. At some point,
we should stop forcefully enabling SharedArrayBuffer when running web-platform-tests at least,
since WPT tests already make sure to use COOP+COEP when testing SharedArrayBuffer.

* web-platform-tests/IndexedDB/serialize-sharedarraybuffer-throws.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https-expected.txt:
Note that some subtests are failing because we don't support the Permissions-Policy HTTP header:
- https://w3c.github.io/webappsec-permissions-policy/

* web-platform-tests/html/cross-origin-opener-policy/coep.https-expected.txt:

Source/WebCore:

Make sure window.crossOriginIsolated returns true when COOP=same-origin and
COEP=require-corp are used. Also make sure that cross-origin-isolates pages
are allowed to use SharedArrayBuffer.

Change is covered by rebaselined layout tests and new API tests.

* loader/DocumentLoader.cpp:
(WebCore::toNeedsBrowsingContextGroupSwitch):
(WebCore::DocumentLoader::responseReceived):
* loader/EmptyClients.cpp:
(WebCore::EmptyFrameLoaderClient::dispatchDecidePolicyForResponse):
* loader/EmptyFrameLoaderClient.h:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkContentPolicy):
* loader/FrameLoader.h:
* loader/FrameLoaderClient.h:
* loader/FrameLoaderTypes.h:
* page/DOMWindow.cpp:
(WebCore::DOMWindow::crossOriginIsolated const):
* page/DOMWindow.idl:

Source/WebKit:

Make sure window.crossOriginIsolated returns true when COOP=same-origin and
COEP=require-corp are used. Also make sure that cross-origin-isolates pages
are allowed to use SharedArrayBuffer.

When the WebProcess determines it needs to switch browsing context group it
now sends a NeedsBrowsingContextGroupSwitch::YesWithoutCrossOriginIsolation /
NeedsBrowsingContextGroupSwitch::YesWithCrossOriginIsolation enum value to
the UIProcess with the DecidePolicyForResponse IPC instead of a simple
boolean. We send YesWithoutCrossOriginIsolation when the navigation
destination will be cross-origin-isolated due to COOP=same-origin and
COEP=require-corp. In the UIProcess, when YesWithCrossOriginIsolation is
received, we take care of launching a fresh WebProcess (never recycling an
existing WebProcess) and we make this WebProcess as cross-origin-isolated.
When a process is cross-origin-isolated, we pass it a XPC flag on launch
to allow the process to use SharedArrayBuffer. We use an XPC flag because
JSC Options need to be set before JSC::initialize() is called, which occurs
during XPC service initialization. When a WebProcess is marked as
cross-origin-isolated, we make sure to never cache it so it cannot be
recycled for a new navigation (given that it has special permission to use
SharedArrayBuffer).

* Scripts/webkit/messages.py:
(headers_for_type):
* Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.h:
(WebKit::XPCServiceInitializer):
* UIProcess/Launcher/ProcessLauncher.h:
(WebKit::ProcessLauncher::Client::shouldEnableSharedArrayBuffer const):
* UIProcess/Launcher/mac/ProcessLauncherMac.mm:
(WebKit::ProcessLauncher::launchProcess):
* UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::decidePolicyForResponse):
* UIProcess/ProvisionalPageProxy.h:
* UIProcess/SuspendedPageProxy.cpp:
(WebKit::SuspendedPageProxy::findReusableSuspendedPageProcess):
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::decidePolicyForResponse):
(WebKit::WebPageProxy::decidePolicyForResponseShared):
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::createNewWebProcess):
(WebKit::WebProcessPool::createWebPage):
* UIProcess/WebProcessPool.h:
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::create):
(WebKit::WebProcessProxy::createForServiceWorkers):
(WebKit::WebProcessProxy::WebProcessProxy):
(WebKit::WebProcessProxy::canBeAddedToWebProcessCache const):
* UIProcess/WebProcessProxy.h:
(WebKit::WebProcessProxy::isCrossOriginIsolated const):
* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):
* WebProcess/WebCoreSupport/WebFrameLoaderClient.h:

Source/WebKitLegacy/mac:

* WebCoreSupport/WebFrameLoaderClient.h:
* WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::dispatchDecidePolicyForResponse):

Source/WebKitLegacy/win:

* WebCoreSupport/WebFrameLoaderClient.cpp:
(WebFrameLoaderClient::dispatchDecidePolicyForResponse):
* WebCoreSupport/WebFrameLoaderClient.h:

Tools:

Add API test coverage. SharedArrayBuffer support is currently forcefully enabled by
run-webkit-tests.py so it would not be practical to write layout tests for this at
the moment.

* TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
(-[PSONScheme addMappingFromURLString:toData:withCOOPValue:withCOEPValue:]):
(-[PSONScheme webView:startURLSchemeTask:]):


Canonical link: https://commits.webkit.org/241165@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281832 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/imported/w3c/ChangeLog

@@ -1,3 +1,26 @@
+2021-08-31  Chris Dumez  <cdumez@apple.com>
+
+        Enable SharedArrayBuffer support when COOP/COEP headers are used
+        https://bugs.webkit.org/show_bug.cgi?id=229559
+        <rdar://problem/82391945>
+
+        Reviewed by Alex Christensen.
+
+        Rebaseline a few web-platform-tests now that window.crossOriginIsolated properly returns
+        true when COOP+COEP are used.
+
+        Note that SharedArrayBuffer are already forcefully enabled by run-webkit-tests.py when running
+        the layout tests, which is why there are not more layout test results changes. At some point,
+        we should stop forcefully enabling SharedArrayBuffer when running web-platform-tests at least,
+        since WPT tests already make sure to use COOP+COEP when testing SharedArrayBuffer.
+
+        * web-platform-tests/IndexedDB/serialize-sharedarraybuffer-throws.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https-expected.txt:
+        Note that some subtests are failing because we don't support the Permissions-Policy HTTP header:
+        - https://w3c.github.io/webappsec-permissions-policy/
+
+        * web-platform-tests/html/cross-origin-opener-policy/coep.https-expected.txt:
+
 2021-08-31  Marcos Caceres  <marcos@marcosc.com>
 
         [Payment Request] Calling PaymentRequest's show() should consume user activation

LayoutTests/imported/w3c/web-platform-tests/IndexedDB/serialize-sharedarraybuffer-throws.https-expected.txt

@@ -1,3 +1,5 @@
 
-FAIL IndexedDB: Attempting to serialize a SharedArrayBuffer should throw assert_true: The page is served with COOP and COEP, it should be cross-origin-isolated. expected true got false
+FAIL IndexedDB: Attempting to serialize a SharedArrayBuffer should throw assert_throws_dom: function "() => {
+            rq = objStore.put({sab: sab}, 'key');
+        }" threw object "DataError: Failed to store record in an IDBObjectStore: The object store uses in-line keys and the key parameter was provided." that is not a DOMException DataCloneError: property "code" is equal to 0, expected 25
 

LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https-expected.txt

@@ -1,24 +1,24 @@
 
-FAIL frame: origin = https://localhost:9443, value = undefined assert_equals: expected true but got false
-FAIL frame: origin = https://localhost:9443, value = * assert_equals: expected true but got false
-FAIL frame: origin = https://localhost:9443, value = self assert_equals: expected true but got false
-PASS frame: origin = https://localhost:9443, value = (\)
-PASS frame: origin = https://127.0.0.1:9443, value = undefined
-PASS frame: origin = https://127.0.0.1:9443, value = *
-PASS frame: origin = https://127.0.0.1:9443, value = self
-PASS frame: origin = https://127.0.0.1:9443, value = (\)
-FAIL dedicated worker: scheme = https, value = undefined assert_equals: expected true but got false
-FAIL dedicated worker: scheme = https, value = * assert_equals: expected true but got false
-FAIL dedicated worker: scheme = https, value = self assert_equals: expected true but got false
-PASS dedicated worker: scheme = https, value = (\)
-PASS dedicated worker: scheme = data, value = undefined
-PASS dedicated worker: scheme = data, value = *
-PASS dedicated worker: scheme = data, value = self
-PASS dedicated worker: scheme = data, value = (\)
-FAIL dedicated worker: scheme = blob, value = undefined assert_equals: expected true but got false
-FAIL dedicated worker: scheme = blob, value = * assert_equals: expected true but got false
-FAIL dedicated worker: scheme = blob, value = self assert_equals: expected true but got false
-PASS dedicated worker: scheme = blob, value = (\)
+PASS frame: origin = https://localhost:9443, value = undefined
+PASS frame: origin = https://localhost:9443, value = *
+PASS frame: origin = https://localhost:9443, value = self
+FAIL frame: origin = https://localhost:9443, value = (\) assert_equals: expected false but got true
+FAIL frame: origin = https://127.0.0.1:9443, value = undefined assert_equals: expected false but got true
+FAIL frame: origin = https://127.0.0.1:9443, value = * assert_equals: expected false but got true
+FAIL frame: origin = https://127.0.0.1:9443, value = self assert_equals: expected false but got true
+FAIL frame: origin = https://127.0.0.1:9443, value = (\) assert_equals: expected false but got true
+PASS dedicated worker: scheme = https, value = undefined
+PASS dedicated worker: scheme = https, value = *
+PASS dedicated worker: scheme = https, value = self
+FAIL dedicated worker: scheme = https, value = (\) assert_equals: expected false but got true
+FAIL dedicated worker: scheme = data, value = undefined assert_equals: expected false but got true
+FAIL dedicated worker: scheme = data, value = * assert_equals: expected false but got true
+FAIL dedicated worker: scheme = data, value = self assert_equals: expected false but got true
+FAIL dedicated worker: scheme = data, value = (\) assert_equals: expected false but got true
+PASS dedicated worker: scheme = blob, value = undefined
+PASS dedicated worker: scheme = blob, value = *
+PASS dedicated worker: scheme = blob, value = self
+FAIL dedicated worker: scheme = blob, value = (\) assert_equals: expected false but got true
 FAIL shared worker: withCoopCoep = false Can't find variable: SharedWorker
 FAIL shared worker: withCoopCoep = true Can't find variable: SharedWorker
 FAIL service worker: withCoopCoep = false assert_equals: expected (boolean) false but got (undefined) undefined

LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coep.https-expected.txt

@@ -7,5 +7,5 @@ PASS Same-origin popup with coop unsafe-none without coep
 PASS historical: "same-site" popup with coop unsafe-none without coep
 PASS Same-origin popup without coep
 PASS historical: "same-site" popup without coep
-FAIL Bonus: window.crossOriginIsolated assert_true: expected true got false
+PASS Bonus: window.crossOriginIsolated
 

LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/IndexedDB/serialize-sharedarraybuffer-throws.https-expected.txt

@@ -0,0 +1,3 @@
+
+FAIL IndexedDB: Attempting to serialize a SharedArrayBuffer should throw assert_true: The page is served with COOP and COEP, it should be cross-origin-isolated. expected true got false
+

Source/WebCore/ChangeLog

@@ -1,3 +1,32 @@
+2021-08-31  Chris Dumez  <cdumez@apple.com>
+
+        Enable SharedArrayBuffer support when COOP/COEP headers are used
+        https://bugs.webkit.org/show_bug.cgi?id=229559
+        <rdar://problem/82391945>
+
+        Reviewed by Alex Christensen.
+
+        Make sure window.crossOriginIsolated returns true when COOP=same-origin and
+        COEP=require-corp are used. Also make sure that cross-origin-isolates pages
+        are allowed to use SharedArrayBuffer.
+
+        Change is covered by rebaselined layout tests and new API tests.
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::toNeedsBrowsingContextGroupSwitch):
+        (WebCore::DocumentLoader::responseReceived):
+        * loader/EmptyClients.cpp:
+        (WebCore::EmptyFrameLoaderClient::dispatchDecidePolicyForResponse):
+        * loader/EmptyFrameLoaderClient.h:
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::checkContentPolicy):
+        * loader/FrameLoader.h:
+        * loader/FrameLoaderClient.h:
+        * loader/FrameLoaderTypes.h:
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::crossOriginIsolated const):
+        * page/DOMWindow.idl:
+
 2021-08-31  Kate Cheney  <katherine_cheney@apple.com>
 
         Use after move in ServiceWorkerThreadProxy

Source/WebCore/Headers.cmake

@@ -434,6 +434,7 @@ set(WebCore_PRIVATE_FRAMEWORK_HEADERS
     dom/Comment.h
     dom/ContainerNode.h
     dom/ContextDestructionObserver.h
+    dom/CrossOriginMode.h
     dom/CustomElementReactionQueue.h
     dom/DOMException.h
     dom/DOMHighResTimeStamp.h

Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -1294,6 +1294,7 @@
 		467302021C4EFE7800BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h in Headers */ = {isa = PBXBuildFile; fileRef = 467302011C4EFE6600BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h */; };
 		4682D2001F79783000C863DB /* StoredCredentialsPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 4682D1FF1F79782300C863DB /* StoredCredentialsPolicy.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		468344E01EDDFAAA00B7795B /* DOMRectList.h in Headers */ = {isa = PBXBuildFile; fileRef = 468344DE1EDDFA5F00B7795B /* DOMRectList.h */; settings = {ATTRIBUTES = (Private, ); }; };
+		4688EE3C26DD2610002AF5C4 /* CrossOriginMode.h in Headers */ = {isa = PBXBuildFile; fileRef = 4688EE3A26DD260C002AF5C4 /* CrossOriginMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		469CCCFE269D021C006E0314 /* BroadcastChannel.h in Headers */ = {isa = PBXBuildFile; fileRef = 469CCCFC269D0202006E0314 /* BroadcastChannel.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		46AAAA3D25D3632000BAF42F /* AudioFileReaderCocoa.h in Headers */ = {isa = PBXBuildFile; fileRef = 46AAAA3A25D3631400BAF42F /* AudioFileReaderCocoa.h */; };
 		46B63F6C1C6E8D19002E914B /* JSEventTargetCustom.h in Headers */ = {isa = PBXBuildFile; fileRef = 46B63F6B1C6E8CDF002E914B /* JSEventTargetCustom.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -8335,6 +8336,7 @@
 		468344DC1EDDFA5F00B7795B /* DOMRectList.idl */ = {isa = PBXFileReference; lastKnownFileType = text; path = DOMRectList.idl; sourceTree = "<group>"; };
 		468344DD1EDDFA5F00B7795B /* DOMRectList.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = DOMRectList.cpp; sourceTree = "<group>"; };
 		468344DE1EDDFA5F00B7795B /* DOMRectList.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = DOMRectList.h; sourceTree = "<group>"; };
+		4688EE3A26DD260C002AF5C4 /* CrossOriginMode.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CrossOriginMode.h; sourceTree = "<group>"; };
 		468B8BDE25CC849300F67822 /* JSBaseAudioContextCustom.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSBaseAudioContextCustom.cpp; sourceTree = "<group>"; };
 		469CCCFA269D0202006E0314 /* BroadcastChannel.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = BroadcastChannel.cpp; sourceTree = "<group>"; };
 		469CCCFC269D0202006E0314 /* BroadcastChannel.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BroadcastChannel.h; sourceTree = "<group>"; };
@@ -29871,6 +29873,7 @@
 				E1A1470711102B1500EEC0F3 /* ContainerNodeAlgorithms.h */,
 				97627B8B14FB3CEE002CDCA1 /* ContextDestructionObserver.cpp */,
 				97627B8C14FB3CEE002CDCA1 /* ContextDestructionObserver.h */,
+				4688EE3A26DD260C002AF5C4 /* CrossOriginMode.h */,
 				7CF570C62492BD49008EB33C /* CurrentScriptIncrementer.h */,
 				9B56C9A91C89329A00C456DF /* CustomElementReactionQueue.cpp */,
 				9B56C9A81C89312800C456DF /* CustomElementReactionQueue.h */,
@@ -31499,6 +31502,7 @@
 				2D481F02146B5C5500AA7834 /* CrossfadeGeneratedImage.h in Headers */,
 				E1C416120F6562FD0092D2FB /* CrossOriginAccessControl.h in Headers */,
 				4672AA9826B0943300E6EC38 /* CrossOriginEmbedderPolicy.h in Headers */,
+				4688EE3C26DD2610002AF5C4 /* CrossOriginMode.h in Headers */,
 				4672AA9926B0943F00E6EC38 /* CrossOriginOpenerPolicy.h in Headers */,
 				41ABE67B1D0580DB006D862D /* CrossOriginPreflightChecker.h in Headers */,
 				E1C415DA0F655D6F0092D2FB /* CrossOriginPreflightResultCache.h in Headers */,

Source/WebCore/dom/CrossOriginMode.h

@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2021 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#pragma once
+
+namespace WebCore {
+
+// Cross-Origin isolation via COOP+COEP headers.
+enum class CrossOriginMode : bool { Shared, Isolated };
+
+}

Source/WebCore/dom/ScriptExecutionContext.cpp

@@ -81,6 +81,8 @@
 namespace WebCore {
 using namespace Inspector;
 
+static std::atomic<CrossOriginMode> globalCrossOriginMode { CrossOriginMode::Shared };
+
 static Lock allScriptExecutionContextsMapLock;
 static HashMap<ScriptExecutionContextIdentifier, ScriptExecutionContext*>& allScriptExecutionContextsMap() WTF_REQUIRES_LOCK(allScriptExecutionContextsMapLock)
 {
@@ -623,6 +625,16 @@ ServiceWorkerContainer* ScriptExecutionContext::ensureServiceWorkerContainer()
 
 #endif
 
+void ScriptExecutionContext::setCrossOriginMode(CrossOriginMode crossOriginMode)
+{
+    globalCrossOriginMode = crossOriginMode;
+}
+
+CrossOriginMode ScriptExecutionContext::crossOriginMode()
+{
+    return globalCrossOriginMode;
+}
+
 bool ScriptExecutionContext::postTaskTo(ScriptExecutionContextIdentifier identifier, Task&& task)
 {
     Locker locker { allScriptExecutionContextsMapLock };

Source/WebCore/dom/ScriptExecutionContext.h

@@ -28,6 +28,7 @@
 #pragma once
 
 #include "ActiveDOMObject.h"
+#include "CrossOriginMode.h"
 #include "DOMTimer.h"
 #include "PermissionController.h"
 #include "RTCDataChannelRemoteHandlerConnection.h"
@@ -174,6 +175,9 @@ class ScriptExecutionContext : public SecurityContext, public CanMakeWeakPtr<Scr
     virtual std::unique_ptr<FontLoadRequest> fontLoadRequest(String& url, bool isSVG, bool isInitiatingElementInUserAgentShadowTree, LoadedFromOpaqueSource);
     virtual void beginLoadingFontSoon(FontLoadRequest&) { }
 
+    WEBCORE_EXPORT static void setCrossOriginMode(CrossOriginMode);
+    static CrossOriginMode crossOriginMode();
+
     void ref() { refScriptExecutionContext(); }
     void deref() { derefScriptExecutionContext(); }
 

Source/WebCore/loader/DocumentLoader.cpp

@@ -948,6 +948,15 @@ void DocumentLoader::responseReceived(CachedResource& resource, const ResourceRe
     responseReceived(response, WTFMove(completionHandler));
 }
 
+static BrowsingContextGroupSwitchDecision toBrowsingContextGroupSwitchDecision(const std::optional<CrossOriginOpenerPolicyEnforcementResult>& currentCoopEnforcementResult)
+{
+    if (!currentCoopEnforcementResult || !currentCoopEnforcementResult->needsBrowsingContextGroupSwitch)
+        return BrowsingContextGroupSwitchDecision::StayInGroup;
+    if (currentCoopEnforcementResult->crossOriginOpenerPolicy.value == CrossOriginOpenerPolicyValue::SameOriginPlusCOEP)
+        return BrowsingContextGroupSwitchDecision::NewIsolatedGroup;
+    return BrowsingContextGroupSwitchDecision::NewSharedGroup;
+}
+
 void DocumentLoader::responseReceived(const ResourceResponse& response, CompletionHandler<void()>&& completionHandler)
 {
     ASSERT(response.certificateInfo());
@@ -1048,8 +1057,8 @@ void DocumentLoader::responseReceived(const ResourceResponse& response, Completi
     if (mainResourceLoader)
         mainResourceLoader->markInAsyncResponsePolicyCheck();
     auto requestIdentifier = PolicyCheckIdentifier::create();
-    bool needsBrowsingContextGroupSwitch = m_currentCoopEnforcementResult && m_currentCoopEnforcementResult->needsBrowsingContextGroupSwitch;
-    frameLoader()->checkContentPolicy(m_response, requestIdentifier, needsBrowsingContextGroupSwitch, [this, protectedThis = makeRef(*this), mainResourceLoader = WTFMove(mainResourceLoader),
+    auto browsingContextGroupSwitchDecision = toBrowsingContextGroupSwitchDecision(m_currentCoopEnforcementResult);
+    frameLoader()->checkContentPolicy(m_response, requestIdentifier, browsingContextGroupSwitchDecision, [this, protectedThis = makeRef(*this), mainResourceLoader = WTFMove(mainResourceLoader),
         completionHandler = completionHandlerCaller.release(), requestIdentifier] (PolicyAction policy, PolicyCheckIdentifier responseIdentifier) mutable {
         RELEASE_ASSERT(responseIdentifier.isValidFor(requestIdentifier));
         continueAfterContentPolicy(policy);

Source/WebCore/loader/EmptyClients.cpp

@@ -817,7 +817,7 @@ void EmptyFrameLoaderClient::dispatchShow()
 {
 }
 
-void EmptyFrameLoaderClient::dispatchDecidePolicyForResponse(const ResourceResponse&, const ResourceRequest&, PolicyCheckIdentifier, const String&, bool, FramePolicyFunction&&)
+void EmptyFrameLoaderClient::dispatchDecidePolicyForResponse(const ResourceResponse&, const ResourceRequest&, PolicyCheckIdentifier, const String&, BrowsingContextGroupSwitchDecision, FramePolicyFunction&&)
 {
 }
 

Source/WebCore/loader/EmptyFrameLoaderClient.h

@@ -96,7 +96,7 @@ class WEBCORE_EXPORT EmptyFrameLoaderClient : public FrameLoaderClient {
     Frame* dispatchCreatePage(const NavigationAction&, NewFrameOpenerPolicy) final;
     void dispatchShow() final;
 
-    void dispatchDecidePolicyForResponse(const ResourceResponse&, const ResourceRequest&, PolicyCheckIdentifier, const String&, bool needsBrowsingContextGroupSwitch, FramePolicyFunction&&) final;
+    void dispatchDecidePolicyForResponse(const ResourceResponse&, const ResourceRequest&, PolicyCheckIdentifier, const String&, BrowsingContextGroupSwitchDecision, FramePolicyFunction&&) final;
     void dispatchDecidePolicyForNewWindowAction(const NavigationAction&, const ResourceRequest&, FormState*, const String&, PolicyCheckIdentifier, FramePolicyFunction&&) final;
     void dispatchDecidePolicyForNavigationAction(const NavigationAction&, const ResourceRequest&, const ResourceResponse& redirectResponse, FormState*, PolicyDecisionMode, PolicyCheckIdentifier, FramePolicyFunction&&) final;
     void cancelPolicyCheck() final;

Source/WebCore/loader/FrameLoader.cpp

@@ -413,7 +413,7 @@ void FrameLoader::setDefersLoading(bool defers)
     }
 }
 
-void FrameLoader::checkContentPolicy(const ResourceResponse& response, PolicyCheckIdentifier identifier, bool needsBrowsingContextGroupSwitch, ContentPolicyDecisionFunction&& function)
+void FrameLoader::checkContentPolicy(const ResourceResponse& response, PolicyCheckIdentifier identifier, BrowsingContextGroupSwitchDecision browsingContextGroupSwitchDecision, ContentPolicyDecisionFunction&& function)
 {
     if (!activeDocumentLoader()) {
         // Load was cancelled
@@ -422,7 +422,7 @@ void FrameLoader::checkContentPolicy(const ResourceResponse& response, PolicyChe
     }
 
     // FIXME: Validate the policy check identifier.
-    client().dispatchDecidePolicyForResponse(response, activeDocumentLoader()->request(), identifier, activeDocumentLoader()->downloadAttribute(), needsBrowsingContextGroupSwitch, WTFMove(function));
+    client().dispatchDecidePolicyForResponse(response, activeDocumentLoader()->request(), identifier, activeDocumentLoader()->downloadAttribute(), browsingContextGroupSwitchDecision, WTFMove(function));
 }
 
 void FrameLoader::changeLocation(const URL& url, const String& passedTarget, Event* triggeringEvent, const ReferrerPolicy& referrerPolicy, ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicy, std::optional<NewFrameOpenerPolicy> openerPolicy, const AtomString& downloadAttribute, const SystemPreviewInfo& systemPreviewInfo, std::optional<PrivateClickMeasurement>&& privateClickMeasurement)

Source/WebCore/loader/FrameLoader.h

@@ -220,7 +220,7 @@ class FrameLoader final {
 
     void setDefersLoading(bool);
 
-    void checkContentPolicy(const ResourceResponse&, PolicyCheckIdentifier, bool needsBrowsingContextGroupSwitch, ContentPolicyDecisionFunction&&);
+    void checkContentPolicy(const ResourceResponse&, PolicyCheckIdentifier, BrowsingContextGroupSwitchDecision, ContentPolicyDecisionFunction&&);
 
     void didExplicitOpen();