Drop support for cross-origin-window-policy header
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 28 Sep 2018 23:18:28 +0000 (23:18 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 28 Sep 2018 23:18:28 +0000 (23:18 +0000)
https://bugs.webkit.org/show_bug.cgi?id=190081

Reviewed by Ryosuke Niwa.

Source/WebCore:

Drop support for cross-origin-window-policy header as this was never enabled and its design has
some issues we have not resolved. An alternative is being worked on but will be substantially
different so there is not much value in keeping this code around.

* bindings/js/JSDOMBindingSecurity.cpp:
* bindings/js/JSDOMBindingSecurity.h:
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
(WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
(WebCore::addCrossOriginWindowPropertyNames):
(WebCore::addScopedChildrenIndexes):
(WebCore::addCrossOriginWindowOwnPropertyNames):
(WebCore::JSDOMWindow::getOwnPropertyNames):
* bindings/js/JSDOMWindowCustom.h:
* bindings/js/JSRemoteDOMWindowCustom.cpp:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateAttributeGetterBodyDefinition):
(GenerateAttributeSetterBodyDefinition):
(GenerateOperationBodyDefinition):
* bindings/scripts/IDLAttributes.json:
* dom/Document.cpp:
(WebCore::Document::canNavigate):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::didBeginDocument):
* page/AbstractDOMWindow.cpp:
(WebCore::AbstractDOMWindow::AbstractDOMWindow):
* page/AbstractDOMWindow.h:
* page/DOMWindow.idl:
* page/Settings.yaml:
* platform/network/HTTPParsers.cpp:
* platform/network/HTTPParsers.h:

Source/WebKit:

* Shared/WebPreferences.yaml:
* UIProcess/API/C/WKPreferences.cpp:
* UIProcess/API/C/WKPreferencesRef.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::frameBecameRemote):

Source/WebKitLegacy/mac:

* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]):

Source/WebKitLegacy/win:

* WebPreferenceKeysPrivate.h:
* WebPreferences.cpp:
(WebPreferences::initializeDefaultSettings):
(WebPreferences::crossOriginWindowPolicySupportEnabled):
(WebPreferences::setCrossOriginWindowPolicySupportEnabled):
* WebView.cpp:
(WebView::notifyPreferencesChanged):

Tools:

190081_DropCrossOriginWindowPolicy

* DumpRenderTree/mac/DumpRenderTree.mm:
(enableExperimentalFeatures):
* DumpRenderTree/win/DumpRenderTree.cpp:
(enableExperimentalFeatures):
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::resetPreferencesToConsistentValues):

LayoutTests:

* http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt: Removed.
* http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt: Removed.
* http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html: Removed.
* http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers: Removed.
* http/wpt/cross-origin-window-policy/allow-postmessage.html: Removed.
* http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt: Removed.
* http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html: Removed.
* http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt: Removed.
* http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html: Removed.
* http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt: Removed.
* http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html: Removed.
* http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html: Removed.
* http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers: Removed.
* http/wpt/cross-origin-window-policy/resources/destination.html: Removed.
* http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html: Removed.
* http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py: Removed.
* http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py: Removed.
* http/wpt/cross-origin-window-policy/resources/utils.js: Removed.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@236623 268f45cc-cd09-0410-ab3c-d52691b4dbfc

53 files changed:
LayoutTests/ChangeLog
LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage.html [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/resources/destination.html [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/resources/utils.js [deleted file]
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp
Source/WebCore/bindings/js/JSDOMBindingSecurity.h
Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
Source/WebCore/bindings/js/JSDOMWindowCustom.h
Source/WebCore/bindings/js/JSRemoteDOMWindowCustom.cpp
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/bindings/scripts/IDLAttributes.json
Source/WebCore/dom/Document.cpp
Source/WebCore/loader/FrameLoader.cpp
Source/WebCore/page/AbstractDOMWindow.cpp
Source/WebCore/page/AbstractDOMWindow.h
Source/WebCore/page/DOMWindow.idl
Source/WebCore/page/Settings.yaml
Source/WebCore/platform/network/HTTPParsers.cpp
Source/WebCore/platform/network/HTTPParsers.h
Source/WebKit/ChangeLog
Source/WebKit/Shared/WebPreferences.yaml
Source/WebKit/UIProcess/API/C/WKPreferences.cpp
Source/WebKit/UIProcess/API/C/WKPreferencesRef.h
Source/WebKit/WebProcess/WebPage/WebPage.cpp
Source/WebKitLegacy/mac/ChangeLog
Source/WebKitLegacy/mac/WebView/WebPreferenceKeysPrivate.h
Source/WebKitLegacy/mac/WebView/WebPreferences.mm
Source/WebKitLegacy/mac/WebView/WebPreferencesPrivate.h
Source/WebKitLegacy/mac/WebView/WebView.mm
Source/WebKitLegacy/win/ChangeLog
Source/WebKitLegacy/win/WebPreferenceKeysPrivate.h
Source/WebKitLegacy/win/WebPreferences.cpp
Source/WebKitLegacy/win/WebView.cpp
Tools/ChangeLog
Tools/DumpRenderTree/mac/DumpRenderTree.mm
Tools/DumpRenderTree/win/DumpRenderTree.cpp
Tools/WebKitTestRunner/TestController.cpp

index 37c31fb..611e14f 100644 (file)
@@ -1,3 +1,29 @@
+2018-09-28  Chris Dumez  <cdumez@apple.com>
+
+        Drop support for cross-origin-window-policy header
+        https://bugs.webkit.org/show_bug.cgi?id=190081
+
+        Reviewed by Ryosuke Niwa.
+
+        * http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt: Removed.
+        * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt: Removed.
+        * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html: Removed.
+        * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers: Removed.
+        * http/wpt/cross-origin-window-policy/allow-postmessage.html: Removed.
+        * http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt: Removed.
+        * http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html: Removed.
+        * http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt: Removed.
+        * http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html: Removed.
+        * http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt: Removed.
+        * http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html: Removed.
+        * http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html: Removed.
+        * http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers: Removed.
+        * http/wpt/cross-origin-window-policy/resources/destination.html: Removed.
+        * http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html: Removed.
+        * http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py: Removed.
+        * http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py: Removed.
+        * http/wpt/cross-origin-window-policy/resources/utils.js: Removed.
+
 2018-09-28  Andy Estes  <aestes@apple.com>
 
         [Apple Pay] Remove the "in-store" button type
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt b/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt
deleted file mode 100644 (file)
index 13c6be7..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-PASS postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
-PASS postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
-
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt b/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt
deleted file mode 100644 (file)
index 412c968..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-PASS postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option 
-PASS postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option 
-
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html b/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html
deleted file mode 100644 (file)
index bf5fb4b..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-<title>Tests calling postMessage() on a window with 'Cross-Origin-Window-Policy: allow-postmessage' from a window with 'Cross-Origin-Window-Policy: deny'</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<script src="/common/utils.js"></script>
-<script src="/common/get-host-info.sub.js"></script>
-<script src="resources/utils.js"></script>
-</head>
-<body>
-<script>
-
-promise_test(function(test) {
-    return withIframe("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
-        assert_throws("SecurityError", function() { f.contentWindow.length }, "length property access");
-        assert_throws("SecurityError", function() { f.contentWindow.postMessage("PING", "*"); }, "Calling postMessage() should throw");
-    });
-}, "postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option");
-
-promise_test(function(test) {
-    return withPopup("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
-        assert_throws("SecurityError", function() { result.window.length }, "length property access");
-        assert_throws("SecurityError", function() { result.window.postMessage("PING", "*"); }, "Calling postMessage() should throw");
-    });
-}, "postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option");
-
-</script>
-</body>
-</html>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers b/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers
deleted file mode 100644 (file)
index 6a2d256..0000000
+++ /dev/null
@@ -1 +0,0 @@
-Cross-Origin-Window-Policy: deny
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage.html b/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage.html
deleted file mode 100644 (file)
index cc5a568..0000000
+++ /dev/null
@@ -1,47 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-<title>Tests that postMessage() works when 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header is served</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<script src="/common/utils.js"></script>
-<script src="/common/get-host-info.sub.js"></script>
-<script src="resources/utils.js"></script>
-</head>
-<body>
-<script>
-
-promise_test(function(test) {
-    return withIframe("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
-        return new Promise((resolve) => {
-            window.onmessage = (msg) => {
-                window.onmessage = null;
-                assert_equals(msg.data, "PONG");
-                assert_equals(msg.source, f.contentWindow);
-                resolve();
-            };
-            assert_throws("SecurityError", function() { f.contentWindow.length }, "length property access");
-            f.contentWindow.postMessage("PING", "*");
-        });
-    });
-}, "postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
-
-promise_test(function(test) {
-    return withPopup("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = (msg) => {
-                window.onmessage = null;
-                assert_equals(msg.data, "PONG");
-                assert_equals(msg.source, result.window);
-                resolve();
-            };
-            assert_throws("SecurityError", function() { result.window.length }, "length property access");
-            result.window.postMessage("PING", "*");
-        });
-    });
-}, "postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
-
-</script>
-</body>
-</html>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt b/LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt
deleted file mode 100644 (file)
index e4a8d11..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-  
-
-PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header 
-PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
-PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: alLoW-postMessAgE' HTTP header (mixed case) 
-PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: deny,allow' HTTP header (multiple values is invalid) 
-PASS Cross-origin iframe with 'Cross-Origin-Window-Policy:' HTTP header (empty value) 
-PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header 
-PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header 
-PASS Same-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header 
-PASS Same-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
-PASS Same-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header 
-PASS Same-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header 
-PASS Cross-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header 
-PASS Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
-PASS Cross-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header 
-PASS Cross-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header 
-PASS Same-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header 
-PASS Same-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
-PASS Same-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header 
-PASS Same-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header 
-
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html b/LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html
deleted file mode 100644 (file)
index b2b7a37..0000000
+++ /dev/null
@@ -1,198 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-<title>Basic testing for Cross-Origin-Window-Policy HTTP header</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<script src="/common/utils.js"></script>
-<script src="/common/get-host-info.sub.js"></script>
-<script src="resources/utils.js"></script>
-</head>
-<body>
-<script>
-
-// Test frame has a subframe so we expect an indexed property with index 0.
-crossOriginPropertyNames.push('0');
-
-function checkIframePropertyValues(w)
-{
-    assert_equals(w.parent, window, "'parent' property value");
-    assert_equals(w.top, window, "'top' property value");
-    assert_equals(w.opener, null, "'opener' property value");
-    assert_equals(w.length, 1, "'length' property value");
-    assert_not_throwing(function() { w[0]; }, "Subframe access via index");
-    assert_equals(w['subframe'], w[0], "Subframe access by name");
-}
-
-function checkPopupPropertyValues(w)
-{
-    assert_equals(w.parent, w, "'parent' property value");
-    assert_equals(w.top, w, "'top' property value");
-    assert_equals(w.opener, window, "'opener' property value");
-    assert_equals(w.length, 1, "'length' property value");
-    assert_not_throwing(function() { w[0]; }, "Subframe access via index");
-    assert_equals(w['subframe'], w[0], "Subframe access by name");
-}
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */).then((f) => {
-        testCrossOriginOption(f.contentWindow, "deny", true /* isCrossOrigin */);
-    });
-}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header");
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((f) => {
-        testCrossOriginOption(f.contentWindow, "allow-postmessage", true /* isCrossOrigin */);
-    });
-}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=alLoW-postMessAgE", true /* isCrossOrigin */).then((f) => {
-        testCrossOriginOption(f.contentWindow, "allow-postmessage", true /* isCrossOrigin */);
-    });
-}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: alLoW-postMessAgE' HTTP header (mixed case)");
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=deny,allow", true /* isCrossOrigin */).then((f) => {
-        const w = f.contentWindow;
-        // Invalid input: should be treated as "allow".
-        testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
-
-        checkIframePropertyValues(w);
-    });
-}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: deny,allow' HTTP header (multiple values is invalid)");
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=", true /* isCrossOrigin */).then((f) => {
-        const w = f.contentWindow;
-        // Empty value: should be treated as "allow".
-        testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
-
-        checkIframePropertyValues(w);
-    });
-}, "Cross-origin iframe with 'Cross-Origin-Window-Policy:' HTTP header (empty value)");
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */).then((f) => {
-        const w = f.contentWindow;
-        testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
-
-        checkIframePropertyValues(w);
-    });
-}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header");
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=invalid", true /* isCrossOrigin */).then((f) => {
-        const w = f.contentWindow;
-        testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
-        
-        checkIframePropertyValues(w);
-    });
-}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header");
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=deny", false /* isCrossOrigin */).then((f) => {
-         const w = f.contentWindow;
-        testCrossOriginOption(w, "deny", false /* isCrossOrigin */);
-
-        checkIframePropertyValues(w);
-    });
-}, "Same-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header");
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((f) => {
-         const w = f.contentWindow;
-        testCrossOriginOption(w, "allow-postmessage", false /* isCrossOrigin */);
-
-        checkIframePropertyValues(w);
-    });
-}, "Same-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=allow", false /* isCrossOrigin */).then((f) => {
-         const w = f.contentWindow;
-        testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
-
-        checkIframePropertyValues(w);
-    });
-}, "Same-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header");
-
-promise_test(function(test) {
-    return withIframe("serve-cross-origin-window-policy-header.py?value=invalid", false /* isCrossOrigin */).then((f) => {
-         const w = f.contentWindow;
-        testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
-
-        checkIframePropertyValues(w);
-    });
-}, "Same-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header");
-
-promise_test(function(test) {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */).then((result) => {
-        testCrossOriginOption(result.window, "deny", true /* isCrossOrigin */);
-    });
-}, "Cross-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header");
-
-promise_test(function(test) {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((result) => {
-        testCrossOriginOption(result.window, "allow-postmessage", true /* isCrossOrigin */);
-    });
-}, "Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
-
-promise_test(function(test) {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */).then((result) => {
-        const w = result.window;
-        testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
-
-        checkPopupPropertyValues(w);
-    });
-}, "Cross-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header");
-
-promise_test(function(test) {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=invalid", true /* isCrossOrigin */).then((result) => {
-        const w = result.window;
-        testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
-
-        checkPopupPropertyValues(w);
-    });
-}, "Cross-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header");
-
-promise_test(function(test) {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=deny", false /* isCrossOrigin */).then((result) => {
-         const w = result.window;
-        testCrossOriginOption(w, "deny", false /* isCrossOrigin */);
-
-        checkPopupPropertyValues(w);
-    });
-}, "Same-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header");
-
-promise_test(function(test) {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((result) => {
-         const w = result.window;
-        testCrossOriginOption(w, "allow-postmessage", false /* isCrossOrigin */);
-
-        checkPopupPropertyValues(w);
-    });
-}, "Same-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
-
-promise_test(function(test) {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=allow", false /* isCrossOrigin */).then((result) => {
-         const w = result.window;
-        testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
-
-        checkPopupPropertyValues(w);
-    });
-}, "Same-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header");
-
-promise_test(function(test) {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=invalid", false /* isCrossOrigin */).then((result) => {
-         const w = result.window;
-        testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
-
-        checkPopupPropertyValues(w);
-    });
-}, "Same-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header");
-
-</script>
-</body>
-</html>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt b/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt
deleted file mode 100644 (file)
index 0e9c84f..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-CONSOLE MESSAGE: line 23: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py?value=deny' from frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/navigation-from-opener-via-open-target.html'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 44: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py?value=allow-postmessage' from frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/navigation-from-opener-via-open-target.html'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-
-PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from opener via open() target 
-PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from opener via open() target 
-PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from opener via open() target 
-
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html b/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html
deleted file mode 100644 (file)
index 2a7918b..0000000
+++ /dev/null
@@ -1,73 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-<title>Tests that 'Cross-Origin-Window-Policy: deny / allow-postmessage' prevents a cross-origin opener from navigating us</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<script src="/common/utils.js"></script>
-<script src="/common/get-host-info.sub.js"></script>
-<script src="resources/utils.js"></script>
-</head>
-<body>
-<script>
-
-promise_test(t => {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */, "foo1").then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = (msg) => {
-                assert_not_equals(msg.source, result.window, "Existing window should not navigate");
-            }
-
-            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html";
-            w = open(destinationURL, "foo1");
-            // If a window with the given name is found but cannot be navigated, a new one is created, as if we could
-            // not find the given window.
-            assert_not_equals(w, result.window, "open() should a new window");
-
-            t.step_timeout(() => {
-               window.onmessage = null;
-               resolve();
-            }, 200);
-        });
-    });
-}, "'Cross-Origin-Window-Policy: deny' prevents navigation from opener via open() target");
-
-promise_test(t => {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */, "foo2").then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = (msg) => {
-                assert_not_equals(msg.source, result.window, "Existing window should not navigate");
-            }
-
-            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html";
-            w = open(destinationURL, "foo2");
-            // If a window with the given name is found but cannot be navigated, a new one is created, as if we could
-            // not find the given window.
-            assert_not_equals(w, result.window, "open() should a new window");
-
-            t.step_timeout(() => {
-               window.onmessage = null;
-               resolve();
-            }, 200);
-        });
-    });
-}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from opener via open() target");
-
-promise_test(t => {
-    return withPopup("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */, "foo3").then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = () => {
-                window.onmessage = null;
-                resolve();
-            }
-
-            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html";
-            w = open(destinationURL, "foo3");
-            assert_equals(w, result.window, "open() should return the same window");
-        });
-    });
-}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from opener via open() target");
-</script>
-</body>
-</html>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt b/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt
deleted file mode 100644 (file)
index 2699278..0000000
+++ /dev/null
@@ -1,35 +0,0 @@
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=foo1' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo1'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=foo1' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo1'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo2'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo2'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
-
-
-PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>) 
-PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>) 
-PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>) 
-PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>) 
-PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>) 
-PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>) 
-PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName) 
-PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName) 
-PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>) 
-
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html b/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html
deleted file mode 100644 (file)
index 3c9f01a..0000000
+++ /dev/null
@@ -1,119 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-<title>Tests that 'Cross-Origin-Window-Policy: deny / allow-postmessage' prevents a cross-origin iframe from navigating us</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<script src="/common/utils.js"></script>
-<script src="/common/get-host-info.sub.js"></script>
-<script src="resources/utils.js"></script>
-</head>
-<body>
-<script>
-
-promise_test(t => {
-    return withPopup("navigation-from-subframe-frame.py?value=deny&target=_top", false /* isCrossOrigin */).then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = t.unreached_func("Should not have navigated");
-            t.step_timeout(() => {
-               window.onmessage = null;
-               resolve();
-            }, 200);
-        });
-    });
-}, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>)");
-
-promise_test(t => {
-    return withPopup("navigation-from-subframe-frame.py?value=allow-postmessage&target=_top", false /* isCrossOrigin */).then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = t.unreached_func("Should not have navigated");
-            t.step_timeout(() => {
-               window.onmessage = null;
-               resolve();
-            }, 200);
-        });
-    });
-}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>)");
-
-promise_test(t => {
-    return withPopup("navigation-from-subframe-frame.py?value=allow&target=_top", false /* isCrossOrigin */).then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = () => {
-                resolve();
-            };
-        });
-    });
-}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>)");
-
-promise_test(t => {
-    return withPopup("navigation-from-subframe-frame.py?value=deny&target=_parent", false /* isCrossOrigin */).then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = t.unreached_func("Should not have navigated");
-            t.step_timeout(() => {
-               window.onmessage = null;
-               resolve();
-            }, 200);
-        });
-    });
-}, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");
-
-promise_test(t => {
-    return withPopup("navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent", false /* isCrossOrigin */).then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = t.unreached_func("Should not have navigated");
-            t.step_timeout(() => {
-               window.onmessage = null;
-               resolve();
-            }, 200);
-        });
-    });
-}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");
-
-promise_test(t => {
-    return withPopup("navigation-from-subframe-frame.py?value=allow&target=_parent", false /* isCrossOrigin */).then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = () => {
-                resolve();
-            }; 
-        });
-    });
-}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>)");
-
-promise_test(t => {
-    return withPopup("navigation-from-subframe-frame.py?value=deny&target=foo1", false /* isCrossOrigin */, "foo1").then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = t.unreached_func("Should not have navigated");
-            t.step_timeout(() => {
-               window.onmessage = null;
-               resolve();
-            }, 200);
-        });
-    }); 
-}, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName)");
-
-promise_test(t => {
-    return withPopup("navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2", false /* isCrossOrigin */, "foo2").then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = t.unreached_func("Should not have navigated");
-            t.step_timeout(() => {
-               window.onmessage = null;
-               resolve();
-            }, 200);
-        });
-    });
-}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName)");
-
-promise_test(t => {
-    return withPopup("navigation-from-subframe-frame.py?value=allow&target=foo3", false /* isCrossOrigin */, "foo3").then((result) => {
-        return new Promise((resolve) => {
-            window.onmessage = () => {
-                resolve();
-            };
-        });
-    });
-}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>)");
-
-</script>
-</body>
-</html>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html b/LayoutTests/http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html
deleted file mode 100644 (file)
index 9a67dd7..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-<!DOCTYPE html>
-<html>
-<body>
-<script>
-addEventListener('message', (msg) => {
-    if (event.data === "PING")
-        event.source.postMessage("PONG", "*");
-    });
-    window.addEventListener('load', () => {
-        const ownerWindow = window.opener ? window.opener : window.top;
-        try {
-            ownerWindow.postMessage("READY", "*");
-        } catch (e) { }
-    });
-</script>
-</body>
-</html>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers b/LayoutTests/http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers
deleted file mode 100644 (file)
index f5e68b2..0000000
+++ /dev/null
@@ -1 +0,0 @@
-Cross-Origin-Window-Policy: allow-postmessage
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/resources/destination.html b/LayoutTests/http/wpt/cross-origin-window-policy/resources/destination.html
deleted file mode 100644 (file)
index 1516877..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
-<body>
-DESTINATION
-<script>
-if (window.opener)
-    window.opener.postMessage("navigated", "*");
-</script>
-</body>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html b/LayoutTests/http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html
deleted file mode 100644 (file)
index 68ba0a7..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<script src="/common/get-host-info.sub.js"></script>
-</head>
-<body>
-<a id="testAnchor">Click me</a>
-<script>
-const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/";
-onload = () => {
-    let params = new URLSearchParams(location.search);
-    testAnchor.target= params.get('target')
-    testAnchor.href = get_host_info().HTTP_ORIGIN + RESOURCES_DIR + "destination.html";
-    testAnchor.click();
-}
-</script>
-</body>
-</html>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py b/LayoutTests/http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py
deleted file mode 100644 (file)
index f1210e0..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-def main(request, response):
-    headers = [("Content-Type", "text/html"),
-               ("Cross-Origin-Window-Policy", request.GET['value']),]
-    return 200, headers, """<!DOCTYPE html>
-<html>
-<head>
-<script src="/common/get-host-info.sub.js"></script>
-</head>
-<body>
-<script>
-const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/";
-let f = document.createElement("iframe");
-f.src = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR + "navigate-parent-via-anchor.html?target=%s";
-document.body.prepend(f);
-</script>
-</body>
-</html>""" % request.GET['target']
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py b/LayoutTests/http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py
deleted file mode 100644 (file)
index ffe7017..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-def main(request, response):
-    headers = [("Content-Type", "text/html"),
-               ("Cross-Origin-Window-Policy", request.GET['value']),]
-    return 200, headers, """TEST
-        <iframe name="subframe"></iframe>
-        <script>
-            window.addEventListener('load', () => {
-                const ownerWindow = window.opener ? window.opener : window.top;
-                try {
-                    ownerWindow.postMessage("READY", "*");
-                } catch (e) { }
-            });
-        </script>
-    """
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/resources/utils.js b/LayoutTests/http/wpt/cross-origin-window-policy/resources/utils.js
deleted file mode 100644 (file)
index 82bd7be..0000000
+++ /dev/null
@@ -1,150 +0,0 @@
-const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/";
-
-function isCrossOriginWindow(w)
-{
-    try {
-        w.name;
-    } catch (e) {
-        return true;
-    }
-    return false;
-}
-
-async function waitForCrossOriginLoad(w)
-{
-    return new Promise((resolve) => {
-        window.addEventListener('message', (msg) => {
-            if (msg.source != w || msg.data != "READY")
-                return;
-            resolve();
-        });
-
-        let handle = setInterval(() => {
-            if (isCrossOriginWindow(w)) {
-                clearInterval(handle);
-                try {
-                    w.postMessage;
-                } catch (e) {
-                    // No point in waiting for "READY" message from window since postMessage is
-                    // not available.
-                    resolve();
-                }
-            }
-        }, 5);
-    });
-}
-
-async function withIframe(resourceFile, crossOrigin)
-{
-    return new Promise((resolve) => {
-        let resourceURL = crossOrigin ? get_host_info().HTTP_REMOTE_ORIGIN : get_host_info().HTTP_ORIGIN;
-        resourceURL += RESOURCES_DIR;
-        resourceURL += resourceFile;
-        let frame = document.createElement("iframe");
-        frame.src = resourceURL;
-        if (crossOrigin) {
-            document.body.appendChild(frame);
-            waitForCrossOriginLoad(frame.contentWindow).then(() => {
-                resolve(frame);
-            });
-        } else {
-            frame.onload = function() { resolve(frame); };
-            document.body.appendChild(frame);
-        }
-    });
-}
-
-async function withPopup(resourceFile, crossOrigin, windowName)
-{
-    return new Promise((resolve) => { 
-        let resourceURL = crossOrigin ? get_host_info().HTTP_REMOTE_ORIGIN : get_host_info().HTTP_ORIGIN;
-        resourceURL += RESOURCES_DIR;
-        resourceURL += resourceFile;
-
-        let w = open(resourceURL, windowName);
-        if (crossOrigin) {
-            waitForCrossOriginLoad(w).then(() => {
-                resolve({ 'window': w });
-            });
-        } else {
-            w.onload = function() { resolve({ 'window': w }); };
-        }
-   });
-}
-
-const crossOriginPropertyNames = [ 'blur', 'close', 'closed', 'focus', 'frames', 'length', 'location', 'opener', 'parent', 'postMessage', 'self', 'top', 'window' ];
-const forbiddenPropertiesCrossOrigin = ["name", "document", "history", "locationbar", "status", "frameElement", "navigator", "alert", "localStorage", "sessionStorage", "event", "foo", "bar"];
-
-function assert_not_throwing(f, message)
-{
-    try {
-        f();
-    } catch (e) {
-        assert_unreached(message);
-    }
-}
-
-function checkCrossOriginPropertiesAccess(w)
-{
-    for (let crossOriginPropertyName of crossOriginPropertyNames)
-       assert_not_throwing(function() { w[crossOriginPropertyName]; }, "Accessing property '" + crossOriginPropertyName +"' on Window should not throw");
-   
-    assert_false(w.closed, "'closed' property value"); 
-    assert_equals(w.frames, w, "'frames' property value");
-    assert_equals(w.self, w, "'self' property value");
-    assert_equals(w.window, w, "'window' property value");
-
-    assert_not_throwing(function() { w.blur(); }, "Calling blur() on Window should should throw");
-    assert_not_throwing(function() { w.focus(); }, "Calling focus() on Window should should throw");
-    assert_not_throwing(function() { w.postMessage('test', '*'); }, "Calling postMessage() on Window should should throw");
-}
-
-function testCrossOriginOption(w, headerValue, isCrossOrigin)
-{
-    if (!isCrossOrigin) {
-        checkCrossOriginPropertiesAccess(w);
-        for (let forbiddenPropertyCrossOrigin of forbiddenPropertiesCrossOrigin)
-            assert_not_throwing(function() { eval("w." + forbiddenPropertyCrossOrigin); }, "Accessing property '" + forbiddenPropertyCrossOrigin + "' on Window should not throw");
-        assert_not_throwing(function() { w.foo = 1; }, "Setting expando property should not throw");
-        assert_equals(w.foo, 1, "expando property value");
-        return;
-    }
-
-    // Cross-origin case.
-    for (let forbiddenPropertyCrossOrigin of forbiddenPropertiesCrossOrigin) {
-        assert_throws("SecurityError", function() { eval("w." + forbiddenPropertyCrossOrigin); }, "Accessing property '" + forbiddenPropertyCrossOrigin + "' on Window should throw");
-        let desc = Object.getOwnPropertyDescriptor(window, forbiddenPropertyCrossOrigin);
-        if (desc && desc.value)
-            assert_throws("SecurityError", function() { desc.value.call(w); }, "Calling function '" + forbiddenPropertyCrossOrigin + "' on Window should throw (using getter from other window)");
-        else if (desc && desc.get)
-            assert_throws("SecurityError", function() { desc.get.call(w); }, "Accessing property '" + forbiddenPropertyCrossOrigin + "' on Window should throw (using getter from other window)");
-    }
-    assert_throws("SecurityError", function() { w.foo = 1; }, "Setting an expando property should throw");
-
-    if (headerValue == "deny" || headerValue == "allow-postmessage") {
-        for (let crossOriginPropertyName of crossOriginPropertyNames) {
-            if (headerValue == "allow-postmessage" && crossOriginPropertyName == "postMessage") {
-                assert_not_throwing(function() { w[crossOriginPropertyName]; }, "Accessing property '" + crossOriginPropertyName +"' on Window should not throw");
-            } else {
-                assert_throws("SecurityError", function() { w[crossOriginPropertyName]; }, "Accessing '" + crossOriginPropertyName + "' property");
-
-                let desc = Object.getOwnPropertyDescriptor(window, crossOriginPropertyName);
-                if (desc && desc.value)
-                    assert_throws("SecurityError", function() { desc.value.call(w); }, "Calling function '" + crossOriginPropertyName + "' on Window should throw (using getter from other window)");
-                else if (desc && desc.get)
-                    assert_throws("SecurityError", function() { desc.get.call(w); }, "Accessing property '" + crossOriginPropertyName + "' on Window should throw (using getter from other window)");
-            }
-        }
-        if (headerValue == "allow-postmessage") {
-            assert_not_throwing(function() { w.postMessage('test', '*'); }, "Calling postMessage() on Window should not throw");
-            assert_not_throwing(function() { Object.getOwnPropertyDescriptor(window, 'postMessage').value.call(w, 'test', '*'); }, "Calling postMessage() on Window should not throw (using getter from other window)");
-        }
-
-        assert_array_equals(Object.getOwnPropertyNames(w).sort(), headerValue == "allow-postmessage" ? ['postMessage'] : [], "Object.getOwnPropertyNames()");
-
-        return;
-    }
-
-    assert_array_equals(Object.getOwnPropertyNames(w).sort(), crossOriginPropertyNames.sort(), "Object.getOwnPropertyNames()");
-    checkCrossOriginPropertiesAccess(w);
-}
index 2276740..112bc40 100644 (file)
@@ -1,3 +1,42 @@
+2018-09-28  Chris Dumez  <cdumez@apple.com>
+
+        Drop support for cross-origin-window-policy header
+        https://bugs.webkit.org/show_bug.cgi?id=190081
+
+        Reviewed by Ryosuke Niwa.
+
+        Drop support for cross-origin-window-policy header as this was never enabled and its design has
+        some issues we have not resolved. An alternative is being worked on but will be substantially
+        different so there is not much value in keeping this code around.
+
+        * bindings/js/JSDOMBindingSecurity.cpp:
+        * bindings/js/JSDOMBindingSecurity.h:
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
+        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
+        (WebCore::addCrossOriginWindowPropertyNames):
+        (WebCore::addScopedChildrenIndexes):
+        (WebCore::addCrossOriginWindowOwnPropertyNames):
+        (WebCore::JSDOMWindow::getOwnPropertyNames):
+        * bindings/js/JSDOMWindowCustom.h:
+        * bindings/js/JSRemoteDOMWindowCustom.cpp:
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateAttributeGetterBodyDefinition):
+        (GenerateAttributeSetterBodyDefinition):
+        (GenerateOperationBodyDefinition):
+        * bindings/scripts/IDLAttributes.json:
+        * dom/Document.cpp:
+        (WebCore::Document::canNavigate):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::didBeginDocument):
+        * page/AbstractDOMWindow.cpp:
+        (WebCore::AbstractDOMWindow::AbstractDOMWindow):
+        * page/AbstractDOMWindow.h:
+        * page/DOMWindow.idl:
+        * page/Settings.yaml:
+        * platform/network/HTTPParsers.cpp:
+        * platform/network/HTTPParsers.h:
+
 2018-09-28  Daniel Bates  <dabates@apple.com>
 
         [iOS] Allow programmatic focus when hardware keyboard is attached
index f2d98bb..70d74b2 100644 (file)
@@ -100,19 +100,4 @@ bool BindingSecurity::shouldAllowAccessToNode(JSC::ExecState& state, Node* targe
     return !target || canAccessDocument(&state, &target->document(), LogSecurityError);
 }
 
-bool BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(JSC::ExecState* state, DOMWindow& target, CrossOriginWindowPolicy minimumCrossOriginWindowPolicy, SecurityReportingOption reportingOption)
-{
-    DOMWindow& source = activeDOMWindow(*state);
-    ASSERT(minimumCrossOriginWindowPolicy > CrossOriginWindowPolicy::Deny);
-
-    static_assert(CrossOriginWindowPolicy::Deny < CrossOriginWindowPolicy::AllowPostMessage && CrossOriginWindowPolicy::AllowPostMessage < CrossOriginWindowPolicy::Allow, "More restrictive cross-origin options should have lower values");
-
-    // Fast path.
-    auto effectiveCrossOriginWindowPolicy = std::min(source.crossOriginWindowPolicy(), target.crossOriginWindowPolicy());
-    if (effectiveCrossOriginWindowPolicy >= minimumCrossOriginWindowPolicy)
-        return true;
-
-    return shouldAllowAccessToDOMWindow(state, target, reportingOption);
-}
-
 } // namespace WebCore
index 170462e..2f33876 100644 (file)
@@ -36,8 +36,6 @@ class DOMWindow;
 class Frame;
 class Node;
 
-enum class CrossOriginWindowPolicy;
-
 void printErrorMessageForFrame(Frame*, const String& message);
 
 enum SecurityReportingOption { DoNotReportSecurityError, LogSecurityError, ThrowSecurityError };
@@ -55,9 +53,7 @@ bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, SecurityReportingOption =
 bool shouldAllowAccessToFrame(JSC::ExecState&, Frame&, String& message);
 bool shouldAllowAccessToNode(JSC::ExecState&, Node*);
 
-bool shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(JSC::ExecState*, DOMWindow&, CrossOriginWindowPolicy, SecurityReportingOption = LogSecurityError);
-
-};
+}
 
 template<typename T> inline T* BindingSecurity::checkSecurityForNode(JSC::ExecState& state, T& node)
 {
index 496d2e7..5bf92ba 100644 (file)
 namespace WebCore {
 using namespace JSC;
 
-static CrossOriginWindowPolicy effectiveCrossOriginWindowPolicyForAccess(ExecState& state, AbstractDOMWindow& target)
-{
-    static_assert(CrossOriginWindowPolicy::Deny < CrossOriginWindowPolicy::AllowPostMessage && CrossOriginWindowPolicy::AllowPostMessage < CrossOriginWindowPolicy::Allow, "More restrictive cross-origin options should have lower values");
-    return std::min(activeDOMWindow(state).crossOriginWindowPolicy(), target.crossOriginWindowPolicy());
-}
-
 EncodedJSValue JSC_HOST_CALL jsDOMWindowInstanceFunctionShowModalDialog(ExecState*);
 
 void JSDOMWindow::visitAdditionalChildren(SlotVisitor& visitor)
@@ -102,21 +96,6 @@ bool jsDOMWindowGetOwnPropertySlotRestrictedAccess(JSDOMGlobalObject* thisObject
         return true;
     }
 
-    switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) {
-    case CrossOriginWindowPolicy::AllowPostMessage:
-        if (propertyName == builtinNames.postMessagePublicName()) {
-            slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontEnum), windowType == DOMWindowType::Remote ? nonCachingStaticFunctionGetter<jsRemoteDOMWindowInstanceFunctionPostMessage, 0> : nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionPostMessage, 2>);
-            return true;
-        }
-        FALLTHROUGH;
-    case CrossOriginWindowPolicy::Deny:
-        throwSecurityError(state, scope, errorMessage);
-        slot.setUndefined();
-        return false;
-    case CrossOriginWindowPolicy::Allow:
-        break;
-    }
-
     // These are the functions we allow access to cross-origin (DoNotCheckSecurity in IDL).
     // Always provide the original function, on a fresh uncached function object.
     if (propertyName == builtinNames.blurPublicName()) {
@@ -255,18 +234,9 @@ bool JSDOMWindow::getOwnPropertySlotByIndex(JSObject* object, ExecState* state,
 
     // (1) First, indexed properties.
     // These are also allowed cross-origin, so come before the access check.
-    switch (effectiveCrossOriginWindowPolicyForAccess(*state, window)) {
-    case CrossOriginWindowPolicy::Deny:
-    case CrossOriginWindowPolicy::AllowPostMessage:
-        if (isCrossOriginAccess())
-            break;
-        FALLTHROUGH;
-    case CrossOriginWindowPolicy::Allow:
-        if (frame && index < frame->tree().scopedChildCount()) {
-            slot.setValue(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly), toJS(state, frame->tree().scopedChild(index)->document()->domWindow()));
-            return true;
-        }
-        break;
+    if (frame && index < frame->tree().scopedChildCount()) {
+        slot.setValue(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly), toJS(state, frame->tree().scopedChild(index)->document()->domWindow()));
+        return true;
     }
 
     // Hand off all cross-domain/frameless access to jsDOMWindowGetOwnPropertySlotRestrictedAccess.
@@ -339,7 +309,7 @@ void JSDOMWindow::heapSnapshot(JSCell* cell, HeapSnapshotBuilder& builder)
 }
 
 // https://html.spec.whatwg.org/#crossoriginproperties-(-o-)
-static void addCrossOriginWindowPropertyNames(ExecState& state, AbstractDOMWindow& window, PropertyNameArray& propertyNames)
+static void addCrossOriginWindowPropertyNames(ExecState& state, PropertyNameArray& propertyNames)
 {
     auto& vm = state.vm();
 
@@ -359,17 +329,8 @@ static void addCrossOriginWindowPropertyNames(ExecState& state, AbstractDOMWindo
         &static_cast<JSVMClientData*>(vm.clientData)->builtinNames().windowPublicName()
     };
 
-    switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) {
-    case CrossOriginWindowPolicy::Allow:
-        for (auto* property : properties)
-            propertyNames.add(*property);
-        break;
-    case CrossOriginWindowPolicy::AllowPostMessage:
-        propertyNames.add(static_cast<JSVMClientData*>(vm.clientData)->builtinNames().postMessagePublicName());
-        break;
-    case CrossOriginWindowPolicy::Deny:
-        break;
-    }
+    for (auto* property : properties)
+        propertyNames.add(*property);
 }
 
 static void addScopedChildrenIndexes(ExecState& state, DOMWindow& window, PropertyNameArray& propertyNames)
@@ -382,23 +343,15 @@ static void addScopedChildrenIndexes(ExecState& state, DOMWindow& window, Proper
     if (!frame)
         return;
 
-    switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) {
-    case CrossOriginWindowPolicy::Allow:
-        break;
-    case CrossOriginWindowPolicy::Deny:
-    case CrossOriginWindowPolicy::AllowPostMessage:
-        return;
-    }
-
     unsigned scopedChildCount = frame->tree().scopedChildCount();
     for (unsigned i = 0; i < scopedChildCount; ++i)
         propertyNames.add(Identifier::from(&state, i));
 }
 
 // https://html.spec.whatwg.org/#crossoriginownpropertykeys-(-o-)
-void addCrossOriginWindowOwnPropertyNames(ExecState& state, AbstractDOMWindow& window, PropertyNameArray& propertyNames)
+void addCrossOriginWindowOwnPropertyNames(ExecState& state, PropertyNameArray& propertyNames)
 {
-    addCrossOriginWindowPropertyNames(state, window, propertyNames);
+    addCrossOriginWindowPropertyNames(state, propertyNames);
 
     auto& vm = state.vm();
     propertyNames.add(vm.propertyNames->toStringTagSymbol);
@@ -415,7 +368,7 @@ void JSDOMWindow::getOwnPropertyNames(JSObject* object, ExecState* exec, Propert
 
     if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), DoNotReportSecurityError)) {
         if (mode.includeDontEnumProperties())
-            addCrossOriginWindowOwnPropertyNames(*exec, thisObject->wrapped(), propertyNames);
+            addCrossOriginWindowOwnPropertyNames(*exec, propertyNames);
         return;
     }
     Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
index 9fe9742..5228c0e 100644 (file)
@@ -40,6 +40,6 @@ enum class DOMWindowType { Local, Remote };
 template <DOMWindowType windowType>
 bool jsDOMWindowGetOwnPropertySlotRestrictedAccess(JSDOMGlobalObject*, AbstractDOMWindow&, JSC::ExecState&, JSC::PropertyName, JSC::PropertySlot&, const String&);
 
-void addCrossOriginWindowOwnPropertyNames(JSC::ExecState&, AbstractDOMWindow&, JSC::PropertyNameArray&);
+void addCrossOriginWindowOwnPropertyNames(JSC::ExecState&, JSC::PropertyNameArray&);
 
 } // namespace WebCore
index 010981a..0dad903 100644 (file)
@@ -97,14 +97,12 @@ bool JSRemoteDOMWindow::deletePropertyByIndex(JSCell*, ExecState* state, unsigne
     return false;
 }
 
-void JSRemoteDOMWindow::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
+void JSRemoteDOMWindow::getOwnPropertyNames(JSObject*, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
 {
-    auto* thisObject = jsCast<JSRemoteDOMWindow*>(object);
-
     // FIXME: Add scoped children indexes.
 
     if (mode.includeDontEnumProperties())
-        addCrossOriginWindowOwnPropertyNames(*exec, thisObject->wrapped(), propertyNames);
+        addCrossOriginWindowOwnPropertyNames(*exec, propertyNames);
 }
 
 bool JSRemoteDOMWindow::defineOwnProperty(JSC::JSObject*, JSC::ExecState* state, JSC::PropertyName, const JSC::PropertyDescriptor&, bool)
index 7b205f2..c0f0827 100644 (file)
@@ -4760,13 +4760,7 @@ sub GenerateAttributeGetterBodyDefinition
         !$attribute->extendedAttributes->{DoNotCheckSecurityOnGetter}) {
         AddToImplIncludes("JSDOMBindingSecurity.h", $conditional);
         if ($interface->type->name eq "DOMWindow") {
-            if ($attribute->extendedAttributes->{DoNotCheckSecurityIf}) {
-                my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});
-                AddToImplIncludes("HTTPParsers.h", $conditional);
-                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(&state, thisObject.wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n");
-            } else {
-                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(&state, thisObject.wrapped(), ThrowSecurityError))\n");
-            }
+            push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(&state, thisObject.wrapped(), ThrowSecurityError))\n");
         } else {
             push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToFrame(&state, thisObject.wrapped().frame(), ThrowSecurityError))\n");
         }
@@ -4874,15 +4868,6 @@ sub GenerateAttributeGetterDefinition
     push(@$outputArray, "#endif\n\n") if $conditional;
 }
 
-sub GetCrossOriginsOptionsFromExtendedAttributeValue
-{
-    my $extendedAttributeValue = shift;
-
-    return "CrossOriginWindowPolicy::Allow" if $extendedAttributeValue eq "CrossOriginWindowPolicyAllow";
-    return "CrossOriginWindowPolicy::AllowPostMessage" if $extendedAttributeValue eq "CrossOriginWindowPolicyAllowPostMessage";
-    die "Unsupported CrossOriginWindowPolicy: " + $extendedAttributeValue;
-}
-
 sub GenerateAttributeSetterBodyDefinition
 {
     my ($outputArray, $interface, $className, $attribute, $attributeSetterBodyName, $conditional) = @_;
@@ -4902,13 +4887,7 @@ sub GenerateAttributeSetterBodyDefinition
     if ($interface->extendedAttributes->{CheckSecurity} && !$attribute->extendedAttributes->{DoNotCheckSecurity} && !$attribute->extendedAttributes->{DoNotCheckSecurityOnSetter}) {
         AddToImplIncludes("JSDOMBindingSecurity.h", $conditional);
         if ($interface->type->name eq "DOMWindow") {
-            if ($attribute->extendedAttributes->{DoNotCheckSecurityIf}) {
-                my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});
-                AddToImplIncludes("HTTPParsers.h", $conditional);
-                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(&state, thisObject.wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n");
-            } else {
-                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(&state, thisObject.wrapped(), ThrowSecurityError))\n");
-            }
+            push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(&state, thisObject.wrapped(), ThrowSecurityError))\n");
         } else {
             push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToFrame(&state, thisObject.wrapped().frame(), ThrowSecurityError))\n");
         }
@@ -5126,13 +5105,7 @@ sub GenerateOperationBodyDefinition
             
             AddToImplIncludes("JSDOMBindingSecurity.h", $conditional);
             if ($interface->type->name eq "DOMWindow") {
-                if ($operation->extendedAttributes->{DoNotCheckSecurityIf}) {
-                    my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($operation->extendedAttributes->{DoNotCheckSecurityIf});
-                    AddToImplIncludes("HTTPParsers.h", $conditional);
-                    push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(state, castedThis->wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n");
-                } else {
-                    push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped(), ThrowSecurityError))\n");
-                }
+                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped(), ThrowSecurityError))\n");
                 push(@$outputArray, "        return JSValue::encode(jsUndefined());\n");
             } else {
                 push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToFrame(state, castedThis->wrapped().frame(), ThrowSecurityError))\n");
index 73fe7a2..bbf679a 100644 (file)
         "DoNotCheckSecurity": {
             "contextsAllowed": ["attribute", "operation"]
         },
-        "DoNotCheckSecurityIf": {
-            "contextsAllowed": ["attribute", "operation"],
-            "values": ["CrossOriginWindowPolicyAllow", "CrossOriginWindowPolicyAllowPostMessage"]
-        },
         "DoNotCheckSecurityOnGetter": {
             "contextsAllowed": ["attribute"]
         },
index 13bf910..e3e6224 100644 (file)
@@ -3271,17 +3271,6 @@ bool Document::canNavigate(Frame* targetFrame)
     if (!targetFrame)
         return true;
 
-    if (m_frame != targetFrame) {
-        auto sourceCrossOriginWindowPolicy = m_frame->window() ? m_frame->window()->crossOriginWindowPolicy() : CrossOriginWindowPolicy::Allow;
-        auto destinationCrossOriginWindowPolicy = targetFrame->window() ? targetFrame->window()->crossOriginWindowPolicy() : CrossOriginWindowPolicy::Allow;
-        if (sourceCrossOriginWindowPolicy != CrossOriginWindowPolicy::Allow || destinationCrossOriginWindowPolicy != CrossOriginWindowPolicy::Allow) {
-            if (m_frame->document() && targetFrame->document() && !m_frame->document()->securityOrigin().canAccess(targetFrame->document()->securityOrigin())) {
-                printNavigationErrorMessage(targetFrame, url(), "Navigation was not allowed due to Cross-Origin-Window-Policy header."_s);
-                return false;
-            }
-        }
-    }
-
     // Cases (i), (ii) and (iii) pass the tests from the specifications but might not pass the "security origin" tests.
 
     // i. A frame can navigate its top ancestor when its 'allow-top-navigation' flag is set (sometimes known as 'frame-busting').
index a91f6bd..bdbae65 100644 (file)
@@ -753,14 +753,6 @@ void FrameLoader::didBeginDocument(bool dispatch)
             if (!headerContentLanguage.isEmpty())
                 m_frame.document()->setContentLanguage(headerContentLanguage);
         }
-
-        if (m_frame.settings().crossOriginWindowPolicySupportEnabled()) {
-            String crossOriginWindowPolicyHeader = m_documentLoader->response().httpHeaderField(HTTPHeaderName::CrossOriginWindowPolicy);
-            if (!crossOriginWindowPolicyHeader.isNull()) {
-                ASSERT(m_frame.window());
-                m_frame.window()->setCrossOriginWindowPolicy(parseCrossOriginWindowPolicyHeader(crossOriginWindowPolicyHeader));
-            }
-        }
     }
 
     history().restoreDocumentState();
index 6abe031..e3d42df 100644 (file)
@@ -40,7 +40,6 @@ HashMap<GlobalWindowIdentifier, AbstractDOMWindow*>& AbstractDOMWindow::allWindo
 
 AbstractDOMWindow::AbstractDOMWindow(GlobalWindowIdentifier&& identifier)
     : m_identifier(WTFMove(identifier))
-    , m_crossOriginWindowPolicy(CrossOriginWindowPolicy::Allow)
 {
     ASSERT(!allWindows().contains(identifier));
     allWindows().add(identifier, this);
index 49917c8..5a5debd 100644 (file)
@@ -35,8 +35,6 @@ namespace WebCore {
 
 class AbstractFrame;
 
-enum class CrossOriginWindowPolicy;
-
 // FIXME: Rename DOMWindow to LocalWindow and AbstractDOMWindow to DOMWindow.
 class AbstractDOMWindow : public RefCounted<AbstractDOMWindow>, public EventTargetWithInlineData {
 public:
@@ -54,9 +52,6 @@ public:
     using RefCounted::ref;
     using RefCounted::deref;
 
-    CrossOriginWindowPolicy crossOriginWindowPolicy() const { return m_crossOriginWindowPolicy; }
-    void setCrossOriginWindowPolicy(CrossOriginWindowPolicy value) { m_crossOriginWindowPolicy = value; }
-
 protected:
     explicit AbstractDOMWindow(GlobalWindowIdentifier&&);
 
@@ -66,7 +61,6 @@ protected:
 
 private:
     GlobalWindowIdentifier m_identifier;
-    CrossOriginWindowPolicy m_crossOriginWindowPolicy;
 };
 
 } // namespace WebCore
index 2b4150f..a5592a9 100644 (file)
@@ -50,11 +50,11 @@ typedef USVString CSSOMString;
     PrimaryGlobal,
 ] interface DOMWindow : EventTarget {
     // The current browsing context.
-    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, Unforgeable, ImplementedAs=self] readonly attribute WindowProxy window;
-    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute WindowProxy self;
+    [DoNotCheckSecurity, Unforgeable, ImplementedAs=self] readonly attribute WindowProxy window;
+    [Replaceable, DoNotCheckSecurityOnGetter] readonly attribute WindowProxy self;
     [Unforgeable] readonly attribute Document document;
     attribute DOMString name;
-    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, PutForwards=href, Unforgeable] readonly attribute Location? location; // FIXME: Should not be nullable.
+    [DoNotCheckSecurity, PutForwards=href, Unforgeable] readonly attribute Location? location; // FIXME: Should not be nullable.
     readonly attribute History history;
     [EnabledAtRuntime=CustomElements, ImplementedAs=ensureCustomElementRegistry] readonly attribute CustomElementRegistry customElements;
     [Replaceable] readonly attribute BarProp locationbar;
@@ -64,18 +64,18 @@ typedef USVString CSSOMString;
     [Replaceable] readonly attribute BarProp statusbar;
     [Replaceable] readonly attribute BarProp toolbar;
     attribute DOMString status;
-    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CallWith=IncumbentDocument, ForwardDeclareInHeader] void close();
-    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ForwardDeclareInHeader] readonly attribute boolean closed;
+    [DoNotCheckSecurity, CallWith=IncumbentDocument, ForwardDeclareInHeader] void close();
+    [DoNotCheckSecurity, ForwardDeclareInHeader] readonly attribute boolean closed;
     void stop();
-    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CallWith=IncumbentWindow, ForwardDeclareInHeader] void focus();
-    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ForwardDeclareInHeader] void blur();
+    [DoNotCheckSecurity, CallWith=IncumbentWindow, ForwardDeclareInHeader] void focus();
+    [DoNotCheckSecurity, ForwardDeclareInHeader] void blur();
 
     // Other browsing contexts.
-    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ImplementedAs=self] readonly attribute WindowProxy frames;
-    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute unsigned long length;
-    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, Unforgeable] readonly attribute WindowProxy? top;
-    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CustomSetter] attribute WindowProxy? opener;
-    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute WindowProxy? parent;
+    [Replaceable, DoNotCheckSecurityOnGetter, ImplementedAs=self] readonly attribute WindowProxy frames;
+    [Replaceable, DoNotCheckSecurityOnGetter] readonly attribute unsigned long length;
+    [DoNotCheckSecurityOnGetter, Unforgeable] readonly attribute WindowProxy? top;
+    [DoNotCheckSecurityOnGetter, CustomSetter] attribute WindowProxy? opener;
+    [Replaceable, DoNotCheckSecurityOnGetter] readonly attribute WindowProxy? parent;
     [CheckSecurityForNode] readonly attribute Element? frameElement;
     [CallWith=ActiveWindow&FirstWindow, MayThrowException] WindowProxy? open(optional USVString url = "about:blank", optional DOMString target = "_blank", optional [TreatNullAs=EmptyString] DOMString features = "");
 
@@ -93,7 +93,7 @@ typedef USVString CSSOMString;
     long requestAnimationFrame(RequestAnimationFrameCallback callback); // FIXME: Should return an unsigned long.
     void cancelAnimationFrame(long handle); // FIXME: handle should be an unsigned long.
 
-    [CallWith=ScriptState&IncumbentWindow, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllowPostMessage, ForwardDeclareInHeader, MayThrowException] void postMessage(any message, USVString targetOrigin, optional sequence<object> transfer = []);
+    [CallWith=ScriptState&IncumbentWindow, DoNotCheckSecurity, ForwardDeclareInHeader, MayThrowException] void postMessage(any message, USVString targetOrigin, optional sequence<object> transfer = []);
 
     // Obsolete members, still part of the HTML specification (https://html.spec.whatwg.org/#Window-partial).
     void captureEvents(); // Not implemented. Also not in modern standards. Empty function may help compatibility with legacy content.
index edd3232..5f117fa 100644 (file)
@@ -750,9 +750,6 @@ clientCoordinatesRelativeToLayoutViewport:
   initial: false
   onChange: setNeedsRecalcStyleInAllFrames
 
-crossOriginWindowPolicySupportEnabled:
-  initial: false
-
 accessibilityEventsEnabled:
   initial: true
   conditional: ACCESSIBILITY_EVENTS
index f79ea88..d8113d5 100644 (file)
@@ -912,19 +912,4 @@ CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView header
     return CrossOriginResourcePolicy::Invalid;
 }
 
-CrossOriginWindowPolicy parseCrossOriginWindowPolicyHeader(StringView header)
-{
-    header = stripLeadingAndTrailingHTTPSpaces(header);
-    if (header.isEmpty())
-        return CrossOriginWindowPolicy::Allow;
-
-    if (equalLettersIgnoringASCIICase(header, "deny"))
-        return CrossOriginWindowPolicy::Deny;
-
-    if (equalLettersIgnoringASCIICase(header, "allow-postmessage"))
-        return CrossOriginWindowPolicy::AllowPostMessage;
-
-    return CrossOriginWindowPolicy::Allow;
-}
-
 }
index 5d55551..a6592f2 100644 (file)
@@ -71,13 +71,6 @@ enum class CrossOriginResourcePolicy {
     Invalid
 };
 
-// Should be sorted from most restrictive to most permissive.
-enum class CrossOriginWindowPolicy {
-    Deny,
-    AllowPostMessage,
-    Allow,
-};
-
 bool isValidReasonPhrase(const String&);
 bool isValidHTTPHeaderValue(const String&);
 bool isValidAcceptHeaderValue(const String&);
@@ -118,7 +111,6 @@ bool isCrossOriginSafeRequestHeader(HTTPHeaderName, const String&);
 String normalizeHTTPMethod(const String&);
 
 WEBCORE_EXPORT CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView);
-CrossOriginWindowPolicy parseCrossOriginWindowPolicyHeader(StringView);
 
 inline bool isHTTPSpace(UChar character)
 {
index bb164db..d3a297c 100644 (file)
@@ -1,5 +1,18 @@
 2018-09-28  Chris Dumez  <cdumez@apple.com>
 
+        Drop support for cross-origin-window-policy header
+        https://bugs.webkit.org/show_bug.cgi?id=190081
+
+        Reviewed by Ryosuke Niwa.
+
+        * Shared/WebPreferences.yaml:
+        * UIProcess/API/C/WKPreferences.cpp:
+        * UIProcess/API/C/WKPreferencesRef.h:
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::frameBecameRemote):
+
+2018-09-28  Chris Dumez  <cdumez@apple.com>
+
         Do not do automatic process prewarming while under memory pressure
         https://bugs.webkit.org/show_bug.cgi?id=190082
         <rdar://problem/39771424>
index e2517a1..ee8029b 100644 (file)
@@ -1070,10 +1070,6 @@ ConstantPropertiesEnabled:
   type: bool
   defaultValue: true
 
-CrossOriginWindowPolicySupportEnabled:
-  type: bool
-  defaultValue: false
-
 SubresourceIntegrityEnabled:
   type: bool
   defaultValue: true
index 8bf6350..ee6177d 100644 (file)
@@ -2040,16 +2040,6 @@ bool WKPreferencesGetCrossOriginResourcePolicyEnabled(WKPreferencesRef preferenc
     return toImpl(preferencesRef)->crossOriginResourcePolicyEnabled();
 }
 
-void WKPreferencesSetCrossOriginWindowPolicyEnabled(WKPreferencesRef preferencesRef, bool enabled)
-{
-    toImpl(preferencesRef)->setCrossOriginWindowPolicySupportEnabled(enabled);
-}
-
-bool WKPreferencesGetCrossOriginWindowPolicyEnabled(WKPreferencesRef preferencesRef)
-{
-    return toImpl(preferencesRef)->crossOriginWindowPolicySupportEnabled();
-}
-
 void WKPreferencesSetRestrictedHTTPResponseAccess(WKPreferencesRef preferencesRef, bool flag)
 {
     toImpl(preferencesRef)->setRestrictedHTTPResponseAccess(flag);
index 5a088db..133ccde 100644 (file)
@@ -325,10 +325,6 @@ WK_EXPORT bool WKPreferencesGetCrossOriginResourcePolicyEnabled(WKPreferencesRef
 WK_EXPORT void WKPreferencesSetCrossOriginResourcePolicyEnabled(WKPreferencesRef preferencesRef, bool allow);
 
 // Defaults to false.
-WK_EXPORT bool WKPreferencesGetCrossOriginWindowPolicyEnabled(WKPreferencesRef preferencesRef);
-WK_EXPORT void WKPreferencesSetCrossOriginWindowPolicyEnabled(WKPreferencesRef preferencesRef, bool enabled);
-
-// Defaults to false.
 WK_EXPORT bool WKPreferencesGetProcessSwapOnNavigationEnabled(WKPreferencesRef preferencesRef);
 WK_EXPORT void WKPreferencesSetProcessSwapOnNavigationEnabled(WKPreferencesRef preferencesRef, bool enabled);
 
index 0c966e9..51f0020 100644 (file)
@@ -6033,7 +6033,6 @@ void WebPage::frameBecameRemote(uint64_t frameID, GlobalFrameIdentifier&& remote
 
     auto remoteFrame = RemoteFrame::create(WTFMove(remoteFrameIdentifier));
     auto remoteWindow = RemoteDOMWindow::create(remoteFrame.copyRef(), WTFMove(remoteWindowIdentifier));
-    remoteWindow->setCrossOriginWindowPolicy(previousWindow->crossOriginWindowPolicy());
 
     remoteFrame->setOpener(frame->coreFrame()->loader().opener());
 
index c4967af..760d46b 100644 (file)
@@ -1,3 +1,17 @@
+2018-09-28  Chris Dumez  <cdumez@apple.com>
+
+        Drop support for cross-origin-window-policy header
+        https://bugs.webkit.org/show_bug.cgi?id=190081
+
+        Reviewed by Ryosuke Niwa.
+
+        * WebView/WebPreferenceKeysPrivate.h:
+        * WebView/WebPreferences.mm:
+        (+[WebPreferences initialize]):
+        * WebView/WebPreferencesPrivate.h:
+        * WebView/WebView.mm:
+        (-[WebView _preferencesChanged:]):
+
 2018-09-28  Ryosuke Niwa  <rniwa@webkit.org>
 
         Rename createMarkup to serializePreservingVisualAppearance
index 2ff6f6e..76bd412 100644 (file)
 #define WebKitDataTransferItemsEnabledPreferenceKey @"WebKitDataTransferItemsEnabled"
 #define WebKitCustomPasteboardDataEnabledPreferenceKey @"WebKitCustomPasteboardDataEnabled"
 #define WebKitCacheAPIEnabledPreferenceKey @"WebKitCacheAPIEnabled"
-#define WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey @"WebKitCrossOriginWindowPolicySupportEnabled"
 #define WebKitFetchAPIEnabledPreferenceKey @"WebKitFetchAPIEnabled"
 #define WebKitWritableStreamAPIEnabledPreferenceKey @"WebKitWritableStreamAPIEnabled"
 #define WebKitReadableByteStreamAPIEnabledPreferenceKey @"WebKitReadableByteStreamAPIEnabled"
index c9092e0..2670f4f 100644 (file)
@@ -634,7 +634,6 @@ public:
         [NSNumber numberWithBool:NO], WebKitWebGPUEnabledPreferenceKey,
 #endif
         [NSNumber numberWithBool:NO], WebKitCacheAPIEnabledPreferenceKey,
-        [NSNumber numberWithBool:NO], WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey,
         [NSNumber numberWithBool:YES], WebKitFetchAPIEnabledPreferenceKey,
 
 #if ENABLE(STREAMS_API)
@@ -3014,16 +3013,6 @@ static NSString *classIBCreatorID = nil;
     [self _setBoolValue:flag forKey:WebKitCacheAPIEnabledPreferenceKey];
 }
 
-- (BOOL)crossOriginWindowPolicySupportEnabled
-{
-    return [self _boolValueForKey:WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey];
-}
-
-- (void)setCrossOriginWindowPolicySupportEnabled:(BOOL)flag
-{
-    [self _setBoolValue:flag forKey:WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey];
-}
-
 - (BOOL)fetchAPIEnabled
 {
     return [self _boolValueForKey:WebKitFetchAPIEnabledPreferenceKey];
index f288fe2..94e79c7 100644 (file)
@@ -540,9 +540,6 @@ extern NSString *WebPreferencesCacheModelChangedInternalNotification WEBKIT_DEPR
 - (BOOL)cacheAPIEnabled;
 - (void)setCacheAPIEnabled:(BOOL)enabled;
 
-- (BOOL)crossOriginWindowPolicySupportEnabled;
-- (void)setCrossOriginWindowPolicySupportEnabled:(BOOL)enabled;
-
 - (void)setFetchAPIEnabled:(BOOL)flag;
 - (BOOL)fetchAPIEnabled;
 
index 0e4a675..14fb0d9 100644 (file)
@@ -3067,7 +3067,6 @@ static bool needsSelfRetainWhileLoadingQuirk()
 
     settings.setViewportFitEnabled([preferences viewportFitEnabled]);
     settings.setConstantPropertiesEnabled([preferences constantPropertiesEnabled]);
-    settings.setCrossOriginWindowPolicySupportEnabled([preferences crossOriginWindowPolicySupportEnabled]);
 
 #if ENABLE(GAMEPAD)
     RuntimeEnabledFeatures::sharedFeatures().setGamepadsEnabled([preferences gamepadsEnabled]);
index 450c41e..0237f7c 100644 (file)
@@ -1,3 +1,18 @@
+2018-09-28  Chris Dumez  <cdumez@apple.com>
+
+        Drop support for cross-origin-window-policy header
+        https://bugs.webkit.org/show_bug.cgi?id=190081
+
+        Reviewed by Ryosuke Niwa.
+
+        * WebPreferenceKeysPrivate.h:
+        * WebPreferences.cpp:
+        (WebPreferences::initializeDefaultSettings):
+        (WebPreferences::crossOriginWindowPolicySupportEnabled):
+        (WebPreferences::setCrossOriginWindowPolicySupportEnabled):
+        * WebView.cpp:
+        (WebView::notifyPreferencesChanged):
+
 2018-09-27  Antoine Quint  <graouts@apple.com>
 
         [Web Animations] Turn Web Animations with CSS integration on
index 2ffe49c..940d5cf 100644 (file)
 
 #define WebKitMenuItemElementEnabledPreferenceKey "WebKitMenuItemElementEnabled"
 
-#define WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey "WebKitCrossOriginWindowPolicySupportEnabled"
-
 #define WebKitModernMediaControlsEnabledPreferenceKey "WebKitModernMediaControlsEnabled"
 
 #define WebKitWebAnimationsEnabledPreferenceKey "WebKitWebAnimationsEnabled"
index 4e466aa..d87f605 100644 (file)
@@ -248,7 +248,6 @@ void WebPreferences::initializeDefaultSettings()
     CFDictionaryAddValue(defaults, CFSTR(WebKitShouldDisplaySubtitlesPreferenceKey), kCFBooleanFalse);
     CFDictionaryAddValue(defaults, CFSTR(WebKitShouldDisplayCaptionsPreferenceKey), kCFBooleanFalse);
     CFDictionaryAddValue(defaults, CFSTR(WebKitShouldDisplayTextDescriptionsPreferenceKey), kCFBooleanFalse);
-    CFDictionaryAddValue(defaults, CFSTR(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey), kCFBooleanFalse);
 
     RetainPtr<CFStringRef> linkBehaviorStringRef = adoptCF(CFStringCreateWithFormat(0, 0, CFSTR("%d"), WebKitEditableLinkDefaultBehavior));
     CFDictionaryAddValue(defaults, CFSTR(WebKitEditableLinkBehaviorPreferenceKey), linkBehaviorStringRef.get());
@@ -2039,13 +2038,12 @@ HRESULT WebPreferences::crossOriginWindowPolicySupportEnabled(_Out_ BOOL* enable
 {
     if (!enabled)
         return E_POINTER;
-    *enabled = boolValueForKey(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey);
+    *enabled = false;
     return S_OK;
 }
 
-HRESULT WebPreferences::setCrossOriginWindowPolicySupportEnabled(BOOL enabled)
+HRESULT WebPreferences::setCrossOriginWindowPolicySupportEnabled(BOOL)
 {
-    setBoolValue(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey, enabled);
     return S_OK;
 }
 
index 0d9fcab..5f53665 100644 (file)
@@ -5279,11 +5279,6 @@ HRESULT WebView::notifyPreferencesChanged(IWebNotification* notification)
         return hr;
     settings.setVisualViewportAPIEnabled(!!enabled);
 
-    hr = prefsPrivate->crossOriginWindowPolicySupportEnabled(&enabled);
-    if (FAILED(hr))
-        return hr;
-    settings.setCrossOriginWindowPolicySupportEnabled(!!enabled);
-
     hr = prefsPrivate->CSSOMViewScrollingAPIEnabled(&enabled);
     if (FAILED(hr))
         return hr;
index 9151239..9187692 100644 (file)
@@ -1,3 +1,19 @@
+2018-09-28  Chris Dumez  <cdumez@apple.com>
+
+        Drop support for cross-origin-window-policy header
+        https://bugs.webkit.org/show_bug.cgi?id=190081
+
+        Reviewed by Ryosuke Niwa.
+
+        190081_DropCrossOriginWindowPolicy
+
+        * DumpRenderTree/mac/DumpRenderTree.mm:
+        (enableExperimentalFeatures):
+        * DumpRenderTree/win/DumpRenderTree.cpp:
+        (enableExperimentalFeatures):
+        * WebKitTestRunner/TestController.cpp:
+        (WTR::TestController::resetPreferencesToConsistentValues):
+
 2018-09-28  Koby Boyango  <koby.b@mce.systems>
 
         [WTF] Add ExternalStringImpl, a StringImpl for user controlled buffers
index 27d01ac..150bf42 100644 (file)
@@ -865,7 +865,6 @@ static void enableExperimentalFeatures(WebPreferences* preferences)
     [preferences setAriaReflectionEnabled:YES];
     [preferences setVisualViewportAPIEnabled:YES];
     [preferences setColorFilterEnabled:YES];
-    [preferences setCrossOriginWindowPolicySupportEnabled:YES];
     [preferences setServerTimingEnabled:YES];
     [preferences setIntersectionObserverEnabled:YES];
     preferences.sourceBufferChangeTypeEnabled = YES;
index 52f788b..b8526bf 100644 (file)
@@ -790,7 +790,6 @@ static void enableExperimentalFeatures(IWebPreferences* preferences)
     prefsPrivate->setServerTimingEnabled(TRUE);
     // FIXME: WebGL2
     // FIXME: WebRTC
-    prefsPrivate->setCrossOriginWindowPolicySupportEnabled(TRUE);
 }
 
 static void resetWebPreferencesToConsistentValues(IWebPreferences* preferences)
index eeb959a..677c7a1 100644 (file)
@@ -801,7 +801,6 @@ void TestController::resetPreferencesToConsistentValues(const TestOptions& optio
     WKPreferencesSetCSSOMViewScrollingAPIEnabled(preferences, true);
     WKPreferencesSetMediaCapabilitiesEnabled(preferences, true);
 
-    WKPreferencesSetCrossOriginWindowPolicyEnabled(preferences, true);
     WKPreferencesSetRestrictedHTTPResponseAccess(preferences, true);
 
     WKPreferencesSetServerTimingEnabled(preferences, true);