logo

etc_portage

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/etc_portage.git

0002-Remove-support-for-PING-in-HTML-anchors-privacy.patch (20913B)

    

  1. From 84921f7b5e96acf31472acd7752ca77158b4c657 Mon Sep 17 00:00:00 2001
  2. From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me>
  3. Date: Fri, 2 Nov 2018 18:14:21 +0100
  4. Subject: [PATCH 2/8] Remove support for PING in HTML anchors [privacy]
  6. ---
  7.  Source/WebCore/Sources.txt                    |   1 -
  8.  Source/WebCore/html/HTMLAnchorElement.cpp     |  16 --
  9.  .../html/parser/XSSAuditorDelegate.cpp        |   4 -
  10.  Source/WebCore/loader/DocumentLoader.cpp      |   6 -
  11.  Source/WebCore/loader/PingLoader.cpp          | 218 ------------------
  12.  Source/WebCore/loader/PingLoader.h            |  62 -----
  13.  .../loader/cache/CachedResourceLoader.cpp     |   3 -
  14.  .../page/csp/ContentSecurityPolicy.cpp        |   5 -
  15.  Source/WebKit/WebProcess/WebPage/WebPage.cpp  |   3 -
  16.  9 files changed, 318 deletions(-)
  17.  delete mode 100644 Source/WebCore/loader/PingLoader.cpp
  18.  delete mode 100644 Source/WebCore/loader/PingLoader.h
  20. diff --git a/Source/WebCore/Sources.txt b/Source/WebCore/Sources.txt
  21. index 704e50c773..bbee4a0695 100644
  22. --- a/Source/WebCore/Sources.txt
  23. +++ b/Source/WebCore/Sources.txt
  24. @@ -1276,7 +1276,6 @@ loader/NavigationAction.cpp
  25.  loader/NavigationScheduler.cpp
  26.  loader/NetscapePlugInStreamLoader.cpp
  27.  loader/ServerTimingParser.cpp
  28. -loader/PingLoader.cpp
  29.  loader/PolicyChecker.cpp
  30.  loader/ProgressTracker.cpp
  31.  loader/ResourceCryptographicDigest.cpp
  32. diff --git a/Source/WebCore/html/HTMLAnchorElement.cpp b/Source/WebCore/html/HTMLAnchorElement.cpp
  33. index 0155fc70a1..e53302748d 100644
  34. --- a/Source/WebCore/html/HTMLAnchorElement.cpp
  35. +++ b/Source/WebCore/html/HTMLAnchorElement.cpp
  36. @@ -39,7 +39,6 @@
  37.  #include "HTMLPictureElement.h"
  38.  #include "KeyboardEvent.h"
  39.  #include "MouseEvent.h"
  40. -#include "PingLoader.h"
  41.  #include "PlatformMouseEvent.h"
  42.  #include "RenderImage.h"
  43.  #include "ResourceRequest.h"
  44. @@ -364,19 +363,6 @@ bool HTMLAnchorElement::isLiveLink() const
  45.      return isLink() && treatLinkAsLiveForEventType(m_wasShiftKeyDownOnMouseDown ? MouseEventWithShiftKey : MouseEventWithoutShiftKey);
  46.  }
  47.  
  48. -void HTMLAnchorElement::sendPings(const URL& destinationURL)
  49. -{
  50. -    if (!document().frame())
  51. -        return;
  52. -
  53. -    if (!hasAttributeWithoutSynchronization(pingAttr) || !document().settings().hyperlinkAuditingEnabled())
  54. -        return;
  55. -
  56. -    SpaceSplitString pingURLs(attributeWithoutSynchronization(pingAttr), false);
  57. -    for (unsigned i = 0; i < pingURLs.size(); i++)
  58. -        PingLoader::sendPing(*document().frame(), document().completeURL(pingURLs[i]), destinationURL);
  59. -}
  60. -
  61.  #if USE(SYSTEM_PREVIEW)
  62.  bool HTMLAnchorElement::isSystemPreviewLink() const
  63.  {
  64. @@ -442,8 +428,6 @@ void HTMLAnchorElement::handleClick(Event& event)
  65.      ShouldSendReferrer shouldSendReferrer = hasRel(Relation::NoReferrer) ? NeverSendReferrer : MaybeSendReferrer;
  66.      auto newFrameOpenerPolicy = hasRel(Relation::NoOpener) ? std::make_optional(NewFrameOpenerPolicy::Suppress) : std::nullopt;
  67.      frame->loader().urlSelected(completedURL, target(), &event, LockHistory::No, LockBackForwardList::No, shouldSendReferrer, document().shouldOpenExternalURLsPolicyToPropagate(), newFrameOpenerPolicy, downloadAttribute, systemPreviewInfo);
  68. -
  69. -    sendPings(completedURL);
  70.  }
  71.  
  72.  HTMLAnchorElement::EventType HTMLAnchorElement::eventType(Event& event)
  73. diff --git a/Source/WebCore/html/parser/XSSAuditorDelegate.cpp b/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
  74. index 80b4213669..e8c69162aa 100644
  75. --- a/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
  76. +++ b/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
  77. @@ -35,7 +35,6 @@
  78.  #include "FrameLoaderClient.h"
  79.  #include "HTMLParserIdioms.h"
  80.  #include "NavigationScheduler.h"
  81. -#include "PingLoader.h"
  82.  #include <wtf/JSONValues.h>
  83.  #include <wtf/text/StringBuilder.h>
  84.  #include <wtf/text/CString.h>
  85. @@ -104,9 +103,6 @@ void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo)
  86.          m_didSendNotifications = true;
  87.  
  88.          frameLoader.client().didDetectXSS(m_document.url(), xssInfo.m_didBlockEntirePage);
  89. -
  90. -        if (!m_reportURL.isEmpty())
  91. -            PingLoader::sendViolationReport(*m_document.frame(), m_reportURL, generateViolationReport(xssInfo), ViolationReportType::XSSAuditor);
  92.      }
  93.  
  94.      if (xssInfo.m_didBlockEntirePage)
  95. diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp
  96. index b9fc289660..37cf9602b2 100644
  97. --- a/Source/WebCore/loader/DocumentLoader.cpp
  98. +++ b/Source/WebCore/loader/DocumentLoader.cpp
  99. @@ -65,7 +65,6 @@
  100.  #include "MemoryCache.h"
  101.  #include "NetworkLoadMetrics.h"
  102.  #include "Page.h"
  103. -#include "PingLoader.h"
  104.  #include "PlatformStrategies.h"
  105.  #include "PolicyChecker.h"
  106.  #include "ProgressTracker.h"
  107. @@ -2058,11 +2057,6 @@ void DocumentLoader::addConsoleMessage(MessageSource messageSource, MessageLevel
  108.      static_cast<ScriptExecutionContext*>(m_frame->document())->addConsoleMessage(messageSource, messageLevel, message, requestIdentifier);
  109.  }
  110.  
  111. -void DocumentLoader::sendCSPViolationReport(URL&& reportURL, Ref<FormData>&& report)
  112. -{
  113. -    PingLoader::sendViolationReport(*m_frame, WTFMove(reportURL), WTFMove(report), ViolationReportType::ContentSecurityPolicy);
  114. -}
  115. -
  116.  void DocumentLoader::enqueueSecurityPolicyViolationEvent(SecurityPolicyViolationEvent::Init&& eventInit)
  117.  {
  118.      m_frame->document()->enqueueSecurityPolicyViolationEvent(WTFMove(eventInit));
  119. diff --git a/Source/WebCore/loader/PingLoader.cpp b/Source/WebCore/loader/PingLoader.cpp
  120. deleted file mode 100644
  121. index 134e5560e6..0000000000
  122. --- a/Source/WebCore/loader/PingLoader.cpp
  123. +++ /dev/null
  124. @@ -1,218 +0,0 @@
  125. -/*
  126. - * Copyright (C) 2010 Google Inc. All rights reserved.
  127. - * Copyright (C) 2015 Roopesh Chander (roop@roopc.net)
  128. - * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
  129. - *
  130. - * Redistribution and use in source and binary forms, with or without
  131. - * modification, are permitted provided that the following conditions are
  132. - * met:
  133. - *
  134. - *     * Redistributions of source code must retain the above copyright
  135. - * notice, this list of conditions and the following disclaimer.
  136. - *     * Redistributions in binary form must reproduce the above
  137. - * copyright notice, this list of conditions and the following disclaimer
  138. - * in the documentation and/or other materials provided with the
  139. - * distribution.
  140. - *     * Neither the name of Google Inc. nor the names of its
  141. - * contributors may be used to endorse or promote products derived from
  142. - * this software without specific prior written permission.
  143. - *
  144. - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  145. - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  146. - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  147. - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  148. - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  149. - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  150. - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  151. - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  152. - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  153. - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  154. - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  155. - *
  156. - */
  157. -
  158. -#include "config.h"
  159. -#include "PingLoader.h"
  160. -
  161. -#include "ContentSecurityPolicy.h"
  162. -#include "Document.h"
  163. -#include "Frame.h"
  164. -#include "FrameLoader.h"
  165. -#include "FrameLoaderClient.h"
  166. -#include "InspectorInstrumentation.h"
  167. -#include "LoaderStrategy.h"
  168. -#include "NetworkLoadMetrics.h"
  169. -#include "Page.h"
  170. -#include "PlatformStrategies.h"
  171. -#include "ProgressTracker.h"
  172. -#include "ResourceHandle.h"
  173. -#include "ResourceLoadInfo.h"
  174. -#include "ResourceRequest.h"
  175. -#include "ResourceResponse.h"
  176. -#include "SecurityOrigin.h"
  177. -#include "SecurityPolicy.h"
  178. -#include "UserContentController.h"
  179. -#include <wtf/text/CString.h>
  180. -
  181. -namespace WebCore {
  182. -
  183. -#if !ENABLE(CONTENT_EXTENSIONS)
  184. -
  185. -// Returns true if we should block the load.
  186. -static inline bool processContentExtensionRulesForLoad(const Frame&, ResourceRequest&, ResourceType)
  187. -{
  188. -    return false;
  189. -}
  190. -
  191. -#else
  192. -
  193. -// Returns true if we should block the load.
  194. -static bool processContentExtensionRulesForLoad(const Frame& frame, ResourceRequest& request, ResourceType resourceType)
  195. -{
  196. -    auto* documentLoader = frame.loader().documentLoader();
  197. -    if (!documentLoader)
  198. -        return false;
  199. -    auto* page = frame.page();
  200. -    if (!page)
  201. -        return false;
  202. -    auto status = page->userContentProvider().processContentExtensionRulesForLoad(request.url(), resourceType, *documentLoader);
  203. -    applyBlockedStatusToRequest(status, page, request);
  204. -    return status.blockedLoad;
  205. -}
  206. -
  207. -#endif
  208. -
  209. -void PingLoader::loadImage(Frame& frame, const URL& url)
  210. -{
  211. -    ASSERT(frame.document());
  212. -    auto& document = *frame.document();
  213. -
  214. -    if (!document.securityOrigin().canDisplay(url)) {
  215. -        FrameLoader::reportLocalLoadFailed(&frame, url);
  216. -        return;
  217. -    }
  218. -
  219. -    ResourceRequest request(url);
  220. -    if (processContentExtensionRulesForLoad(frame, request, ResourceType::Image))
  221. -        return;
  222. -
  223. -    document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load);
  224. -
  225. -    request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "max-age=0");
  226. -
  227. -    HTTPHeaderMap originalRequestHeader = request.httpHeaderFields();
  228. -
  229. -    String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), request.url(), frame.loader().outgoingReferrer());
  230. -    if (!referrer.isEmpty())
  231. -        request.setHTTPReferrer(referrer);
  232. -    frame.loader().addExtraFieldsToSubresourceRequest(request);
  233. -
  234. -    startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes);
  235. -}
  236. -
  237. -// http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing
  238. -void PingLoader::sendPing(Frame& frame, const URL& pingURL, const URL& destinationURL)
  239. -{
  240. -    ASSERT(frame.document());
  241. -
  242. -    if (!pingURL.protocolIsInHTTPFamily())
  243. -        return;
  244. -
  245. -    ResourceRequest request(pingURL);
  246. -    if (processContentExtensionRulesForLoad(frame, request, ResourceType::Raw))
  247. -        return;
  248. -
  249. -    auto& document = *frame.document();
  250. -    document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load);
  251. -
  252. -    request.setHTTPMethod("POST");
  253. -    request.setHTTPContentType("text/ping");
  254. -    request.setHTTPBody(FormData::create("PING"));
  255. -    request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "max-age=0");
  256. -
  257. -    HTTPHeaderMap originalRequestHeader = request.httpHeaderFields();
  258. -
  259. -    frame.loader().addExtraFieldsToSubresourceRequest(request);
  260. -
  261. -    auto& sourceOrigin = document.securityOrigin();
  262. -    FrameLoader::addHTTPOriginIfNeeded(request, sourceOrigin.toString());
  263. -    request.setHTTPHeaderField(HTTPHeaderName::PingTo, destinationURL);
  264. -    if (!SecurityPolicy::shouldHideReferrer(pingURL, frame.loader().outgoingReferrer())) {
  265. -        request.setHTTPHeaderField(HTTPHeaderName::PingFrom, document.url());
  266. -        if (!sourceOrigin.isSameSchemeHostPort(SecurityOrigin::create(pingURL).get())) {
  267. -            String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), pingURL, frame.loader().outgoingReferrer());
  268. -            if (!referrer.isEmpty())
  269. -                request.setHTTPReferrer(referrer);
  270. -        }
  271. -    }
  272. -
  273. -    startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes);
  274. -}
  275. -
  276. -void PingLoader::sendViolationReport(Frame& frame, const URL& reportURL, Ref<FormData>&& report, ViolationReportType reportType)
  277. -{
  278. -    ASSERT(frame.document());
  279. -
  280. -    ResourceRequest request(reportURL);
  281. -    if (processContentExtensionRulesForLoad(frame, request, ResourceType::Raw))
  282. -        return;
  283. -
  284. -    auto& document = *frame.document();
  285. -    document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load);
  286. -
  287. -    request.setHTTPMethod("POST"_s);
  288. -    request.setHTTPBody(WTFMove(report));
  289. -    switch (reportType) {
  290. -    case ViolationReportType::ContentSecurityPolicy:
  291. -        request.setHTTPContentType("application/csp-report"_s);
  292. -        break;
  293. -    case ViolationReportType::XSSAuditor:
  294. -        request.setHTTPContentType("application/json"_s);
  295. -        break;
  296. -    }
  297. -
  298. -    bool removeCookies = true;
  299. -    if (document.securityOrigin().isSameSchemeHostPort(SecurityOrigin::create(reportURL).get()))
  300. -        removeCookies = false;
  301. -    if (removeCookies)
  302. -        request.setAllowCookies(false);
  303. -
  304. -    HTTPHeaderMap originalRequestHeader = request.httpHeaderFields();
  305. -
  306. -    frame.loader().addExtraFieldsToSubresourceRequest(request);
  307. -
  308. -    String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), reportURL, frame.loader().outgoingReferrer());
  309. -    if (!referrer.isEmpty())
  310. -        request.setHTTPReferrer(referrer);
  311. -
  312. -    startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::No);
  313. -}
  314. -
  315. -void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects shouldFollowRedirects)
  316. -{
  317. -    unsigned long identifier = frame.page()->progress().createUniqueIdentifier();
  318. -    // FIXME: Why activeDocumentLoader? I would have expected documentLoader().
  319. -    // It seems like the PingLoader should be associated with the current
  320. -    // Document in the Frame, but the activeDocumentLoader will be associated
  321. -    // with the provisional DocumentLoader if there is a provisional
  322. -    // DocumentLoader.
  323. -    bool shouldUseCredentialStorage = frame.loader().client().shouldUseCredentialStorage(frame.loader().activeDocumentLoader(), identifier);
  324. -    FetchOptions options;
  325. -    options.credentials = shouldUseCredentialStorage ? FetchOptions::Credentials::Include : FetchOptions::Credentials::Omit;
  326. -    options.redirect = shouldFollowRedirects == ShouldFollowRedirects::Yes ? FetchOptions::Redirect::Follow : FetchOptions::Redirect::Error;
  327. -
  328. -    // FIXME: Move ping loads to normal subresource loading to get normal inspector request instrumentation hooks.
  329. -    InspectorInstrumentation::willSendRequestOfType(&frame, identifier, frame.loader().activeDocumentLoader(), request, InspectorInstrumentation::LoadType::Ping);
  330. -
  331. -    platformStrategies()->loaderStrategy()->startPingLoad(frame, request, WTFMove(originalRequestHeaders), options, [protectedFrame = makeRef(frame), identifier] (const ResourceError& error, const ResourceResponse& response) {
  332. -        if (!response.isNull())
  333. -            InspectorInstrumentation::didReceiveResourceResponse(protectedFrame, identifier, protectedFrame->loader().activeDocumentLoader(), response, nullptr);
  334. -        if (error.isNull()) {
  335. -            NetworkLoadMetrics emptyMetrics;
  336. -            InspectorInstrumentation::didFinishLoading(protectedFrame.ptr(), protectedFrame->loader().activeDocumentLoader(), identifier, emptyMetrics, nullptr);
  337. -        } else
  338. -            InspectorInstrumentation::didFailLoading(protectedFrame.ptr(), protectedFrame->loader().activeDocumentLoader(), identifier, error);
  339. -    });
  340. -}
  341. -
  342. -}
  343. diff --git a/Source/WebCore/loader/PingLoader.h b/Source/WebCore/loader/PingLoader.h
  344. deleted file mode 100644
  345. index 15489dcf04..0000000000
  346. --- a/Source/WebCore/loader/PingLoader.h
  347. +++ /dev/null
  348. @@ -1,62 +0,0 @@
  349. -/*
  350. - * Copyright (C) 2010 Google Inc. All rights reserved.
  351. - * Copyright (C) 2017 Apple Inc. All rights reserved.
  352. - *
  353. - * Redistribution and use in source and binary forms, with or without
  354. - * modification, are permitted provided that the following conditions are
  355. - * met:
  356. - *
  357. - *     * Redistributions of source code must retain the above copyright
  358. - * notice, this list of conditions and the following disclaimer.
  359. - *     * Redistributions in binary form must reproduce the above
  360. - * copyright notice, this list of conditions and the following disclaimer
  361. - * in the documentation and/or other materials provided with the
  362. - * distribution.
  363. - *     * Neither the name of Google Inc. nor the names of its
  364. - * contributors may be used to endorse or promote products derived from
  365. - * this software without specific prior written permission.
  366. - *
  367. - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  368. - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  369. - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  370. - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  371. - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  372. - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  373. - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  374. - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  375. - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  376. - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  377. - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  378. - *
  379. - */
  380. -
  381. -#pragma once
  382. -
  383. -#include <wtf/Forward.h>
  384. -#include <wtf/Ref.h>
  385. -
  386. -namespace WebCore {
  387. -
  388. -class FormData;
  389. -class Frame;
  390. -class HTTPHeaderMap;
  391. -class URL;
  392. -class ResourceRequest;
  393. -
  394. -enum class ViolationReportType {
  395. -    ContentSecurityPolicy,
  396. -    XSSAuditor,
  397. -};
  398. -
  399. -class PingLoader {
  400. -public:
  401. -    static void loadImage(Frame&, const URL&);
  402. -    static void sendPing(Frame&, const URL& pingURL, const URL& destinationURL);
  403. -    WEBCORE_EXPORT static void sendViolationReport(Frame&, const URL& reportURL, Ref<FormData>&& report, ViolationReportType);
  404. -
  405. -private:
  406. -    enum class ShouldFollowRedirects { No, Yes };
  407. -    static void startPingLoad(Frame&, ResourceRequest&, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects);
  408. -};
  409. -
  410. -} // namespace WebCore
  411. diff --git a/Source/WebCore/loader/cache/CachedResourceLoader.cpp b/Source/WebCore/loader/cache/CachedResourceLoader.cpp
  412. index 9d3d108113..614cfee9b5 100644
  413. --- a/Source/WebCore/loader/cache/CachedResourceLoader.cpp
  414. +++ b/Source/WebCore/loader/cache/CachedResourceLoader.cpp
  415. @@ -57,7 +57,6 @@
  416.  #include "Logging.h"
  417.  #include "MemoryCache.h"
  418.  #include "Page.h"
  419. -#include "PingLoader.h"
  420.  #include "PlatformStrategies.h"
  421.  #include "RenderElement.h"
  422.  #include "ResourceLoadInfo.h"
  423. @@ -202,8 +201,6 @@ ResourceErrorOr<CachedResourceHandle<CachedImage>> CachedResourceLoader::request
  424.              if (Document* document = frame->document())
  425.                  request.upgradeInsecureRequestIfNeeded(*document);
  426.              URL requestURL = request.resourceRequest().url();
  427. -            if (requestURL.isValid() && canRequest(CachedResource::Type::ImageResource, requestURL, request, ForPreload::No))
  428. -                PingLoader::loadImage(*frame, requestURL);
  429.              return CachedResourceHandle<CachedImage> { };
  430.          }
  431.      }
  432. diff --git a/Source/WebCore/page/csp/ContentSecurityPolicy.cpp b/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
  433. index 9b966fa02b..f1b1b51da1 100644
  434. --- a/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
  435. +++ b/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
  436. @@ -45,7 +45,6 @@
  437.  #include "JSExecState.h"
  438.  #include "JSWindowProxy.h"
  439.  #include "ParsingUtilities.h"
  440. -#include "PingLoader.h"
  441.  #include "ResourceRequest.h"
  442.  #include "RuntimeEnabledFeatures.h"
  443.  #include "SchemeRegistry.h"
  444. @@ -759,10 +758,6 @@ void ContentSecurityPolicy::reportViolation(const String& effectiveViolatedDirec
  445.      if (m_client) {
  446.          for (const auto& url : reportURIs)
  447.              m_client->sendCSPViolationReport(URL { m_protectedURL, url }, report.copyRef());
  448. -    } else {
  449. -        auto& document = downcast<Document>(*m_scriptExecutionContext);
  450. -        for (const auto& url : reportURIs)
  451. -            PingLoader::sendViolationReport(*document.frame(), URL { m_protectedURL, url }, report.copyRef(), ViolationReportType::ContentSecurityPolicy);
  452.      }
  453.  }
  454.  
  455. diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.cpp b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
  456. index 5de12b10cc..e161de3599 100644
  457. --- a/Source/WebKit/WebProcess/WebPage/WebPage.cpp
  458. +++ b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
  459. @@ -181,7 +181,6 @@
  460.  #include <WebCore/NotImplemented.h>
  461.  #include <WebCore/Page.h>
  462.  #include <WebCore/PageConfiguration.h>
  463. -#include <WebCore/PingLoader.h>
  464.  #include <WebCore/PlatformKeyboardEvent.h>
  465.  #include <WebCore/PluginDocument.h>
  466.  #include <WebCore/PrintContext.h>
  467. @@ -3359,8 +3358,6 @@ void WebPage::sendCSPViolationReport(uint64_t frameID, const WebCore::URL& repor
  468.      auto report = reportData.takeData();
  469.      if (!report)
  470.          return;
  471. -    if (auto* frame = WebProcess::singleton().webFrame(frameID))
  472. -        PingLoader::sendViolationReport(*frame->coreFrame(), reportURL, report.releaseNonNull(), ViolationReportType::ContentSecurityPolicy);
  473.  }
  474.  
  475.  void WebPage::enqueueSecurityPolicyViolationEvent(uint64_t frameID, SecurityPolicyViolationEvent::Init&& eventInit)
  476. -- 
  477. 2.19.2