Make policy decisions asynchronous
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 21 Mar 2018 22:28:50 +0000 (22:28 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 21 Mar 2018 22:28:50 +0000 (22:28 +0000)
https://bugs.webkit.org/show_bug.cgi?id=180568
<rdar://problem/37131297>

Reviewed by Alex Christensen.

Source/WebKit:

Get rid of synchronous IPC and synchronous code paths for policy delegates.
Policy decisions are now all made asynchronously and rely on asynchronous
IPC.

This code change is based on work by Alex Christensen.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::receivedPolicyDecision):
(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::decidePolicyForResponse):
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):

LayoutTests:

Rebaseline tests for WebKit2. The issue is that some tests dump policy delegate calls
and things now happen in a slightly different order now that those delegates are
asynchronous.

* TestExpectations:
* http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt:
* platform/ios/http/tests/loading/simple-subframe-expected.txt:
* platform/mac-wk2/http/tests/loading/simple-subframe-expected.txt: Copied from LayoutTests/platform/ios/http/tests/loading/simple-subframe-expected.txt.
* platform/wk2/fast/loader/fragment-navigation-base-blank-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/fast/loader/iframe-meta-refresh-base-blank-expected.txt: Copied from LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt.
* platform/wk2/fast/loader/iframe-set-location-base-blank-expected.txt: Copied from LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt.
* platform/wk2/fast/loader/main-document-url-for-non-http-loads-expected.txt: Added.
* platform/wk2/fast/loader/refresh-iframe-base-blank-expected.txt: Copied from LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt.
* platform/wk2/fast/loader/subframe-removes-itself-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled-expected.txt: Added.
* platform/wk2/http/tests/contentextensions/block-everything-unless-domain-expected.txt: Added.
* platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt:
* platform/wk2/http/tests/loading/bad-server-subframe-expected.txt: Added.
* platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt:
* platform/wk2/http/tests/loading/redirect-with-no-location-crash-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/loading/server-redirect-for-provisional-load-caching-expected.txt: Added.
* platform/wk2/http/tests/loading/slow-parsing-subframe-expected.txt: Added.
* platform/wk2/http/tests/misc/will-send-request-returns-null-on-redirect-expected.txt: Added.
* platform/wk2/http/tests/misc/window-dot-stop-expected.txt: Added.
* platform/wk2/http/tests/navigation/redirect-preserves-fragment-expected.txt: Added.
* platform/wk2/http/tests/navigation/redirect-to-fragment-expected.txt: Added.
* platform/wk2/http/tests/navigation/redirect-to-invalid-url-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-allowall-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-invalid-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-conflict-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-allow-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-allow-expected.txt: Added.
* platform/wk2/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt: Added.
* platform/wk2/http/tests/security/blocked-on-redirect-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/data-url-iframe-in-main-frame-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-iframe-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-inherited-policy-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-javascript-url-iframe-in-iframe-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-xslt-document-in-iframe-with-inherited-policy-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-with-inherited-policy-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-redirect-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt: Added.
* platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/http-0.9/iframe-blocked-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/about-blank-iframe-in-main-frame-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/data-url-iframe-in-main-frame-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/mixedContent/data-url-script-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/mixedContent/empty-url-plugin-in-frame-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/insecure-css-with-secure-cookies-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/insecure-form-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/mixedContent/insecure-form-in-main-frame-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/mixedContent/javascript-url-form-in-main-frame-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt: Added.
* platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/inspector/page/frameScheduledNavigation-expected.txt: Added.
* platform/wk2/loader/go-back-cached-main-resource-expected.txt: Added.
* platform/wk2/webarchive/loading/mainresource-null-mimetype-crash-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/webarchive/loading/test-loading-archive-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
* platform/wk2/webarchive/loading/video-in-webarchive-expected.txt: Renamed from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@229831 268f45cc-cd09-0410-ab3c-d52691b4dbfc

101 files changed:
LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt
LayoutTests/platform/ios/http/tests/loading/simple-subframe-expected.txt
LayoutTests/platform/mac-wk2/http/tests/loading/simple-subframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/fast/loader/fragment-navigation-base-blank-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/fast/loader/iframe-meta-refresh-base-blank-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/fast/loader/iframe-set-location-base-blank-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/fast/loader/main-document-url-for-non-http-loads-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/fast/loader/refresh-iframe-base-blank-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/fast/loader/subframe-removes-itself-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/contentextensions/block-everything-unless-domain-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt
LayoutTests/platform/wk2/http/tests/loading/bad-server-subframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt
LayoutTests/platform/wk2/http/tests/loading/redirect-with-no-location-crash-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/loading/server-redirect-for-provisional-load-caching-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/loading/slow-parsing-subframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/misc/will-send-request-returns-null-on-redirect-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/misc/window-dot-stop-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/navigation/redirect-preserves-fragment-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/navigation/redirect-to-fragment-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/navigation/redirect-to-invalid-url-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-allowall-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-invalid-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-conflict-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-allow-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-allow-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/blocked-on-redirect-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/data-url-iframe-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-inherited-policy-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-javascript-url-iframe-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-xslt-document-in-iframe-with-inherited-policy-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-with-inherited-policy-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-redirect-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/http-0.9/iframe-blocked-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/about-blank-iframe-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/data-url-iframe-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/data-url-script-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/empty-url-plugin-in-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-css-with-secure-cookies-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-form-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-form-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/javascript-url-form-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/inspector/page/frameScheduledNavigation-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/loader/go-back-cached-main-resource-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/webarchive/loading/mainresource-null-mimetype-crash-expected.txt [moved from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt with 100% similarity]
LayoutTests/platform/wk2/webarchive/loading/missing-data-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/webarchive/loading/object-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/webarchive/loading/test-loading-archive-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/webarchive/loading/test-loading-archive-subresource-null-mimetype-expected.txt [new file with mode: 0644]
LayoutTests/platform/wk2/webarchive/loading/video-in-webarchive-expected.txt [new file with mode: 0644]
Source/WebKit/ChangeLog
Source/WebKit/UIProcess/WebPageProxy.cpp
Source/WebKit/UIProcess/WebPageProxy.h
Source/WebKit/UIProcess/WebPageProxy.messages.in
Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAlternateHTMLString.mm

index b9c6570..8195960 100644 (file)
@@ -1,3 +1,107 @@
+2018-03-21  Chris Dumez  <cdumez@apple.com>
+
+        Make policy decisions asynchronous
+        https://bugs.webkit.org/show_bug.cgi?id=180568
+        <rdar://problem/37131297>
+
+        Reviewed by Alex Christensen.
+
+        Rebaseline tests for WebKit2. The issue is that some tests dump policy delegate calls
+        and things now happen in a slightly different order now that those delegates are
+        asynchronous.
+
+        * TestExpectations:
+        * http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt:
+        * platform/ios/http/tests/loading/simple-subframe-expected.txt:
+        * platform/mac-wk2/http/tests/loading/simple-subframe-expected.txt: Copied from LayoutTests/platform/ios/http/tests/loading/simple-subframe-expected.txt.
+        * platform/wk2/fast/loader/fragment-navigation-base-blank-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/fast/loader/iframe-meta-refresh-base-blank-expected.txt: Copied from LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt.
+        * platform/wk2/fast/loader/iframe-set-location-base-blank-expected.txt: Copied from LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt.
+        * platform/wk2/fast/loader/main-document-url-for-non-http-loads-expected.txt: Added.
+        * platform/wk2/fast/loader/refresh-iframe-base-blank-expected.txt: Copied from LayoutTests/platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt.
+        * platform/wk2/fast/loader/subframe-removes-itself-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled-expected.txt: Added.
+        * platform/wk2/http/tests/contentextensions/block-everything-unless-domain-expected.txt: Added.
+        * platform/wk2/http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials-expected.txt:
+        * platform/wk2/http/tests/loading/bad-server-subframe-expected.txt: Added.
+        * platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt:
+        * platform/wk2/http/tests/loading/redirect-with-no-location-crash-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/loading/server-redirect-for-provisional-load-caching-expected.txt: Added.
+        * platform/wk2/http/tests/loading/slow-parsing-subframe-expected.txt: Added.
+        * platform/wk2/http/tests/misc/will-send-request-returns-null-on-redirect-expected.txt: Added.
+        * platform/wk2/http/tests/misc/window-dot-stop-expected.txt: Added.
+        * platform/wk2/http/tests/navigation/redirect-preserves-fragment-expected.txt: Added.
+        * platform/wk2/http/tests/navigation/redirect-to-fragment-expected.txt: Added.
+        * platform/wk2/http/tests/navigation/redirect-to-invalid-url-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-allowall-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-invalid-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-conflict-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-allow-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-allow-expected.txt: Added.
+        * platform/wk2/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt: Added.
+        * platform/wk2/http/tests/security/blocked-on-redirect-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/data-url-iframe-in-main-frame-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-iframe-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-inherited-policy-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-javascript-url-iframe-in-iframe-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-xslt-document-in-iframe-with-inherited-policy-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-with-inherited-policy-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-redirect-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt: Added.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/http-0.9/iframe-blocked-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/about-blank-iframe-in-main-frame-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/data-url-iframe-in-main-frame-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/mixedContent/data-url-script-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/mixedContent/empty-url-plugin-in-frame-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/insecure-css-with-secure-cookies-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/insecure-form-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/mixedContent/insecure-form-in-main-frame-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/mixedContent/javascript-url-form-in-main-frame-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt: Added.
+        * platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/inspector/page/frameScheduledNavigation-expected.txt: Added.
+        * platform/wk2/loader/go-back-cached-main-resource-expected.txt: Added.
+        * platform/wk2/webarchive/loading/mainresource-null-mimetype-crash-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/webarchive/loading/test-loading-archive-expected.txt: Copied from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+        * platform/wk2/webarchive/loading/video-in-webarchive-expected.txt: Renamed from LayoutTests/platform/mac/webarchive/loading/mainresource-null-mimetype-crash-expected.txt.
+
 2018-03-21  Said Abou-Hallawa  <sabouhallawa@apple.com>
 
         Disconnect the SVGPathSegList items from their SVGPathElement before rebuilding a new list
index 02fc746..62cc4db 100644 (file)
@@ -1759,6 +1759,9 @@ imported/w3c/web-platform-tests/workers/worker-performance.worker.html [ Pass Fa
 
 webkit.org/b/183390 http/wpt/html/browsers/history/the-location-interface/location-protocol-setter-non-broken-async-delegate.html [ DumpJSConsoleLogInStdErr Pass Failure ]
 
+# We sometimes get 2 console log messages about CSP instead of 1 due to preloading.
+http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame.html [ DumpJSConsoleLogInStdErr ]
+
 media/event-queue-crash.html [ DumpJSConsoleLogInStdErr ]
 
 webkit.org/b/172243 imported/w3c/web-platform-tests/IndexedDB/idbdatabase-createObjectStore-exception-order.htm [ Pass Failure ]
index effc711..039002e 100644 (file)
@@ -3,7 +3,6 @@ main frame - didFinishDocumentLoadForFrame
 main frame - didHandleOnloadEventsForFrame
 main frame - didFinishLoadForFrame
 main frame - didCommitLoadForFrame
-CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/style.css because 'block-all-mixed-content' appears in the Content Security Policy.
 main frame - didFinishDocumentLoadForFrame
 main frame - didHandleOnloadEventsForFrame
 main frame - didFinishLoadForFrame
index 5db80e9..c9c7a7f 100644 (file)
@@ -1,7 +1,7 @@
 main frame - didStartProvisionalLoadForFrame
 main frame - didCommitLoadForFrame
-frame "f1" - didStartProvisionalLoadForFrame
 main frame - didFinishDocumentLoadForFrame
+frame "f1" - didStartProvisionalLoadForFrame
 frame "f1" - didCommitLoadForFrame
 frame "f1" - didFinishDocumentLoadForFrame
 frame "f1" - didHandleOnloadEventsForFrame
diff --git a/LayoutTests/platform/mac-wk2/http/tests/loading/simple-subframe-expected.txt b/LayoutTests/platform/mac-wk2/http/tests/loading/simple-subframe-expected.txt
new file mode 100644 (file)
index 0000000..b38d062
--- /dev/null
@@ -0,0 +1,28 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "f1" - didStartProvisionalLoadForFrame
+frame "f1" - didCommitLoadForFrame
+frame "f1" - didFinishDocumentLoadForFrame
+frame "f1" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "f1" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+layer at (0,0) size 800x600
+  RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+  RenderBlock {HTML} at (0,0) size 800x600
+    RenderBody {BODY} at (8,8) size 784x584
+      RenderText {#text} at (0,0) size 496x18
+        text run at (0,0) width 496: "This is a test of load callbacks. It is only useful inside the regression test tool."
+      RenderBR {BR} at (495,14) size 1x0
+      RenderIFrame {IFRAME} at (0,18) size 304x154 [border: (2px inset #000000)]
+        layer at (0,0) size 300x150
+          RenderView at (0,0) size 300x150
+        layer at (0,0) size 300x150
+          RenderBlock {HTML} at (0,0) size 300x150
+            RenderBody {BODY} at (8,8) size 284x134
+              RenderInline {B} at (0,0) size 24x18
+                RenderText {#text} at (0,0) size 24x18
+                  text run at (0,0) width 24: "test"
+      RenderText {#text} at (0,0) size 0x0
diff --git a/LayoutTests/platform/wk2/fast/loader/fragment-navigation-base-blank-expected.txt b/LayoutTests/platform/wk2/fast/loader/fragment-navigation-base-blank-expected.txt
new file mode 100644 (file)
index 0000000..7ee00a5
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didChangeLocationWithinPageForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+ALERT: Test finished due to hash change with a window count of 1
+
diff --git a/LayoutTests/platform/wk2/fast/loader/iframe-meta-refresh-base-blank-expected.txt b/LayoutTests/platform/wk2/fast/loader/iframe-meta-refresh-base-blank-expected.txt
new file mode 100644 (file)
index 0000000..b06dcaf
--- /dev/null
@@ -0,0 +1,17 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - willPerformClientRedirectToURL: resources/notify-done-with-window-count.html 
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCancelClientRedirectForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+ALERT: Finishing test with a window count of 1
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+
diff --git a/LayoutTests/platform/wk2/fast/loader/iframe-set-location-base-blank-expected.txt b/LayoutTests/platform/wk2/fast/loader/iframe-set-location-base-blank-expected.txt
new file mode 100644 (file)
index 0000000..54613e9
--- /dev/null
@@ -0,0 +1,17 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - willPerformClientRedirectToURL: resources/notify-done-with-window-count.html 
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCancelClientRedirectForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+ALERT: Finishing test with a window count of 1
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+
diff --git a/LayoutTests/platform/wk2/fast/loader/main-document-url-for-non-http-loads-expected.txt b/LayoutTests/platform/wk2/fast/loader/main-document-url-for-non-http-loads-expected.txt
new file mode 100644 (file)
index 0000000..38e9276
--- /dev/null
@@ -0,0 +1,6 @@
+main-document-url-for-non-http-loads.html - didFinishLoading
+resources/subframe-notify-done.html - willSendRequest <NSURLRequest URL resources/subframe-notify-done.html, main document URL main-document-url-for-non-http-loads.html, http method GET> redirectResponse (null)
+resources/subframe-notify-done.html - didReceiveResponse <NSURLResponse resources/subframe-notify-done.html, http status code 0>
+Radar 6616664 - Non-HTTP/HTTPS loads need to have their main document URL set.
+When run in DumpRenderTree, this test will dump the resource load callback for the following subframe to make sure it had its main document URL set in its NSURLRequest.
+
diff --git a/LayoutTests/platform/wk2/fast/loader/refresh-iframe-base-blank-expected.txt b/LayoutTests/platform/wk2/fast/loader/refresh-iframe-base-blank-expected.txt
new file mode 100644 (file)
index 0000000..1fa8028
--- /dev/null
@@ -0,0 +1,17 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - willPerformClientRedirectToURL: resources/refresh-iframe-base-blank-frame.html 
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCancelClientRedirectForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+ALERT: Test finished with 1 windows
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+
diff --git a/LayoutTests/platform/wk2/fast/loader/subframe-removes-itself-expected.txt b/LayoutTests/platform/wk2/fast/loader/subframe-removes-itself-expected.txt
new file mode 100644 (file)
index 0000000..9e3d09b
--- /dev/null
@@ -0,0 +1,7 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFailLoadWithError
+main frame - didFinishLoadForFrame
+This tests a subframe that removes itself to make sure a delegate message to indicate the interrupted load fires. 
diff --git a/LayoutTests/platform/wk2/http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled-expected.txt b/LayoutTests/platform/wk2/http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled-expected.txt
new file mode 100644 (file)
index 0000000..f449e5a
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Unsafe attempt to load URL data:text/html,FAIL from document with Content-Disposition: attachment at URL http://127.0.0.1:8000/contentdispositionattachmentsandbox/resources/cross-origin-frames-frame.php.
+This test verifies that cross-origin frames are disabled when 'Content-Disposition: attachment' sandboxing is enabled. A security error will be logged to the console if the test passes.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/contentextensions/block-everything-unless-domain-expected.txt b/LayoutTests/platform/wk2/http/tests/contentextensions/block-everything-unless-domain-expected.txt
new file mode 100644 (file)
index 0000000..e02c071
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 5: helper loaded
+CONSOLE MESSAGE: Content blocker prevented frame displaying http://localhost:8000/contentextensions/resources/should-not-load.html from loading a resource from http://localhost:8000/contentextensions/resources/should-not-load.html
+CONSOLE MESSAGE: line 13: PASS - blocked the load
+
index 0801b1e..91867ff 100644 (file)
@@ -1,7 +1,7 @@
 main frame - didStartProvisionalLoadForFrame
 main frame - didCommitLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
 main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
 frame "<!--framePath //<!--frame0-->-->" - didReceiveServerRedirectForProvisionalLoadForFrame
 127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with httpUsername:httpPassword
 frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
diff --git a/LayoutTests/platform/wk2/http/tests/loading/bad-server-subframe-expected.txt b/LayoutTests/platform/wk2/http/tests/loading/bad-server-subframe-expected.txt
new file mode 100644 (file)
index 0000000..c46ab9a
--- /dev/null
@@ -0,0 +1,10 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "f1" - didStartProvisionalLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "f1" - didFailProvisionalLoadWithError
+main frame - didFinishLoadForFrame
+This is a test of load callbacks. It is only useful inside the regression test tool.
+It also assumes there is no web server running locally on port 54321.
+
index 575c050..b1cbd18 100644 (file)
@@ -1,7 +1,7 @@
 main frame - didStartProvisionalLoadForFrame
 main frame - didCommitLoadForFrame
-frame "frame" - didStartProvisionalLoadForFrame
 main frame - didFinishDocumentLoadForFrame
+frame "frame" - didStartProvisionalLoadForFrame
 127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with webkit:rocks
 frame "frame" - didCommitLoadForFrame
 frame "frame" - didFinishDocumentLoadForFrame
diff --git a/LayoutTests/platform/wk2/http/tests/loading/redirect-with-no-location-crash-expected.txt b/LayoutTests/platform/wk2/http/tests/loading/redirect-with-no-location-crash-expected.txt
new file mode 100644 (file)
index 0000000..7a3dd0d
--- /dev/null
@@ -0,0 +1,12 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didReceiveTitle: Test for https://bugs.webkit.org/show_bug.cgi?id=29293
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+
diff --git a/LayoutTests/platform/wk2/http/tests/loading/server-redirect-for-provisional-load-caching-expected.txt b/LayoutTests/platform/wk2/http/tests/loading/server-redirect-for-provisional-load-caching-expected.txt
new file mode 100644 (file)
index 0000000..5e68ee8
--- /dev/null
@@ -0,0 +1,29 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+http://127.0.0.1:8000/loading/server-redirect-for-provisional-load-caching.html - didFinishLoading
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+http://127.0.0.1:8000/loading/resources/server-redirect.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/server-redirect.php, main document URL http://127.0.0.1:8000/loading/server-redirect-for-provisional-load-caching.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/loading/resources/server-redirect.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/server-redirect-result.html, main document URL http://127.0.0.1:8000/loading/server-redirect-for-provisional-load-caching.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/server-redirect.php, http status code 301>
+frame "<!--framePath //<!--frame0-->-->" - didReceiveServerRedirectForProvisionalLoadForFrame
+http://127.0.0.1:8000/loading/resources/server-redirect.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/server-redirect-result.html, http status code 200>
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - willPerformClientRedirectToURL: http://127.0.0.1:8000/loading/resources/server-redirect.php 
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+http://127.0.0.1:8000/loading/resources/server-redirect.php - didFinishLoading
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+http://127.0.0.1:8000/loading/resources/server-redirect.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/server-redirect.php, main document URL http://127.0.0.1:8000/loading/server-redirect-for-provisional-load-caching.html, http method GET> redirectResponse (null)
+frame "<!--framePath //<!--frame0-->-->" - didReceiveServerRedirectForProvisionalLoadForFrame
+http://127.0.0.1:8000/loading/resources/server-redirect.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/server-redirect-result.html, http status code 200>
+frame "<!--framePath //<!--frame0-->-->" - didCancelClientRedirectForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+http://127.0.0.1:8000/loading/resources/server-redirect.php - didFinishLoading
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+Test passes if the second redirection which is loaded from the cache dispatches didReceiveServerRedirectForProvisionalLoadForFrame.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/loading/slow-parsing-subframe-expected.txt b/LayoutTests/platform/wk2/http/tests/loading/slow-parsing-subframe-expected.txt
new file mode 100644 (file)
index 0000000..a54c618
--- /dev/null
@@ -0,0 +1,12 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "f1" - didStartProvisionalLoadForFrame
+frame "f1" - didCommitLoadForFrame
+frame "f1" - didFinishDocumentLoadForFrame
+frame "f1" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "f1" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This tests that we get frame load callbacks in the proper order when a subframe is parsed and created from within a timer callback.  
+
diff --git a/LayoutTests/platform/wk2/http/tests/misc/will-send-request-returns-null-on-redirect-expected.txt b/LayoutTests/platform/wk2/http/tests/misc/will-send-request-returns-null-on-redirect-expected.txt
new file mode 100644 (file)
index 0000000..72b1107
--- /dev/null
@@ -0,0 +1,8 @@
+http://127.0.0.1:8000/misc/will-send-request-returns-null-on-redirect.html - didFinishLoading
+http://127.0.0.1:8000/misc/resources/redirect-to-http-url.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/misc/resources/redirect-to-http-url.php, main document URL http://127.0.0.1:8000/misc/will-send-request-returns-null-on-redirect.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/misc/resources/redirect-to-http-url.php - willSendRequest <NSURLRequest URL http://www.example.com/, main document URL http://127.0.0.1:8000/misc/will-send-request-returns-null-on-redirect.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/misc/resources/redirect-to-http-url.php, http status code 302>
+Returning null for this redirect
+http://127.0.0.1:8000/misc/resources/redirect-to-http-url.php - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999>
+https://bugs.webkit.org/show_bug.cgi?id=27595
+This test checks to make sure that things behave as expected when the resource load delegate returns null in response to willSendRequest.
+
diff --git a/LayoutTests/platform/wk2/http/tests/misc/window-dot-stop-expected.txt b/LayoutTests/platform/wk2/http/tests/misc/window-dot-stop-expected.txt
new file mode 100644 (file)
index 0000000..edbfa53
--- /dev/null
@@ -0,0 +1,4 @@
+http://127.0.0.1:8000/misc/window-dot-stop.html - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://127.0.0.1:8000/misc/window-dot-stop.html">
+This tests for the successful use of window.stop()
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/navigation/redirect-preserves-fragment-expected.txt b/LayoutTests/platform/wk2/http/tests/navigation/redirect-preserves-fragment-expected.txt
new file mode 100644 (file)
index 0000000..4917455
--- /dev/null
@@ -0,0 +1,7 @@
+http://127.0.0.1:8000/navigation/redirect-preserves-fragment.html - didFinishLoading
+http://127.0.0.1:8000/navigation/resources/redirect-preserves-fragment.php#foo - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/navigation/resources/redirect-preserves-fragment.php#foo, main document URL http://127.0.0.1:8000/navigation/redirect-preserves-fragment.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/navigation/resources/redirect-preserves-fragment.php#foo - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/navigation/resources/success.html#foo, main document URL http://127.0.0.1:8000/navigation/redirect-preserves-fragment.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/navigation/resources/redirect-preserves-fragment.php#foo, http status code 302>
+http://127.0.0.1:8000/navigation/resources/redirect-preserves-fragment.php#foo - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/navigation/resources/success.html#foo, http status code 200>
+Test passes if WebKit preserves the request fragment identifier after the redirection.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/navigation/redirect-to-fragment-expected.txt b/LayoutTests/platform/wk2/http/tests/navigation/redirect-to-fragment-expected.txt
new file mode 100644 (file)
index 0000000..2505893
--- /dev/null
@@ -0,0 +1,7 @@
+http://127.0.0.1:8000/navigation/redirect-to-fragment.html - didFinishLoading
+http://127.0.0.1:8000/navigation/resources/redirect-to-fragment.php#foo - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/navigation/resources/redirect-to-fragment.php#foo, main document URL http://127.0.0.1:8000/navigation/redirect-to-fragment.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/navigation/resources/redirect-to-fragment.php#foo - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/navigation/resources/success.html#bar, main document URL http://127.0.0.1:8000/navigation/redirect-to-fragment.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/navigation/resources/redirect-to-fragment.php#foo, http status code 302>
+http://127.0.0.1:8000/navigation/resources/redirect-to-fragment.php#foo - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/navigation/resources/success.html#bar, http status code 200>
+Test passes if WebKit ignores the request fragment identifier after the redirect to a url with a fragment identifier.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/navigation/redirect-to-invalid-url-expected.txt b/LayoutTests/platform/wk2/http/tests/navigation/redirect-to-invalid-url-expected.txt
new file mode 100644 (file)
index 0000000..a1b0584
--- /dev/null
@@ -0,0 +1,6 @@
+http://127.0.0.1:8000/navigation/redirect-to-invalid-url.html - didFinishLoading
+http://127.0.0.1:8000/navigation/resources/redirect-to-invalid-url-frame.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/navigation/resources/redirect-to-invalid-url-frame.php, main document URL http://127.0.0.1:8000/navigation/redirect-to-invalid-url.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/navigation/resources/redirect-to-invalid-url-frame.php - didFailLoadingWithError: <NSError domain WebKitErrorDomain, code 101, failing URL "http://127.0.0.1:8000/navigation/resources/redirect-to-invalid-url-frame.php">
+Test passes if WebKit doesn't request the redirected URL.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-allowall-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-allowall-expected.txt
new file mode 100644 (file)
index 0000000..77a67b8
--- /dev/null
@@ -0,0 +1,11 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-allowall.html - didFinishLoading
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-allowall.cgi - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-allowall.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-allowall.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-allowall.cgi - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-allowall.cgi, http status code 200>
+The frame below should load, and 'ALLOWALL' should be accepted as a valid header.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+PASS: This text should show up.
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt
new file mode 100644 (file)
index 0000000..747f85a
--- /dev/null
@@ -0,0 +1,14 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny.html - didFinishLoading
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny.html, http method GET> redirectResponse (null)
+CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi' in a frame because it set 'X-Frame-Options' to 'deny'.
+CONSOLE MESSAGE: line 14: SecurityError: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: line 15: PASS: Could not read contentWindow.location.href
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi">
+There should be no content in the iframe below
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-expected.txt
new file mode 100644 (file)
index 0000000..f2c0612
--- /dev/null
@@ -0,0 +1,13 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag.html - didFinishLoading
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html, http status code 200>
+CONSOLE MESSAGE: line 3: The X-Frame-Option 'deny' supplied in a <meta> element was ignored. X-Frame-Options may only be provided by an HTTP header sent with the document.
+CONSOLE MESSAGE: line 15: PASS: Could read contentWindow.location.href
+There should be content in the iframe below
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+PASS: This should be displayed.
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body-expected.txt
new file mode 100644 (file)
index 0000000..7a66ae1
--- /dev/null
@@ -0,0 +1,15 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body.html - didFinishLoading
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html, http status code 200>
+CONSOLE MESSAGE: line 6: The X-Frame-Option 'deny' supplied in a <meta> element was ignored. X-Frame-Options may only be provided by an HTTP header sent with the document.
+CONSOLE MESSAGE: line 15: PASS: Could read contentWindow.location.href
+There should be content in the iframe below
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+PASS: This should be displayed.
+
+PASS: This should also be displayed.
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow-expected.txt
new file mode 100644 (file)
index 0000000..10ba5f0
--- /dev/null
@@ -0,0 +1,13 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow.html - didFinishLoading
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-allow.html - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-allow.html, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-allow.html - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-allow.html, http status code 200>
+CONSOLE MESSAGE: line 3: The X-Frame-Option 'sameorigin' supplied in a <meta> element was ignored. X-Frame-Options may only be provided by an HTTP header sent with the document.
+ALERT: PASS: onload fired.
+There should be content in the iframe below
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+PASS: This should show up as the parent is in the same origin.
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny-expected.txt
new file mode 100644 (file)
index 0000000..579eef2
--- /dev/null
@@ -0,0 +1,14 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny.html - didFinishLoading
+http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html - willSendRequest <NSURLRequest URL http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny.html, http method GET> redirectResponse (null)
+http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html - didReceiveResponse <NSURLResponse http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html, http status code 200>
+CONSOLE MESSAGE: line 3: The X-Frame-Option 'sameorigin' supplied in a <meta> element was ignored. X-Frame-Options may only be provided by an HTTP header sent with the document.
+CONSOLE MESSAGE: line 18: SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 19: FAIL: Could not read contentWindow.location.href
+There should be content in the iframe below
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+PASS: This should show up even though the parent is not in the same origin because we should be ignoring the meta tag.
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-invalid-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-invalid-expected.txt
new file mode 100644 (file)
index 0000000..949552e
--- /dev/null
@@ -0,0 +1,12 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-invalid.html - didFinishLoading
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-invalid.cgi - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-invalid.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-invalid.html, http method GET> redirectResponse (null)
+CONSOLE MESSAGE: Invalid 'X-Frame-Options' header encountered when loading 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-invalid.cgi': 'INVALID INVALID INVALID' is not a recognized directive. The header will be ignored.
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-invalid.cgi - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-invalid.cgi, http status code 200>
+The frame below should load, and a console message should be generated that notes the invalid header.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+PASS: This text should show up.
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-conflict-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-conflict-expected.txt
new file mode 100644 (file)
index 0000000..07959b8
--- /dev/null
@@ -0,0 +1,13 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-multiple-headers-conflict.html - didFinishLoading
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-conflict.cgi - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-conflict.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-multiple-headers-conflict.html, http method GET> redirectResponse (null)
+CONSOLE MESSAGE: Multiple 'X-Frame-Options' headers with conflicting values ('ALLOWALL, DENY') encountered when loading 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-conflict.cgi'. Falling back to 'DENY'.
+CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-conflict.cgi' in a frame because it set 'X-Frame-Options' to 'ALLOWALL, DENY'.
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-conflict.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-conflict.cgi">
+The frame below should not load, and a console message should be generated that notes the invalid header.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-allow-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-allow-expected.txt
new file mode 100644 (file)
index 0000000..1547b4b
--- /dev/null
@@ -0,0 +1,11 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-allow.html - didFinishLoading
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-allow.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi, http status code 200>
+The frame below should load, proving that 'sameorigin, sameorigin' === 'sameorigin'.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+This page should load iff it's same origin with it's parent.
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt
new file mode 100644 (file)
index 0000000..523bab9
--- /dev/null
@@ -0,0 +1,14 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html - didFinishLoading
+http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi - willSendRequest <NSURLRequest URL http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html, http method GET> redirectResponse (null)
+CONSOLE MESSAGE: Refused to display 'http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, SAMEORIGIN'.
+CONSOLE MESSAGE: line 21: SecurityError: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: line 22: PASS: Could not read contentWindow.location.href
+http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi">
+The frame below should not load, proving that 'sameorigin, sameorigin' === 'sameorigin'.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-allow-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-allow-expected.txt
new file mode 100644 (file)
index 0000000..4cba6bf
--- /dev/null
@@ -0,0 +1,11 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-parent-same-origin-allow.html - didFinishLoading
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-parent-same-origin-allow.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi, http status code 200>
+There should be content in the iframe below
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+PASS: This should show up as the parent is in the same origin.
diff --git a/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt b/LayoutTests/platform/wk2/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt
new file mode 100644 (file)
index 0000000..7c98914
--- /dev/null
@@ -0,0 +1,14 @@
+http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html - didFinishLoading
+http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi - willSendRequest <NSURLRequest URL http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html, http method GET> redirectResponse (null)
+CONSOLE MESSAGE: Refused to display 'http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
+CONSOLE MESSAGE: line 18: SecurityError: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
+CONSOLE MESSAGE: line 19: PASS: Could not read contentWindow.location.href
+http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi">
+There should be no content in the iframe below
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/blocked-on-redirect-expected.txt b/LayoutTests/platform/wk2/http/tests/security/blocked-on-redirect-expected.txt
new file mode 100644 (file)
index 0000000..49e4f97
--- /dev/null
@@ -0,0 +1,5 @@
+http://127.0.0.1:8000/security/blocked-on-redirect.html - didFinishLoading
+http://127.0.0.1:8000/resources/redirect.php?code=307&url=http://localhost:25/security/resources/post-done.html - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/resources/redirect.php?code=307&url=http://localhost:25/security/resources/post-done.html, main document URL http://127.0.0.1:8000/security/blocked-on-redirect.html, http method GET> redirectResponse (null)
+CONSOLE MESSAGE: Not allowed to use restricted network port: http://localhost:25/security/resources/post-done.html
+http://127.0.0.1:8000/resources/redirect.php?code=307&url=http://localhost:25/security/resources/post-done.html - didFailLoadingWithError: <NSError domain WebKitErrorDomain, code 103, failing URL "http://localhost:25/security/resources/post-done.html">
+This test produces output in the console. Only the initial URL should be logged. 
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/data-url-iframe-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/data-url-iframe-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..b072759
--- /dev/null
@@ -0,0 +1,17 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test opens a window and loads an insecure iframe using a data URL. We should *not* trigger a mixed content block because the data URL cannot be corrupted by an active network attacker.
+
+PASS did load data URL iframe.
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..0061f8c
--- /dev/null
@@ -0,0 +1,30 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/style.css because 'block-all-mixed-content' appears in the Content Security Policy.
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/style.css because 'block-all-mixed-content' appears in the Content Security Policy.
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure stylesheet. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+This background color should be white.
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css.html
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: 
+lineNumber: 0
+columnNumber: 0
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
new file mode 100644 (file)
index 0000000..caf660f
--- /dev/null
@@ -0,0 +1,32 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: [Report Only] Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/style.css because 'block-all-mixed-content' appears in the Content Security Policy.
+CONSOLE MESSAGE: line 9: [blocked] The page at https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php was not allowed to run insecure content from http://127.0.0.1:8000/security/mixedContent/resources/style.css.
+
+frame "<!--framePath //<!--frame0-->-->" - willPerformClientRedirectToURL: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php 
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCancelClientRedirectForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure stylesheet. We should trigger a mixed content block even though the child frame has a report only CSP block-all-mixed-content directive because an active network attacker can use CSS3 to breach the confidentiality of the HTTPS security origin.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+CSP report received:
+CONTENT_TYPE: application/csp-report
+HTTP_HOST: 127.0.0.1:8443
+HTTP_REFERER: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php
+REQUEST_METHOD: POST
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php
+=== POST DATA ===
+{"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html","violated-directive":"block-all-mixed-content","effective-directive":"block-all-mixed-content","original-policy":"block-all-mixed-content; report-uri ../../resources/save-report.php?test=/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css-report-only.php","blocked-uri":"http://127.0.0.1:8000","status-code":0}}
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..a8f9ace
--- /dev/null
@@ -0,0 +1,22 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window and loads an insecure stylesheet. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
+
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css.html
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: 
+lineNumber: 0
+columnNumber: 0
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..59c422c
--- /dev/null
@@ -0,0 +1,25 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/resources/fail.html because 'block-all-mixed-content' appears in the Content Security Policy.
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didFailProvisionalLoadWithError
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure iframe. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->/<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..352aa4d
--- /dev/null
@@ -0,0 +1,14 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/resources/fail.html because 'block-all-mixed-content' appears in the Content Security Policy.
+frame "<!--framePath //<!--frame0-->-->" - didFailProvisionalLoadWithError
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window and loads an insecure iframe. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..46ca150
--- /dev/null
@@ -0,0 +1,29 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/resources/compass.jpg because 'block-all-mixed-content' appears in the Content Security Policy.
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure image. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image.html
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: 
+lineNumber: 0
+columnNumber: 0
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies-expected.txt
new file mode 100644 (file)
index 0000000..fc71e34
--- /dev/null
@@ -0,0 +1,31 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: The Content Security Policy 'block-all-mixed-content' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header.
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/resources/compass.jpg because 'block-all-mixed-content' appears in the Content Security Policy.
+CONSOLE MESSAGE: [Report Only] Blocked mixed content http://127.0.0.1:8000/security/resources/compass.jpg because 'block-all-mixed-content' appears in the Content Security Policy.
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure image. We should trigger a mixed content block because the child frame has an CSP directive block-all-mixed-content in an enforced policy.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image-with-enforced-and-report-policies.php
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: 
+lineNumber: 0
+columnNumber: 0
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-inherited-policy-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-inherited-policy-expected.txt
new file mode 100644 (file)
index 0000000..6aad4db
--- /dev/null
@@ -0,0 +1,18 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: line 1: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image.html was not allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure image. We should trigger a mixed content block because the child frame inherited the CSP directive block-all-mixed-content from the main frame.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-javascript-url-iframe-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-javascript-url-iframe-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..5faf94b
--- /dev/null
@@ -0,0 +1,25 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didFinishLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/resources/compass.jpg because 'block-all-mixed-content' appears in the Content Security Policy.
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure image inside a JavaScript URL iframe. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content and a JavaScript URL executes in the same origin as its embedding document.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->/<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..3584076
--- /dev/null
@@ -0,0 +1,23 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/resources/compass.jpg because 'block-all-mixed-content' appears in the Content Security Policy.
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window and loads an insecure image. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
+
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image.html
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: 
+lineNumber: 0
+columnNumber: 0
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-xslt-document-in-iframe-with-inherited-policy-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-xslt-document-in-iframe-with-inherited-policy-expected.txt
new file mode 100644 (file)
index 0000000..221c2ab
--- /dev/null
@@ -0,0 +1,19 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+CONSOLE MESSAGE: line 2: [blocked] The page at https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image-in-xslt-document.xml was not allowed to display insecure content from http://127.0.0.1:8000/security/resources/compass.jpg.
+
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure image from an XSLT transformed document. We should trigger a mixed content block because the child frame inherited the CSP directive block-all-mixed-content from the main frame.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..88b2f7d
--- /dev/null
@@ -0,0 +1,29 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/dummy.swf because 'block-all-mixed-content' appears in the Content Security Policy.
+This test loads a secure iframe that loads an insecure plugin. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-plugin.html
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: 
+lineNumber: 0
+columnNumber: 0
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..adfe9b3
--- /dev/null
@@ -0,0 +1,23 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/dummy.swf because 'block-all-mixed-content' appears in the Content Security Policy.
+This test opens a window and loads an insecure plugin. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
+
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-plugin.html
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: 
+lineNumber: 0
+columnNumber: 0
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..9195be2
--- /dev/null
@@ -0,0 +1,28 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/script.js because 'block-all-mixed-content' appears in the Content Security Policy.
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure external script. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-script.html
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: 
+lineNumber: 0
+columnNumber: 0
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-with-inherited-policy-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-with-inherited-policy-expected.txt
new file mode 100644 (file)
index 0000000..bd9cf7b
--- /dev/null
@@ -0,0 +1,18 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-script.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
+
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure external script. We should trigger a mixed content block because the child frame inherited the CSP directive block-all-mixed-content from the main frame.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..18e1ae4
--- /dev/null
@@ -0,0 +1,23 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/security/mixedContent/resources/script.js because 'block-all-mixed-content' appears in the Content Security Policy.
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window and loads an insecure external script. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
+
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-script.html
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: 
+lineNumber: 0
+columnNumber: 0
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..65c6b54
--- /dev/null
@@ -0,0 +1,29 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi because 'block-all-mixed-content' appears in the Content Security Policy.
+CONSOLE MESSAGE: line 30: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi. Not allowed to request resource
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads insecure data via asynchronous XHR. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html?asynchronous
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html?asynchronous
+lineNumber: 30
+columnNumber: 9
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..549810f
--- /dev/null
@@ -0,0 +1,24 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi because 'block-all-mixed-content' appears in the Content Security Policy.
+CONSOLE MESSAGE: line 30: XMLHttpRequest cannot load http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi. Not allowed to request resource
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window and loads insecure data via asynchronous XHR. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
+
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html?asynchronous
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html?asynchronous
+lineNumber: 30
+columnNumber: 9
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..9feb76d
--- /dev/null
@@ -0,0 +1,28 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi because 'block-all-mixed-content' appears in the Content Security Policy.
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads insecure data via synchronous XHR. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html
+lineNumber: 30
+columnNumber: 9
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..4dfbf0a
--- /dev/null
@@ -0,0 +1,23 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: Blocked mixed content http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi because 'block-all-mixed-content' appears in the Content Security Policy.
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window and loads insecure data via synchronous XHR. We should trigger a mixed content block because the main frame in the window has CSP directive block-all-mixed-content.
+
+documentURI: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html
+referrer: http://127.0.0.1:8000/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame.html
+blockedURI: http://127.0.0.1:8000
+violatedDirective: block-all-mixed-content
+effectiveDirective: block-all-mixed-content
+originalPolicy: block-all-mixed-content
+sourceFile: https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-xhr.html
+lineNumber: 30
+columnNumber: 9
+statusCode: 0
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..f651f98
--- /dev/null
@@ -0,0 +1,17 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure image. We should *not* trigger a mixed content block even though the child frame has CSP directive block-all-mixed-content because the insecure image is upgraded to a secure image as the child frame has CSP directive upgrade-insecure-requests.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
+PASS did load image.
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-redirect-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-redirect-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..8f57e51
--- /dev/null
@@ -0,0 +1,17 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure image via a redirect. We should *not* trigger a mixed content block even though the child frame has CSP directive block-all-mixed-content because the redirected insecure image is upgraded to a secure image as the child frame has CSP directive upgrade-insecure-requests.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
+PASS did load image.
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
new file mode 100644 (file)
index 0000000..9a55940
--- /dev/null
@@ -0,0 +1,8 @@
+CONSOLE MESSAGE: The page at about:srcdoc was allowed to display insecure content from http://localhost:8000/security/resources/post-origin-to-parent.html.
+
+
+
+PASS Same-host frames are upgraded. 
+PASS Cross-host frames are upgraded. 
+PASS Upgrade policy does NOT cascade to nested, cross-host frames. 
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt
new file mode 100644 (file)
index 0000000..d966a52
--- /dev/null
@@ -0,0 +1,19 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+ALERT: PASS
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didCommitLoadForFrame
+ALERT: PASS
+ALERT: PASS
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didFinishLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe with the 'upgrade-insecure-requests' header. The secure frame has an insecure script reference, which will get upgraded. The secure frame does a secure load of another frame. This other frame specifies an insecure load of this same script. If the nested subresource logic is working properly, the non-secure load in the second nested frame should be upgraded, even though that frame does not use the 'upgrade-insecure-requests' header, because it had been previously upgraded by an enclosing context. The frame two-layers deep also loads a second script using HTTP. This should also be upgraded to HTTPS, since the nested frame inherits the 'upgrade-insecure-request' from its parent.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..a1b1f74
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure style sheet. We should upgrade the CSS request to HTTPS, and thereby avoid triggering a mixed content callback.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..dbb835d
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should upgrade the script request, and thereby avoid triggering a mixed content callback.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..ee1860b
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should upgrade the relevant requests.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/http-0.9/iframe-blocked-expected.txt b/LayoutTests/platform/wk2/http/tests/security/http-0.9/iframe-blocked-expected.txt
new file mode 100644 (file)
index 0000000..783bac5
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFailProvisionalLoadWithError
+main frame - didFinishLoadForFrame
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/about-blank-iframe-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/about-blank-iframe-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..963f70a
--- /dev/null
@@ -0,0 +1,19 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+frame "<!--framePath //<!--frame1-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame1-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame1-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame1-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame1-->-->" - didFinishLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window iframe that loads an about:blank iframe. We should *not* trigger a mixed content callback because the about:blank iframes cannot be corrupted by active network attackers.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/data-url-iframe-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/data-url-iframe-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..a827c1d
--- /dev/null
@@ -0,0 +1,14 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test opens a window iframe that loads a data URL iframe. We should *not* trigger a mixed content callback because the data URL cannot be corrupted by active network attackers.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/data-url-script-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/data-url-script-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..d42f087
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads a data URL script. We should *not* trigger a mixed content callback because the data URL cannot be corrupted by an active network attacker.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/empty-url-plugin-in-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/empty-url-plugin-in-frame-expected.txt
new file mode 100644 (file)
index 0000000..caaae79
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads a plugin without a URL. We should *not* get a mixed content callback because the plug-in cannot be controlled by an active network attacker.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..891b4e2
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-css.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/style.css.
+
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure style sheet. We should trigger a mixed content callback because an active network attacker can use CSS3 to breach the confidentiality of the HTTPS security origin.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..d2d1994
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-css.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/style.css.
+
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure style sheet. We should trigger a mixed content callback because the main frame in the window is HTTPS but is running insecure content.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-css-with-secure-cookies-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-css-with-secure-cookies-expected.txt
new file mode 100644 (file)
index 0000000..27642de
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: line 6: secureCookie=yes
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-css-secure-cookies.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/greenbox-hotspot5-4.cur.
+
+didDisplayInsecureContent
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads a secure style sheet with insecure cursor content after reading secure cookies. This should be allowed because loading of the insecure cursor does not pose a security risk since it can only affect the display.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-expected.txt
new file mode 100644 (file)
index 0000000..c1af5a9
--- /dev/null
@@ -0,0 +1,12 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: line 6: secureCookie=yes
+CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-executable-css-with-secure-cookies.html was not allowed to run insecure content from http://127.0.0.1:8080/security/resources/insecure.css.
+
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads a secure style sheet with insecure content after reading secure cookies. This should block loading of the insecure content since secure cookie was read.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-form-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-form-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..0a2e6e5
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that has a form with an insecure action. We should *not* get a mixed content callback because the main frame is HTTP and the form doesn't contaminate the child iframe's security origin with mixed content.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-form-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-form-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..78ce4d5
--- /dev/null
@@ -0,0 +1,12 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: line 3: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-form.html contains a form which targets an insecure URL http://127.0.0.1:8080/resources/doesnotexist.
+
+didDisplayInsecureContent
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that has a form with an non-https action. We should trigger a mixed content callback because the main frame in the window is HTTPS but is running insecure content.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..aebf78e
--- /dev/null
@@ -0,0 +1,16 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->/<!--frame0-->-->" - didFinishLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure iframe. We should *not* get a mixed content callback becase the main frame is HTTP and the grandchild iframe doesn't contaminate the child iframe's security origin with mixed content.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..fd63c94
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: [blocked] The page at about:blank was not allowed to display insecure content from http://127.0.0.1:8080/security/mixedContent/resources/boring.html.
+
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFailProvisionalLoadWithError
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure iframe. We should trigger a mixed content callback because the main frame in the window is HTTPS but is displaying insecure content.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..27f9bfe
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure image. We should *not* get a mixed content callback becase the main frame is HTTP and the image doesn't contaminate the child iframe's security origin with mixed content.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/javascript-url-form-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/javascript-url-form-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..9f0804e
--- /dev/null
@@ -0,0 +1,9 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that has a form with an action that is a javascript: url. We should *not* trigger a mixed content callback because the javascript: URL cannot be corrupted by active network attackers.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..9033663
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: [blocked] The page at about:blank was not allowed to display insecure content from http://127.0.0.1:8080/resources/redirect.php?url=https://127.0.0.1:8443/security/mixedContent/resources/boring.html.
+
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFailProvisionalLoadWithError
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure iframe (via a tricky redirect). We should trigger a mixed content callback because the main frame in the window is HTTPS but is displaying content that can be controlled by an active network attacker.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..26f323a
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-http-to-https-script.html was not allowed to run insecure content from http://127.0.0.1:8080/resources/redirect.php?url=https://127.0.0.1:8443/security/mixedContent/resources/script.js.
+
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should trigger a mixed content callback because an active network attacker could have redirected the script load to https://attacker.com.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
new file mode 100644 (file)
index 0000000..2b1f8a0
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: [blocked] The page at about:blank was not allowed to display insecure content from http://127.0.0.1:8080/security/mixedContent/resources/boring.html.
+
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFailProvisionalLoadWithError
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure iframe (via a tricky redirect). We should trigger a mixed content callback because the main frame in the window is HTTPS but is displaying content that can be controlled by an active network attacker.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-expected.txt
new file mode 100644 (file)
index 0000000..4dd8ea4
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie-block.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+didDisplayInsecureContent
+CONSOLE MESSAGE: line 8: secureCookie=yes
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure image (via a tricky redirect) and then tries to read a secure cookie. This should block the secure cookie from being read because insecure content was loaded while loading a main frame.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt
new file mode 100644 (file)
index 0000000..3368819
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: line 4: secureCookie=yes
+main frame - didFinishDocumentLoadForFrame
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+didDisplayInsecureContent
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that reads a secure cookie and then loads an insecure image (via a tricky redirect). This should not block the insecure image from loading even though a secure cookie was accessed, because an insecure image can only affect pixels on screen, not expose private data.
diff --git a/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt b/LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt
new file mode 100644 (file)
index 0000000..ffad8bb
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-script.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
+
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should trigger a mixed content callback because an active network attacker can end up controling the script.
+
+
diff --git a/LayoutTests/platform/wk2/http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt b/LayoutTests/platform/wk2/http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt
new file mode 100644 (file)
index 0000000..fe88d6b
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/script-tag-with-callbacks.html&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+didDetectXSS
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+
diff --git a/LayoutTests/platform/wk2/inspector/page/frameScheduledNavigation-expected.txt b/LayoutTests/platform/wk2/inspector/page/frameScheduledNavigation-expected.txt
new file mode 100644 (file)
index 0000000..b1a52a5
--- /dev/null
@@ -0,0 +1,5 @@
+
+Scheduled navigation with delay 0
+Cleared scheduled navigation
+Started loading
+
diff --git a/LayoutTests/platform/wk2/loader/go-back-cached-main-resource-expected.txt b/LayoutTests/platform/wk2/loader/go-back-cached-main-resource-expected.txt
new file mode 100644 (file)
index 0000000..3aebba2
--- /dev/null
@@ -0,0 +1,25 @@
+go-back-cached-main-resource.html - didFinishLoading
+resources/first-page.html - willSendRequest <NSURLRequest URL resources/first-page.html, main document URL resources/first-page.html, http method GET> redirectResponse (null)
+resources/first-page.html - didReceiveResponse <NSURLResponse resources/first-page.html, http status code 0>
+resources/first-page.html - didFinishLoading
+resources/other-page.html - willSendRequest <NSURLRequest URL resources/other-page.html, main document URL resources/other-page.html, http method GET> redirectResponse (null)
+resources/other-page.html - didReceiveResponse <NSURLResponse resources/other-page.html, http status code 0>
+resources/other-page.html - didFinishLoading
+resources/first-page.html - willSendRequest <NSURLRequest URL resources/first-page.html, main document URL resources/first-page.html, http method GET> redirectResponse (null)
+resources/first-page.html - didReceiveResponse <NSURLResponse resources/first-page.html, http status code 0>
+resources/first-page.html - didFinishLoading
+resources/other-page.html - willSendRequest <NSURLRequest URL resources/other-page.html, main document URL resources/other-page.html, http method GET> redirectResponse (null)
+resources/other-page.html - didReceiveResponse <NSURLResponse resources/other-page.html, http status code 0>
+resources/other-page.html - didFinishLoading
+resources/first-page.html - willSendRequest <NSURLRequest URL resources/first-page.html, main document URL resources/first-page.html, http method GET> redirectResponse (null)
+resources/first-page.html - didReceiveResponse <NSURLResponse resources/first-page.html, http status code 0>
+resources/first-page.html - didFinishLoading
+This test check the following situation:
+
+First you navigate to a page (first-page.html).
+Then you go to another page (other-page.html).
+You repeat previous steps again (going to first-page.html and then to other-page.html).
+Finally you click back.
+The problem was that the resource load callbacks when going back to the cached main resource were not being called.
+
+See bug #112418.
@@ -1,8 +1,8 @@
 main frame - didStartProvisionalLoadForFrame
 main frame - didCommitLoadForFrame
 main frame - didFinishDocumentLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
 main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
 frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
 frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
 frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
diff --git a/LayoutTests/platform/wk2/webarchive/loading/missing-data-expected.txt b/LayoutTests/platform/wk2/webarchive/loading/missing-data-expected.txt
new file mode 100644 (file)
index 0000000..a135fd7
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+
diff --git a/LayoutTests/platform/wk2/webarchive/loading/object-expected.txt b/LayoutTests/platform/wk2/webarchive/loading/object-expected.txt
new file mode 100644 (file)
index 0000000..36ccc70
--- /dev/null
@@ -0,0 +1,18 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - willPerformClientRedirectToURL: resources/object.webarchive 
+main frame - didFinishDocumentLoadForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCancelClientRedirectForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+Loading this webarchive with an object should not crash.
+
diff --git a/LayoutTests/platform/wk2/webarchive/loading/test-loading-archive-expected.txt b/LayoutTests/platform/wk2/webarchive/loading/test-loading-archive-expected.txt
new file mode 100644 (file)
index 0000000..4df3278
--- /dev/null
@@ -0,0 +1,14 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+test-loading-archive.html - didFinishLoading
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+resources/helloworld.webarchive - willSendRequest <NSURLRequest URL resources/helloworld.webarchive, main document URL test-loading-archive.html, http method GET> redirectResponse (null)
+resources/helloworld.webarchive - didReceiveResponse <NSURLResponse resources/helloworld.webarchive, http status code 0>
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+ This tests that doing a "normal load" of a webarchive (not using loadArchive) does not cause a cancelled error to be called.
diff --git a/LayoutTests/platform/wk2/webarchive/loading/test-loading-archive-subresource-null-mimetype-expected.txt b/LayoutTests/platform/wk2/webarchive/loading/test-loading-archive-subresource-null-mimetype-expected.txt
new file mode 100644 (file)
index 0000000..5f3c930
--- /dev/null
@@ -0,0 +1,18 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+test-loading-archive-subresource-null-mimetype.html - didFinishLoading
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+resources/subresource-null-mimetype.webarchive - willSendRequest <NSURLRequest URL resources/subresource-null-mimetype.webarchive, main document URL test-loading-archive-subresource-null-mimetype.html, http method GET> redirectResponse (null)
+resources/subresource-null-mimetype.webarchive - didReceiveResponse <NSURLResponse resources/subresource-null-mimetype.webarchive, http status code 0>
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+test.png - willSendRequest <NSURLRequest URL test.png, main document URL test-loading-archive-subresource-null-mimetype.html, http method GET> redirectResponse (null)
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+resources/subresource-null-mimetype.webarchive - didFinishLoading
+test.png - didReceiveResponse <NSURLResponse test.png, http status code 0>
+test.png - didFinishLoading
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+ This tests that doing a normal load of a webarchive with a null mimetype for a subresource does not crash.
diff --git a/LayoutTests/platform/wk2/webarchive/loading/video-in-webarchive-expected.txt b/LayoutTests/platform/wk2/webarchive/loading/video-in-webarchive-expected.txt
new file mode 100644 (file)
index 0000000..8d54921
--- /dev/null
@@ -0,0 +1,17 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - willPerformClientRedirectToURL: resources/video-in-webarchive.webarchive 
+main frame - didFinishDocumentLoadForFrame
+main frame - didFinishLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didCancelClientRedirectForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFailLoadWithError
+main frame - didFinishLoadForFrame
+
index d76fb63..6739f41 100644 (file)
@@ -1,5 +1,29 @@
 2018-03-21  Chris Dumez  <cdumez@apple.com>
 
+        Make policy decisions asynchronous
+        https://bugs.webkit.org/show_bug.cgi?id=180568
+        <rdar://problem/37131297>
+
+        Reviewed by Alex Christensen.
+
+        Get rid of synchronous IPC and synchronous code paths for policy delegates.
+        Policy decisions are now all made asynchronously and rely on asynchronous
+        IPC.
+
+        This code change is based on work by Alex Christensen.
+
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::receivedPolicyDecision):
+        (WebKit::WebPageProxy::decidePolicyForNavigationAction):
+        (WebKit::WebPageProxy::decidePolicyForResponse):
+        * UIProcess/WebPageProxy.h:
+        * UIProcess/WebPageProxy.messages.in:
+        * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+        (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):
+        (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
+
+2018-03-21  Chris Dumez  <cdumez@apple.com>
+
         ScrollViewInsetTests.RestoreInitialContentOffsetAfterCrash API test is failing with async delegates
         https://bugs.webkit.org/show_bug.cgi?id=183787
 
index 398470b..4a06eff 100644 (file)
@@ -2357,8 +2357,7 @@ void WebPageProxy::receivedPolicyDecision(PolicyAction action, WebFrameProxy& fr
     DownloadID downloadID = { };
     if (action == PolicyAction::Download) {
         // Create a download proxy.
-        const ResourceRequest& downloadRequest = m_decidePolicyForResponseRequest ? *m_decidePolicyForResponseRequest : ResourceRequest();
-        DownloadProxy* download = m_process->processPool().createDownloadProxy(downloadRequest, this);
+        auto* download = m_process->processPool().createDownloadProxy(m_decidePolicyForResponseRequest, this);
         if (navigation) {
             download->setWasUserInitiated(navigation->wasUserInitiated());
             download->setRedirectChain(navigation->takeRedirectChain());
@@ -2366,15 +2365,7 @@ void WebPageProxy::receivedPolicyDecision(PolicyAction action, WebFrameProxy& fr
 
         downloadID = download->downloadID();
         handleDownloadRequest(download);
-    }
-
-    // If we received a policy decision while in decidePolicyForResponse the decision will
-    // be sent back to the web process by decidePolicyForResponse.
-    if (m_inDecidePolicyForResponseSync) {
-        m_syncMimeTypePolicyActionIsValid = true;
-        m_syncMimeTypePolicyAction = action;
-        m_syncMimeTypePolicyDownloadID = downloadID;
-        return;
+        m_decidePolicyForResponseRequest = { };
     }
 
     auto* activePolicyListener = frame.activePolicyListenerProxy();
@@ -2392,16 +2383,6 @@ void WebPageProxy::receivedPolicyDecision(PolicyAction action, WebFrameProxy& fr
         }
     }
 
-    // If we received a policy decision while in decidePolicyForNavigationAction the decision will 
-    // be sent back to the web process by decidePolicyForNavigationAction. 
-    if (m_inDecidePolicyForNavigationAction) {
-        m_syncNavigationActionPolicyActionIsValid = true;
-        m_syncNavigationActionPolicyAction = action;
-        m_syncNavigationActionPolicyDownloadID = downloadID;
-        m_syncNavigationActionPolicyWebsitePolicies = WTFMove(websitePolicies);
-        return;
-    }
-    
     m_process->send(Messages::WebPage::DidReceivePolicyDecision(frame.frameID(), listenerID, action, navigation ? navigation->navigationID() : 0, downloadID, websitePolicies), m_pageID);
 }
 
@@ -3813,7 +3794,7 @@ void WebPageProxy::frameDidBecomeFrameSet(uint64_t frameID, bool value)
         m_frameSetLargestFrame = value ? m_mainFrame : 0;
 }
 
-void WebPageProxy::decidePolicyForNavigationAction(uint64_t frameID, const SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&& navigationActionData, const FrameInfoData& originatingFrameInfoData, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, ResourceRequest&& request, uint64_t listenerID, const UserData& userData, bool& receivedPolicyAction, uint64_t& newNavigationID, WebCore::PolicyAction& policyAction, DownloadID& downloadID, std::optional<WebsitePoliciesData>& websitePolicies)
+void WebPageProxy::decidePolicyForNavigationAction(uint64_t frameID, const SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&& navigationActionData, const FrameInfoData& originatingFrameInfoData, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, ResourceRequest&& request, uint64_t listenerID, const UserData& userData)
 {
     LOG(Loading, "WebPageProxy::didStartProvisionalLoadForFrame - Target url %s", originalRequest.url().string().utf8().data());
 
@@ -3830,6 +3811,7 @@ void WebPageProxy::decidePolicyForNavigationAction(uint64_t frameID, const Secur
     MESSAGE_CHECK_URL(request.url());
     MESSAGE_CHECK_URL(originalRequest.url());
     
+    uint64_t newNavigationID { 0 };
     Ref<WebFramePolicyListenerProxy> listener = frame->setUpPolicyListenerProxy(listenerID, PolicyListenerType::NavigationAction);
     if (!navigationID) {
         auto navigation = m_navigationState->createLoadRequestNavigation(ResourceRequest(request));
@@ -3839,24 +3821,17 @@ void WebPageProxy::decidePolicyForNavigationAction(uint64_t frameID, const Secur
         listener->setNavigation(WTFMove(navigation));
     } else {
         auto& navigation = m_navigationState->navigation(navigationID);
+        newNavigationID = navigationID;
         navigation.setWasUserInitiated(!!navigationActionData.userGestureTokenIdentifier);
         navigation.setShouldForceDownload(!navigationActionData.downloadAttribute.isNull());
         listener->setNavigation(navigation);
     }
 
 #if ENABLE(CONTENT_FILTERING)
-    if (frame->didHandleContentFilterUnblockNavigation(request)) {
-        receivedPolicyAction = true;
-        policyAction = PolicyAction::Ignore;
-        return;
-    }
+    if (frame->didHandleContentFilterUnblockNavigation(request))
+        return receivedPolicyDecision(PolicyAction::Ignore, *frame, listenerID, &m_navigationState->navigation(newNavigationID), { });
 #endif
 
-    ASSERT(!m_inDecidePolicyForNavigationAction);
-    
-    m_inDecidePolicyForNavigationAction = true;
-    m_syncNavigationActionPolicyActionIsValid = false;
-
     WebFrameProxy* originatingFrame = m_process->webFrame(originatingFrameInfoData.frameID);
 
     if (m_navigationClient) {
@@ -3877,15 +3852,6 @@ void WebPageProxy::decidePolicyForNavigationAction(uint64_t frameID, const Secur
         m_policyClient->decidePolicyForNavigationAction(*this, frame, WTFMove(navigationActionData), originatingFrame, originalRequest, WTFMove(request), WTFMove(listener), m_process->transformHandlesToObjects(userData.object()).get());
 
     m_shouldSuppressAppLinksInNextNavigationPolicyDecision = false;
-    m_inDecidePolicyForNavigationAction = false;
-
-    // Check if we received a policy decision already. If we did, we can just pass it back.
-    receivedPolicyAction = m_syncNavigationActionPolicyActionIsValid;
-    if (m_syncNavigationActionPolicyActionIsValid) {
-        policyAction = m_syncNavigationActionPolicyAction;
-        downloadID = m_syncNavigationActionPolicyDownloadID;
-        websitePolicies = WTFMove(m_syncNavigationActionPolicyWebsitePolicies);
-    }
 }
 
 void WebPageProxy::decidePolicyForNewWindowAction(uint64_t frameID, const SecurityOriginData& frameSecurityOrigin, NavigationActionData&& navigationActionData, ResourceRequest&& request, const String& frameName, uint64_t listenerID, const UserData& userData)
@@ -3917,6 +3883,8 @@ void WebPageProxy::decidePolicyForResponse(uint64_t frameID, const SecurityOrigi
 {
     PageClientProtector protector(m_pageClient);
 
+    m_decidePolicyForResponseRequest = request;
+
     WebFrameProxy* frame = m_process->webFrame(frameID);
     MESSAGE_CHECK(frame);
     MESSAGE_CHECK_URL(request.url());
@@ -3935,29 +3903,6 @@ void WebPageProxy::decidePolicyForResponse(uint64_t frameID, const SecurityOrigi
         m_policyClient->decidePolicyForResponse(*this, *frame, response, request, canShowMIMEType, WTFMove(listener), m_process->transformHandlesToObjects(userData.object()).get());
 }
 
-void WebPageProxy::decidePolicyForResponseSync(uint64_t frameID, const SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, const ResourceResponse& response, const ResourceRequest& request, bool canShowMIMEType, uint64_t listenerID, const UserData& userData, bool& receivedPolicyAction, WebCore::PolicyAction& policyAction, DownloadID& downloadID)
-{
-    PageClientProtector protector(m_pageClient);
-
-    ASSERT(!m_inDecidePolicyForResponseSync);
-
-    m_inDecidePolicyForResponseSync = true;
-    m_decidePolicyForResponseRequest = &request;
-    m_syncMimeTypePolicyActionIsValid = false;
-    
-    decidePolicyForResponse(frameID, frameSecurityOrigin, navigationID, response, request, canShowMIMEType, listenerID, userData);
-    
-    m_inDecidePolicyForResponseSync = false;
-    m_decidePolicyForResponseRequest = nullptr;
-    
-    // Check if we received a policy decision already. If we did, we can just pass it back.
-    receivedPolicyAction = m_syncMimeTypePolicyActionIsValid;
-    if (m_syncMimeTypePolicyActionIsValid) {
-        policyAction = m_syncMimeTypePolicyAction;
-        downloadID = m_syncMimeTypePolicyDownloadID;
-    }
-}
-
 void WebPageProxy::unableToImplementPolicy(uint64_t frameID, const ResourceError& error, const UserData& userData)
 {
     PageClientProtector protector(m_pageClient);
index ac6adc4..dc59498 100644 (file)
@@ -1364,10 +1364,9 @@ private:
 
     void didDestroyNavigation(uint64_t navigationID);
 
-    void decidePolicyForNavigationAction(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&&, const FrameInfoData&, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&&, uint64_t listenerID, const UserData&, bool& receivedPolicyAction, uint64_t& newNavigationID, WebCore::PolicyAction&, DownloadID&, std::optional<WebsitePoliciesData>&);
+    void decidePolicyForNavigationAction(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&&, const FrameInfoData&, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&&, uint64_t listenerID, const UserData&);
     void decidePolicyForNewWindowAction(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, NavigationActionData&&, WebCore::ResourceRequest&&, const String& frameName, uint64_t listenerID, const UserData&);
     void decidePolicyForResponse(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, const WebCore::ResourceResponse&, const WebCore::ResourceRequest&, bool canShowMIMEType, uint64_t listenerID, const UserData&);
-    void decidePolicyForResponseSync(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, const WebCore::ResourceResponse&, const WebCore::ResourceRequest&, bool canShowMIMEType, uint64_t listenerID, const UserData&, bool& receivedPolicyAction, WebCore::PolicyAction&, DownloadID&);
     void unableToImplementPolicy(uint64_t frameID, const WebCore::ResourceError&, const UserData&);
 
     void willSubmitForm(uint64_t frameID, uint64_t sourceFrameID, const Vector<std::pair<String, String>>& textFieldValues, uint64_t listenerID, const UserData&);
@@ -1925,17 +1924,7 @@ private:
     bool m_isInPrintingMode { false };
     bool m_isPerformingDOMPrintOperation { false };
 
-    bool m_inDecidePolicyForResponseSync { false };
-    const WebCore::ResourceRequest* m_decidePolicyForResponseRequest { nullptr };
-    bool m_syncMimeTypePolicyActionIsValid { false };
-    WebCore::PolicyAction m_syncMimeTypePolicyAction { WebCore::PolicyAction::Use };
-    DownloadID m_syncMimeTypePolicyDownloadID { 0 };
-    bool m_inDecidePolicyForNavigationAction { false };
-    bool m_syncNavigationActionPolicyActionIsValid { false };
-    WebCore::PolicyAction m_syncNavigationActionPolicyAction { WebCore::PolicyAction::Use };
-    DownloadID m_syncNavigationActionPolicyDownloadID { 0 };
-    std::optional<WebsitePoliciesData> m_syncNavigationActionPolicyWebsitePolicies;
-
+    WebCore::ResourceRequest m_decidePolicyForResponseRequest;
     bool m_shouldSuppressAppLinksInNextNavigationPolicyDecision { false };
 
     Deque<NativeWebKeyboardEvent> m_keyEventQueue;
index 061fea0..0c39083 100644 (file)
@@ -98,8 +98,8 @@ messages -> WebPageProxy {
 #endif
 
     # Policy messages
-    DecidePolicyForResponseSync(uint64_t frameID, struct WebCore::SecurityOriginData frameSecurityOrigin, uint64_t navigationID, WebCore::ResourceResponse response, WebCore::ResourceRequest request, bool canShowMIMEType, uint64_t listenerID, WebKit::UserData userData) -> (bool receivedPolicyAction, enum WebCore::PolicyAction policyAction, WebKit::DownloadID downloadID)
-    DecidePolicyForNavigationAction(uint64_t frameID, struct WebCore::SecurityOriginData frameSecurityOrigin, uint64_t navigationID, struct WebKit::NavigationActionData navigationActionData, struct WebKit::FrameInfoData originatingFrameInfoData, uint64_t originatingPageID, WebCore::ResourceRequest originalRequest, WebCore::ResourceRequest request, uint64_t listenerID, WebKit::UserData userData) -> (bool receivedPolicyAction, uint64_t newNavigationID, enum WebCore::PolicyAction policyAction, WebKit::DownloadID downloadID, std::optional<WebKit::WebsitePoliciesData> websitePolicies)
+    DecidePolicyForResponse(uint64_t frameID, struct WebCore::SecurityOriginData frameSecurityOrigin, uint64_t navigationID, WebCore::ResourceResponse response, WebCore::ResourceRequest request, bool canShowMIMEType, uint64_t listenerID, WebKit::UserData userData)
+    DecidePolicyForNavigationAction(uint64_t frameID, struct WebCore::SecurityOriginData frameSecurityOrigin, uint64_t navigationID, struct WebKit::NavigationActionData navigationActionData, struct WebKit::FrameInfoData originatingFrameInfoData, uint64_t originatingPageID, WebCore::ResourceRequest originalRequest, WebCore::ResourceRequest request, uint64_t listenerID, WebKit::UserData userData)
     DecidePolicyForNewWindowAction(uint64_t frameID, struct WebCore::SecurityOriginData frameSecurityOrigin, struct WebKit::NavigationActionData navigationActionData, WebCore::ResourceRequest request, String frameName, uint64_t listenerID, WebKit::UserData userData)
     UnableToImplementPolicy(uint64_t frameID, WebCore::ResourceError error, WebKit::UserData userData)
 
index 73a4d7e..3fbb17d 100644 (file)
@@ -748,19 +748,9 @@ void WebFrameLoaderClient::dispatchDecidePolicyForResponse(const ResourceRespons
 
     Ref<WebFrame> protector(*m_frame);
     uint64_t listenerID = m_frame->setUpPolicyListener(WTFMove(function), WebFrame::ForNavigationAction::No);
-    bool receivedPolicyAction;
-    PolicyAction policyAction;
-    DownloadID downloadID;
-
     auto navigationID = static_cast<WebDocumentLoader&>(*policyDocumentLoader).navigationID();
-    if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForResponseSync(m_frame->frameID(), SecurityOriginData::fromFrame(coreFrame), navigationID, response, request, canShowMIMEType, listenerID, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())), Messages::WebPageProxy::DecidePolicyForResponseSync::Reply(receivedPolicyAction, policyAction, downloadID), Seconds::infinity(), IPC::SendSyncOption::InformPlatformProcessWillSuspend)) {
+    if (!webPage->send(Messages::WebPageProxy::DecidePolicyForResponse(m_frame->frameID(), SecurityOriginData::fromFrame(coreFrame), navigationID, response, request, canShowMIMEType, listenerID, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()))))
         m_frame->didReceivePolicyDecision(listenerID, PolicyAction::Ignore, 0, { }, { });
-        return;
-    }
-
-    // We call this synchronously because CFNetwork can only convert a loading connection to a download from its didReceiveResponse callback.
-    if (receivedPolicyAction)
-        m_frame->didReceivePolicyDecision(listenerID, policyAction, 0, downloadID, { });
 }
 
 void WebFrameLoaderClient::dispatchDecidePolicyForNewWindowAction(const NavigationAction& navigationAction, const ResourceRequest& request, FormState* formState, const String& frameName, FramePolicyFunction&& function)
@@ -847,10 +837,6 @@ void WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const Navigat
     }
     
     uint64_t listenerID = m_frame->setUpPolicyListener(WTFMove(function), WebFrame::ForNavigationAction::Yes);
-    bool receivedPolicyAction;
-    uint64_t newNavigationID;
-    PolicyAction policyAction;
-    DownloadID downloadID;
 
     ASSERT(navigationAction.sourceDocument());
     const Document& sourceDocument = *navigationAction.sourceDocument();
@@ -889,15 +875,8 @@ void WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const Navigat
 
     // Notify the UIProcess.
     Ref<WebFrame> protect(*m_frame);
-    std::optional<WebsitePoliciesData> websitePolicies;
-    if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForNavigationAction(m_frame->frameID(), SecurityOriginData::fromFrame(coreFrame), documentLoader->navigationID(), navigationActionData, originatingFrameInfoData, originatingFrame && originatingFrame->page() ? originatingFrame->page()->pageID() : 0, navigationAction.resourceRequest(), request, listenerID, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())), Messages::WebPageProxy::DecidePolicyForNavigationAction::Reply(receivedPolicyAction, newNavigationID, policyAction, downloadID, websitePolicies))) {
+    if (!webPage->send(Messages::WebPageProxy::DecidePolicyForNavigationAction(m_frame->frameID(), SecurityOriginData::fromFrame(coreFrame), documentLoader->navigationID(), navigationActionData, originatingFrameInfoData, originatingFrame && originatingFrame->page() ? originatingFrame->page()->pageID() : 0, navigationAction.resourceRequest(), request, listenerID, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()))))
         m_frame->didReceivePolicyDecision(listenerID, PolicyAction::Ignore, 0, { }, { });
-        return;
-    }
-
-    // We call this synchronously because WebCore cannot gracefully handle a frame load without a synchronous navigation policy reply.
-    if (receivedPolicyAction)
-        m_frame->didReceivePolicyDecision(listenerID, policyAction, newNavigationID, downloadID, WTFMove(websitePolicies));
 }
 
 void WebFrameLoaderClient::didDecidePolicyForNavigationAction()
index fb12c2a..ab76a85 100644 (file)
@@ -116,8 +116,9 @@ TEST(WKWebView, LoadAlternateHTMLStringFromProvisionalLoadErrorBackToBack)
 
         isDone = false;
         TestWebKitAPI::Util::run(&isDone);
-        // In success, we should only start 3 provisional loads: 2 for the loadRequest, and *only 1* for the _loadAlternateHTMLString.
-        EXPECT_EQ(3, provisionalLoadCount);
+        // In success, we should only start 2 provisional loads: 1 for the second loadRequest, and 1 for the _loadAlternateHTMLString.
+        // The second loadRequest cancels the first one before its provisional load starts.
+        EXPECT_EQ(2, provisionalLoadCount);
     }
 }