Skip to content

dNR: fix sub_frame resourceType allowAllRequests rules #47328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 30, 2025
Merged

dNR: fix sub_frame resourceType allowAllRequests rules #47328

merged 1 commit into from
Jun 30, 2025
+149 −33

Conversation

elijahsawyers
Copy link

@elijahsawyers elijahsawyers commented Jun 28, 2025
edited by webkit-early-warning-system
Loading

34e4b87

dNR: fix sub_frame resourceType allowAllRequests rules
https://bugs.webkit.org/show_bug.cgi?id=295043
rdar://154124673

Reviewed by Timothy Hatcher.

This patch fixes allowAllRequests rules for sub_frame resource types.

First, I renamed the recently added if-ancestor-frame-url content blocker
condition to be if-ancestor-subframe-url and made it exclude the main frame.
While working on that patch (see #47251,
it was thought that it'd be better to include the main frame in the condition,
but it turns out that it's not. It's better to split main_frame and sub_frame
rules out into their own rules using if-top-url and if-ancestor-subframe-url,
respectively.

Therefore, dNR allowAllRequests rules convert into the following content blocker
rules:

// dNR
{
  "id": 1,
  "action": {
    "type": "allowAllRequests"
  },
  "condition": {
    "urlFilter": "apple.com",
    "resourceTypes": [ "main_frame", "sub_frame" ]
  }
}

// WebKit content blocking

{
  "action": {
    "type": "ignore-following-rules",
  },
  "trigger": {
    "url-filter": ".*",
    "if-top-url": [ "apple\\.com" ],
  }
},
{
  "action": {
    "type": "ignore-following-rules",
  },
  "trigger": {
    "url-filter": ".*",
    "if-ancestor-subframe-url": [ "apple\\.com" ],
  }
}

I wrote new tests to validate the rule conversions and functionality.

* Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:
(WebCore::ContentExtensions::compileRuleList):
* Source/WebCore/contentextensions/ContentExtensionParser.cpp:
(WebCore::ContentExtensions::loadTrigger):
* Source/WebCore/contentextensions/ContentExtensionRule.h:
(WebCore::ContentExtensions::Trigger::checkValidity):
* Source/WebCore/contentextensions/ContentExtensionsBackend.cpp:
(WebCore::ContentExtensions::ContentExtensionsBackend::actionsFromContentRuleList const):
(WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad):
* Source/WebCore/loader/ResourceLoadInfo.h:
* Source/WebKit/UIProcess/Extensions/Cocoa/_WKWebExtensionDeclarativeNetRequestRule.mm:
(-[_WKWebExtensionDeclarativeNetRequestRule _convertRulesWithModifiedCondition:webKitActionType:chromeActionType:]):
(-[_WKWebExtensionDeclarativeNetRequestRule _webKitRuleWithWebKitActionType:chromeActionType:condition:]):
* Tools/TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:
(TestWebKitAPI::TEST_F(ContentExtensionTest, InvalidJSON)):
(TestWebKitAPI::TEST_F(ContentExtensionTest, IfAncestorSubframeURL)):
(TestWebKitAPI::TEST_F(ContentExtensionTest, IfFrameOrAncestorsURL)): Deleted.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDeclarativeNetRequest.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, MainFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, SubFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithMainFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithSubFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithMainFrameAndSubFrameAllowAllRequests)):

Canonical link: https://commits.webkit.org/296799@main

a14d249

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ⏳ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 🧪 unsafe-merge ✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@elijahsawyers elijahsawyers self-assigned this Jun 28, 2025
@elijahsawyers elijahsawyers added the WebKit Extensions Bugs related to extension support. label Jun 28, 2025
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Jun 28, 2025
edited
Loading

EWS run on current version of this PR (hash a14d249)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ⏳ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 🧪 unsafe-merge ✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@elijahsawyers elijahsawyers added the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label Jun 30, 2025
@elijahsawyers
dNR: fix sub_frame resourceType allowAllRequests rules
34e4b87 
https://bugs.webkit.org/show_bug.cgi?id=295043
rdar://154124673

Reviewed by Timothy Hatcher.

This patch fixes allowAllRequests rules for sub_frame resource types.

First, I renamed the recently added if-ancestor-frame-url content blocker
condition to be if-ancestor-subframe-url and made it exclude the main frame.
While working on that patch (see WebKit#47251),
it was thought that it'd be better to include the main frame in the condition,
but it turns out that it's not. It's better to split main_frame and sub_frame
rules out into their own rules using if-top-url and if-ancestor-subframe-url,
respectively.

Therefore, dNR allowAllRequests rules convert into the following content blocker
rules:

// dNR
{
  "id": 1,
  "action": {
    "type": "allowAllRequests"
  },
  "condition": {
    "urlFilter": "apple.com",
    "resourceTypes": [ "main_frame", "sub_frame" ]
  }
}

// WebKit content blocking

{
  "action": {
    "type": "ignore-following-rules",
  },
  "trigger": {
    "url-filter": ".*",
    "if-top-url": [ "apple\\.com" ],
  }
},
{
  "action": {
    "type": "ignore-following-rules",
  },
  "trigger": {
    "url-filter": ".*",
    "if-ancestor-subframe-url": [ "apple\\.com" ],
  }
}

I wrote new tests to validate the rule conversions and functionality.

* Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:
(WebCore::ContentExtensions::compileRuleList):
* Source/WebCore/contentextensions/ContentExtensionParser.cpp:
(WebCore::ContentExtensions::loadTrigger):
* Source/WebCore/contentextensions/ContentExtensionRule.h:
(WebCore::ContentExtensions::Trigger::checkValidity):
* Source/WebCore/contentextensions/ContentExtensionsBackend.cpp:
(WebCore::ContentExtensions::ContentExtensionsBackend::actionsFromContentRuleList const):
(WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad):
* Source/WebCore/loader/ResourceLoadInfo.h:
* Source/WebKit/UIProcess/Extensions/Cocoa/_WKWebExtensionDeclarativeNetRequestRule.mm:
(-[_WKWebExtensionDeclarativeNetRequestRule _convertRulesWithModifiedCondition:webKitActionType:chromeActionType:]):
(-[_WKWebExtensionDeclarativeNetRequestRule _webKitRuleWithWebKitActionType:chromeActionType:condition:]):
* Tools/TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:
(TestWebKitAPI::TEST_F(ContentExtensionTest, InvalidJSON)):
(TestWebKitAPI::TEST_F(ContentExtensionTest, IfAncestorSubframeURL)):
(TestWebKitAPI::TEST_F(ContentExtensionTest, IfFrameOrAncestorsURL)): Deleted.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDeclarativeNetRequest.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, MainFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, SubFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithMainFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithSubFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithMainFrameAndSubFrameAllowAllRequests)):

Canonical link: https://commits.webkit.org/296799@main
@webkit-commit-queue
Copy link
Collaborator

Committed 296799@main (34e4b87): https://commits.webkit.org/296799@main

Reviewed commits have been landed. Closing PR #47328 and removing active labels.

@webkit-commit-queue webkit-commit-queue merged commit 34e4b87 into WebKit:main Jun 30, 2025
@webkit-commit-queue webkit-commit-queue removed the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label Jun 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xeenon xeenon xeenon approved these changes

@b-weinstein b-weinstein Awaiting requested review from b-weinstein b-weinstein is a code owner

@cdumez cdumez Awaiting requested review from cdumez cdumez is a code owner

Assignees

@elijahsawyers elijahsawyers

Labels
WebKit Extensions Bugs related to extension support.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@elijahsawyers @webkit-early-warning-system @webkit-commit-queue @xeenon