Skip to content
Permalink
Browse files
Private relay should fail closed for third party loads if the main re…
…source was loaded over private relay

https://bugs.webkit.org/show_bug.cgi?id=240483

Reviewed by Chris Dumez.

This re-lands the change from r293861 along with r293481 except it uses ResourceRequest.firstPartyForCookies
instead of NetworkLoadParameters.topOrigin, which ought to be equivalent but the latter seems less reliable
and has been the cause of performance regressions associated with a few previous attempts at this fix.

* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):
(WebKit::NetworkSessionCocoa::createWebSocketTask):

Canonical link: https://commits.webkit.org/250925@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@294757 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
achristensen07 committed May 24, 2022
1 parent 0e3a57a commit f86ff68089a5df05ee1f224e6d0f989b5feb8d34
Showing 2 changed files with 21 additions and 1 deletion.
@@ -340,6 +340,13 @@ static inline bool computeIsAlwaysOnLoggingAllowed(NetworkSession& session)
RetainPtr<NSURLRequest> nsRequest = request.nsURLRequest(WebCore::HTTPBodyUpdatePolicy::UpdateHTTPBody);
RetainPtr<NSMutableURLRequest> mutableRequest = adoptNS([nsRequest.get() mutableCopy]);

if (parameters.isMainFrameNavigation
|| parameters.hadMainFrameMainResourcePrivateRelayed
|| request.url().host() == request.firstPartyForCookies().host()) {
if ([mutableRequest respondsToSelector:@selector(_setPrivacyProxyFailClosedForUnreachableNonMainHosts:)])
[mutableRequest _setPrivacyProxyFailClosedForUnreachableNonMainHosts:YES];
}

#if ENABLE(APP_PRIVACY_REPORT)
mutableRequest.get().attribution = request.isAppInitiated() ? NSURLRequestAttributionDeveloper : NSURLRequestAttributionUser;
#endif
@@ -936,7 +936,9 @@ - (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)data

NSURLSessionTaskTransactionMetrics *metrics = taskMetrics.transactionMetrics.lastObject;
#if HAVE(NETWORK_CONNECTION_PRIVACY_STANCE)
auto privateRelayed = metrics._privacyStance == nw_connection_privacy_stance_direct ? PrivateRelayed::No : PrivateRelayed::Yes;
auto privateRelayed = metrics._privacyStance == nw_connection_privacy_stance_direct
|| metrics._privacyStance == nw_connection_privacy_stance_not_eligible
? PrivateRelayed::No : PrivateRelayed::Yes;
#else
auto privateRelayed = PrivateRelayed::No;
#endif
@@ -1712,6 +1714,17 @@ static void activateSessionCleanup(NetworkSessionCocoa& session, const NetworkSe
appPrivacyReportTestingData().didLoadAppInitiatedRequest(nsRequest.get().attribution == NSURLRequestAttributionDeveloper);
#endif

// FIXME: This function can make up to 3 copies of a request.
// Reduce that to one if the protocol is null, the request isn't app initiated,
// or the main frame main resource was private relayed, then set all properties
// on the one copy.
if (hadMainFrameMainResourcePrivateRelayed || request.url().host() == clientOrigin.topOrigin.host) {
RetainPtr<NSMutableURLRequest> mutableRequest = adoptNS([nsRequest.get() mutableCopy]);
if ([mutableRequest respondsToSelector:@selector(_setPrivacyProxyFailClosedForUnreachableNonMainHosts:)])
[mutableRequest _setPrivacyProxyFailClosedForUnreachableNonMainHosts:YES];
nsRequest = WTFMove(mutableRequest);
}

auto& sessionSet = sessionSetForPage(webPageProxyID);
RetainPtr<NSURLSessionWebSocketTask> task = [sessionSet.sessionWithCredentialStorage.session webSocketTaskWithRequest:nsRequest.get()];

0 comments on commit f86ff68

Please sign in to comment.