Ignore:
Timestamp:
May 25, 2022, 12:53:21 PM (3 years ago)
Author:
Patrick Griffis
Message:

Add support for Link nonces
https://bugs.webkit.org/show_bug.cgi?id=240817

This reads the nonce from link elements and Link headers.

This was implemented by Chromium in 2017 to be consistent with the HTMLPreloader:
https://chromium-review.googlesource.com/c/chromium/src/+/676769/

Reviewed by Kate Cheney.

  • LayoutTests/imported/w3c/web-platform-tests/preload/link-header-preload-nonce-expected.txt:
  • LayoutTests/imported/w3c/web-platform-tests/preload/link-header-preload-nonce.html:

These test changes were already upstream: https://github.com/web-platform-tests/wpt/commit/306dc506adba97ca84ada67bdab6227dba65bbcb

  • Source/WebCore/html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::process):

  • Source/WebCore/loader/LinkHeader.cpp:

(WebCore::paramterNameFromString):
(WebCore::LinkHeader::setValue):

  • Source/WebCore/loader/LinkHeader.h:

(WebCore::LinkHeader::nonce const):

  • Source/WebCore/loader/LinkLoader.cpp:

(WebCore::LinkLoader::loadLinksFromHeader):
(WebCore::LinkLoader::preloadIfNeeded):
(WebCore::LinkLoader::prefetchIfNeeded):

  • Source/WebCore/loader/LinkLoader.h:

Canonical link: https://commits.webkit.org/250972@main

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/loader/LinkLoader.cpp

    r293563 r294819  
    113113            continue;
    114114
    115         LinkLoadParameters params { relAttribute, url, header.as(), header.media(), header.mimeType(), header.crossOrigin(), header.imageSrcSet(), header.imageSizes(), ReferrerPolicy::EmptyString };
     115        LinkLoadParameters params { relAttribute, url, header.as(), header.media(), header.mimeType(), header.crossOrigin(), header.imageSrcSet(), header.imageSizes(), header.nonce(), ReferrerPolicy::EmptyString };
    116116        preconnectIfNeeded(params, document);
    117117        preloadIfNeeded(params, document, nullptr);
     
    262262    auto options = CachedResourceLoader::defaultCachedResourceOptions();
    263263    options.referrerPolicy = params.referrerPolicy;
     264    options.nonce = params.nonce;
    264265    auto linkRequest = createPotentialAccessControlRequest(url, WTFMove(options), document, params.crossOrigin);
    265266    linkRequest.setPriority(DefaultResourceLoadPriority::forResourceType(type.value()));
     
    303304    options.cachingPolicy = CachingPolicy::DisallowCaching;
    304305    options.referrerPolicy = params.referrerPolicy;
     306    options.nonce = params.nonce;
    305307    m_cachedLinkResource = document.cachedResourceLoader().requestLinkResource(type, CachedResourceRequest(ResourceRequest { document.completeURL(params.href.string()) }, options, priority)).value_or(nullptr);
    306308    if (m_cachedLinkResource)
Note: See TracChangeset for help on using the changeset viewer.