+2017-08-22 Chris Dumez <cdumez@apple.com>
+
+ Add sanity check for source origin in WebLoaderStrategy::startPingLoad()
+ https://bugs.webkit.org/show_bug.cgi?id=175827
+
+ Reviewed by Geoffrey Garen.
+
+ * WebProcess/Network/WebLoaderStrategy.cpp:
+ (WebKit::WebLoaderStrategy::startPingLoad):
+
2017-08-22 Alex Christensen <achristensen@webkit.org>
Add UIDelegatePrivate SPI corresponding to WKPageUIClient.showPage
loadParameters.identifier = generatePingLoadIdentifier();
loadParameters.request = request;
loadParameters.sourceOrigin = &document->securityOrigin();
+ ASSERT(loadParameters.request.httpHeaderField(HTTPHeaderName::Origin).isNull() || loadParameters.request.httpHeaderField(HTTPHeaderName::Origin) == loadParameters.sourceOrigin->toString());
loadParameters.sessionID = webPage ? webPage->sessionID() : PAL::SessionID::defaultSessionID();
loadParameters.allowStoredCredentials = options.credentials == FetchOptions::Credentials::Omit ? DoNotAllowStoredCredentials : AllowStoredCredentials;
loadParameters.mode = options.mode;
loadParameters.shouldFollowRedirects = options.redirect == FetchOptions::Redirect::Follow;
loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = networkingContext->shouldClearReferrerOnHTTPSToHTTPRedirect();
if (!document->shouldBypassMainWorldContentSecurityPolicy()) {
- if (auto * contentSecurityPolicy = document->contentSecurityPolicy())
+ if (auto* contentSecurityPolicy = document->contentSecurityPolicy())
loadParameters.cspResponseHeaders = contentSecurityPolicy->responseHeaders();
}