REGRESSION (r222795): Nike app "Refused to set unsafe header" when adding and viewing...
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 5 Feb 2018 20:46:46 +0000 (20:46 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 5 Feb 2018 20:46:46 +0000 (20:46 +0000)
https://bugs.webkit.org/show_bug.cgi?id=182491
<rdar://problem/36533447>

Reviewed by Brent Fulgham.

Exempt Nike from the XHR header restrictions in r222795.

Following r222795 only Dashboard widgets are allowed to set arbitrary XHR headers.
However Nike also depends on such functionality.

Source/WebCore:

* platform/RuntimeApplicationChecks.h:
* platform/cocoa/RuntimeApplicationChecksCocoa.mm:
(WebCore::IOSApplication::isNike):

Source/WebKit:

* UIProcess/API/Cocoa/WKWebView.mm:
(shouldAllowSettingAnyXHRHeaderFromFileURLs):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@228114 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/RuntimeApplicationChecks.h
Source/WebCore/platform/cocoa/RuntimeApplicationChecksCocoa.mm
Source/WebKit/ChangeLog
Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm

index c89dccc..e3cca47 100644 (file)
@@ -1,3 +1,20 @@
+2018-02-05  Daniel Bates  <dabates@apple.com>
+
+        REGRESSION (r222795): Nike app "Refused to set unsafe header" when adding and viewing cart
+        https://bugs.webkit.org/show_bug.cgi?id=182491
+        <rdar://problem/36533447>
+
+        Reviewed by Brent Fulgham.
+
+        Exempt Nike from the XHR header restrictions in r222795.
+
+        Following r222795 only Dashboard widgets are allowed to set arbitrary XHR headers.
+        However Nike also depends on such functionality.
+
+        * platform/RuntimeApplicationChecks.h:
+        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
+        (WebCore::IOSApplication::isNike):
+
 2018-02-02  Brent Fulgham  <bfulgham@apple.com>
 
         Improve NetworkResourceLoader logging so it can be used for 'setCookiesFromDOM'
index d19d682..af4890d 100644 (file)
@@ -84,6 +84,7 @@ bool isIBooks();
 bool isIBooksStorytime();
 WEBCORE_EXPORT bool isTheSecretSocietyHiddenMystery();
 WEBCORE_EXPORT bool isCardiogram();
+WEBCORE_EXPORT bool isNike();
 
 } // IOSApplication
 
index b49594c..58626ee 100644 (file)
@@ -242,6 +242,12 @@ bool IOSApplication::isCardiogram()
     return isCardiogram;
 }
 
+bool IOSApplication::isNike()
+{
+    static bool isNike = applicationBundleIsEqualTo("com.nike.omega");
+    return isNike;
+}
+
 #endif
 
 } // namespace WebCore
index 432674b..9017b82 100644 (file)
@@ -1,3 +1,19 @@
+2018-02-05  Daniel Bates  <dabates@apple.com>
+
+        REGRESSION (r222795): Nike app "Refused to set unsafe header" when adding and viewing cart
+        https://bugs.webkit.org/show_bug.cgi?id=182491
+        <rdar://problem/36533447>
+
+        Reviewed by Brent Fulgham.
+
+        Exempt Nike from the XHR header restrictions in r222795.
+
+        Following r222795 only Dashboard widgets are allowed to set arbitrary XHR headers.
+        However Nike also depends on such functionality.
+
+        * UIProcess/API/Cocoa/WKWebView.mm:
+        (shouldAllowSettingAnyXHRHeaderFromFileURLs):
+
 2018-02-02  Brent Fulgham  <bfulgham@apple.com>
 
         Improve NetworkResourceLoader logging so it can be used for 'setCookiesFromDOM'
index a159c5c..943ef3c 100644 (file)
@@ -424,7 +424,7 @@ static bool shouldAllowPictureInPictureMediaPlayback()
 
 static bool shouldAllowSettingAnyXHRHeaderFromFileURLs()
 {
-    static bool shouldAllowSettingAnyXHRHeaderFromFileURLs = WebCore::IOSApplication::isCardiogram() && !linkedOnOrAfter(WebKit::SDKVersion::FirstThatDisallowsSettingAnyXHRHeaderFromFileURLs);
+    static bool shouldAllowSettingAnyXHRHeaderFromFileURLs = (WebCore::IOSApplication::isCardiogram() || WebCore::IOSApplication::isNike()) && !linkedOnOrAfter(WebKit::SDKVersion::FirstThatDisallowsSettingAnyXHRHeaderFromFileURLs);
     return shouldAllowSettingAnyXHRHeaderFromFileURLs;
 }