Ignore HSTS for partitioned, cross-origin subresource requests
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 10 Nov 2017 19:06:50 +0000 (19:06 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 10 Nov 2017 19:06:50 +0000 (19:06 +0000)
commit6bec20f05e9bb2b4d871257e00976182d15b03de
treed7e9f1e5edcb3f19aa1fc73be997c2a65c25c61d
parent140e7b54c6f73f0da7f3adb32abc34f10069d8a1
Ignore HSTS for partitioned, cross-origin subresource requests
https://bugs.webkit.org/show_bug.cgi?id=178993
<rdar://problem/34962462>

Patch by John Wilander <wilander@apple.com> on 2017-11-10
Reviewed by Brent Fulgham.

Source/WebCore:

No new tests. HSTS is not supported in layout tests.
Tested manually.

* platform/network/mac/WebCoreURLResponse.mm:
(WebCore::synthesizeRedirectResponseIfNecessary):

Source/WebCore/PAL:

* pal/spi/cf/CFNetworkSPI.h:
    Added
    - (BOOL)_schemeWasUpgradedDueToDynamicHSTS
    - (BOOL)_preventHSTSStorage
    - (BOOL)_ignoreHSTS
    - (void)_setPreventHSTSStorage:(BOOL)preventHSTSStorage
    - (void)_setIgnoreHSTS:(BOOL)ignoreHSTS

Source/WebKit:

* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(downgradeRequest):
    Convenience function to downgrade a request if
    CFNetwork as already upgraded it during
    canonicalization. This allows the rest of
    WebKit's processing to function, such as UIR
    and mixed content blocking.
(updateIgnoreStrictTransportSecuritySettingIfNecessary):
    Adds and removed the ignore request accordingly.
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
    Now asks CFNetwork to ignore HSTS on resource loads we
    partition cookies for.
(-[WKNetworkSessionDelegate URLSession:task:_schemeUpgraded:completionHandler:]):
    Now asks CFNetwork to ignore HSTS on resource loads we
    partition cookies for.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@224698 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/PAL/ChangeLog
Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h
Source/WebCore/platform/network/mac/WebCoreURLResponse.mm
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm