Introduce Storage Access API (document parts) as an experimental feature
https://bugs.webkit.org/show_bug.cgi?id=175759
<rdar://problem/
33666847>
Reviewed by Alex Christensen.
Source/WebCore:
Storage Access API is an experimental feature which allows cross-origin,
sandboxed iframes to request access to their first-party storage (as
opposed to partitioned storage). This might be restricted to cookies or
might cover all stateful mechanisms.
It introduces the following three developer-facing things:
- A new readonly attribute, document.hasStorageAccess.
- A new function, document.requestStorageAccess().
- A new iframe sandbox token, allow-storage-access-by-user-activation.
Tests: http/tests/loading/resourceLoadStatistics/request-and-deny-storage-access-cross-origin-iframe.html
http/tests/loading/resourceLoadStatistics/request-and-deny-storage-access-cross-origin-sandboxed-iframe.html
http/tests/loading/resourceLoadStatistics/request-and-grant-storage-access-cross-origin-iframe.html
http/tests/loading/resourceLoadStatistics/request-and-grant-storage-access-cross-origin-sandboxed-iframe.html
http/tests/loading/resourceLoadStatistics/request-storage-access-cross-origin-sandboxed-iframe-with-unique-origin.html
http/tests/loading/resourceLoadStatistics/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token.html
http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-iframe.html
http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-sandboxed-iframe-without-allow-token.html
http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-sandboxed-iframe.html
http/tests/loading/resourceLoadStatistics/request-storage-access-top-frame.html
* dom/Document.cpp:
(WebCore::Document::requestStorageAccess):
* dom/Document.h:
(WebCore::Document::hasStorageAccess const):
(WebCore::Document::setUserGrantsStorageAccessOverride):
See comments on WebCore::Internals below.
* dom/Document.idl:
* dom/SecurityContext.cpp:
(WebCore::SecurityContext::isSupportedSandboxPolicy):
(WebCore::SecurityContext::parseSandboxPolicy):
Support for allow-storage-access-by-user-activation.
* dom/SecurityContext.h:
* loader/ResourceLoadObserver.cpp:
(WebCore::ResourceLoadObserver::registerStorageAccess):
Newly granted storage access is reported to
WebCore::ResourceLoadObserver.
* loader/ResourceLoadObserver.h:
* loader/ResourceLoadStatistics.cpp:
(WebCore::encodeHashSet):
(WebCore::ResourceLoadStatistics::encode const):
(WebCore::decodeHashSet):
(WebCore::ResourceLoadStatistics::decode):
(WebCore::appendHashSet):
(WebCore::ResourceLoadStatistics::toString const):
(WebCore::mergeHashSet):
(WebCore::ResourceLoadStatistics::merge):
Storage of the new type of data.
* loader/ResourceLoadStatistics.h:
* page/Settings.in:
* testing/Internals.cpp:
(WebCore::Internals::resetToConsistentState):
(WebCore::Internals::setUserGrantsStorageAccess):
* testing/Internals.h:
* testing/Internals.idl:
Added setUserGrantsStorageAccess(). It is used to
override the eventSender's keyboard input which
always results in a cancel action on the confirm()
dialog.
Source/WebKit:
Storage Access API is an experimental feature which allows cross-origin,
sandboxed iframes to request access to their first-party storage (as
opposed to partitioned storage). This might be restricted to cookies or
might cover all stateful mechanisms.
It introduces the following three developer-facing things:
- A new readonly attribute, document.hasStorageAccess.
- A new function, document.requestStorageAccess().
- A new iframe sandbox token, allow-storage-access-by-user-activation.
* Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<ResourceLoadStatistics>::encode):
(IPC::ArgumentCoder<ResourceLoadStatistics>::decode):
Storage handling of the new type of data.
* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetStorageAccessAPIEnabled):
(WKPreferencesGetStorageAccessAPIEnabled):
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* UIProcess/WebResourceLoadStatisticsStore.cpp:
Bumped the model version from 9 to 10.
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):
Tools:
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::resetPreferencesToConsistentValues):
Turns the feature on for tests.
LayoutTests:
Storage Access API is an experimental feature which allows cross-origin,
sandboxed iframes to request access to their first-party storage (as
opposed to partitioned storage). This might be restricted to cookies or
might cover all stateful mechanisms.
It introduces the following three developer-facing things:
- A new readonly attribute, document.hasStorageAccess.
- A new function, document.requestStorageAccess().
- A new iframe sandbox token, allow-storage-access-by-user-activation.
* http/tests/loading/resourceLoadStatistics/request-and-deny-storage-access-cross-origin-iframe-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/request-and-deny-storage-access-cross-origin-iframe.html: Added.
* http/tests/loading/resourceLoadStatistics/request-and-deny-storage-access-cross-origin-sandboxed-iframe-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/request-and-deny-storage-access-cross-origin-sandboxed-iframe.html: Added.
* http/tests/loading/resourceLoadStatistics/request-and-grant-storage-access-cross-origin-iframe-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/request-and-grant-storage-access-cross-origin-iframe.html: Added.
* http/tests/loading/resourceLoadStatistics/request-and-grant-storage-access-cross-origin-sandboxed-iframe-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/request-and-grant-storage-access-cross-origin-sandboxed-iframe.html: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-cross-origin-sandboxed-iframe-with-unique-origin-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-cross-origin-sandboxed-iframe-with-unique-origin.html: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token.html: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-iframe-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-iframe.html: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-sandboxed-iframe-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-sandboxed-iframe-without-allow-token-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-sandboxed-iframe-without-allow-token.html: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-sandboxed-iframe.html: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-top-frame-expected.txt: Added.
* http/tests/loading/resourceLoadStatistics/request-storage-access-top-frame.html: Added.
* http/tests/loading/resourceLoadStatistics/resources/request-storage-access-iframe.html: Added.
* platform/mac-wk2/TestExpectations:
New test cases that require a user gesture marked as [ Pass ].
Also removed reference to (now closed) https://bugs.webkit.org/show_bug.cgi?id=175170.
* platform/wk2/TestExpectations:
New test case request-storage-access-top-frame.html marked as [ Pass ].
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@221976
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
git://git.webkit.org / WebKit-https.git / commit