Storage Access API: Make document.hasStorageAccess a function and always allow access...
authorwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 6 Dec 2017 19:41:01 +0000 (19:41 +0000)
committerwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 6 Dec 2017 19:41:01 +0000 (19:41 +0000)
commit8f934fca0b7c9fc748936a5051d90d52d400e181
tree851d506b3d3568eb958a36d969a81e8bd42953be
parent3a85195903cf3e0651c437ecacc8b880a18d3254
Storage Access API: Make document.hasStorageAccess a function and always allow access for same-origin iframes
https://bugs.webkit.org/show_bug.cgi?id=176944
<rdar://problem/34440658>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-user-gesture.html

This change introduces document.hasStorageAccess() as a function which
returns a promise instead of being a property. Since cookie access can
be due to both a granted request and recent user interaction as first
party, the WebKit::WebResourceLoadStatisticsStore needs to be consulted.

* dom/Document.cpp:
(WebCore::Document::hasStorageAccess):
(WebCore::Document::requestStorageAccess):
    Removed check of the previous m_hasStorageAccess member.
    Same-origin check done earlier. This was a request/suggestion
    from Mozilla.
* dom/Document.h:
(WebCore::Document::hasStorageAccess const): Deleted.
    Now uses a promise.
* dom/Document.idl:
* page/ChromeClient.h:

Source/WebKit:

This change introduces document.hasStorageAccess() as a function which
returns a promise instead of being a property. Since cookie access can
be due to both a granted request and recent user interaction as first
party, the WebKit::WebResourceLoadStatisticsStore needs to be consulted.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::hasStorageAccess):
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* UIProcess/WebResourceLoadStatisticsStore.cpp:
(WebKit::WebResourceLoadStatisticsStore::hasStorageAccess):
(WebKit::WebResourceLoadStatisticsStore::requestStorageAccess):
    Now adds an entry for granted access. A bug found through testing.
    Switched from WTF::Function to WTF::CompletionHandler.
* UIProcess/WebResourceLoadStatisticsStore.h:
* UIProcess/WebsiteData/WebsiteDataStore.cpp:
(WebKit::WebsiteDataStore::hasStorageAccess):
(WebKit::WebsiteDataStore::requestStorageAccess):
    Switched from WTF::Function to WTF::CompletionHandler.
* UIProcess/WebsiteData/WebsiteDataStore.h:
* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::hasStorageAccess):
(WebKit::WebChromeClient::requestStorageAccess):
    Switched from WTF::Function to WTF::CompletionHandler.
* WebProcess/WebCoreSupport/WebChromeClient.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::hasStorageAccess):
(WebKit::WebPage::requestStorageAccess):
    Switched from WTF::Function to WTF::CompletionHandler.
* WebProcess/WebPage/WebPage.h:

LayoutTests:

These tests now use the new document.hasStorageAccess() function
instead of the previous document.hasStorageAccess property.
The added test is a break out of the negative case of an iframe
calling the API when no user gesture is processed.

* http/tests/storageAccess/request-and-deny-storage-access-cross-origin-iframe-expected.txt:
* http/tests/storageAccess/request-and-deny-storage-access-cross-origin-iframe.html:
* http/tests/storageAccess/request-and-deny-storage-access-cross-origin-sandboxed-iframe-expected.txt:
* http/tests/storageAccess/request-and-deny-storage-access-cross-origin-sandboxed-iframe.html:
* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-non-sandboxed-iframe-expected.txt:
* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-non-sandboxed-iframe.html:
* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-expected.txt:
* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-expected.txt:
* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html:
* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-recent-user-interaction-expected.txt:
* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-without-user-interaction-expected.txt:
* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe-expected.txt:
* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html:
* http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-with-unique-origin-expected.txt:
* http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token-expected.txt:
* http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token.html:
* http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-user-gesture-expected.txt: Added.
* http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-user-gesture.html: Added.
* http/tests/storageAccess/request-storage-access-same-origin-iframe-expected.txt:
* http/tests/storageAccess/request-storage-access-same-origin-iframe.html:
* http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe-expected.txt:
* http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe-without-allow-token-expected.txt:
* http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe-without-allow-token.html:
* http/tests/storageAccess/request-storage-access-top-frame-expected.txt:
* http/tests/storageAccess/request-storage-access-top-frame.html:
* http/tests/storageAccess/resources/request-storage-access-iframe.html:
* http/tests/storageAccess/resources/request-storage-access-without-user-gesture-iframe.html: Added.
* platform/mac-wk2/TestExpectations:
    Marked the new test case as [ Pass ]

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@225583 268f45cc-cd09-0410-ab3c-d52691b4dbfc
46 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/storageAccess/request-and-deny-storage-access-cross-origin-iframe-expected.txt
LayoutTests/http/tests/storageAccess/request-and-deny-storage-access-cross-origin-iframe.html
LayoutTests/http/tests/storageAccess/request-and-deny-storage-access-cross-origin-sandboxed-iframe-expected.txt
LayoutTests/http/tests/storageAccess/request-and-deny-storage-access-cross-origin-sandboxed-iframe.html
LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-non-sandboxed-iframe-expected.txt
LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-non-sandboxed-iframe.html
LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-expected.txt
LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction-expected.txt
LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-non-recent-user-interaction.html
LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-with-recent-user-interaction-expected.txt
LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe-from-prevalent-domain-without-user-interaction-expected.txt
LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe-expected.txt
LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html
LayoutTests/http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-with-unique-origin-expected.txt
LayoutTests/http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token-expected.txt
LayoutTests/http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token.html
LayoutTests/http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-user-gesture-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-user-gesture.html [new file with mode: 0644]
LayoutTests/http/tests/storageAccess/request-storage-access-same-origin-iframe-expected.txt
LayoutTests/http/tests/storageAccess/request-storage-access-same-origin-iframe.html
LayoutTests/http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe-expected.txt
LayoutTests/http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe-without-allow-token-expected.txt
LayoutTests/http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe-without-allow-token.html
LayoutTests/http/tests/storageAccess/request-storage-access-top-frame-expected.txt
LayoutTests/http/tests/storageAccess/request-storage-access-top-frame.html
LayoutTests/http/tests/storageAccess/resources/request-storage-access-iframe.html
LayoutTests/http/tests/storageAccess/resources/request-storage-access-without-user-gesture-iframe.html [new file with mode: 0644]
LayoutTests/platform/mac-wk2/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/dom/Document.idl
Source/WebCore/page/ChromeClient.h
Source/WebKit/ChangeLog
Source/WebKit/UIProcess/WebPageProxy.cpp
Source/WebKit/UIProcess/WebPageProxy.h
Source/WebKit/UIProcess/WebPageProxy.messages.in
Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp
Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.h
Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
Source/WebKit/WebProcess/WebPage/WebPage.cpp
Source/WebKit/WebProcess/WebPage/WebPage.h