Ensure Enhanced Security handles HTTPFirst correctly#62980
Merged
webkit-commit-queue merged 1 commit intoApr 30, 2026
Merged
Conversation
ronan-apple
added
the
New Bugs
Collaborator
|
EWS run on current version of this PR (hash 5be4ff5) Details |
🛠 vision-apple
sysrqb
approved these changes
Apr 29, 2026
https://bugs.webkit.org/show_bug.cgi?id=312578 rdar://173934437 Reviewed by Matthew Finkel. Currently, when a http:// URL is received with the HTTPSFirst network policy set, we opt in to Enhanced Security. However, WebContent will attempt to upgrade this to HTTPS on seeing the set policy automatically and never pass the decision back through WebPageProxy if the upgrade succeeds. To address this, we determine if a HTTPS upgrade is going to be attempted and, in this case, do not opt into Enhanced Security. If the upgrade later fails, this will pass through didFailProvisionalLoad and revisit the Enhanced Security decision in WebPageProxy. Two new tests are added which confirm the expected behaviour for HTTPSFirst in the success case, and ensure that when HTTPSFirst fails that Enhanced Security is still enabled. Test: Tools/TestWebKitAPI/Tests/WebKit/WKWebView/EnhancedSecurityPolicies.mm * Source/WebKit/UIProcess/EnhancedSecurityTracking.cpp: (WebKit::shouldExpectHTTPSUpgrade): (WebKit::EnhancedSecurityTracking::enableIfRequired): (WebKit::EnhancedSecurityTracking::trackNavigation): * Source/WebKit/UIProcess/EnhancedSecurityTracking.h: * Source/WebKit/UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::receivedNavigationActionPolicyDecision): * Tools/TestWebKitAPI/Tests/WebKit/WKWebView/EnhancedSecurityPolicies.mm: (runHttpsFirstUpgradeDisablesEnhancedSecurity): (runHttpsFirstFailureEnablesEnhancedSecurity): Canonical link: https://commits.webkit.org/312342@main
webkit-commit-queue
force-pushed
the
eng/173934437-https-first-es-issue
branch
from
5be4ff5 to
68ec5f3
Compare
Collaborator
|
Committed 312342@main (68ec5f3): https://commits.webkit.org/312342@main Reviewed commits have been landed. Closing PR #62980 and removing active labels. |
webkit-commit-queue
removed
the
merge-queue
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
68ec5f3
5be4ff5