[Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 25 Apr 2017 20:26:13 +0000 (20:26 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 25 Apr 2017 20:26:13 +0000 (20:26 +0000)
https://bugs.webkit.org/show_bug.cgi?id=136452
<rdar://problem/23412620>

Reviewed by Brent Fulgham.

.:

Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.

* Source/cmake/OptionsMac.cmake:
* Source/cmake/OptionsWin.cmake:

LayoutTests/imported/w3c:

Update expected results now we support X-Content-Type-Options: nosniff.

* web-platform-tests/fetch/nosniff/parsing-nosniff-expected.txt:
* web-platform-tests/fetch/nosniff/script-expected.txt:
* web-platform-tests/fetch/nosniff/stylesheet-expected.txt:

Source/JavaScriptCore:

Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.

* Configurations/FeatureDefines.xcconfig:

Source/WebCore:

Enable support for X-Content-Type-Options: nosniff on Mac, iOS and Windows.

Additionally, honor X-Content-Type-Options: nosniff header for stylesheets as per
<https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff%3F> (30 March 2017).

Test: http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html

* Configurations/FeatureDefines.xcconfig:
* css/StyleSheetContents.cpp:
(WebCore::StyleSheetContents::parseAuthorStyleSheet): Log an error if the stylesheet
has the nosniff header and does not have a valid MIME type. Also update code for
renaming of MIMETypeCheck to MIMETypeCheckHint.
(WebCore::StyleSheetContents::notifyLoadedSheet): If the stylesheet is blocked by
nosniff then consider it analogous to a load error so that we dispatch a DOM error
event at the <style>/<link> element.
* dom/LoadableClassicScript.cpp:
(WebCore::LoadableClassicScript::notifyFinished): Modified the wording of the error
message when a script is disallowed by nosniff so as to more closely match the
wording used when a stylesheet is disallowed by nonsniff.
* loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::sheetText): Update for renaming of MIMETypeCheck
to MIMETypeCheckHint.
(WebCore::CachedCSSStyleSheet::responseMIMEType): Added.
(WebCore::CachedCSSStyleSheet::mimeTypeAllowedByNosniff): Added.
(WebCore::CachedCSSStyleSheet::canUseSheet): Modified to check if the X-Content-Type-Options: nosniff
header is in the HTTP response for the stylesheet. If it is then we can only use the stylesheet
if its content-type is "text/css". Otherwise, apply the existing criterion for determining whether
to to use the stylesheet.
* loader/cache/CachedCSSStyleSheet.h: Rename MIMETypeCheck to MIMETypeCheckHint to better
describe its purpose as a hint as to whether to enforce MIME type checking for the stylesheet.
Processing of the HTTP header X-Content-Type-Options takes precedence over this hint.
* loader/cache/CachedScript.h: Make mimeType() private.

Source/WebCore/PAL:

Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.

* Configurations/FeatureDefines.xcconfig:

Tools:

Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.

* Scripts/webkitperl/FeatureList.pm: Also do not enable nosniff on EFL
as the EFL port is no longer in the WebKit OpenSource repository.
* TestWebKitAPI/Configurations/FeatureDefines.xcconfig:

LayoutTests:

Unskip nosniff tests on Mac, iOS and Windows and update expected results now that
we support X-Content-Type-Options: nosniff.

Merge Blink test from <https://src.chromium.org/viewvc/blink?revision=168570&view=revision>.

* TestExpectations: Unskip all nosniff tests except imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html.
We need to fix <https://bugs.webkit.org/show_bug.cgi?id=171248> before we can unskip it.
When running the nosniff Web Platform Tests (WPT) dump console messages to standard error
to avoid a difference of console message ordering due to the non-determinism of the WPT
tests from affecting the matching of the expected result.
* http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt: Added.
* http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html: Copied from LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked.html.
* http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt: Update expected result.
* http/tests/security/contentTypeOptions/nosniff-script-blocked.html: Substitute the not executable
MIME type "text/xx-javascript" for "text/x-javascript" as the latter is an acceptable MIME type for
JavaScript scripts as per the Fetch standard, <https://html.spec.whatwg.org/multipage/scripting.html#javascript-mime-type> (30 March 2017).
* http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt: Update
expected result.
* platform/gtk/TestExpectations: Skip the nosniff tests as GTK does not enable ENABLE(NOSNIFF).
* platform/ios/TestExpectations: Unskip nosniff tests.
* platform/mac/TestExpectations: Ditto.
* platform/win/TestExpectations: Ditto.
* platform/wk2/TestExpectations: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@215753 268f45cc-cd09-0410-ab3c-d52691b4dbfc

37 files changed:
ChangeLog
LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt
LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked.html
LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt
LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff-expected.txt
LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/script-expected.txt
LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/stylesheet-expected.txt
LayoutTests/platform/gtk/TestExpectations
LayoutTests/platform/ios/TestExpectations
LayoutTests/platform/mac/TestExpectations
LayoutTests/platform/win/TestExpectations
LayoutTests/platform/wk2/TestExpectations
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig
Source/WebCore/ChangeLog
Source/WebCore/Configurations/FeatureDefines.xcconfig
Source/WebCore/PAL/ChangeLog
Source/WebCore/PAL/Configurations/FeatureDefines.xcconfig
Source/WebCore/css/StyleSheetContents.cpp
Source/WebCore/dom/LoadableClassicScript.cpp
Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp
Source/WebCore/loader/cache/CachedCSSStyleSheet.h
Source/WebCore/loader/cache/CachedScript.h
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/Configurations/FeatureDefines.xcconfig
Source/WebKit2/ChangeLog
Source/WebKit2/Configurations/FeatureDefines.xcconfig
Source/cmake/OptionsMac.cmake
Source/cmake/OptionsWin.cmake
Tools/ChangeLog
Tools/Scripts/webkitperl/FeatureList.pm
Tools/TestWebKitAPI/Configurations/FeatureDefines.xcconfig

index df99006..2a4d1db 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2017-04-25  Daniel Bates  <dabates@apple.com>
+
+        [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+        https://bugs.webkit.org/show_bug.cgi?id=136452
+        <rdar://problem/23412620>
+
+        Reviewed by Brent Fulgham.
+
+        Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+        * Source/cmake/OptionsMac.cmake:
+        * Source/cmake/OptionsWin.cmake:
+
 2017-04-24  Zan Dobersek  <zdobersek@igalia.com>
 
         Unreviewed follow-up to r215681.
index 0af2f7f..932ada1 100644 (file)
@@ -1,3 +1,35 @@
+2017-04-25  Daniel Bates  <dabates@apple.com>
+
+        [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+        https://bugs.webkit.org/show_bug.cgi?id=136452
+        <rdar://problem/23412620>
+
+        Reviewed by Brent Fulgham.
+
+        Unskip nosniff tests on Mac, iOS and Windows and update expected results now that
+        we support X-Content-Type-Options: nosniff.
+
+        Merge Blink test from <https://src.chromium.org/viewvc/blink?revision=168570&view=revision>.
+
+        * TestExpectations: Unskip all nosniff tests except imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html.
+        We need to fix <https://bugs.webkit.org/show_bug.cgi?id=171248> before we can unskip it.
+        When running the nosniff Web Platform Tests (WPT) dump console messages to standard error
+        to avoid a difference of console message ordering due to the non-determinism of the WPT
+        tests from affecting the matching of the expected result.
+        * http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt: Added.
+        * http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html: Copied from LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked.html.
+        * http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt: Update expected result.
+        * http/tests/security/contentTypeOptions/nosniff-script-blocked.html: Substitute the not executable
+        MIME type "text/xx-javascript" for "text/x-javascript" as the latter is an acceptable MIME type for
+        JavaScript scripts as per the Fetch standard, <https://html.spec.whatwg.org/multipage/scripting.html#javascript-mime-type> (30 March 2017).
+        * http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt: Update
+        expected result.
+        * platform/gtk/TestExpectations: Skip the nosniff tests as GTK does not enable ENABLE(NOSNIFF).
+        * platform/ios/TestExpectations: Unskip nosniff tests.
+        * platform/mac/TestExpectations: Ditto.
+        * platform/win/TestExpectations: Ditto.
+        * platform/wk2/TestExpectations: Ditto.
+
 2017-04-25  Ryan Haddad  <ryanhaddad@apple.com>
 
         Mark http/tests/inspector/network/resource-sizes-disk-cache.html as flaky.
index 36daa1c..835ce40 100644 (file)
@@ -352,8 +352,6 @@ webkit.org/b/168448 imported/w3c/web-platform-tests/resource-timing/rt-shared-re
 webkit.org/b/168448 imported/w3c/web-platform-tests/resource-timing/rt-shared-resource-in-workers.html [ Pass Failure ]
 imported/w3c/web-platform-tests/resource-timing/test_resource_timing.html [ Pass Failure ]
 
-webkit.org/b/157068 imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html [ Skip ]
-webkit.org/b/157145 imported/w3c/web-platform-tests/fetch/nosniff/stylesheet.html [ Failure Pass ]
 webkit.org/b/161312 imported/w3c/web-platform-tests/html/semantics/document-metadata/the-link-element/document-without-browsing-context.html [ Failure Pass ]
 
 # rdar://problem/30975761
@@ -1120,6 +1118,9 @@ fast/history/page-cache-with-opener.html [ Skip ]
 
 webkit.org/b/168238 imported/w3c/web-platform-tests/dom/events/EventListener-invoke-legacy.html [ Pass Failure ]
 
+# Ignore MIME type refused console messages when comparing nosniff tests results as their ordering is non-deterministic.
+imported/w3c/web-platform-tests/fetch/nosniff [ DumpJSConsoleLogInStdErr ]
+
 ########################################
 ### START OF -disabled tests
 
@@ -1294,3 +1295,5 @@ webkit.org/b/170704 webrtc/video-mute.html [ Pass Failure ]
 webkit.org/b/171031 imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-cl.htm [ Failure ]
 
 webkit.org/b/170701 webrtc/datachannel/bufferedAmountLowThreshold.html [ Pass Failure ]
+
+webkit.org/b/171248 imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html
diff --git a/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt b/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt
new file mode 100644 (file)
index 0000000..db48f6a
--- /dev/null
@@ -0,0 +1,11 @@
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/json' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+Check that script sent with an 'X-Content-Type-Options: nosniff' header is correctly blocked if the MIME type isn't scripty.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS window.scriptsSuccessfullyLoaded is 0
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html b/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html
new file mode 100644 (file)
index 0000000..4f79481
--- /dev/null
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>'X-Content-Type-Options: nosniff;' blocks scripts!</title>
+<body>
+    <script src="/js-test-resources/js-test-pre.js"></script>
+    <script>
+        description('Check that script sent with an \'X-Content-Type-Options: nosniff\' header is correctly blocked if the MIME type isn\'t scripty.');
+        window.jsTestIsAsync = true;
+
+        window.scriptsSuccessfullyLoaded = 0;
+    
+        var s = document.createElement('script');
+        s.src = './resources/script-with-header.pl?mime=application/json';
+        document.querySelector('head').appendChild(s);
+
+        window.onload = function () {
+            shouldBe('window.scriptsSuccessfullyLoaded', '0');
+            finishJSTest();
+        };
+    </script>
+    <script src="/js-test-resources/js-test-post.js"></script>
+</body>
+</html>
index 5e7382f..596a979 100644 (file)
@@ -1,9 +1,9 @@
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/json' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=image/png' because its MIME type ('image/png') is not executable, and strict MIME type checking is enabled.
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/html' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/vbs' because its MIME type ('text/vbs') is not executable, and strict MIME type checking is enabled.
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/vbscript' because its MIME type ('text/vbscript') is not executable, and strict MIME type checking is enabled.
-CONSOLE MESSAGE: line 30: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/x-javascript' because its MIME type ('text/x-javascript') is not executable, and strict MIME type checking is enabled.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/json' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=image/png' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/html' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/vbs' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/vbscript' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/xx-javascript' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
 Check that script sent with an 'X-Content-Type-Options: nosniff' header is correctly blocked if the MIME type isn't scripty.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
index af74b28..1c0975c 100644 (file)
@@ -14,7 +14,7 @@
             'text/html',
             'text/vbs',
             'text/vbscript',
-            'text/x-javascript',
+            'text/xx-javascript',
         ];
 
         window.scriptsSuccessfullyLoaded = 0;
index 94c5770..f7067a3 100644 (file)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 16: Refused to execute script from 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.
+CONSOLE MESSAGE: Did not load script at 'http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.
 Check that script sent with an 'X-Content-Type-Options: nosniff' header is correctly blocked if no 'Content-Type' header is present.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
index 464ac98..987e433 100644 (file)
@@ -1,3 +1,17 @@
+2017-04-25  Daniel Bates  <dabates@apple.com>
+
+        [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+        https://bugs.webkit.org/show_bug.cgi?id=136452
+        <rdar://problem/23412620>
+
+        Reviewed by Brent Fulgham.
+
+        Update expected results now we support X-Content-Type-Options: nosniff.
+
+        * web-platform-tests/fetch/nosniff/parsing-nosniff-expected.txt:
+        * web-platform-tests/fetch/nosniff/script-expected.txt:
+        * web-platform-tests/fetch/nosniff/stylesheet-expected.txt:
+
 2017-04-25  Frederic Wang  <fwang@igalia.com>
 
         Import W3C tests for the CSSOM View module
index b60a4ec..4742962 100644 (file)
@@ -1,6 +1,6 @@
 
 FAIL URL query: first assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: uppercase assert_unreached: Unexpected load event Reached unreachable code
+PASS URL query: uppercase 
 PASS URL query: last 
 PASS URL query: quoted 
 PASS URL query: quoted-single 
index e03346e..fd03fcf 100644 (file)
@@ -1,8 +1,8 @@
 
-FAIL URL query:  assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type= assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type=x assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type=x/x assert_unreached: Unexpected load event Reached unreachable code
+PASS URL query:  
+PASS URL query: ?type= 
+PASS URL query: ?type=x 
+PASS URL query: ?type=x/x 
 PASS URL query: ?type=text/javascript 
 PASS URL query: ?type=text/ecmascript 
 PASS URL query: ?type=text/ecmascript;blah 
index 36d9e36..15fd6a0 100644 (file)
@@ -1,8 +1,8 @@
 
-FAIL URL query:  assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type= assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type=x assert_unreached: Unexpected load event Reached unreachable code
-FAIL URL query: ?type=x/x assert_unreached: Unexpected load event Reached unreachable code
+PASS URL query:  
+PASS URL query: ?type= 
+PASS URL query: ?type=x 
+PASS URL query: ?type=x/x 
 PASS URL query: ?type=text/css 
 PASS URL query: ?type=text/css;blah 
 
index 855bb3e..daf1043 100644 (file)
@@ -76,6 +76,7 @@ Bug(GTK) fast/css/draggable-region-parser.html [ Failure ]
 
 # X-Content-Type-Options (ENABLE_NOSNIFF) is not enabled.
 webkit.org/b/71851 http/tests/security/contentTypeOptions [ Skip ]
+imported/w3c/web-platform-tests/fetch/nosniff [ Skip ]
 
 
 # Accelerated overflow scrolling (ENABLE_ACCELERATED_OVERFLOW_SCROLLING) is not enabled.
index 4dabd30..2a8ca18 100644 (file)
@@ -193,9 +193,6 @@ fast/history/page-cache-media-source-closed.html [ Skip ]
 fast/history/page-cache-media-source-opened.html [ Skip ]
 fast/history/page-cache-removed-source-buffer.html [ Skip ]
 
-# X-Content-Type-Options (ENABLE_NOSNIFF) is not enabled.
-webkit.org/b/136452 http/tests/security/contentTypeOptions
-
 # IndexedDB tests have numerous unexpected failures on iOS
 webkit.org/b/144475 storage/indexeddb
 
index fbced5b..5598f4f 100644 (file)
@@ -154,9 +154,6 @@ fast/forms/month
 fast/forms/time
 fast/forms/week
 
-# X-Content-Type-Options (ENABLE_NOSNIFF) is not enabled.
-webkit.org/b/136452 http/tests/security/contentTypeOptions
-
 # Media Stream API is not fully supported.
 fast/mediastream/MediaStream-add-ended-tracks.html
 
index 3ec0313..c303365 100644 (file)
@@ -325,9 +325,6 @@ fast/forms/file/open-file-panel.html [ Skip ]
 # ENABLE_GAMEPAD not enabled.
 gamepad/ [ Skip ]
 
-# X-Content-Type-Options (ENABLE_NOSNIFF) is not enabled.
-webkit.org/b/136452 http/tests/security/contentTypeOptions
-
 # TODO Userscripts stuff is not implemented
 webkit.org/b/140258 userscripts/ [ Skip ]
 userscripts/window-onerror-for-isolated-world-1.html [ Skip ]
@@ -2316,7 +2313,6 @@ http/tests/navigation/no-referrer-target-blank.html [ Failure ] # Easy
 http/tests/navigation/post-goback-same-url.html [ Failure ] # Easy
 http/tests/navigation/restore-form-state-https.html [ Failure ]
 http/tests/navigation/target-blank-opener.html [ Skip ] # Timeout
-http/tests/security/contentTypeOptions/nosniff-script-blocked.html [ Failure ]
 http/tests/security/cross-frame-access-call.html [ Failure ]
 http/tests/security/cross-frame-access-get.html [ Failure ]
 http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html [ Failure ]
index f540fe1..e112825 100644 (file)
@@ -352,9 +352,6 @@ http/tests/security/canvas-remote-read-remote-video-allowed-anonymous.html [ Fai
 http/tests/security/canvas-remote-read-remote-video-allowed-with-credentials.html [ Failure ]
 http/tests/security/video-cross-origin-readback.html
 
-# X-Content-Type-Options (ENABLE_NOSNIFF) is not enabled.
-http/tests/security/contentTypeOptions
-
 # Unexpected redirection happens.
 http/tests/loading/redirect-methods.html
 
index 0939ef3..94158d5 100644 (file)
@@ -1,3 +1,15 @@
+2017-04-25  Daniel Bates  <dabates@apple.com>
+
+        [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+        https://bugs.webkit.org/show_bug.cgi?id=136452
+        <rdar://problem/23412620>
+
+        Reviewed by Brent Fulgham.
+
+        Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+        * Configurations/FeatureDefines.xcconfig:
+
 2017-04-25  Mark Lam  <mark.lam@apple.com>
 
         Local CSE wrongly CSEs array accesses with different result types.
index 8a61965..0ba5e18 100644 (file)
@@ -157,7 +157,7 @@ ENABLE_MHTML = ;
 ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
 ENABLE_NAVIGATOR_CONTENT_UTILS = ;
 ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
 ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
 ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
 ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@ ENABLE_VARIATION_FONTS_IF_NOT_ = $(ENABLE_VARIATION_FONTS_IF_NOT_NO);
 ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
 ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
 
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
index 95a9191..e334167 100644 (file)
@@ -1,3 +1,58 @@
+2017-04-25  Daniel Bates  <dabates@apple.com>
+
+        [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+        https://bugs.webkit.org/show_bug.cgi?id=136452
+        <rdar://problem/23412620>
+
+        Reviewed by Brent Fulgham.
+
+        Enable support for X-Content-Type-Options: nosniff on Mac, iOS and Windows.
+
+        Additionally, honor X-Content-Type-Options: nosniff header for stylesheets as per
+        <https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff%3F> (30 March 2017).
+
+        Test: http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html
+
+        * Configurations/FeatureDefines.xcconfig:
+        * css/StyleSheetContents.cpp:
+        (WebCore::StyleSheetContents::parseAuthorStyleSheet): Log an error if the stylesheet
+        has the nosniff header and does not have a valid MIME type. Also update code for
+        renaming of MIMETypeCheck to MIMETypeCheckHint.
+        (WebCore::StyleSheetContents::notifyLoadedSheet): If the stylesheet is blocked by
+        nosniff then consider it analogous to a load error so that we dispatch a DOM error
+        event at the <style>/<link> element.
+        * dom/LoadableClassicScript.cpp:
+        (WebCore::LoadableClassicScript::notifyFinished): Modified the wording of the error
+        message when a script is disallowed by nosniff so as to more closely match the
+        wording used when a stylesheet is disallowed by nonsniff.
+        * loader/cache/CachedCSSStyleSheet.cpp:
+        (WebCore::CachedCSSStyleSheet::sheetText): Update for renaming of MIMETypeCheck
+        to MIMETypeCheckHint.
+        (WebCore::CachedCSSStyleSheet::responseMIMEType): Added.
+        (WebCore::CachedCSSStyleSheet::mimeTypeAllowedByNosniff): Added.
+        (WebCore::CachedCSSStyleSheet::canUseSheet): Modified to check if the X-Content-Type-Options: nosniff
+        header is in the HTTP response for the stylesheet. If it is then we can only use the stylesheet
+        if its content-type is "text/css". Otherwise, apply the existing criterion for determining whether
+        to to use the stylesheet.
+        * loader/cache/CachedCSSStyleSheet.h: Rename MIMETypeCheck to MIMETypeCheckHint to better
+        describe its purpose as a hint as to whether to enforce MIME type checking for the stylesheet.
+        Processing of the HTTP header X-Content-Type-Options takes precedence over this hint.
+        * loader/cache/CachedScript.h: Make mimeType() private.
+
+2017-04-25  Daniel Bates  <dabates@apple.com>
+
+        [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+        https://bugs.webkit.org/show_bug.cgi?id=136452
+        <rdar://problem/23412620>
+
+        Reviewed by Brent Fulgham.
+
+        Part 1
+
+        Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+        * Configurations/FeatureDefines.xcconfig:
+
 2017-04-25  Myles C. Maxfield  <mmaxfield@apple.com>
 
         [GTK] Build fix after r215737
index 8a61965..0ba5e18 100644 (file)
@@ -157,7 +157,7 @@ ENABLE_MHTML = ;
 ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
 ENABLE_NAVIGATOR_CONTENT_UTILS = ;
 ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
 ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
 ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
 ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@ ENABLE_VARIATION_FONTS_IF_NOT_ = $(ENABLE_VARIATION_FONTS_IF_NOT_NO);
 ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
 ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
 
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
index 3f56f2e..064f3a7 100644 (file)
@@ -1,3 +1,15 @@
+2017-04-25  Daniel Bates  <dabates@apple.com>
+
+        [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+        https://bugs.webkit.org/show_bug.cgi?id=136452
+        <rdar://problem/23412620>
+
+        Reviewed by Brent Fulgham.
+
+        Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+        * Configurations/FeatureDefines.xcconfig:
+
 2017-04-19  Youenn Fablet  <youenn@apple.com>
 
         [Mac] Allow customizing H264 encoder
index 8a61965..0ba5e18 100644 (file)
@@ -157,7 +157,7 @@ ENABLE_MHTML = ;
 ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
 ENABLE_NAVIGATOR_CONTENT_UTILS = ;
 ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
 ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
 ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
 ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@ ENABLE_VARIATION_FONTS_IF_NOT_ = $(ENABLE_VARIATION_FONTS_IF_NOT_NO);
 ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
 ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
 
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
index d893d3a..3e49d23 100644 (file)
@@ -312,18 +312,22 @@ const AtomicString& StyleSheetContents::namespaceURIFromPrefix(const AtomicStrin
 void StyleSheetContents::parseAuthorStyleSheet(const CachedCSSStyleSheet* cachedStyleSheet, const SecurityOrigin* securityOrigin)
 {
     bool isSameOriginRequest = securityOrigin && securityOrigin->canRequest(baseURL());
-    CachedCSSStyleSheet::MIMETypeCheck mimeTypeCheck = isStrictParserMode(m_parserContext.mode) || !isSameOriginRequest ? CachedCSSStyleSheet::MIMETypeCheck::Strict : CachedCSSStyleSheet::MIMETypeCheck::Lax;
+    CachedCSSStyleSheet::MIMETypeCheckHint mimeTypeCheckHint = isStrictParserMode(m_parserContext.mode) || !isSameOriginRequest ? CachedCSSStyleSheet::MIMETypeCheckHint::Strict : CachedCSSStyleSheet::MIMETypeCheckHint::Lax;
     bool hasValidMIMEType = true;
-    String sheetText = cachedStyleSheet->sheetText(mimeTypeCheck, &hasValidMIMEType);
+    String sheetText = cachedStyleSheet->sheetText(mimeTypeCheckHint, &hasValidMIMEType);
 
     if (!hasValidMIMEType) {
         ASSERT(sheetText.isNull());
         if (auto* document = singleOwnerDocument()) {
             if (auto* page = document->page()) {
                 if (isStrictParserMode(m_parserContext.mode))
-                    page->console().addMessage(MessageSource::Security, MessageLevel::Error, "Did not parse stylesheet at '" + cachedStyleSheet->url().stringCenterEllipsizedToLength() + "' because non CSS MIME types are not allowed in strict mode.");
+                    page->console().addMessage(MessageSource::Security, MessageLevel::Error, makeString("Did not parse stylesheet at '", cachedStyleSheet->url().stringCenterEllipsizedToLength(), "' because non CSS MIME types are not allowed in strict mode."));
+#if ENABLE(NOSNIFF)
+                else if (!cachedStyleSheet->mimeTypeAllowedByNosniff())
+                    page->console().addMessage(MessageSource::Security, MessageLevel::Error, makeString("Did not parse stylesheet at '", cachedStyleSheet->url().stringCenterEllipsizedToLength(), "' because non CSS MIME types are not allowed when 'X-Content-Type: nosniff' is given."));
+#endif
                 else
-                    page->console().addMessage(MessageSource::Security, MessageLevel::Error, "Did not parse stylesheet at '" + cachedStyleSheet->url().stringCenterEllipsizedToLength() + "' because non CSS MIME types are not allowed for cross-origin stylesheets.");
+                    page->console().addMessage(MessageSource::Security, MessageLevel::Error, makeString("Did not parse stylesheet at '", cachedStyleSheet->url().stringCenterEllipsizedToLength(), "' because non CSS MIME types are not allowed for cross-origin stylesheets."));
             }
         }
         return;
@@ -385,6 +389,9 @@ void StyleSheetContents::notifyLoadedSheet(const CachedCSSStyleSheet* sheet)
 {
     ASSERT(sheet);
     m_didLoadErrorOccur |= sheet->errorOccurred();
+#if ENABLE(NOSNIFF)
+    m_didLoadErrorOccur |= !sheet->mimeTypeAllowedByNosniff();
+#endif
 }
 
 void StyleSheetContents::startLoadingDynamicSheet()
index 771d42d..92e677c 100644 (file)
@@ -90,9 +90,7 @@ void LoadableClassicScript::notifyFinished(CachedResource& resource)
             ConsoleMessage {
                 MessageSource::Security,
                 MessageLevel::Error,
-                makeString(
-                    "Refused to execute script from '", m_cachedScript->url().stringCenterEllipsizedToLength(),
-                    "' because its MIME type ('", m_cachedScript->mimeType(), "') is not executable, and strict MIME type checking is enabled.")
+                makeString("Did not load script at '", m_cachedScript->url().stringCenterEllipsizedToLength(), "' because non script MIME types are not allowed when 'X-Content-Type: nosniff' is given.")
             }
         };
     }
index bd160af..0593844 100644 (file)
@@ -73,9 +73,9 @@ String CachedCSSStyleSheet::encoding() const
     return m_decoder->encoding().name();
 }
 
-const String CachedCSSStyleSheet::sheetText(MIMETypeCheck mimeTypeCheck, bool* hasValidMIMEType) const
+const String CachedCSSStyleSheet::sheetText(MIMETypeCheckHint mimeTypeCheckHint, bool* hasValidMIMEType) const
 {
-    if (!m_data || m_data->isEmpty() || !canUseSheet(mimeTypeCheck, hasValidMIMEType))
+    if (!m_data || m_data->isEmpty() || !canUseSheet(mimeTypeCheckHint, hasValidMIMEType))
         return String();
 
     if (!m_decodedSheetText.isNull())
@@ -121,12 +121,32 @@ void CachedCSSStyleSheet::checkNotify()
         c->setCSSStyleSheet(m_resourceRequest.url(), m_response.url(), m_decoder->encoding().name(), this);
 }
 
-bool CachedCSSStyleSheet::canUseSheet(MIMETypeCheck mimeTypeCheck, bool* hasValidMIMEType) const
+String CachedCSSStyleSheet::responseMIMEType() const
+{
+    return extractMIMETypeFromMediaType(m_response.httpHeaderField(HTTPHeaderName::ContentType));
+}
+
+#if ENABLE(NOSNIFF)
+bool CachedCSSStyleSheet::mimeTypeAllowedByNosniff() const
+{
+    return parseContentTypeOptionsHeader(m_response.httpHeaderField(HTTPHeaderName::XContentTypeOptions)) != ContentTypeOptionsNosniff || equalLettersIgnoringASCIICase(responseMIMEType(), "text/css");
+}
+#endif
+
+bool CachedCSSStyleSheet::canUseSheet(MIMETypeCheckHint mimeTypeCheckHint, bool* hasValidMIMEType) const
 {
     if (errorOccurred())
         return false;
 
-    if (mimeTypeCheck == MIMETypeCheck::Lax)
+#if ENABLE(NOSNIFF)
+    if (!mimeTypeAllowedByNosniff()) {
+        if (hasValidMIMEType)
+            *hasValidMIMEType = false;
+        return false;
+    }
+#endif
+
+    if (mimeTypeCheckHint == MIMETypeCheckHint::Lax)
         return true;
 
     // This check exactly matches Firefox.  Note that we grab the Content-Type
@@ -136,7 +156,7 @@ bool CachedCSSStyleSheet::canUseSheet(MIMETypeCheck mimeTypeCheck, bool* hasVali
     //
     // This code defaults to allowing the stylesheet for non-HTTP protocols so
     // folks can use standards mode for local HTML documents.
-    String mimeType = extractMIMETypeFromMediaType(response().httpHeaderField(HTTPHeaderName::ContentType));
+    String mimeType = responseMIMEType();
     bool typeOK = mimeType.isEmpty() || equalLettersIgnoringASCIICase(mimeType, "text/css") || equalLettersIgnoringASCIICase(mimeType, "application/x-unknown-content-type");
     if (hasValidMIMEType)
         *hasValidMIMEType = typeOK;
index c33aa2e..012729c 100644 (file)
@@ -36,14 +36,19 @@ public:
     CachedCSSStyleSheet(CachedResourceRequest&&, SessionID);
     virtual ~CachedCSSStyleSheet();
 
-    enum class MIMETypeCheck { Strict, Lax };
-    const String sheetText(MIMETypeCheck = MIMETypeCheck::Strict, bool* hasValidMIMEType = nullptr) const;
+    enum class MIMETypeCheckHint { Strict, Lax };
+    const String sheetText(MIMETypeCheckHint = MIMETypeCheckHint::Strict, bool* hasValidMIMEType = nullptr) const;
 
     RefPtr<StyleSheetContents> restoreParsedStyleSheet(const CSSParserContext&, CachePolicy);
     void saveParsedStyleSheet(Ref<StyleSheetContents>&&);
 
+#if ENABLE(NOSNIFF)
+    bool mimeTypeAllowedByNosniff() const;
+#endif
+
 private:
-    bool canUseSheet(MIMETypeCheck, bool* hasValidMIMEType) const;
+    String responseMIMEType() const;
+    bool canUseSheet(MIMETypeCheckHint, bool* hasValidMIMEType) const;
     bool mayTryReplaceEncodedData() const final { return true; }
 
     void didAddClient(CachedResourceClient&) final;
index f8898d3..736c780 100644 (file)
@@ -39,13 +39,13 @@ public:
     StringView script();
     unsigned scriptHash();
 
-    String mimeType() const;
-
 #if ENABLE(NOSNIFF)
     bool mimeTypeAllowedByNosniff() const;
 #endif
 
 private:
+    String mimeType() const;
+
     bool mayTryReplaceEncodedData() const final { return true; }
 
     bool shouldIgnoreHTTPStatusCodeErrors() const final;
index d416e11..0bda7d6 100644 (file)
@@ -1,3 +1,15 @@
+2017-04-25  Daniel Bates  <dabates@apple.com>
+
+        [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+        https://bugs.webkit.org/show_bug.cgi?id=136452
+        <rdar://problem/23412620>
+
+        Reviewed by Brent Fulgham.
+
+        Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+        * Configurations/FeatureDefines.xcconfig:
+
 2017-04-25  Wenson Hsieh  <wenson_hsieh@apple.com>
 
         Support reading NSURL titles from the pasteboard when performing data interaction
index 8a61965..0ba5e18 100644 (file)
@@ -157,7 +157,7 @@ ENABLE_MHTML = ;
 ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
 ENABLE_NAVIGATOR_CONTENT_UTILS = ;
 ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
 ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
 ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
 ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@ ENABLE_VARIATION_FONTS_IF_NOT_ = $(ENABLE_VARIATION_FONTS_IF_NOT_NO);
 ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
 ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
 
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
index 0c4356c..8a909ed 100644 (file)
@@ -1,3 +1,15 @@
+2017-04-25  Daniel Bates  <dabates@apple.com>
+
+        [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+        https://bugs.webkit.org/show_bug.cgi?id=136452
+        <rdar://problem/23412620>
+
+        Reviewed by Brent Fulgham.
+
+        Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+        * Configurations/FeatureDefines.xcconfig:
+
 2017-04-25  John Wilander  <wilander@apple.com>
 
         Resource Load Statistics: Clear network process cache when clearing store
index 8a61965..0ba5e18 100644 (file)
@@ -157,7 +157,7 @@ ENABLE_MHTML = ;
 ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
 ENABLE_NAVIGATOR_CONTENT_UTILS = ;
 ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
 ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
 ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
 ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@ ENABLE_VARIATION_FONTS_IF_NOT_ = $(ENABLE_VARIATION_FONTS_IF_NOT_NO);
 ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
 ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
 
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
index dcc60da..d4c9a71 100644 (file)
@@ -66,7 +66,7 @@ WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_MHTML PRIVATE OFF)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_MOUSE_CURSOR_SCALE PRIVATE ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NAVIGATOR_CONTENT_UTILS PRIVATE OFF)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NAVIGATOR_HWCONCURRENCY PRIVATE ON)
-WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NOSNIFF PRIVATE OFF)
+WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NOSNIFF PRIVATE ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NOTIFICATIONS PRIVATE ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_PDFKIT_PLUGIN PRIVATE ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_POINTER_LOCK PRIVATE OFF)
index 852286e..34db0f7 100644 (file)
@@ -46,6 +46,7 @@ WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_MEDIA_SOURCE PUBLIC OFF)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_MEDIA_STATISTICS PUBLIC ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_METER_ELEMENT PUBLIC ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_MOUSE_CURSOR_SCALE PUBLIC ON)
+WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NOSNIFF PRIVATE ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_NOTIFICATIONS PUBLIC OFF)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_PROXIMITY_EVENTS PUBLIC OFF)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_QUOTA PUBLIC OFF)
index 8ee53ed..79e62ce 100644 (file)
@@ -1,3 +1,17 @@
+2017-04-25  Daniel Bates  <dabates@apple.com>
+
+        [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
+        https://bugs.webkit.org/show_bug.cgi?id=136452
+        <rdar://problem/23412620>
+
+        Reviewed by Brent Fulgham.
+
+        Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms.
+
+        * Scripts/webkitperl/FeatureList.pm: Also do not enable nosniff on EFL
+        as the EFL port is no longer in the WebKit OpenSource repository.
+        * TestWebKitAPI/Configurations/FeatureDefines.xcconfig:
+
 2017-04-25  Zan Dobersek  <zdobersek@igalia.com>
 
         Unreviewed follow-up to r215739 and r215740.
index b77e2a0..4553db9 100644 (file)
@@ -327,7 +327,7 @@ my @features = (
       define => "ENABLE_NETSCAPE_PLUGIN_API", default => !isIOSWebKit(), value => \$netscapePluginAPISupport },
 
     { option => "nosniff", desc => "Toggle support for 'X-Content-Type-Options: nosniff'",
-      define => "ENABLE_NOSNIFF", default => isEfl(), value => \$nosniffSupport },
+      define => "ENABLE_NOSNIFF", default => (isAppleCocoaWebKit() || isAppleWinWebKit()), value => \$nosniffSupport },
 
     { option => "notifications", desc => "Toggle Notifications support",
       define => "ENABLE_NOTIFICATIONS", default => isGtk(), value => \$notificationsSupport },
index 8a61965..0ba5e18 100644 (file)
@@ -157,7 +157,7 @@ ENABLE_MHTML = ;
 ENABLE_MOUSE_CURSOR_SCALE[sdk=macosx*] = ENABLE_MOUSE_CURSOR_SCALE;
 ENABLE_NAVIGATOR_CONTENT_UTILS = ;
 ENABLE_NAVIGATOR_HWCONCURRENCY = ENABLE_NAVIGATOR_HWCONCURRENCY;
-ENABLE_NOSNIFF = ;
+ENABLE_NOSNIFF = ENABLE_NOSNIFF;
 ENABLE_NOTIFICATIONS[sdk=macosx*] = ENABLE_NOTIFICATIONS;
 ENABLE_PDFKIT_PLUGIN[sdk=macosx*] = ENABLE_PDFKIT_PLUGIN;
 ENABLE_POINTER_LOCK[sdk=macosx*] = ENABLE_POINTER_LOCK;
@@ -255,4 +255,4 @@ ENABLE_VARIATION_FONTS_IF_NOT_ = $(ENABLE_VARIATION_FONTS_IF_NOT_NO);
 ENABLE_VARIATION_FONTS_IF_NOT_NO = ENABLE_VARIATION_FONTS;
 ENABLE_VARIATION_FONTS_IF_NOT_YES = ;
 
-FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_APPLE_PAY) $(ENABLE_APPLE_PAY_DELEGATE) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_AVF_CAPTIONS) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_CSS3_TEXT) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DATACUE_VALUE) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_FAST_JIT_PERMISSIONS) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FTL_JIT) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_INTERSECTION_OBSERVER) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_JIT) $(ENABLE_KEYBOARD_KEY_ATTRIBUTE) $(ENABLE_KEYBOARD_CODE_ATTRIBUTE) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_ENCRYPTED_MEDIA) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CAPTURE) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOSNIFF) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_USERSELECT_ALL) $(ENABLE_VARIATION_FONTS) $(ENABLE_VIDEO_PRESENTATION_MODE) $(ENABLE_MAC_VIDEO_TOOLBOX) $(ENABLE_VIDEO_TRACK) $(ENABLE_VIDEO) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEB_ANIMATIONS) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_REPLAY) $(ENABLE_WEB_RTC) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENABLE_WEBGPU) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_XSLT);