From-Origin: Support for 'same' and 'same-site' response header, nested frame origin...
authorwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 24 Apr 2018 19:51:22 +0000 (19:51 +0000)
committerwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 24 Apr 2018 19:51:22 +0000 (19:51 +0000)
commit214b929c7b63e8e949029f29c438387244244a57
tree97067bd4c994095b36b55d7bbf3f6d358dfecebe
parent8521ef149cf2bd3ca97ca7e137ecf17b62fa77bf
From-Origin: Support for 'same' and 'same-site' response header, nested frame origin check
https://bugs.webkit.org/show_bug.cgi?id=184560
<rdar://problem/38901344>

Reviewed by Youenn Fablet and Daniel Bates.

LayoutTests/imported/w3c:

This patch implements significant parts of https://github.com/whatwg/fetch/issues/687.
We consume the From-Origin response header and only load the resource if:
- The header is non-existent, empty, or invalid.
- The header specifies 'same' and the resource's origin matches the originating
  document's origin and the origins up the frame tree.
- The header specifies 'same-site' and the resource's eTLD+1 matches the originating
  document's eTLD+1 and the eTLD+1 of the documents up the frame tree.

This feature is experimental and off by default.

* web-platform-tests/service-workers/service-worker/fetch-request-redirect.https-expected.txt:
    Removed console message since they are now suppressed.

Source/WebCore:

Tests: http/tests/from-origin/document-from-origin-same-accepted.html
       http/tests/from-origin/document-from-origin-same-blocked.html
       http/tests/from-origin/document-from-origin-same-site-accepted.html
       http/tests/from-origin/document-from-origin-same-site-blocked.html
       http/tests/from-origin/document-nested-from-origin-same-accepted.html
       http/tests/from-origin/document-nested-from-origin-same-blocked.html
       http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked.html
       http/tests/from-origin/fetch-from-origin-same-accepted.html
       http/tests/from-origin/fetch-from-origin-same-blocked.html
       http/tests/from-origin/fetch-from-origin-same-site-accepted.html
       http/tests/from-origin/fetch-from-origin-same-site-blocked.html
       http/tests/from-origin/fetch-iframe-from-origin-same-accepted.html
       http/tests/from-origin/fetch-iframe-from-origin-same-blocked.html
       http/tests/from-origin/image-about-blank-from-origin-same-blocked.html
       http/tests/from-origin/image-from-origin-same-accepted.html
       http/tests/from-origin/image-from-origin-same-blocked.html
       http/tests/from-origin/image-from-origin-same-site-accepted.html
       http/tests/from-origin/image-from-origin-same-site-blocked.html
       http/tests/from-origin/redirect-document-from-origin-same-blocked.html
       http/tests/from-origin/redirect-fetch-from-origin-same-blocked.html
       http/tests/from-origin/redirect-image-from-origin-same-blocked.html
       http/tests/from-origin/redirect-script-from-origin-same-blocked.html
       http/tests/from-origin/redirect-xhr-from-origin-same-blocked.html
       http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html
       http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked.html
       http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked.html
       http/tests/from-origin/script-from-origin-same-accepted.html
       http/tests/from-origin/script-from-origin-same-blocked.html
       http/tests/from-origin/script-from-origin-same-site-accepted.html
       http/tests/from-origin/script-from-origin-same-site-blocked.html
       http/tests/from-origin/top-frame-document-from-origin-same-accepted.php
       http/tests/from-origin/xhr-from-origin-same-accepted.html
       http/tests/from-origin/xhr-from-origin-same-blocked.html
       http/tests/from-origin/xhr-from-origin-same-site-accepted.html
       http/tests/from-origin/xhr-from-origin-same-site-blocked.html

* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didFail):
    Outputs the error's localized description in a console message except when the destination
    is FetchOptions::Destination::Serviceworker or FetchOptions::Destination::EmptyString.
* page/RuntimeEnabledFeatures.h:
(WebCore::RuntimeEnabledFeatures::setFromOriginResponseHeaderEnabled):
(WebCore::RuntimeEnabledFeatures::fromOriginResponseHeaderEnabled const):
    Added From-Origin support as an experimental feature.
* platform/network/HTTPHeaderNames.in:
    Added From-Origin.
* platform/network/HTTPParsers.cpp:
(WebCore::parseFromOriginHeader):
    Parses the From-Origin header, currently supporting 'Same' and 'Same-Site.'
* platform/network/HTTPParsers.h:

Source/WebKit:

This patch implements significant parts of https://github.com/whatwg/fetch/issues/687.
We consume the From-Origin response header and only load the resource if:
- The header is non-existent, empty, or invalid.
- The header specifies 'same' and the resource's origin matches the originating
  document's origin and the origins up the frame tree.
- The header specifies 'same-site' and the resource's eTLD+1 matches the originating
  document's eTLD+1 and the eTLD+1 of the documents up the frame tree.

This feature is experimental and off by default.

* NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):
    Support for the two new load parameters:
    - shouldEnableFromOriginResponseHeader
    - frameAncestorOrigins
* NetworkProcess/NetworkResourceLoadParameters.h:
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::areFrameAncestorsSameSite):
(WebKit::areFrameAncestorsSameOrigin):
(WebKit::shouldCancelCrossOriginLoad):
    The three functions above implement the new blocking logic.
(WebKit::fromOriginResourceError):
    Convenience function that returns an error with the From-Origin error message.
(WebKit::NetworkResourceLoader::didReceiveResponse):
    Now checks for a From-Origin response header.
(WebKit::NetworkResourceLoader::didFailLoading):
    Now checks for a From-Origin response header.
(WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest):
    Now checks for a From-Origin response header.
(WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
    Now checks for a From-Origin response header.
(WebKit::NetworkResourceLoader::dispatchWillSendRequestForCacheEntry):
    Now checks for a From-Origin response header.
* Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<Vector<RefPtr<SecurityOrigin>>>::encode):
(IPC::ArgumentCoder<Vector<RefPtr<SecurityOrigin>>>::decode):
    Now encodes and decodes vectors of RefPtr<WebCore::SecurityOrigin>.
* Shared/WebCoreArgumentCoders.h:
* Shared/WebPreferences.yaml:
    Added From-Origin support as an experimental feature.
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetFromOriginResponseHeaderEnabled):
(WKPreferencesGetFromOriginResponseHeaderEnabled):
* UIProcess/API/C/WKPreferencesRef.h:
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
    Sets the two new load parameters:
    - shouldEnableFromOriginResponseHeader
    - frameAncestorOrigins

Tools:

This patch implements significant parts of https://github.com/whatwg/fetch/issues/687.
We consume the From-Origin response header and only load the resource if:
- The header is non-existent, empty, or invalid.
- The header specifies 'same' and the resource's origin matches the originating
  document's origin and the origins up the frame tree.
- The header specifies 'same-site' and the resource's eTLD+1 matches the originating
  document's eTLD+1 and the eTLD+1 of the documents up the frame tree.

This feature is experimental and off by default.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp: Added.
(TestWebKitAPI::TEST):
    Tests for From-Origin header parsing.

LayoutTests:

This patch implements significant parts of https://github.com/whatwg/fetch/issues/687.
We consume the From-Origin response header and only load the resource if:
- The header is non-existent, empty, or invalid.
- The header specifies 'same' and the resource's origin matches the originating
  document's origin and the origins up the frame tree.
- The header specifies 'same-site' and the resource's eTLD+1 matches the originating
  document's eTLD+1 and the eTLD+1 of the documents up the frame tree.

This feature is experimental and off by default.

* TestExpectations:
    The http/tests/from-origin/ directory marked as [ Skip ].
    Suppressed console output for imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-redirect.https.html.
* http/tests/from-origin: Added.
* http/tests/from-origin/document-from-origin-same-accepted-expected.txt: Added.
* http/tests/from-origin/document-from-origin-same-accepted.html: Added.
* http/tests/from-origin/document-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/document-from-origin-same-blocked.html: Added.
* http/tests/from-origin/document-from-origin-same-site-accepted-expected.txt: Added.
* http/tests/from-origin/document-from-origin-same-site-accepted.html: Added.
* http/tests/from-origin/document-from-origin-same-site-blocked-expected.txt: Added.
* http/tests/from-origin/document-from-origin-same-site-blocked.html: Added.
* http/tests/from-origin/document-nested-from-origin-same-accepted-expected.txt: Added.
* http/tests/from-origin/document-nested-from-origin-same-accepted.html: Added.
* http/tests/from-origin/document-nested-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/document-nested-from-origin-same-blocked.html: Added.
* http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked.html: Added.
* http/tests/from-origin/fetch-from-origin-same-accepted-expected.txt: Added.
* http/tests/from-origin/fetch-from-origin-same-accepted.html: Added.
* http/tests/from-origin/fetch-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/fetch-from-origin-same-blocked.html: Added.
* http/tests/from-origin/fetch-from-origin-same-site-accepted-expected.txt: Added.
* http/tests/from-origin/fetch-from-origin-same-site-accepted.html: Added.
* http/tests/from-origin/fetch-from-origin-same-site-blocked-expected.txt: Added.
* http/tests/from-origin/fetch-from-origin-same-site-blocked.html: Added.
* http/tests/from-origin/fetch-iframe-from-origin-same-accepted-expected.txt: Added.
* http/tests/from-origin/fetch-iframe-from-origin-same-accepted.html: Added.
* http/tests/from-origin/fetch-iframe-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/fetch-iframe-from-origin-same-blocked.html: Added.
* http/tests/from-origin/image-about-blank-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/image-about-blank-from-origin-same-blocked.html: Added.
* http/tests/from-origin/image-from-origin-same-accepted-expected.txt: Added.
* http/tests/from-origin/image-from-origin-same-accepted.html: Added.
* http/tests/from-origin/image-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/image-from-origin-same-blocked.html: Added.
* http/tests/from-origin/image-from-origin-same-site-accepted-expected.txt: Added.
* http/tests/from-origin/image-from-origin-same-site-accepted.html: Added.
* http/tests/from-origin/image-from-origin-same-site-blocked-expected.txt: Added.
* http/tests/from-origin/image-from-origin-same-site-blocked.html: Added.
* http/tests/from-origin/redirect-document-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/redirect-document-from-origin-same-blocked.html: Added.
* http/tests/from-origin/redirect-fetch-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/redirect-fetch-from-origin-same-blocked.html: Added.
* http/tests/from-origin/redirect-image-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/redirect-image-from-origin-same-blocked.html: Added.
* http/tests/from-origin/redirect-script-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/redirect-script-from-origin-same-blocked.html: Added.
* http/tests/from-origin/redirect-xhr-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/redirect-xhr-from-origin-same-blocked.html: Added.
* http/tests/from-origin/resources: Added.
* http/tests/from-origin/resources/fetch.php: Added.
* http/tests/from-origin/resources/iframe.php: Added.
* http/tests/from-origin/resources/iframeIPAddressFetch.html: Added.
* http/tests/from-origin/resources/iframeLocalhostFetch.html: Added.
* http/tests/from-origin/resources/image.php: Added.
* http/tests/from-origin/resources/nestedIPAddressIframe.html: Added.
* http/tests/from-origin/resources/nestedLocalhostIframe.html: Added.
* http/tests/from-origin/resources/redirect.php: Added.
* http/tests/from-origin/resources/script.php: Added.
* http/tests/from-origin/resources/xhr.php: Added.
* http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html: Added.
* http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked.html: Added.
* http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked.html: Added.
* http/tests/from-origin/script-from-origin-same-accepted-expected.txt: Added.
* http/tests/from-origin/script-from-origin-same-accepted.html: Added.
* http/tests/from-origin/script-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/script-from-origin-same-blocked.html: Added.
* http/tests/from-origin/script-from-origin-same-site-accepted-expected.txt: Added.
* http/tests/from-origin/script-from-origin-same-site-accepted.html: Added.
* http/tests/from-origin/script-from-origin-same-site-blocked-expected.txt: Added.
* http/tests/from-origin/script-from-origin-same-site-blocked.html: Added.
* http/tests/from-origin/top-frame-document-from-origin-same-accepted-expected.txt: Added.
* http/tests/from-origin/top-frame-document-from-origin-same-accepted.php: Added.
* http/tests/from-origin/xhr-from-origin-same-accepted-expected.txt: Added.
* http/tests/from-origin/xhr-from-origin-same-accepted.html: Added.
* http/tests/from-origin/xhr-from-origin-same-blocked-expected.txt: Added.
* http/tests/from-origin/xhr-from-origin-same-blocked.html: Added.
* http/tests/from-origin/xhr-from-origin-same-site-accepted-expected.txt: Added.
* http/tests/from-origin/xhr-from-origin-same-site-accepted.html: Added.
* http/tests/from-origin/xhr-from-origin-same-site-blocked-expected.txt: Added.
* http/tests/from-origin/xhr-from-origin-same-site-blocked.html: Added.
* platform/mac-wk2/TestExpectations:
    Suppressed console output for imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-redirect.https.html.
* platform/wk2/TestExpectations:
    The http/tests/from-origin/ directory marked as [ Pass ].

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230968 268f45cc-cd09-0410-ab3c-d52691b4dbfc
105 files changed:
LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/http/tests/from-origin/document-from-origin-same-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-from-origin-same-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-from-origin-same-site-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-from-origin-same-site-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-nested-from-origin-same-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/document-nested-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-data-iframe-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-from-origin-same-site-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/fetch-iframe-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/image-about-blank-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/image-from-origin-same-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/image-from-origin-same-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/image-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/image-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/image-from-origin-same-site-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/image-from-origin-same-site-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/redirect-document-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/redirect-fetch-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/redirect-image-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/redirect-script-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/redirect-xhr-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/resources/fetch.php [new file with mode: 0644]
LayoutTests/http/tests/from-origin/resources/iframe.php [new file with mode: 0644]
LayoutTests/http/tests/from-origin/resources/iframeIPAddressFetch.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/resources/iframeLocalhostFetch.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/resources/image.php [new file with mode: 0644]
LayoutTests/http/tests/from-origin/resources/nestedIPAddressIframe.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/resources/nestedLocalhostIframe.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/resources/redirect.php [new file with mode: 0644]
LayoutTests/http/tests/from-origin/resources/script.php [new file with mode: 0644]
LayoutTests/http/tests/from-origin/resources/xhr.php [new file with mode: 0644]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-cross-origin-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/sandboxed-sub-frame-nested-same-origin-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/script-from-origin-same-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/script-from-origin-same-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/script-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/script-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/script-from-origin-same-site-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/script-from-origin-same-site-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/top-frame-document-from-origin-same-accepted.php [new file with mode: 0644]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-accepted.html [new file with mode: 0644]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/from-origin/xhr-from-origin-same-site-blocked.html [new file with mode: 0644]
LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-redirect.https-expected.txt
LayoutTests/platform/mac-wk2/TestExpectations
LayoutTests/platform/wk2/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/loader/SubresourceLoader.cpp
Source/WebCore/page/RuntimeEnabledFeatures.h
Source/WebCore/platform/network/HTTPHeaderNames.in
Source/WebCore/platform/network/HTTPParsers.cpp
Source/WebCore/platform/network/HTTPParsers.h
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp
Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h
Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
Source/WebKit/Shared/WebCoreArgumentCoders.cpp
Source/WebKit/Shared/WebCoreArgumentCoders.h
Source/WebKit/Shared/WebPreferences.yaml
Source/WebKit/UIProcess/API/C/WKPreferences.cpp
Source/WebKit/UIProcess/API/C/WKPreferencesRef.h
Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp [new file with mode: 0644]