Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 5 Jun 2018 04:11:49 +0000 (04:11 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 5 Jun 2018 04:11:49 +0000 (04:11 +0000)
https://bugs.webkit.org/show_bug.cgi?id=186287
<rdar://problem/40783352>

Reviewed by Youenn Fablet.

Source/WebCore:

Tests: http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html
       http/wpt/cross-origin-window-policy/allow-postmessage.html
       http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html
       http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html
       http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html

* bindings/js/JSDOMBindingSecurity.cpp:
(WebCore::BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy):
* bindings/js/JSDOMBindingSecurity.h:
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::effectiveCrossOriginWindowPolicyForAccess):
(WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
(WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
(WebCore::addCrossOriginWindowPropertyNames):
(WebCore::addScopedChildrenIndexes):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateAttributeGetterBodyDefinition):
(GetCrossOriginsOptionsFromExtendedAttributeValue):
(GenerateAttributeSetterBodyDefinition):
(GenerateOperationBodyDefinition):
* bindings/scripts/IDLAttributes.json:
* dom/Document.cpp:
(WebCore::Document::canNavigate):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::didBeginDocument):
* page/AbstractDOMWindow.cpp:
(WebCore::AbstractDOMWindow::AbstractDOMWindow):
* page/AbstractDOMWindow.h:
(WebCore::AbstractDOMWindow::crossOriginWindowPolicy):
(WebCore::AbstractDOMWindow::setCrossOriginWindowPolicy):
* page/DOMWindow.idl:
* page/Settings.yaml:
* platform/network/HTTPHeaderNames.in:
* platform/network/HTTPParsers.cpp:
(WebCore::parseCrossOriginWindowPolicyHeader):
* platform/network/HTTPParsers.h:

Source/WebKit:

* Shared/WebPreferences.yaml:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::frameBecameRemote):

Source/WebKitLegacy/mac:

* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):
(-[WebPreferences crossOriginWindowPolicySupportEnabled]):
(-[WebPreferences setCrossOriginWindowPolicySupportEnabled:]):
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]):

Source/WebKitLegacy/win:

* Interfaces/IWebPreferencesPrivate.idl:
* WebPreferenceKeysPrivate.h:
* WebPreferences.cpp:
(WebPreferences::initializeDefaultSettings):
(WebPreferences::crossOriginWindowPolicySupportEnabled):
(WebPreferences::setCrossOriginWindowPolicySupportEnabled):
* WebPreferences.h:
* WebView.cpp:
(WebView::notifyPreferencesChanged):

Tools:

* DumpRenderTree/mac/DumpRenderTree.mm:
(enableExperimentalFeatures):
* DumpRenderTree/win/DumpRenderTree.cpp:
(enableExperimentalFeatures):

LayoutTests:

* http/wpt/cross-origin-options/allow-postmessage-expected.txt: Removed.
* http/wpt/cross-origin-options/allow-postmessage-from-deny-expected.txt: Removed.
* http/wpt/cross-origin-options/allow-postmessage-from-deny.html.headers: Removed.
* http/wpt/cross-origin-options/cross-origin-options-header-expected.txt: Removed.
* http/wpt/cross-origin-options/navigation-from-opener-via-open-target-expected.txt: Removed.
* http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt: Removed.
* http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.headers: Removed.
* http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt: Added.
* http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt: Added.
* http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html: Renamed from LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny.html.
* http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers: Added.
* http/wpt/cross-origin-window-policy/allow-postmessage.html: Renamed from LayoutTests/http/wpt/cross-origin-options/allow-postmessage.html.
* http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt: Added.
* http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html: Renamed from LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html.
* http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt: Added.
* http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html: Renamed from LayoutTests/http/wpt/cross-origin-options/navigation-from-opener-via-open-target.html.
* http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt: Added.
* http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html: Renamed from LayoutTests/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target.html.
* http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.
* http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers: Added.
* http/wpt/cross-origin-window-policy/resources/destination.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/destination.html.
* http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/navigate-parent-via-anchor.html.
* http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/navigation-from-subframe-frame.py.
(main):
* http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/serve-cross-origin-options-header.py.
(main):
* http/wpt/cross-origin-window-policy/resources/utils.js: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/utils.js.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@232499 268f45cc-cd09-0410-ab3c-d52691b4dbfc

60 files changed:
LayoutTests/ChangeLog
LayoutTests/http/wpt/cross-origin-options/allow-postmessage-expected.txt [deleted file]
LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny-expected.txt [deleted file]
LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny.html.headers [deleted file]
LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header-expected.txt [deleted file]
LayoutTests/http/wpt/cross-origin-options/navigation-from-opener-via-open-target-expected.txt [deleted file]
LayoutTests/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt [deleted file]
LayoutTests/http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.headers [deleted file]
LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html [moved from LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny.html with 61% similarity]
LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage.html [moved from LayoutTests/http/wpt/cross-origin-options/allow-postmessage.html with 69% similarity]
LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html [moved from LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html with 53% similarity]
LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html [moved from LayoutTests/http/wpt/cross-origin-options/navigation-from-opener-via-open-target.html with 67% similarity]
LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html [moved from LayoutTests/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target.html with 75% similarity]
LayoutTests/http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html [moved from LayoutTests/http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html with 100% similarity]
LayoutTests/http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers [new file with mode: 0644]
LayoutTests/http/wpt/cross-origin-window-policy/resources/destination.html [moved from LayoutTests/http/wpt/cross-origin-options/resources/destination.html with 100% similarity]
LayoutTests/http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html [moved from LayoutTests/http/wpt/cross-origin-options/resources/navigate-parent-via-anchor.html with 84% similarity]
LayoutTests/http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py [moved from LayoutTests/http/wpt/cross-origin-options/resources/navigation-from-subframe-frame.py with 75% similarity]
LayoutTests/http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py [moved from LayoutTests/http/wpt/cross-origin-options/resources/serve-cross-origin-options-header.py with 86% similarity]
LayoutTests/http/wpt/cross-origin-window-policy/resources/utils.js [moved from LayoutTests/http/wpt/cross-origin-options/resources/utils.js with 98% similarity]
LayoutTests/platform/wk2/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt [deleted file]
LayoutTests/platform/wk2/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp
Source/WebCore/bindings/js/JSDOMBindingSecurity.h
Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/bindings/scripts/IDLAttributes.json
Source/WebCore/dom/Document.cpp
Source/WebCore/loader/FrameLoader.cpp
Source/WebCore/page/AbstractDOMWindow.cpp
Source/WebCore/page/AbstractDOMWindow.h
Source/WebCore/page/DOMWindow.idl
Source/WebCore/page/Settings.yaml
Source/WebCore/platform/network/HTTPHeaderNames.in
Source/WebCore/platform/network/HTTPParsers.cpp
Source/WebCore/platform/network/HTTPParsers.h
Source/WebKit/ChangeLog
Source/WebKit/Shared/WebPreferences.yaml
Source/WebKit/WebProcess/WebPage/WebPage.cpp
Source/WebKitLegacy/mac/ChangeLog
Source/WebKitLegacy/mac/WebView/WebPreferenceKeysPrivate.h
Source/WebKitLegacy/mac/WebView/WebPreferences.mm
Source/WebKitLegacy/mac/WebView/WebPreferencesPrivate.h
Source/WebKitLegacy/mac/WebView/WebView.mm
Source/WebKitLegacy/win/ChangeLog
Source/WebKitLegacy/win/Interfaces/IWebPreferencesPrivate.idl
Source/WebKitLegacy/win/WebPreferenceKeysPrivate.h
Source/WebKitLegacy/win/WebPreferences.cpp
Source/WebKitLegacy/win/WebPreferences.h
Source/WebKitLegacy/win/WebView.cpp
Tools/ChangeLog
Tools/DumpRenderTree/mac/DumpRenderTree.mm
Tools/DumpRenderTree/win/DumpRenderTree.cpp

index a66b52c..613e2d6 100644 (file)
@@ -1,3 +1,39 @@
+2018-06-04  Chris Dumez  <cdumez@apple.com>
+
+        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
+        https://bugs.webkit.org/show_bug.cgi?id=186287
+        <rdar://problem/40783352>
+
+        Reviewed by Youenn Fablet.
+
+        * http/wpt/cross-origin-options/allow-postmessage-expected.txt: Removed.
+        * http/wpt/cross-origin-options/allow-postmessage-from-deny-expected.txt: Removed.
+        * http/wpt/cross-origin-options/allow-postmessage-from-deny.html.headers: Removed.
+        * http/wpt/cross-origin-options/cross-origin-options-header-expected.txt: Removed.
+        * http/wpt/cross-origin-options/navigation-from-opener-via-open-target-expected.txt: Removed.
+        * http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt: Removed.
+        * http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.headers: Removed.
+        * http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt: Added.
+        * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt: Added.
+        * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html: Renamed from LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny.html.
+        * http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers: Added.
+        * http/wpt/cross-origin-window-policy/allow-postmessage.html: Renamed from LayoutTests/http/wpt/cross-origin-options/allow-postmessage.html.
+        * http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt: Added.
+        * http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html: Renamed from LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header.html.
+        * http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt: Added.
+        * http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html: Renamed from LayoutTests/http/wpt/cross-origin-options/navigation-from-opener-via-open-target.html.
+        * http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt: Added.
+        * http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html: Renamed from LayoutTests/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target.html.
+        * http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.
+        * http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers: Added.
+        * http/wpt/cross-origin-window-policy/resources/destination.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/destination.html.
+        * http/wpt/cross-origin-window-policy/resources/navigate-parent-via-anchor.html: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/navigate-parent-via-anchor.html.
+        * http/wpt/cross-origin-window-policy/resources/navigation-from-subframe-frame.py: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/navigation-from-subframe-frame.py.
+        (main):
+        * http/wpt/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/serve-cross-origin-options-header.py.
+        (main):
+        * http/wpt/cross-origin-window-policy/resources/utils.js: Renamed from LayoutTests/http/wpt/cross-origin-options/resources/utils.js.
+
 2018-06-04  Ryosuke Niwa  <rniwa@webkit.org>
 
         Moved the corresponding expected results for the tests moved in r232430.
diff --git a/LayoutTests/http/wpt/cross-origin-options/allow-postmessage-expected.txt b/LayoutTests/http/wpt/cross-origin-options/allow-postmessage-expected.txt
deleted file mode 100644 (file)
index 0e99987..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-PASS postMessage() on Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header 
-PASS postMessage() on Cross-origin popup with 'Cross-Origin-Options: allow-postmessage' HTTP header 
-
diff --git a/LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny-expected.txt b/LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny-expected.txt
deleted file mode 100644 (file)
index 49f6c93..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-PASS postMessage() on Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' but current window has 'deny' option 
-PASS postMessage() on Cross-origin popup with 'Cross-Origin-Options: allow-postmessage' but current window has 'deny' option 
-
diff --git a/LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny.html.headers b/LayoutTests/http/wpt/cross-origin-options/allow-postmessage-from-deny.html.headers
deleted file mode 100644 (file)
index bf59633..0000000
+++ /dev/null
@@ -1 +0,0 @@
-Cross-Origin-Options: deny
diff --git a/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header-expected.txt b/LayoutTests/http/wpt/cross-origin-options/cross-origin-options-header-expected.txt
deleted file mode 100644 (file)
index a03b128..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-  
-
-PASS Cross-origin iframe with 'Cross-Origin-Options: deny' HTTP header 
-PASS Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header 
-PASS Cross-origin iframe with 'Cross-Origin-Options: alLoW-postMessAgE' HTTP header (mixed case) 
-PASS Cross-origin iframe with 'Cross-Origin-Options: deny,allow' HTTP header (multiple values is invalid) 
-PASS Cross-origin iframe with 'Cross-Origin-Options:' HTTP header (empty value) 
-PASS Cross-origin iframe with 'Cross-Origin-Options: allow' HTTP header 
-PASS Cross-origin iframe with 'Cross-Origin-Options: invalid' HTTP header 
-PASS Same-origin iframe with 'Cross-Origin-Options: deny' HTTP header 
-PASS Same-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header 
-PASS Same-origin iframe with 'Cross-Origin-Options: allow' HTTP header 
-PASS Same-origin iframe with 'Cross-Origin-Options: invalid' HTTP header 
-PASS Cross-origin popup with 'Cross-Origin-Options: deny' HTTP header 
-PASS Cross-origin popup with 'Cross-Origin-Options: allow-postmessage' HTTP header 
-PASS Cross-origin popup with 'Cross-Origin-Options: allow' HTTP header 
-PASS Cross-origin popup with 'Cross-Origin-Options: invalid' HTTP header 
-PASS Same-origin popup with 'Cross-Origin-Options: deny' HTTP header 
-PASS Same-origin popup with 'Cross-Origin-Options: allow-postmessage' HTTP header 
-PASS Same-origin popup with 'Cross-Origin-Options: allow' HTTP header 
-PASS Same-origin popup with 'Cross-Origin-Options: invalid' HTTP header 
-
diff --git a/LayoutTests/http/wpt/cross-origin-options/navigation-from-opener-via-open-target-expected.txt b/LayoutTests/http/wpt/cross-origin-options/navigation-from-opener-via-open-target-expected.txt
deleted file mode 100644 (file)
index b38f900..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-CONSOLE MESSAGE: line 23: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/serve-cross-origin-options-header.py?value=deny' from frame with URL 'http://localhost:8800/WebKit/cross-origin-options/navigation-from-opener-via-open-target.html'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 44: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/serve-cross-origin-options-header.py?value=allow-postmessage' from frame with URL 'http://localhost:8800/WebKit/cross-origin-options/navigation-from-opener-via-open-target.html'. Navigation was not allowed due to Cross-Origin-Options header.
-
-
-PASS 'Cross-Origin-Options: deny' prevents navigation from opener via open() target 
-PASS 'Cross-Origin-Options: allow-postmessage' prevents navigation from opener via open() target 
-PASS 'Cross-Origin-Options: allow' does not prevent navigation from opener via open() target 
-
diff --git a/LayoutTests/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt b/LayoutTests/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt
deleted file mode 100644 (file)
index 79b4904..0000000
+++ /dev/null
@@ -1,35 +0,0 @@
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=foo1' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=foo1'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=foo1' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=foo1'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=foo2'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=foo2'. Navigation was not allowed due to Cross-Origin-Options header.
-
-
-PASS 'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>) 
-PASS 'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>) 
-PASS 'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>) 
-PASS 'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>) 
-PASS 'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>) 
-PASS 'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>) 
-PASS 'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName) 
-PASS 'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName) 
-PASS 'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>) 
-
diff --git a/LayoutTests/http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.headers b/LayoutTests/http/wpt/cross-origin-options/resources/cross-origin-options-allow-postmessage-pong.html.headers
deleted file mode 100644 (file)
index cfb12bb..0000000
+++ /dev/null
@@ -1 +0,0 @@
-Cross-Origin-Options: allow-postmessage
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt b/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-expected.txt
new file mode 100644 (file)
index 0000000..13c6be7
--- /dev/null
@@ -0,0 +1,5 @@
+
+
+PASS postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
+PASS postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
+
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt b/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny-expected.txt
new file mode 100644 (file)
index 0000000..412c968
--- /dev/null
@@ -0,0 +1,5 @@
+
+
+PASS postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option 
+PASS postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option 
+
@@ -2,7 +2,7 @@
 <html>
 <head>
 <meta charset="utf-8">
-<title>Tests calling postMessage() on a window with 'Cross-Origin-Options: allow-postmessage' from a window with 'Cross-Origin-Options: deny'</title>
+<title>Tests calling postMessage() on a window with 'Cross-Origin-Window-Policy: allow-postmessage' from a window with 'Cross-Origin-Window-Policy: deny'</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/utils.js"></script>
 <script>
 
 promise_test(function(test) {
-    return withIframe("cross-origin-options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
+    return withIframe("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
         assert_throws("SecurityError", function() { f.contentWindow.length }, "length property access");
         assert_throws("SecurityError", function() { f.contentWindow.postMessage("PING", "*"); }, "Calling postMessage() should throw");
     });
-}, "postMessage() on Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' but current window has 'deny' option");
+}, "postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option");
 
 promise_test(function(test) {
-    return withPopup("cross-origin-options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
+    return withPopup("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
         assert_throws("SecurityError", function() { result.window.length }, "length property access");
         assert_throws("SecurityError", function() { result.window.postMessage("PING", "*"); }, "Calling postMessage() should throw");
     });
-}, "postMessage() on Cross-origin popup with 'Cross-Origin-Options: allow-postmessage' but current window has 'deny' option");
+}, "postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' but current window has 'deny' option");
 
 </script>
 </body>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers b/LayoutTests/http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html.headers
new file mode 100644 (file)
index 0000000..6a2d256
--- /dev/null
@@ -0,0 +1 @@
+Cross-Origin-Window-Policy: deny
@@ -2,7 +2,7 @@
 <html>
 <head>
 <meta charset="utf-8">
-<title>Tests that postMessage() works when 'Cross-Origin-Options: allow-postmessage' HTTP header is served</title>
+<title>Tests that postMessage() works when 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header is served</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/utils.js"></script>
@@ -13,7 +13,7 @@
 <script>
 
 promise_test(function(test) {
-    return withIframe("cross-origin-options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
+    return withIframe("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((f) => {
         return new Promise((resolve) => {
             window.onmessage = (msg) => {
                 window.onmessage = null;
@@ -25,10 +25,10 @@ promise_test(function(test) {
             f.contentWindow.postMessage("PING", "*");
         });
     });
-}, "postMessage() on Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header");
+}, "postMessage() on Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
 
 promise_test(function(test) {
-    return withPopup("cross-origin-options-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
+    return withPopup("cross-origin-window-policy-allow-postmessage-pong.html", true /* isCrossOrigin */).then((result) => {
         return new Promise((resolve) => {
             window.onmessage = (msg) => {
                 window.onmessage = null;
@@ -40,7 +40,7 @@ promise_test(function(test) {
             result.window.postMessage("PING", "*");
         });
     });
-}, "postMessage() on Cross-origin popup with 'Cross-Origin-Options: allow-postmessage' HTTP header");
+}, "postMessage() on Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
 
 </script>
 </body>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt b/LayoutTests/http/wpt/cross-origin-window-policy/cross-origin-window-policy-header-expected.txt
new file mode 100644 (file)
index 0000000..e4a8d11
--- /dev/null
@@ -0,0 +1,22 @@
+  
+
+PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header 
+PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
+PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: alLoW-postMessAgE' HTTP header (mixed case) 
+PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: deny,allow' HTTP header (multiple values is invalid) 
+PASS Cross-origin iframe with 'Cross-Origin-Window-Policy:' HTTP header (empty value) 
+PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header 
+PASS Cross-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header 
+PASS Same-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header 
+PASS Same-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
+PASS Same-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header 
+PASS Same-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header 
+PASS Cross-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header 
+PASS Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
+PASS Cross-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header 
+PASS Cross-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header 
+PASS Same-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header 
+PASS Same-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header 
+PASS Same-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header 
+PASS Same-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header 
+
@@ -2,7 +2,7 @@
 <html>
 <head>
 <meta charset="utf-8">
-<title>Basic testing for Cross-Origin-Options HTTP header</title>
+<title>Basic testing for Cross-Origin-Window-Policy HTTP header</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/utils.js"></script>
@@ -36,162 +36,162 @@ function checkPopupPropertyValues(w)
 }
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=deny", true /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */).then((f) => {
         testCrossOriginOption(f.contentWindow, "deny", true /* isCrossOrigin */);
     });
-}, "Cross-origin iframe with 'Cross-Origin-Options: deny' HTTP header");
+}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header");
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((f) => {
         testCrossOriginOption(f.contentWindow, "allow-postmessage", true /* isCrossOrigin */);
     });
-}, "Cross-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header");
+}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=alLoW-postMessAgE", true /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=alLoW-postMessAgE", true /* isCrossOrigin */).then((f) => {
         testCrossOriginOption(f.contentWindow, "allow-postmessage", true /* isCrossOrigin */);
     });
-}, "Cross-origin iframe with 'Cross-Origin-Options: alLoW-postMessAgE' HTTP header (mixed case)");
+}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: alLoW-postMessAgE' HTTP header (mixed case)");
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=deny,allow", true /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=deny,allow", true /* isCrossOrigin */).then((f) => {
         const w = f.contentWindow;
         // Invalid input: should be treated as "allow".
         testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
 
         checkIframePropertyValues(w);
     });
-}, "Cross-origin iframe with 'Cross-Origin-Options: deny,allow' HTTP header (multiple values is invalid)");
+}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: deny,allow' HTTP header (multiple values is invalid)");
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=", true /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=", true /* isCrossOrigin */).then((f) => {
         const w = f.contentWindow;
         // Empty value: should be treated as "allow".
         testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
 
         checkIframePropertyValues(w);
     });
-}, "Cross-origin iframe with 'Cross-Origin-Options:' HTTP header (empty value)");
+}, "Cross-origin iframe with 'Cross-Origin-Window-Policy:' HTTP header (empty value)");
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=allow", true /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */).then((f) => {
         const w = f.contentWindow;
         testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
 
         checkIframePropertyValues(w);
     });
-}, "Cross-origin iframe with 'Cross-Origin-Options: allow' HTTP header");
+}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header");
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=invalid", true /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=invalid", true /* isCrossOrigin */).then((f) => {
         const w = f.contentWindow;
         testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
         
         checkIframePropertyValues(w);
     });
-}, "Cross-origin iframe with 'Cross-Origin-Options: invalid' HTTP header");
+}, "Cross-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header");
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=deny", false /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=deny", false /* isCrossOrigin */).then((f) => {
          const w = f.contentWindow;
         testCrossOriginOption(w, "deny", false /* isCrossOrigin */);
 
         checkIframePropertyValues(w);
     });
-}, "Same-origin iframe with 'Cross-Origin-Options: deny' HTTP header");
+}, "Same-origin iframe with 'Cross-Origin-Window-Policy: deny' HTTP header");
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((f) => {
          const w = f.contentWindow;
         testCrossOriginOption(w, "allow-postmessage", false /* isCrossOrigin */);
 
         checkIframePropertyValues(w);
     });
-}, "Same-origin iframe with 'Cross-Origin-Options: allow-postmessage' HTTP header");
+}, "Same-origin iframe with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=allow", false /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=allow", false /* isCrossOrigin */).then((f) => {
          const w = f.contentWindow;
         testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
 
         checkIframePropertyValues(w);
     });
-}, "Same-origin iframe with 'Cross-Origin-Options: allow' HTTP header");
+}, "Same-origin iframe with 'Cross-Origin-Window-Policy: allow' HTTP header");
 
 promise_test(function(test) {
-    return withIframe("serve-cross-origin-options-header.py?value=invalid", false /* isCrossOrigin */).then((f) => {
+    return withIframe("serve-cross-origin-window-policy-header.py?value=invalid", false /* isCrossOrigin */).then((f) => {
          const w = f.contentWindow;
         testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
 
         checkIframePropertyValues(w);
     });
-}, "Same-origin iframe with 'Cross-Origin-Options: invalid' HTTP header");
+}, "Same-origin iframe with 'Cross-Origin-Window-Policy: invalid' HTTP header");
 
 promise_test(function(test) {
-    return withPopup("serve-cross-origin-options-header.py?value=deny", true /* isCrossOrigin */).then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */).then((result) => {
         testCrossOriginOption(result.window, "deny", true /* isCrossOrigin */);
     });
-}, "Cross-origin popup with 'Cross-Origin-Options: deny' HTTP header");
+}, "Cross-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header");
 
 promise_test(function(test) {
-    return withPopup("serve-cross-origin-options-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */).then((result) => {
         testCrossOriginOption(result.window, "allow-postmessage", true /* isCrossOrigin */);
     });
-}, "Cross-origin popup with 'Cross-Origin-Options: allow-postmessage' HTTP header");
+}, "Cross-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
 
 promise_test(function(test) {
-    return withPopup("serve-cross-origin-options-header.py?value=allow", true /* isCrossOrigin */).then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */).then((result) => {
         const w = result.window;
         testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
 
         checkPopupPropertyValues(w);
     });
-}, "Cross-origin popup with 'Cross-Origin-Options: allow' HTTP header");
+}, "Cross-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header");
 
 promise_test(function(test) {
-    return withPopup("serve-cross-origin-options-header.py?value=invalid", true /* isCrossOrigin */).then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=invalid", true /* isCrossOrigin */).then((result) => {
         const w = result.window;
         testCrossOriginOption(w, "allow", true /* isCrossOrigin */);
 
         checkPopupPropertyValues(w);
     });
-}, "Cross-origin popup with 'Cross-Origin-Options: invalid' HTTP header");
+}, "Cross-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header");
 
 promise_test(function(test) {
-    return withPopup("serve-cross-origin-options-header.py?value=deny", false /* isCrossOrigin */).then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=deny", false /* isCrossOrigin */).then((result) => {
          const w = result.window;
         testCrossOriginOption(w, "deny", false /* isCrossOrigin */);
 
         checkPopupPropertyValues(w);
     });
-}, "Same-origin popup with 'Cross-Origin-Options: deny' HTTP header");
+}, "Same-origin popup with 'Cross-Origin-Window-Policy: deny' HTTP header");
 
 promise_test(function(test) {
-    return withPopup("serve-cross-origin-options-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", false /* isCrossOrigin */).then((result) => {
          const w = result.window;
         testCrossOriginOption(w, "allow-postmessage", false /* isCrossOrigin */);
 
         checkPopupPropertyValues(w);
     });
-}, "Same-origin popup with 'Cross-Origin-Options: allow-postmessage' HTTP header");
+}, "Same-origin popup with 'Cross-Origin-Window-Policy: allow-postmessage' HTTP header");
 
 promise_test(function(test) {
-    return withPopup("serve-cross-origin-options-header.py?value=allow", false /* isCrossOrigin */).then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=allow", false /* isCrossOrigin */).then((result) => {
          const w = result.window;
         testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
 
         checkPopupPropertyValues(w);
     });
-}, "Same-origin popup with 'Cross-Origin-Options: allow' HTTP header");
+}, "Same-origin popup with 'Cross-Origin-Window-Policy: allow' HTTP header");
 
 promise_test(function(test) {
-    return withPopup("serve-cross-origin-options-header.py?value=invalid", false /* isCrossOrigin */).then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=invalid", false /* isCrossOrigin */).then((result) => {
          const w = result.window;
         testCrossOriginOption(w, "allow", false /* isCrossOrigin */);
 
         checkPopupPropertyValues(w);
     });
-}, "Same-origin popup with 'Cross-Origin-Options: invalid' HTTP header");
+}, "Same-origin popup with 'Cross-Origin-Window-Policy: invalid' HTTP header");
 
 </script>
 </body>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt b/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target-expected.txt
new file mode 100644 (file)
index 0000000..0e9c84f
--- /dev/null
@@ -0,0 +1,9 @@
+CONSOLE MESSAGE: line 23: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py?value=deny' from frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/navigation-from-opener-via-open-target.html'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 44: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/serve-cross-origin-window-policy-header.py?value=allow-postmessage' from frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/navigation-from-opener-via-open-target.html'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+
+PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from opener via open() target 
+PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from opener via open() target 
+PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from opener via open() target 
+
@@ -2,7 +2,7 @@
 <html>
 <head>
 <meta charset="utf-8">
-<title>Tests that 'Cross-Origin-Options: deny / allow-postmessage' prevents a cross-origin opener from navigating us</title>
+<title>Tests that 'Cross-Origin-Window-Policy: deny / allow-postmessage' prevents a cross-origin opener from navigating us</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/utils.js"></script>
 <script>
 
 promise_test(t => {
-    return withPopup("serve-cross-origin-options-header.py?value=deny", true /* isCrossOrigin */, "foo1").then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=deny", true /* isCrossOrigin */, "foo1").then((result) => {
         return new Promise((resolve) => {
             window.onmessage = (msg) => {
                 assert_not_equals(msg.source, result.window, "Existing window should not navigate");
             }
 
-            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-options/resources/destination.html";
+            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html";
             w = open(destinationURL, "foo1");
             // If a window with the given name is found but cannot be navigated, a new one is created, as if we could
             // not find the given window.
@@ -31,16 +31,16 @@ promise_test(t => {
             }, 200);
         });
     });
-}, "'Cross-Origin-Options: deny' prevents navigation from opener via open() target");
+}, "'Cross-Origin-Window-Policy: deny' prevents navigation from opener via open() target");
 
 promise_test(t => {
-    return withPopup("serve-cross-origin-options-header.py?value=allow-postmessage", true /* isCrossOrigin */, "foo2").then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=allow-postmessage", true /* isCrossOrigin */, "foo2").then((result) => {
         return new Promise((resolve) => {
             window.onmessage = (msg) => {
                 assert_not_equals(msg.source, result.window, "Existing window should not navigate");
             }
 
-            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-options/resources/destination.html";
+            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html";
             w = open(destinationURL, "foo2");
             // If a window with the given name is found but cannot be navigated, a new one is created, as if we could
             // not find the given window.
@@ -52,22 +52,22 @@ promise_test(t => {
             }, 200);
         });
     });
-}, "'Cross-Origin-Options: allow-postmessage' prevents navigation from opener via open() target");
+}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from opener via open() target");
 
 promise_test(t => {
-    return withPopup("serve-cross-origin-options-header.py?value=allow", true /* isCrossOrigin */, "foo3").then((result) => {
+    return withPopup("serve-cross-origin-window-policy-header.py?value=allow", true /* isCrossOrigin */, "foo3").then((result) => {
         return new Promise((resolve) => {
             window.onmessage = () => {
                 window.onmessage = null;
                 resolve();
             }
 
-            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-options/resources/destination.html";
+            let destinationURL = get_host_info().HTTP_ORIGIN + "/WebKit/cross-origin-window-policy/resources/destination.html";
             w = open(destinationURL, "foo3");
             assert_equals(w, result.window, "open() should return the same window");
         });
     });
-}, "'Cross-Origin-Options: allow' does not prevent navigation from opener via open() target");
+}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from opener via open() target");
 </script>
 </body>
 </html>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt b/LayoutTests/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt
new file mode 100644 (file)
index 0000000..2699278
--- /dev/null
@@ -0,0 +1,35 @@
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=foo1' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo1'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=foo1' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo1'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo2'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo2'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+
+PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>) 
+PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>) 
+PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>) 
+PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>) 
+PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>) 
+PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>) 
+PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName) 
+PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName) 
+PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>) 
+
@@ -2,7 +2,7 @@
 <html>
 <head>
 <meta charset="utf-8">
-<title>Tests that 'Cross-Origin-Options: deny / allow-postmessage' prevents a cross-origin iframe from navigating us</title>
+<title>Tests that 'Cross-Origin-Window-Policy: deny / allow-postmessage' prevents a cross-origin iframe from navigating us</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/utils.js"></script>
@@ -22,7 +22,7 @@ promise_test(t => {
             }, 200);
         });
     });
-}, "'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>)");
+}, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>)");
 
 promise_test(t => {
     return withPopup("navigation-from-subframe-frame.py?value=allow-postmessage&target=_top", false /* isCrossOrigin */).then((result) => {
@@ -34,7 +34,7 @@ promise_test(t => {
             }, 200);
         });
     });
-}, "'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>)");
+}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>)");
 
 promise_test(t => {
     return withPopup("navigation-from-subframe-frame.py?value=allow&target=_top", false /* isCrossOrigin */).then((result) => {
@@ -44,7 +44,7 @@ promise_test(t => {
             };
         });
     });
-}, "'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>)");
+}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>)");
 
 promise_test(t => {
     return withPopup("navigation-from-subframe-frame.py?value=deny&target=_parent", false /* isCrossOrigin */).then((result) => {
@@ -56,7 +56,7 @@ promise_test(t => {
             }, 200);
         });
     });
-}, "'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");
+}, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");
 
 promise_test(t => {
     return withPopup("navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent", false /* isCrossOrigin */).then((result) => {
@@ -68,7 +68,7 @@ promise_test(t => {
             }, 200);
         });
     });
-}, "'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");
+}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>)");
 
 promise_test(t => {
     return withPopup("navigation-from-subframe-frame.py?value=allow&target=_parent", false /* isCrossOrigin */).then((result) => {
@@ -78,7 +78,7 @@ promise_test(t => {
             }; 
         });
     });
-}, "'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>)");
+}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>)");
 
 promise_test(t => {
     return withPopup("navigation-from-subframe-frame.py?value=deny&target=foo1", false /* isCrossOrigin */, "foo1").then((result) => {
@@ -90,7 +90,7 @@ promise_test(t => {
             }, 200);
         });
     }); 
-}, "'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName)");
+}, "'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName)");
 
 promise_test(t => {
     return withPopup("navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2", false /* isCrossOrigin */, "foo2").then((result) => {
@@ -102,7 +102,7 @@ promise_test(t => {
             }, 200);
         });
     });
-}, "'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName)");
+}, "'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName)");
 
 promise_test(t => {
     return withPopup("navigation-from-subframe-frame.py?value=allow&target=foo3", false /* isCrossOrigin */, "foo3").then((result) => {
@@ -112,7 +112,7 @@ promise_test(t => {
             };
         });
     });
-}, "'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>)");
+}, "'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>)");
 
 </script>
 </body>
diff --git a/LayoutTests/http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers b/LayoutTests/http/wpt/cross-origin-window-policy/resources/cross-origin-window-policy-allow-postmessage-pong.html.headers
new file mode 100644 (file)
index 0000000..f5e68b2
--- /dev/null
@@ -0,0 +1 @@
+Cross-Origin-Window-Policy: allow-postmessage
@@ -6,7 +6,7 @@
 <body>
 <a id="testAnchor">Click me</a>
 <script>
-const RESOURCES_DIR = "/WebKit/cross-origin-options/resources/";
+const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/";
 onload = () => {
     let params = new URLSearchParams(location.search);
     testAnchor.target= params.get('target')
@@ -1,6 +1,6 @@
 def main(request, response):
     headers = [("Content-Type", "text/html"),
-               ("Cross-Origin-Options", request.GET['value']),]
+               ("Cross-Origin-Window-Policy", request.GET['value']),]
     return 200, headers, """<!DOCTYPE html>
 <html>
 <head>
@@ -8,7 +8,7 @@ def main(request, response):
 </head>
 <body>
 <script>
-const RESOURCES_DIR = "/WebKit/cross-origin-options/resources/";
+const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/";
 let f = document.createElement("iframe");
 f.src = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR + "navigate-parent-via-anchor.html?target=%s";
 document.body.prepend(f);
@@ -1,6 +1,6 @@
 def main(request, response):
     headers = [("Content-Type", "text/html"),
-               ("Cross-Origin-Options", request.GET['value']),]
+               ("Cross-Origin-Window-Policy", request.GET['value']),]
     return 200, headers, """TEST
         <iframe name="subframe"></iframe>
         <script>
@@ -1,4 +1,4 @@
-const RESOURCES_DIR = "/WebKit/cross-origin-options/resources/";
+const RESOURCES_DIR = "/WebKit/cross-origin-window-policy/resources/";
 
 function isCrossOriginWindow(w)
 {
diff --git a/LayoutTests/platform/wk2/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt b/LayoutTests/platform/wk2/http/wpt/cross-origin-options/navigation-from-subframe-via-anchor-target-expected.txt
deleted file mode 100644 (file)
index df4ff4e..0000000
+++ /dev/null
@@ -1,35 +0,0 @@
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=foo1' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=foo1'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=deny&target=foo1' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=foo1'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=foo2'. Navigation was not allowed due to Cross-Origin-Options header.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-options/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-options/resources/navigate-parent-via-anchor.html?target=foo2'. Navigation was not allowed due to Cross-Origin-Options header.
-
-
-PASS 'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>) 
-PASS 'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>) 
-PASS 'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>) 
-PASS 'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>) 
-PASS 'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>) 
-PASS 'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>) 
-PASS 'Cross-Origin-Options: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName) 
-PASS 'Cross-Origin-Options: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName) 
-PASS 'Cross-Origin-Options: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>) 
-
diff --git a/LayoutTests/platform/wk2/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt b/LayoutTests/platform/wk2/http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target-expected.txt
new file mode 100644 (file)
index 0000000..bbb2a90
--- /dev/null
@@ -0,0 +1,35 @@
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_top' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_top'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=_parent' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=_parent'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=foo1' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo1'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=deny&target=foo1' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo1'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: line 14: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo2'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/WebKit/cross-origin-window-policy/resources/navigation-from-subframe-frame.py?value=allow-postmessage&target=foo2' from frame with URL 'http://127.0.0.1:8800/WebKit/cross-origin-window-policy/resources/navigate-parent-via-anchor.html?target=foo2'. Navigation was not allowed due to Cross-Origin-Window-Policy header.
+
+
+PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_top>) 
+PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_top>) 
+PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_top>) 
+PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=_parent>) 
+PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=_parent>) 
+PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=_parent>) 
+PASS 'Cross-Origin-Window-Policy: deny' prevents navigation from cross-origin sub-frame (using <a target=windowName) 
+PASS 'Cross-Origin-Window-Policy: allow-postmessage' prevents navigation from cross-origin sub-frame (using <a target=windowName) 
+PASS 'Cross-Origin-Window-Policy: allow' does not prevent navigation from cross-origin sub-frame (using <a target=windowName>) 
+
index b07d2ea..2903204 100644 (file)
@@ -1,3 +1,48 @@
+2018-06-04  Chris Dumez  <cdumez@apple.com>
+
+        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
+        https://bugs.webkit.org/show_bug.cgi?id=186287
+        <rdar://problem/40783352>
+
+        Reviewed by Youenn Fablet.
+
+        Tests: http/wpt/cross-origin-window-policy/allow-postmessage-from-deny.html
+               http/wpt/cross-origin-window-policy/allow-postmessage.html
+               http/wpt/cross-origin-window-policy/cross-origin-window-policy-header.html
+               http/wpt/cross-origin-window-policy/navigation-from-opener-via-open-target.html
+               http/wpt/cross-origin-window-policy/navigation-from-subframe-via-anchor-target.html
+
+        * bindings/js/JSDOMBindingSecurity.cpp:
+        (WebCore::BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy):
+        * bindings/js/JSDOMBindingSecurity.h:
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::effectiveCrossOriginWindowPolicyForAccess):
+        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
+        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
+        (WebCore::addCrossOriginWindowPropertyNames):
+        (WebCore::addScopedChildrenIndexes):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateAttributeGetterBodyDefinition):
+        (GetCrossOriginsOptionsFromExtendedAttributeValue):
+        (GenerateAttributeSetterBodyDefinition):
+        (GenerateOperationBodyDefinition):
+        * bindings/scripts/IDLAttributes.json:
+        * dom/Document.cpp:
+        (WebCore::Document::canNavigate):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::didBeginDocument):
+        * page/AbstractDOMWindow.cpp:
+        (WebCore::AbstractDOMWindow::AbstractDOMWindow):
+        * page/AbstractDOMWindow.h:
+        (WebCore::AbstractDOMWindow::crossOriginWindowPolicy):
+        (WebCore::AbstractDOMWindow::setCrossOriginWindowPolicy):
+        * page/DOMWindow.idl:
+        * page/Settings.yaml:
+        * platform/network/HTTPHeaderNames.in:
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::parseCrossOriginWindowPolicyHeader):
+        * platform/network/HTTPParsers.h:
+
 2018-06-04  Brent Fulgham  <bfulgham@apple.com>
 
         REGRESSION(r231291): InputType should hold a WeakPtr to its HTMLInputElement
index 2b67585..f2d98bb 100644 (file)
@@ -100,16 +100,16 @@ bool BindingSecurity::shouldAllowAccessToNode(JSC::ExecState& state, Node* targe
     return !target || canAccessDocument(&state, &target->document(), LogSecurityError);
 }
 
-bool BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions(JSC::ExecState* state, DOMWindow& target, CrossOriginOptions minimumCrossOriginOptions, SecurityReportingOption reportingOption)
+bool BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(JSC::ExecState* state, DOMWindow& target, CrossOriginWindowPolicy minimumCrossOriginWindowPolicy, SecurityReportingOption reportingOption)
 {
     DOMWindow& source = activeDOMWindow(*state);
-    ASSERT(minimumCrossOriginOptions > CrossOriginOptions::Deny);
+    ASSERT(minimumCrossOriginWindowPolicy > CrossOriginWindowPolicy::Deny);
 
-    static_assert(CrossOriginOptions::Deny < CrossOriginOptions::AllowPostMessage && CrossOriginOptions::AllowPostMessage < CrossOriginOptions::Allow, "More restrictive cross-origin options should have lower values");
+    static_assert(CrossOriginWindowPolicy::Deny < CrossOriginWindowPolicy::AllowPostMessage && CrossOriginWindowPolicy::AllowPostMessage < CrossOriginWindowPolicy::Allow, "More restrictive cross-origin options should have lower values");
 
     // Fast path.
-    auto effectiveCrossOriginOptions = std::min(source.crossOriginOptions(), target.crossOriginOptions());
-    if (effectiveCrossOriginOptions >= minimumCrossOriginOptions)
+    auto effectiveCrossOriginWindowPolicy = std::min(source.crossOriginWindowPolicy(), target.crossOriginWindowPolicy());
+    if (effectiveCrossOriginWindowPolicy >= minimumCrossOriginWindowPolicy)
         return true;
 
     return shouldAllowAccessToDOMWindow(state, target, reportingOption);
index 5c2af99..170462e 100644 (file)
@@ -36,7 +36,7 @@ class DOMWindow;
 class Frame;
 class Node;
 
-enum class CrossOriginOptions;
+enum class CrossOriginWindowPolicy;
 
 void printErrorMessageForFrame(Frame*, const String& message);
 
@@ -55,7 +55,7 @@ bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, SecurityReportingOption =
 bool shouldAllowAccessToFrame(JSC::ExecState&, Frame&, String& message);
 bool shouldAllowAccessToNode(JSC::ExecState&, Node*);
 
-bool shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions(JSC::ExecState*, DOMWindow&, CrossOriginOptions, SecurityReportingOption = LogSecurityError);
+bool shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(JSC::ExecState*, DOMWindow&, CrossOriginWindowPolicy, SecurityReportingOption = LogSecurityError);
 
 };
 
index 5db1d5c..d999393 100644 (file)
 namespace WebCore {
 using namespace JSC;
 
-static CrossOriginOptions effectiveCrossOriginOptionsForAccess(ExecState& state, AbstractDOMWindow& target)
+static CrossOriginWindowPolicy effectiveCrossOriginWindowPolicyForAccess(ExecState& state, AbstractDOMWindow& target)
 {
-    static_assert(CrossOriginOptions::Deny < CrossOriginOptions::AllowPostMessage && CrossOriginOptions::AllowPostMessage < CrossOriginOptions::Allow, "More restrictive cross-origin options should have lower values");
-    return std::min(activeDOMWindow(state).crossOriginOptions(), target.crossOriginOptions());
+    static_assert(CrossOriginWindowPolicy::Deny < CrossOriginWindowPolicy::AllowPostMessage && CrossOriginWindowPolicy::AllowPostMessage < CrossOriginWindowPolicy::Allow, "More restrictive cross-origin options should have lower values");
+    return std::min(activeDOMWindow(state).crossOriginWindowPolicy(), target.crossOriginWindowPolicy());
 }
 
 EncodedJSValue JSC_HOST_CALL jsDOMWindowInstanceFunctionShowModalDialog(ExecState*);
@@ -100,18 +100,18 @@ bool jsDOMWindowGetOwnPropertySlotRestrictedAccess(JSDOMGlobalObject* thisObject
         return true;
     }
 
-    switch (effectiveCrossOriginOptionsForAccess(state, window)) {
-    case CrossOriginOptions::AllowPostMessage:
+    switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) {
+    case CrossOriginWindowPolicy::AllowPostMessage:
         if (propertyName == builtinNames.postMessagePublicName()) {
             slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontEnum), windowType == DOMWindowType::Remote ? nonCachingStaticFunctionGetter<jsRemoteDOMWindowInstanceFunctionPostMessage, 0> : nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionPostMessage, 2>);
             return true;
         }
         FALLTHROUGH;
-    case CrossOriginOptions::Deny:
+    case CrossOriginWindowPolicy::Deny:
         throwSecurityError(state, scope, errorMessage);
         slot.setUndefined();
         return false;
-    case CrossOriginOptions::Allow:
+    case CrossOriginWindowPolicy::Allow:
         break;
     }
 
@@ -253,13 +253,13 @@ bool JSDOMWindow::getOwnPropertySlotByIndex(JSObject* object, ExecState* state,
 
     // (1) First, indexed properties.
     // These are also allowed cross-origin, so come before the access check.
-    switch (effectiveCrossOriginOptionsForAccess(*state, window)) {
-    case CrossOriginOptions::Deny:
-    case CrossOriginOptions::AllowPostMessage:
+    switch (effectiveCrossOriginWindowPolicyForAccess(*state, window)) {
+    case CrossOriginWindowPolicy::Deny:
+    case CrossOriginWindowPolicy::AllowPostMessage:
         if (isCrossOriginAccess())
             break;
         FALLTHROUGH;
-    case CrossOriginOptions::Allow:
+    case CrossOriginWindowPolicy::Allow:
         if (frame && index < frame->tree().scopedChildCount()) {
             slot.setValue(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly), toJS(state, frame->tree().scopedChild(index)->document()->domWindow()));
             return true;
@@ -348,15 +348,15 @@ static void addCrossOriginWindowPropertyNames(ExecState& state, AbstractDOMWindo
         &static_cast<JSVMClientData*>(vm.clientData)->builtinNames().windowPublicName()
     };
 
-    switch (effectiveCrossOriginOptionsForAccess(state, window)) {
-    case CrossOriginOptions::Allow:
+    switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) {
+    case CrossOriginWindowPolicy::Allow:
         for (auto* property : properties)
             propertyNames.add(*property);
         break;
-    case CrossOriginOptions::AllowPostMessage:
+    case CrossOriginWindowPolicy::AllowPostMessage:
         propertyNames.add(static_cast<JSVMClientData*>(vm.clientData)->builtinNames().postMessagePublicName());
         break;
-    case CrossOriginOptions::Deny:
+    case CrossOriginWindowPolicy::Deny:
         break;
     }
 }
@@ -371,11 +371,11 @@ static void addScopedChildrenIndexes(ExecState& state, DOMWindow& window, Proper
     if (!frame)
         return;
 
-    switch (effectiveCrossOriginOptionsForAccess(state, window)) {
-    case CrossOriginOptions::Allow:
+    switch (effectiveCrossOriginWindowPolicyForAccess(state, window)) {
+    case CrossOriginWindowPolicy::Allow:
         break;
-    case CrossOriginOptions::Deny:
-    case CrossOriginOptions::AllowPostMessage:
+    case CrossOriginWindowPolicy::Deny:
+    case CrossOriginWindowPolicy::AllowPostMessage:
         return;
     }
 
index 910369d..0e0701d 100644 (file)
@@ -4707,9 +4707,9 @@ sub GenerateAttributeGetterBodyDefinition
         AddToImplIncludes("JSDOMBindingSecurity.h", $conditional);
         if ($interface->type->name eq "DOMWindow") {
             if ($attribute->extendedAttributes->{DoNotCheckSecurityIf}) {
-                my $crossOriginOptions = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});
+                my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});
                 AddToImplIncludes("HTTPParsers.h", $conditional);
-                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions(&state, thisObject.wrapped(), $crossOriginOptions, ThrowSecurityError))\n");
+                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(&state, thisObject.wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n");
             } else {
                 push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(&state, thisObject.wrapped(), ThrowSecurityError))\n");
             }
@@ -4824,9 +4824,9 @@ sub GetCrossOriginsOptionsFromExtendedAttributeValue
 {
     my $extendedAttributeValue = shift;
 
-    return "CrossOriginOptions::Allow" if $extendedAttributeValue eq "CrossOriginOptionsAllow";
-    return "CrossOriginOptions::AllowPostMessage" if $extendedAttributeValue eq "CrossOriginOptionsAllowPostMessage";
-    die "Unsupported CrossOriginOptions: " + $extendedAttributeValue;
+    return "CrossOriginWindowPolicy::Allow" if $extendedAttributeValue eq "CrossOriginWindowPolicyAllow";
+    return "CrossOriginWindowPolicy::AllowPostMessage" if $extendedAttributeValue eq "CrossOriginWindowPolicyAllowPostMessage";
+    die "Unsupported CrossOriginWindowPolicy: " + $extendedAttributeValue;
 }
 
 sub GenerateAttributeSetterBodyDefinition
@@ -4852,9 +4852,9 @@ sub GenerateAttributeSetterBodyDefinition
         AddToImplIncludes("JSDOMBindingSecurity.h", $conditional);
         if ($interface->type->name eq "DOMWindow") {
             if ($attribute->extendedAttributes->{DoNotCheckSecurityIf}) {
-                my $crossOriginOptions = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});
+                my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($attribute->extendedAttributes->{DoNotCheckSecurityIf});
                 AddToImplIncludes("HTTPParsers.h", $conditional);
-                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions(&state, thisObject.wrapped(), $crossOriginOptions, ThrowSecurityError))\n");
+                push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(&state, thisObject.wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n");
             } else {
                 push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(&state, thisObject.wrapped(), ThrowSecurityError))\n");
             }
@@ -5079,9 +5079,9 @@ sub GenerateOperationBodyDefinition
             AddToImplIncludes("JSDOMBindingSecurity.h", $conditional);
             if ($interface->type->name eq "DOMWindow") {
                 if ($operation->extendedAttributes->{DoNotCheckSecurityIf}) {
-                    my $crossOriginOptions = GetCrossOriginsOptionsFromExtendedAttributeValue($operation->extendedAttributes->{DoNotCheckSecurityIf});
+                    my $crossOriginWindowPolicy = GetCrossOriginsOptionsFromExtendedAttributeValue($operation->extendedAttributes->{DoNotCheckSecurityIf});
                     AddToImplIncludes("HTTPParsers.h", $conditional);
-                    push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions(state, castedThis->wrapped(), $crossOriginOptions, ThrowSecurityError))\n");
+                    push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginWindowPolicy(state, castedThis->wrapped(), $crossOriginWindowPolicy, ThrowSecurityError))\n");
                 } else {
                     push(@$outputArray, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped(), ThrowSecurityError))\n");
                 }
index 37d61e0..a9991c2 100644 (file)
         },
         "DoNotCheckSecurityIf": {
             "contextsAllowed": ["attribute", "operation"],
-            "values": ["CrossOriginOptionsAllow", "CrossOriginOptionsAllowPostMessage"]
+            "values": ["CrossOriginWindowPolicyAllow", "CrossOriginWindowPolicyAllowPostMessage"]
         },
         "DoNotCheckSecurityOnGetter": {
             "contextsAllowed": ["attribute"]
index 04576e8..50ddc9a 100644 (file)
@@ -3185,11 +3185,11 @@ bool Document::canNavigate(Frame* targetFrame)
         return true;
 
     if (m_frame != targetFrame) {
-        auto sourceCrossOriginOptions = m_frame->window() ? m_frame->window()->crossOriginOptions() : CrossOriginOptions::Allow;
-        auto destinationCrossOriginOptions = targetFrame->window() ? targetFrame->window()->crossOriginOptions() : CrossOriginOptions::Allow;
-        if (sourceCrossOriginOptions != CrossOriginOptions::Allow || destinationCrossOriginOptions != CrossOriginOptions::Allow) {
+        auto sourceCrossOriginWindowPolicy = m_frame->window() ? m_frame->window()->crossOriginWindowPolicy() : CrossOriginWindowPolicy::Allow;
+        auto destinationCrossOriginWindowPolicy = targetFrame->window() ? targetFrame->window()->crossOriginWindowPolicy() : CrossOriginWindowPolicy::Allow;
+        if (sourceCrossOriginWindowPolicy != CrossOriginWindowPolicy::Allow || destinationCrossOriginWindowPolicy != CrossOriginWindowPolicy::Allow) {
             if (m_frame->document() && targetFrame->document() && !m_frame->document()->securityOrigin().canAccess(targetFrame->document()->securityOrigin())) {
-                printNavigationErrorMessage(targetFrame, url(), ASCIILiteral("Navigation was not allowed due to Cross-Origin-Options header."));
+                printNavigationErrorMessage(targetFrame, url(), ASCIILiteral("Navigation was not allowed due to Cross-Origin-Window-Policy header."));
                 return false;
             }
         }
index 3f5690f..3fb4f28 100644 (file)
@@ -747,11 +747,11 @@ void FrameLoader::didBeginDocument(bool dispatch)
                 m_frame.document()->setContentLanguage(headerContentLanguage);
         }
 
-        if (m_frame.settings().crossOriginOptionsSupportEnabled()) {
-            String crossOriginOptionsHeader = m_documentLoader->response().httpHeaderField(HTTPHeaderName::CrossOriginOptions);
-            if (!crossOriginOptionsHeader.isNull()) {
+        if (m_frame.settings().crossOriginWindowPolicySupportEnabled()) {
+            String crossOriginWindowPolicyHeader = m_documentLoader->response().httpHeaderField(HTTPHeaderName::CrossOriginWindowPolicy);
+            if (!crossOriginWindowPolicyHeader.isNull()) {
                 ASSERT(m_frame.window());
-                m_frame.window()->setCrossOriginOptions(parseCrossOriginOptionsHeader(crossOriginOptionsHeader));
+                m_frame.window()->setCrossOriginWindowPolicy(parseCrossOriginWindowPolicyHeader(crossOriginWindowPolicyHeader));
             }
         }
     }
index 60118dd..6abe031 100644 (file)
@@ -40,7 +40,7 @@ HashMap<GlobalWindowIdentifier, AbstractDOMWindow*>& AbstractDOMWindow::allWindo
 
 AbstractDOMWindow::AbstractDOMWindow(GlobalWindowIdentifier&& identifier)
     : m_identifier(WTFMove(identifier))
-    , m_crossOriginOptions(CrossOriginOptions::Allow)
+    , m_crossOriginWindowPolicy(CrossOriginWindowPolicy::Allow)
 {
     ASSERT(!allWindows().contains(identifier));
     allWindows().add(identifier, this);
index 64d45a8..49917c8 100644 (file)
@@ -35,7 +35,7 @@ namespace WebCore {
 
 class AbstractFrame;
 
-enum class CrossOriginOptions;
+enum class CrossOriginWindowPolicy;
 
 // FIXME: Rename DOMWindow to LocalWindow and AbstractDOMWindow to DOMWindow.
 class AbstractDOMWindow : public RefCounted<AbstractDOMWindow>, public EventTargetWithInlineData {
@@ -54,8 +54,8 @@ public:
     using RefCounted::ref;
     using RefCounted::deref;
 
-    CrossOriginOptions crossOriginOptions() { return m_crossOriginOptions; }
-    void setCrossOriginOptions(CrossOriginOptions value) { m_crossOriginOptions = value; }
+    CrossOriginWindowPolicy crossOriginWindowPolicy() const { return m_crossOriginWindowPolicy; }
+    void setCrossOriginWindowPolicy(CrossOriginWindowPolicy value) { m_crossOriginWindowPolicy = value; }
 
 protected:
     explicit AbstractDOMWindow(GlobalWindowIdentifier&&);
@@ -66,7 +66,7 @@ protected:
 
 private:
     GlobalWindowIdentifier m_identifier;
-    CrossOriginOptions m_crossOriginOptions;
+    CrossOriginWindowPolicy m_crossOriginWindowPolicy;
 };
 
 } // namespace WebCore
index cd412e9..14c392d 100644 (file)
@@ -49,11 +49,11 @@ typedef USVString CSSOMString;
     PrimaryGlobal,
 ] interface DOMWindow : EventTarget {
     // The current browsing context.
-    [DoNotCheckSecurityIf=CrossOriginOptionsAllow, Unforgeable, ImplementedAs=self] readonly attribute WindowProxy window;
-    [Replaceable, DoNotCheckSecurityIf=CrossOriginOptionsAllow] readonly attribute WindowProxy self;
+    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, Unforgeable, ImplementedAs=self] readonly attribute WindowProxy window;
+    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute WindowProxy self;
     [Unforgeable] readonly attribute Document document;
     attribute DOMString name;
-    [DoNotCheckSecurityIf=CrossOriginOptionsAllow, PutForwards=href, Unforgeable] readonly attribute Location? location; // FIXME: Should not be nullable.
+    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, PutForwards=href, Unforgeable] readonly attribute Location? location; // FIXME: Should not be nullable.
     readonly attribute History history;
     [EnabledAtRuntime=CustomElements, ImplementedAs=ensureCustomElementRegistry] readonly attribute CustomElementRegistry customElements;
     [Replaceable] readonly attribute BarProp locationbar;
@@ -63,18 +63,18 @@ typedef USVString CSSOMString;
     [Replaceable] readonly attribute BarProp statusbar;
     [Replaceable] readonly attribute BarProp toolbar;
     attribute DOMString status;
-    [DoNotCheckSecurityIf=CrossOriginOptionsAllow, CallWith=IncumbentDocument, ForwardDeclareInHeader] void close();
-    [DoNotCheckSecurityIf=CrossOriginOptionsAllow, ForwardDeclareInHeader] readonly attribute boolean closed;
+    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CallWith=IncumbentDocument, ForwardDeclareInHeader] void close();
+    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ForwardDeclareInHeader] readonly attribute boolean closed;
     void stop();
-    [DoNotCheckSecurityIf=CrossOriginOptionsAllow, CallWith=IncumbentWindow, ForwardDeclareInHeader] void focus();
-    [DoNotCheckSecurityIf=CrossOriginOptionsAllow, ForwardDeclareInHeader] void blur();
+    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CallWith=IncumbentWindow, ForwardDeclareInHeader] void focus();
+    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ForwardDeclareInHeader] void blur();
 
     // Other browsing contexts.
-    [Replaceable, DoNotCheckSecurityIf=CrossOriginOptionsAllow, ImplementedAs=self] readonly attribute WindowProxy frames;
-    [Replaceable, DoNotCheckSecurityIf=CrossOriginOptionsAllow] readonly attribute unsigned long length;
-    [DoNotCheckSecurityIf=CrossOriginOptionsAllow, Unforgeable] readonly attribute WindowProxy? top;
-    [DoNotCheckSecurityIf=CrossOriginOptionsAllow, CustomSetter] attribute WindowProxy? opener;
-    [Replaceable, DoNotCheckSecurityIf=CrossOriginOptionsAllow] readonly attribute WindowProxy? parent;
+    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, ImplementedAs=self] readonly attribute WindowProxy frames;
+    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute unsigned long length;
+    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, Unforgeable] readonly attribute WindowProxy? top;
+    [DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow, CustomSetter] attribute WindowProxy? opener;
+    [Replaceable, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllow] readonly attribute WindowProxy? parent;
     [CheckSecurityForNode] readonly attribute Element? frameElement;
     [CallWith=ActiveWindow&FirstWindow] WindowProxy? open(optional USVString url = "about:blank", optional DOMString target = "_blank", optional [TreatNullAs=EmptyString] DOMString features = "");
 
@@ -92,7 +92,7 @@ typedef USVString CSSOMString;
     long requestAnimationFrame(RequestAnimationFrameCallback callback); // FIXME: Should return an unsigned long.
     void cancelAnimationFrame(long handle); // FIXME: handle should be an unsigned long.
 
-    [CallWith=ScriptState&IncumbentWindow, DoNotCheckSecurityIf=CrossOriginOptionsAllowPostMessage, ForwardDeclareInHeader, MayThrowException] void postMessage(any message, USVString targetOrigin, optional sequence<object> transfer = []);
+    [CallWith=ScriptState&IncumbentWindow, DoNotCheckSecurityIf=CrossOriginWindowPolicyAllowPostMessage, ForwardDeclareInHeader, MayThrowException] void postMessage(any message, USVString targetOrigin, optional sequence<object> transfer = []);
 
     // Obsolete members, still part of the HTML specification (https://html.spec.whatwg.org/#Window-partial).
     void captureEvents(); // Not implemented. Also not in modern standards. Empty function may help compatibility with legacy content.
index 4b7465f..dd9ed86 100644 (file)
@@ -744,7 +744,7 @@ clientCoordinatesRelativeToLayoutViewport:
   initial: false
   onChange: setNeedsRecalcStyleInAllFrames
 
-crossOriginOptionsSupportEnabled:
+crossOriginWindowPolicySupportEnabled:
   initial: true
 
 accessibilityEventsEnabled:
index 69a20e2..47f6904 100644 (file)
@@ -50,8 +50,8 @@ Content-Type
 Content-Range
 Cookie
 Cookie2
-Cross-Origin-Options
 Cross-Origin-Resource-Policy
+Cross-Origin-Window-Policy
 Date
 DNT
 Default-Style
index e376e6e..4c3ac52 100644 (file)
@@ -913,19 +913,19 @@ CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView header
     return CrossOriginResourcePolicy::Invalid;
 }
 
-CrossOriginOptions parseCrossOriginOptionsHeader(StringView header)
+CrossOriginWindowPolicy parseCrossOriginWindowPolicyHeader(StringView header)
 {
     header = stripLeadingAndTrailingHTTPSpaces(header);
     if (header.isEmpty())
-        return CrossOriginOptions::Allow;
+        return CrossOriginWindowPolicy::Allow;
 
     if (equalLettersIgnoringASCIICase(header, "deny"))
-        return CrossOriginOptions::Deny;
+        return CrossOriginWindowPolicy::Deny;
 
     if (equalLettersIgnoringASCIICase(header, "allow-postmessage"))
-        return CrossOriginOptions::AllowPostMessage;
+        return CrossOriginWindowPolicy::AllowPostMessage;
 
-    return CrossOriginOptions::Allow;
+    return CrossOriginWindowPolicy::Allow;
 }
 
 }
index 7452fdc..5d55551 100644 (file)
@@ -72,7 +72,7 @@ enum class CrossOriginResourcePolicy {
 };
 
 // Should be sorted from most restrictive to most permissive.
-enum class CrossOriginOptions {
+enum class CrossOriginWindowPolicy {
     Deny,
     AllowPostMessage,
     Allow,
@@ -118,7 +118,7 @@ bool isCrossOriginSafeRequestHeader(HTTPHeaderName, const String&);
 String normalizeHTTPMethod(const String&);
 
 WEBCORE_EXPORT CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView);
-CrossOriginOptions parseCrossOriginOptionsHeader(StringView);
+CrossOriginWindowPolicy parseCrossOriginWindowPolicyHeader(StringView);
 
 inline bool isHTTPSpace(UChar character)
 {
index 621ff06..5c1e8c0 100644 (file)
@@ -1,3 +1,15 @@
+2018-06-04  Chris Dumez  <cdumez@apple.com>
+
+        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
+        https://bugs.webkit.org/show_bug.cgi?id=186287
+        <rdar://problem/40783352>
+
+        Reviewed by Youenn Fablet.
+
+        * Shared/WebPreferences.yaml:
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::frameBecameRemote):
+
 2018-06-04  Dan Bernstein  <mitz@apple.com>
 
         Restored code signing behavior when WK_USE_RESTRICTED_ENTITLEMENTS isn’t set.
index 4f75d34..be55d1a 100644 (file)
@@ -1097,11 +1097,11 @@ ConstantPropertiesEnabled:
   humanReadableDescription: "Enable CSS constant() values"
   category: experimental
 
-CrossOriginOptionsSupportEnabled:
+CrossOriginWindowPolicySupportEnabled:
   type: bool
   defaultValue: true
-  humanReadableName: "Cross-Origin-Options HTTP Header"
-  humanReadableDescription: "Enable support for Cross-Origin-Options HTTP Header"
+  humanReadableName: "Cross-Origin-Window-Policy HTTP Header"
+  humanReadableDescription: "Enable support for Cross-Origin-Window-Policy HTTP Header"
   category: experimental
 
 SpringTimingFunctionEnabled:
index b57f66f..9703d49 100644 (file)
@@ -5951,7 +5951,7 @@ void WebPage::frameBecameRemote(uint64_t frameID, GlobalFrameIdentifier&& remote
 
     auto remoteFrame = RemoteFrame::create(WTFMove(remoteFrameIdentifier));
     auto remoteWindow = RemoteDOMWindow::create(remoteFrame.copyRef(), WTFMove(remoteWindowIdentifier));
-    remoteWindow->setCrossOriginOptions(previousWindow->crossOriginOptions());
+    remoteWindow->setCrossOriginWindowPolicy(previousWindow->crossOriginWindowPolicy());
 
     remoteFrame->setOpener(frame->coreFrame()->loader().opener());
 
index 17a1d44..afa08a9 100644 (file)
@@ -1,3 +1,20 @@
+2018-06-04  Chris Dumez  <cdumez@apple.com>
+
+        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
+        https://bugs.webkit.org/show_bug.cgi?id=186287
+        <rdar://problem/40783352>
+
+        Reviewed by Youenn Fablet.
+
+        * WebView/WebPreferenceKeysPrivate.h:
+        * WebView/WebPreferences.mm:
+        (+[WebPreferences initialize]):
+        (-[WebPreferences crossOriginWindowPolicySupportEnabled]):
+        (-[WebPreferences setCrossOriginWindowPolicySupportEnabled:]):
+        * WebView/WebPreferencesPrivate.h:
+        * WebView/WebView.mm:
+        (-[WebView _preferencesChanged:]):
+
 2018-06-02  Darin Adler  <darin@apple.com>
 
         [Cocoa] Update some code to be more ARC-compatible to prepare for future ARC adoption
index a589321..5b7b9ed 100644 (file)
 #define WebKitDataTransferItemsEnabledPreferenceKey @"WebKitDataTransferItemsEnabled"
 #define WebKitCustomPasteboardDataEnabledPreferenceKey @"WebKitCustomPasteboardDataEnabled"
 #define WebKitCacheAPIEnabledPreferenceKey @"WebKitCacheAPIEnabled"
-#define WebKitCrossOriginOptionsSupportEnabledPreferenceKey @"WebKitCrossOriginOptionsSupportEnabled"
+#define WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey @"WebKitCrossOriginWindowPolicySupportEnabled"
 #define WebKitFetchAPIEnabledPreferenceKey @"WebKitFetchAPIEnabled"
 #define WebKitWritableStreamAPIEnabledPreferenceKey @"WebKitWritableStreamAPIEnabled"
 #define WebKitReadableByteStreamAPIEnabledPreferenceKey @"WebKitReadableByteStreamAPIEnabled"
index 007e9b8..30c4098 100644 (file)
@@ -634,7 +634,7 @@ public:
         [NSNumber numberWithBool:NO], WebKitWebGPUEnabledPreferenceKey,
 #endif
         [NSNumber numberWithBool:NO], WebKitCacheAPIEnabledPreferenceKey,
-        [NSNumber numberWithBool:NO], WebKitCrossOriginOptionsSupportEnabledPreferenceKey,
+        [NSNumber numberWithBool:YES], WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey,
         [NSNumber numberWithBool:YES], WebKitFetchAPIEnabledPreferenceKey,
 
 #if ENABLE(STREAMS_API)
@@ -3011,14 +3011,14 @@ static NSString *classIBCreatorID = nil;
     [self _setBoolValue:flag forKey:WebKitCacheAPIEnabledPreferenceKey];
 }
 
-- (BOOL)crossOriginOptionsSupportEnabled
+- (BOOL)crossOriginWindowPolicySupportEnabled
 {
-    return [self _boolValueForKey:WebKitCrossOriginOptionsSupportEnabledPreferenceKey];
+    return [self _boolValueForKey:WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey];
 }
 
-- (void)setCrossOriginOptionsSupportEnabled:(BOOL)flag
+- (void)setCrossOriginWindowPolicySupportEnabled:(BOOL)flag
 {
-    [self _setBoolValue:flag forKey:WebKitCrossOriginOptionsSupportEnabledPreferenceKey];
+    [self _setBoolValue:flag forKey:WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey];
 }
 
 - (BOOL)fetchAPIEnabled
index 19ac76d..6fa5a84 100644 (file)
@@ -543,8 +543,8 @@ extern NSString *WebPreferencesCacheModelChangedInternalNotification WEBKIT_DEPR
 - (BOOL)cacheAPIEnabled;
 - (void)setCacheAPIEnabled:(BOOL)enabled;
 
-- (BOOL)crossOriginOptionsSupportEnabled;
-- (void)setCrossOriginOptionsSupportEnabled:(BOOL)enabled;
+- (BOOL)crossOriginWindowPolicySupportEnabled;
+- (void)setCrossOriginWindowPolicySupportEnabled:(BOOL)enabled;
 
 - (void)setFetchAPIEnabled:(BOOL)flag;
 - (BOOL)fetchAPIEnabled;
index 3b60a0b..7875a7e 100644 (file)
@@ -3070,7 +3070,7 @@ static bool needsSelfRetainWhileLoadingQuirk()
 
     settings.setViewportFitEnabled([preferences viewportFitEnabled]);
     settings.setConstantPropertiesEnabled([preferences constantPropertiesEnabled]);
-    settings.setCrossOriginOptionsSupportEnabled([preferences crossOriginOptionsSupportEnabled]);
+    settings.setCrossOriginWindowPolicySupportEnabled([preferences crossOriginWindowPolicySupportEnabled]);
 
 #if ENABLE(GAMEPAD)
     RuntimeEnabledFeatures::sharedFeatures().setGamepadsEnabled([preferences gamepadsEnabled]);
index 7a69577..8d2e6c9 100644 (file)
@@ -1,3 +1,21 @@
+2018-06-04  Chris Dumez  <cdumez@apple.com>
+
+        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
+        https://bugs.webkit.org/show_bug.cgi?id=186287
+        <rdar://problem/40783352>
+
+        Reviewed by Youenn Fablet.
+
+        * Interfaces/IWebPreferencesPrivate.idl:
+        * WebPreferenceKeysPrivate.h:
+        * WebPreferences.cpp:
+        (WebPreferences::initializeDefaultSettings):
+        (WebPreferences::crossOriginWindowPolicySupportEnabled):
+        (WebPreferences::setCrossOriginWindowPolicySupportEnabled):
+        * WebPreferences.h:
+        * WebView.cpp:
+        (WebView::notifyPreferencesChanged):
+
 2018-05-30  Yusuke Suzuki  <utatane.tea@gmail.com>
 
         [JSC] Pass VM& parameter as much as possible
index 4b40c59..d1643f3 100644 (file)
@@ -234,6 +234,6 @@ interface IWebPreferencesPrivate6 : IWebPreferencesPrivate5
 [uuid(9A49D1DE-53DD-11E8-95E6-003EE1C28AB6)]
 interface IWebPreferencesPrivate7 : IWebPreferencesPrivate6
 {
-    HRESULT crossOriginOptionsSupportEnabled([out, retval] BOOL* enabled);
-    HRESULT setCrossOriginOptionsSupportEnabled([in] BOOL enabled);
+    HRESULT crossOriginWindowPolicySupportEnabled([out, retval] BOOL* enabled);
+    HRESULT setCrossOriginWindowPolicySupportEnabled([in] BOOL enabled);
 }
index 6069378..3c48fb0 100644 (file)
 
 #define WebKitMenuItemElementEnabledPreferenceKey "WebKitMenuItemElementEnabled"
 
-#define WebKitCrossOriginOptionsSupportEnabledPreferenceKey "WebKitCrossOriginOptionsSupportEnabled"
+#define WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey "WebKitCrossOriginWindowPolicySupportEnabled"
 
 #define WebKitModernMediaControlsEnabledPreferenceKey "WebKitModernMediaControlsEnabled"
 
index 2b8c651..e3806fd 100644 (file)
@@ -249,7 +249,7 @@ void WebPreferences::initializeDefaultSettings()
     CFDictionaryAddValue(defaults, CFSTR(WebKitShouldDisplaySubtitlesPreferenceKey), kCFBooleanFalse);
     CFDictionaryAddValue(defaults, CFSTR(WebKitShouldDisplayCaptionsPreferenceKey), kCFBooleanFalse);
     CFDictionaryAddValue(defaults, CFSTR(WebKitShouldDisplayTextDescriptionsPreferenceKey), kCFBooleanFalse);
-    CFDictionaryAddValue(defaults, CFSTR(WebKitCrossOriginOptionsSupportEnabledPreferenceKey), kCFBooleanFalse);
+    CFDictionaryAddValue(defaults, CFSTR(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey), kCFBooleanTrue);
 
     RetainPtr<CFStringRef> linkBehaviorStringRef = adoptCF(CFStringCreateWithFormat(0, 0, CFSTR("%d"), WebKitEditableLinkDefaultBehavior));
     CFDictionaryAddValue(defaults, CFSTR(WebKitEditableLinkBehaviorPreferenceKey), linkBehaviorStringRef.get());
@@ -2034,17 +2034,17 @@ HRESULT WebPreferences::setMenuItemElementEnabled(BOOL enabled)
     return S_OK;
 }
 
-HRESULT WebPreferences::crossOriginOptionsSupportEnabled(_Out_ BOOL* enabled)
+HRESULT WebPreferences::crossOriginWindowPolicySupportEnabled(_Out_ BOOL* enabled)
 {
     if (!enabled)
         return E_POINTER;
-    *enabled = boolValueForKey(WebKitCrossOriginOptionsSupportEnabledPreferenceKey);
+    *enabled = boolValueForKey(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey);
     return S_OK;
 }
 
-HRESULT WebPreferences::setCrossOriginOptionsSupportEnabled(BOOL enabled)
+HRESULT WebPreferences::setCrossOriginWindowPolicySupportEnabled(BOOL enabled)
 {
-    setBoolValue(WebKitCrossOriginOptionsSupportEnabledPreferenceKey, enabled);
+    setBoolValue(WebKitCrossOriginWindowPolicySupportEnabledPreferenceKey, enabled);
     return S_OK;
 }
 
index 9b78c00..ae76f99 100644 (file)
@@ -279,8 +279,8 @@ public:
     virtual HRESULT STDMETHODCALLTYPE setServerTimingEnabled(BOOL);
 
     // IWebPreferencesPrivate7
-    virtual HRESULT STDMETHODCALLTYPE crossOriginOptionsSupportEnabled(_Out_ BOOL*);
-    virtual HRESULT STDMETHODCALLTYPE setCrossOriginOptionsSupportEnabled(BOOL);
+    virtual HRESULT STDMETHODCALLTYPE crossOriginWindowPolicySupportEnabled(_Out_ BOOL*);
+    virtual HRESULT STDMETHODCALLTYPE setCrossOriginWindowPolicySupportEnabled(BOOL);
 
     // WebPreferences
 
index 64b7b88..34366ea 100644 (file)
@@ -5279,10 +5279,10 @@ HRESULT WebView::notifyPreferencesChanged(IWebNotification* notification)
         return hr;
     settings.setVisualViewportAPIEnabled(!!enabled);
 
-    hr = prefsPrivate->crossOriginOptionsSupportEnabled(&enabled);
+    hr = prefsPrivate->crossOriginWindowPolicySupportEnabled(&enabled);
     if (FAILED(hr))
         return hr;
-    settings.setCrossOriginOptionsSupportEnabled(!!enabled);
+    settings.setCrossOriginWindowPolicySupportEnabled(!!enabled);
 
     hr = preferences->privateBrowsingEnabled(&enabled);
     if (FAILED(hr))
index 0c3a26b..545968b 100644 (file)
@@ -1,3 +1,16 @@
+2018-06-04  Chris Dumez  <cdumez@apple.com>
+
+        Rename "Cross-Origin-Options" HTTP header to "Cross-Origin-Window-Policy"
+        https://bugs.webkit.org/show_bug.cgi?id=186287
+        <rdar://problem/40783352>
+
+        Reviewed by Youenn Fablet.
+
+        * DumpRenderTree/mac/DumpRenderTree.mm:
+        (enableExperimentalFeatures):
+        * DumpRenderTree/win/DumpRenderTree.cpp:
+        (enableExperimentalFeatures):
+
 2018-06-04  Daniel Bates  <dabates@apple.com>
 
         Typo in MockBugzillaQueries.fetch_attachment_ids_from_review_queue()
index c1da7dc..e3384b1 100644 (file)
@@ -862,7 +862,7 @@ static void enableExperimentalFeatures(WebPreferences* preferences)
     [preferences setAccessibilityObjectModelEnabled:YES];
     [preferences setVisualViewportAPIEnabled:YES];
     [preferences setColorFilterEnabled:YES];
-    [preferences setCrossOriginOptionsSupportEnabled:YES];
+    [preferences setCrossOriginWindowPolicySupportEnabled:YES];
     [preferences setServerTimingEnabled:YES];
 }
 
index 9bf7264..a706752 100644 (file)
@@ -789,7 +789,7 @@ static void enableExperimentalFeatures(IWebPreferences* preferences)
     prefsPrivate->setServerTimingEnabled(TRUE);
     // FIXME: WebGL2
     // FIXME: WebRTC
-    prefsPrivate->setCrossOriginOptionsSupportEnabled(TRUE);
+    prefsPrivate->setCrossOriginWindowPolicySupportEnabled(TRUE);
 }
 
 static void resetWebPreferencesToConsistentValues(IWebPreferences* preferences)