Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Broadcom Nexus API support for ANGLE WebGL #1343

Draft
wants to merge 55 commits into
base: main-next
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
090ff40
[PSON] Disable PSON for the WPE port
magomez Aug 18, 2023
e496014
Ensure we check for WEBKIT_EXEC_PATH even without developer mode
pgorszkowski-igalia Nov 29, 2022
ae62fcc
Allow WEBKIT_INJECTED_BUNDLE_PATH even in non developer mode
pgorszkowski-igalia Nov 30, 2022
abc5ee3
Relax user agent validation
pgorszkowski-igalia Nov 16, 2022
2523172
Use API version 1.1 instead of 2.0
magomez Aug 28, 2023
695c76a
Add web extensions API to allowlist access to a security origin
pgorszkowski-igalia Aug 23, 2023
3fd2ed5
Implement mixed content whitelist
jacek-manko-red Jul 20, 2023
1dd3034
[API] Add webkit_web_context_garbage_collect_javascript_objects method
pgorszkowski-igalia Dec 7, 2022
3050220
Add did-start-provisional-load-for-frame signal
magomez Aug 31, 2023
8830313
[Responsiveness] Add API to manually check WebProcess responsiveness
magomez Jan 25, 2023
7bf8a30
[Responsiveness] Add API to get the WebProcess ID
magomez Jan 25, 2023
e846875
Expose JSC "C" API
emutavchi Dec 22, 2021
7508775
Add a setting to allow closing windows from scripts
magomez Jan 25, 2023
fb00101
Add setting to enable/disable directory upload
magomez Jan 27, 2023
7a2e741
Add provision to allow insecure content
pgorszkowski-igalia Feb 16, 2023
a979873
Add a property to WebKitWebsiteDataManager to set the LocalStorage qu…
magomez Mar 2, 2023
7789c4b
provision wal_autocheckpoint to prevent the log file growing to large…
abstractmachines Mar 1, 2023
14527e9
Control on-disk cache size with env var WPE_DISK_CACHE_SIZE
abstractmachines Mar 13, 2023
f4aae52
Add configuration option to allow moving window to background when wi…
jakub-gocol-red Jun 29, 2023
c6fa543
Add env var to allow keeping the existent navigation on a fragment load
magomez Jan 10, 2023
c3b13d6
Add API to send memory pressure events
magomez Sep 27, 2023
0e9a5f8
[MemoryPressure] Add WPE_RAM_SIZE env var to define a custom RAM size
magomez Jan 17, 2023
926d994
Disable caching of XHR ArrayBuffer and/or env variable
abstractmachines Feb 1, 2023
df304d0
Jettison on top level navigation
pgorszkowski-igalia Feb 15, 2023
627a2f5
[JSC] Enable SharedArrayBuffer feature by default
magomez Aug 31, 2023
ee25625
Do not try to swap navigation as we're not using PSON
magomez Feb 1, 2023
b77f822
[JSC] Add option to disable console logging
magomez Aug 31, 2023
edb2da8
[Network] Add TCPKeepAlive option
pgorszkowski-igalia Dec 15, 2022
9915aa1
[soup] Add env var to allow reusing POST connections
magomez Jul 26, 2023
74eb1c6
OptionsWPE: compile with -ffunction-sections -fdata-sections, link wi…
zdobersek May 23, 2017
44b1aa5
Use -ffunction-sections/-fdata-sections/--gc-sections with clang too
blino Jun 8, 2017
ce6e581
OptionWPE: Optimize binary size of debug build
pgorszkowski-igalia Feb 14, 2023
a606907
Condition section anchoring to ARM/ARM64 platforms
charlie-ht Mar 5, 2018
679f867
Added option to enable logs
varumugam123 May 19, 2022
858cbe9
Disable systemd logging by default
pgorszkowski-igalia Feb 9, 2023
b6ebe42
[INSPECTOR] Wait a max of 60s before failing on loading libWPEWebInsp…
magomez Jun 22, 2022
c4b8d7e
[INSPECTOR] Never destroy RemoteInspectorHTTPServer singleton
asurdej-comcast Sep 14, 2022
57c8b7b
[INSPECTOR] Listen on both ipv4 and ipv6
emutavchi May 19, 2022
d4efa23
Use static port for internal webinspector communication
jacek-manko-red Jun 28, 2023
932e27e
Take into account scaling operations when deciding backingStore scale…
magomez Mar 9, 2023
62ba6db
Handle all types of headers for accessibility read out
asurdej-comcast Mar 31, 2022
9fdc992
Add Generic, Cell, GridCell and Caption roles for visibleText computa…
asurdej-comcast Mar 29, 2022
daa496d
Voice Guidance reads iframe when added to DOM.
pgorszkowski-igalia Mar 15, 2023
a8b1182
Adapt speech synthesis changes from 2.28
Scony Mar 21, 2023
fbb355f
Add support for triggering notifications on WPE
filipe-norte-red Oct 3, 2023
61b6e2a
[OIPF] Add window.KeyEvent interface with VK keys mapping
magomez Nov 10, 2023
039ccfe
Add logging for loading failures
magomez Nov 30, 2023
30f2909
Support unrestricted ports usage for custom URI schemes
filipe-norte-red Dec 21, 2023
903aacc
Add support to enable/disable service workers at runtime
filipe-norte-red Apr 15, 2024
ac6b407
Enable MemoryPressureHandler for MALLOC_HEAP_BREAKDOWN
asurdej-comcast Apr 12, 2024
d675935
Fix remaining !ENABLE(VIDEO) build failures https://bugs.webkit.org/s…
q66 Apr 26, 2024
7e675fd
[suspend/resume][hide/show] Implement features
magomez May 8, 2024
2e6058c
Add a provision in WebKitURIResponse to check if the response is from…
varumugam123 May 8, 2024
ca63a1c
Remove unneeded this captures causing build fail
q66 May 22, 2024
36c6ef6
Implement Broadcom Nexus API for ANGLE WebGL
zdobersek May 22, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add web extensions API to allowlist access to a security origin
Fix Security Origin handling in network process

Currently, when a custom uri scheme handler is registered, its
existence is not passed to the network process. Consequently,
when creating a SecurityOrigin object for an URI that uses a custom
scheme handler, the instance may be created as unique due
shouldTreatAsUniqueOrigin() not detecting the associated scheme as
registered (in LegacySchemeRegistry).

This will cause calls to SecurityPolicy::isAccessAllowed() to not
return the correct authorization in case a custom URI is whitelisted
using webkit_web_extension_add_origin_access_whitelist_entry() API,
which leads to the inclusion of the "Origin" header with the custom URI
in network requests when it should not be included in such case.
  • Loading branch information
pgorszkowski-igalia committed May 2, 2024
commit 695c76a6541424a4be66323ca836b0d153c7af46
3 changes: 3 additions & 0 deletions Source/WebCore/page/SecurityOrigin.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
#include "BlobURL.h"
#include "LegacySchemeRegistry.h"
#include "OriginAccessEntry.h"
#include "OriginAccessPatterns.h"
#include "PublicSuffixStore.h"
#include "RuntimeApplicationChecks.h"
#include "SecurityPolicy.h"
Expand Down Expand Up @@ -290,6 +291,8 @@ bool SecurityOrigin::isSameOriginDomain(const SecurityOrigin& other) const
if (canAccess && isLocal())
canAccess = passesFileCheck(other);

canAccess |= SecurityPolicy::isAccessAllowed(*this, other, other.toURL(), EmptyOriginAccessPatterns::singleton());

return canAccess;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@
#include <WebCore/DeprecatedGlobalSettings.h>
#include <WebCore/DocumentStorageAccess.h>
#include <WebCore/HTTPCookieAcceptPolicy.h>
#include <WebCore/LegacySchemeRegistry.h>
#include <WebCore/LogInitialization.h>
#include <WebCore/NetworkStorageSession.h>
#include <WebCore/ResourceError.h>
Expand Down Expand Up @@ -771,6 +772,11 @@ void NetworkConnectionToWebProcess::registerURLSchemesAsCORSEnabled(Vector<Strin
m_schemeRegistry->registerURLSchemeAsCORSEnabled(WTFMove(scheme));
}

void NetworkConnectionToWebProcess::registerURLSchemeAsHandledBySchemeHandler(const String& scheme)
{
WebCore::LegacySchemeRegistry::registerURLSchemeAsHandledBySchemeHandler(scheme);
}

void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, FrameIdentifier frameID, PageIdentifier pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String cookieString, bool secureCookiesAccessed)>&& completionHandler)
{
MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false));
Expand Down
2 changes: 2 additions & 0 deletions Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,8 @@ class NetworkConnectionToWebProcess

void registerURLSchemesAsCORSEnabled(Vector<String>&& schemes);

void registerURLSchemeAsHandledBySchemeHandler(const String& scheme);

void cookiesForDOM(const URL& firstParty, const WebCore::SameSiteInfo&, const URL&, WebCore::FrameIdentifier, WebCore::PageIdentifier, WebCore::IncludeSecureCookies, WebCore::ApplyTrackingPrevention, WebCore::ShouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String cookieString, bool secureCookiesAccessed)>&&);
void setCookiesFromDOM(const URL& firstParty, const WebCore::SameSiteInfo&, const URL&, WebCore::FrameIdentifier, WebCore::PageIdentifier, WebCore::ApplyTrackingPrevention, const String& cookieString, WebCore::ShouldRelaxThirdPartyCookieBlocking);
void cookieRequestHeaderFieldValue(const URL& firstParty, const WebCore::SameSiteInfo&, const URL&, std::optional<WebCore::FrameIdentifier>, std::optional<WebCore::PageIdentifier>, WebCore::IncludeSecureCookies, WebCore::ApplyTrackingPrevention, WebCore::ShouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String cookieString, bool secureCookiesAccessed)>&&);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ messages -> NetworkConnectionToWebProcess LegacyReceiver {
PostMessageToRemote(struct WebCore::MessageWithMessagePorts message, struct WebCore::MessagePortIdentifier remote)
DidDeliverMessagePortMessages(uint64_t messageBatchIdentifier)
RegisterURLSchemesAsCORSEnabled(Vector<String> schemes);
RegisterURLSchemeAsHandledBySchemeHandler(String scheme)
SetCORSDisablingPatterns(WebCore::PageIdentifier pageIdentifier, Vector<String> patterns)
#if PLATFORM(MAC)
GetProcessDisplayName(struct WebKit::CoreIPCAuditToken auditToken) -> (String displayName)
Expand Down
1 change: 1 addition & 0 deletions Source/WebKit/PlatformWPE.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -730,6 +730,7 @@ GI_INTROSPECT(${WPE_WEB_PROCESS_EXTENSION_API_NAME} ${WPE_API_VERSION} wpe/${WPE
${DERIVED_SOURCES_WPE_API_DIR}/WebKitContextMenuActions.h
${DERIVED_SOURCES_WPE_API_DIR}/WebKitContextMenuItem.h
${DERIVED_SOURCES_WPE_API_DIR}/WebKitHitTestResult.h
${DERIVED_SOURCES_WPE_API_DIR}/WebKitSecurityOrigin.h
${DERIVED_SOURCES_WPE_API_DIR}/WebKitUserMessage.h
${DERIVED_SOURCES_WPE_API_DIR}/WebKitURIRequest.h
${DERIVED_SOURCES_WPE_API_DIR}/WebKitURIResponse.h
Expand Down
2 changes: 1 addition & 1 deletion Source/WebKit/UIProcess/API/glib/WebKitSecurityOrigin.h.in
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
* Boston, MA 02110-1301, USA.
*/

@API_SINGLE_HEADER_CHECK@
@SHARED_API_SINGLE_HEADER_CHECK@

#ifndef WebKitSecurityOrigin_h
#define WebKitSecurityOrigin_h
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
#include "APIDictionary.h"
#include "APIInjectedBundleBundleClient.h"
#include "APIString.h"
#include "WebKitSecurityOriginPrivate.h"
#include "WebKitUserMessagePrivate.h"
#include "WebKitWebPagePrivate.h"
#include "WebKitWebProcessExtensionPrivate.h"
Expand Down Expand Up @@ -122,6 +123,7 @@ enum {
typedef HashMap<WebPage*, GRefPtr<WebKitWebPage> > WebPageMap;

struct _WebKitWebExtensionPrivate {
RefPtr<InjectedBundle> bundle;
WebPageMap pages;
#if ENABLE(DEVELOPER_MODE)
bool garbageCollectOnPageDestroy;
Expand Down Expand Up @@ -204,6 +206,7 @@ class WebExtensionInjectedBundleClient final : public API::InjectedBundle::Clien
WebKitWebExtension* webkitWebProcessExtensionCreate(InjectedBundle* bundle)
{
WebKitWebExtension* extension = WEBKIT_WEB_EXTENSION(g_object_new(WEBKIT_TYPE_WEB_EXTENSION, NULL));
extension->priv->bundle = bundle;
bundle->setClient(makeUnique<WebExtensionInjectedBundleClient>(extension));
return extension;
}
Expand Down Expand Up @@ -246,6 +249,31 @@ WebKitWebPage* webkit_web_extension_get_page(WebKitWebExtension* extension, guin
return 0;
}

void webkit_web_extension_add_origin_access_whitelist_entry(WebKitWebExtension* extension, WebKitSecurityOrigin* origin, const char* protocol, const char* host, gboolean allowSubdomains)
{
g_return_if_fail(WEBKIT_IS_WEB_EXTENSION(extension));
g_return_if_fail(origin);
g_return_if_fail(protocol);

extension->priv->bundle->addOriginAccessAllowListEntry(webkitSecurityOriginGetSecurityOriginData(origin).toString(), String::fromUTF8(protocol), String::fromUTF8(host), host ? allowSubdomains : true);
}

void webkit_web_extension_remove_origin_access_whitelist_entry(WebKitWebExtension* extension, WebKitSecurityOrigin* origin, const char* protocol, const char* host, gboolean allowSubdomains)
{
g_return_if_fail(WEBKIT_IS_WEB_EXTENSION(extension));
g_return_if_fail(origin);
g_return_if_fail(protocol);

extension->priv->bundle->removeOriginAccessAllowListEntry(webkitSecurityOriginGetSecurityOriginData(origin).toString(), String::fromUTF8(protocol), String::fromUTF8(host), host ? allowSubdomains : true);
}

void webkit_web_extension_reset_origin_access_whitelists(WebKitWebExtension* extension)
{
g_return_if_fail(WEBKIT_IS_WEB_EXTENSION(extension));

extension->priv->bundle->resetOriginAccessAllowLists();
}

/**
* webkit_web_extension_send_message_to_context:
* @extension: a #WebKitWebExtension
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@

#include <glib-object.h>
#include <@API_INCLUDE_PREFIX@/WebKitDefines.h>
#include <@API_INCLUDE_PREFIX@/WebKitSecurityOrigin.h>
#include <@API_INCLUDE_PREFIX@/WebKitUserMessage.h>
#include <@API_INCLUDE_PREFIX@/WebKitWebPage.h>

Expand Down Expand Up @@ -74,6 +75,23 @@ WEBKIT_API WebKitWebPage *
webkit_web_extension_get_page (WebKitWebExtension *extension,
guint64 page_id);

WEBKIT_API void
webkit_web_extension_add_origin_access_whitelist_entry (WebKitWebExtension *extension,
WebKitSecurityOrigin *origin,
const gchar *protocol,
const gchar *host,
gboolean allow_subdomains);

WEBKIT_API void
webkit_web_extension_remove_origin_access_whitelist_entry (WebKitWebExtension *extension,
WebKitSecurityOrigin *origin,
const gchar *protocol,
const gchar *host,
gboolean allow_subdomains);

WEBKIT_API void
webkit_web_extension_reset_origin_access_whitelists (WebKitWebExtension *extension);

WEBKIT_API void
webkit_web_extension_send_message_to_context (WebKitWebExtension *extension,
WebKitUserMessage *message,
Expand Down
1 change: 1 addition & 0 deletions Source/WebKit/WebProcess/WebPage/WebPage.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -8115,6 +8115,7 @@ void WebPage::registerURLSchemeHandler(WebURLSchemeHandlerIdentifier handlerIden
WebCore::LegacySchemeRegistry::registerURLSchemeAsCORSEnabled(scheme);
auto schemeResult = m_schemeToURLSchemeHandlerProxyMap.add(scheme, WebURLSchemeHandlerProxy::create(*this, handlerIdentifier));
m_identifierToURLSchemeHandlerProxyMap.add(handlerIdentifier, *schemeResult.iterator->value);
WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::RegisterURLSchemeAsHandledBySchemeHandler { scheme }, 0);
}

void WebPage::urlSchemeTaskWillPerformRedirection(WebURLSchemeHandlerIdentifier handlerIdentifier, WebCore::ResourceLoaderIdentifier taskIdentifier, ResourceResponse&& response, ResourceRequest&& request, CompletionHandler<void(WebCore::ResourceRequest&&)>&& completionHandler)
Expand Down