Diff
Modified: trunk/LayoutTests/ChangeLog (207751 => 207752)
--- trunk/LayoutTests/ChangeLog 2016-10-24 07:19:04 UTC (rev 207751)
+++ trunk/LayoutTests/ChangeLog 2016-10-24 07:49:14 UTC (rev 207752)
@@ -1,3 +1,16 @@
+2016-10-24 Youenn Fablet <you...@apple.com>
+
+ Redirections should be upgraded if CSP policy says so
+ https://bugs.webkit.org/show_bug.cgi?id=163544
+
+ Reviewed by Darin Adler.
+
+ * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html: Added.
+ * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt:
+ * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html:
+ * platform/mac/TestExpectations:
+
2016-10-22 Sam Weinig <s...@webkit.org>
[WebIDL] Add IDLType based toJS conversion
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https-expected.txt (0 => 207752)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https-expected.txt 2016-10-24 07:49:14 UTC (rev 207752)
@@ -0,0 +1,3 @@
+
+PASS Verify that images are upgraded after a redirection.
+
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html (0 => 207752)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html 2016-10-24 07:49:14 UTC (rev 207752)
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<title>Upgrade Insecure Requests: Basics.</title>
+<script src=""
+<script src=""
+
+<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+// This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we
+// specify this non-existent URL ('http' over port 8443). If UPGRADE doesn't
+// work, it won't load.
+var insecureImage = "http://127.0.0.1:8443/resources/redirect.php?url=""
+
+(function() {
+ var t = async_test("Verify that images are upgraded after a redirection.");
+ t.step(function () {
+ var i = document.createElement('img');
+ i._onload_ = t.step_func(function () {
+ assert_equals(i.naturalHeight, 103, "Height.");
+ assert_equals(i.naturalWidth, 76, "Width.");
+ t.done();
+ });
+ i._onerror_ = t.step_func(function () {
+ assert_unreached("The image should load successfully.");
+ });
+
+ i.src = ""
+ });
+}());
+
+</script>
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt (207751 => 207752)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt 2016-10-24 07:19:04 UTC (rev 207751)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt 2016-10-24 07:49:14 UTC (rev 207752)
@@ -1,13 +1,11 @@
frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
main frame - didFinishDocumentLoadForFrame
frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
-CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-redirect-https-to-http-script.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
-
frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
main frame - didHandleOnloadEventsForFrame
frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
main frame - didFinishLoadForFrame
-This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should upgrade the relevant requests for the any top-level frames, but not sub-resources of those frames, triggering a mixed content callback.
+This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should upgrade the relevant requests.
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html (207751 => 207752)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html 2016-10-24 07:19:04 UTC (rev 207751)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html 2016-10-24 07:49:14 UTC (rev 207752)
@@ -7,9 +7,7 @@
testRunner.dumpFrameLoadCallbacks();
}
</script>
-<p>This test loads a secure iframe that loads an insecure script (but with a
-tricky redirect). We should upgrade the relevant requests for the any top-level
-frames, but not sub-resources of those frames, triggering a mixed content callback.</p>
+<p>This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should upgrade the relevant requests.</p>
<iframe src=""
</body>
</html>
Modified: trunk/LayoutTests/platform/mac/TestExpectations (207751 => 207752)
--- trunk/LayoutTests/platform/mac/TestExpectations 2016-10-24 07:19:04 UTC (rev 207751)
+++ trunk/LayoutTests/platform/mac/TestExpectations 2016-10-24 07:49:14 UTC (rev 207752)
@@ -1331,6 +1331,8 @@
webkit.org/b/155140 js/promises-tests/promises-tests-2-3-3.html [ Pass Failure ]
+webkit.org/b/163544 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html [ Pass Timeout ]
+
# Content Security Policy for media redirects is not supported on some OSes.
[ Yosemite ElCapitan ] http/tests/security/contentSecurityPolicy/audio-redirect-blocked.html [ Failure ]
[ Yosemite ElCapitan ] http/tests/security/contentSecurityPolicy/video-redirect-blocked.html [ Failure ]
Modified: trunk/Source/WebCore/ChangeLog (207751 => 207752)
--- trunk/Source/WebCore/ChangeLog 2016-10-24 07:19:04 UTC (rev 207751)
+++ trunk/Source/WebCore/ChangeLog 2016-10-24 07:49:14 UTC (rev 207752)
@@ -1,3 +1,31 @@
+2016-10-24 Youenn Fablet <you...@apple.com>
+
+ Redirections should be upgraded if CSP policy says so
+ https://bugs.webkit.org/show_bug.cgi?id=163544
+
+ Reviewed by Darin Adler.
+
+ Test: http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html
+
+ Introducing CachedResourceLoader::updateRequestAfterRedirection to do the checks that CachedResourceLoader is doing
+ to the initial request, but for redirection requests.
+
+ Implemented URL upgrade according CSP policy, as specified by fetch algorithm.
+ Minor refactoring in CachedResourceRequest to share some code.
+ Fixing some constness issues.
+
+ * loader/SubresourceLoader.cpp:
+ (WebCore::SubresourceLoader::willSendRequestInternal):
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::allowedByContentSecurityPolicy):
+ (WebCore::CachedResourceLoader::canRequestAfterRedirection):
+ (WebCore::CachedResourceLoader::updateRequestAfterRedirection):
+ * loader/cache/CachedResourceLoader.h:
+ * loader/cache/CachedResourceRequest.cpp:
+ (WebCore::upgradeInsecureResourceRequestIfNeeded):
+ (WebCore::CachedResourceRequest::upgradeInsecureRequestIfNeeded):
+ * loader/cache/CachedResourceRequest.h:
+
2016-10-22 Sam Weinig <s...@webkit.org>
[WebIDL] Add IDLType based toJS conversion
Modified: trunk/Source/WebCore/loader/SubresourceLoader.cpp (207751 => 207752)
--- trunk/Source/WebCore/loader/SubresourceLoader.cpp 2016-10-24 07:19:04 UTC (rev 207751)
+++ trunk/Source/WebCore/loader/SubresourceLoader.cpp 2016-10-24 07:49:14 UTC (rev 207752)
@@ -203,7 +203,7 @@
m_frame->page()->diagnosticLoggingClient().logDiagnosticMessageWithResult(DiagnosticLoggingKeys::cachedResourceRevalidationKey(), emptyString(), DiagnosticLoggingResultFail, ShouldSample::Yes);
}
- if (!m_documentLoader->cachedResourceLoader().canRequestAfterRedirection(m_resource->type(), newRequest.url(), options())) {
+ if (!m_documentLoader->cachedResourceLoader().updateRequestAfterRedirection(m_resource->type(), newRequest, options())) {
cancel();
return;
}
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (207751 => 207752)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-10-24 07:19:04 UTC (rev 207751)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-10-24 07:49:14 UTC (rev 207752)
@@ -380,7 +380,7 @@
return true;
}
-bool CachedResourceLoader::allowedByContentSecurityPolicy(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options, ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived)
+bool CachedResourceLoader::allowedByContentSecurityPolicy(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options, ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived) const
{
if (options.contentSecurityPolicyImposition == ContentSecurityPolicyImposition::SkipPolicyCheck)
return true;
@@ -470,7 +470,7 @@
}
// FIXME: Should we find a way to know whether the redirection is for a preload request like we do for CachedResourceLoader::canRequest?
-bool CachedResourceLoader::canRequestAfterRedirection(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options)
+bool CachedResourceLoader::canRequestAfterRedirection(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options) const
{
if (document() && !document()->securityOrigin()->canDisplay(url)) {
FrameLoader::reportLocalLoadFailed(frame(), url.stringCenterEllipsizedToLength());
@@ -497,6 +497,17 @@
return true;
}
+bool CachedResourceLoader::updateRequestAfterRedirection(CachedResource::Type type, ResourceRequest& request, const ResourceLoaderOptions& options)
+{
+ ASSERT(m_documentLoader);
+ if (auto* document = m_documentLoader->cachedResourceLoader().document())
+ upgradeInsecureResourceRequestIfNeeded(request, *document);
+
+ // FIXME: We might want to align the checks done here with the ones done in CachedResourceLoader::requestResource, content extensions blocking in particular.
+
+ return canRequestAfterRedirection(type, request.url(), options);
+}
+
bool CachedResourceLoader::canRequestInContentDispositionAttachmentSandbox(CachedResource::Type type, const URL& url) const
{
Document* document;
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.h (207751 => 207752)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2016-10-24 07:19:04 UTC (rev 207751)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2016-10-24 07:49:14 UTC (rev 207752)
@@ -136,7 +136,7 @@
void checkForPendingPreloads();
void printPreloadStats();
- bool canRequestAfterRedirection(CachedResource::Type, const URL&, const ResourceLoaderOptions&);
+ bool updateRequestAfterRedirection(CachedResource::Type, ResourceRequest&, const ResourceLoaderOptions&);
static const ResourceLoaderOptions& defaultCachedResourceOptions();
@@ -171,7 +171,7 @@
bool shouldContinueAfterNotifyingLoadedFromMemoryCache(const CachedResourceRequest&, CachedResource*);
bool checkInsecureContent(CachedResource::Type, const URL&) const;
- bool allowedByContentSecurityPolicy(CachedResource::Type, const URL&, const ResourceLoaderOptions&, ContentSecurityPolicy::RedirectResponseReceived);
+ bool allowedByContentSecurityPolicy(CachedResource::Type, const URL&, const ResourceLoaderOptions&, ContentSecurityPolicy::RedirectResponseReceived) const;
void performPostLoadActions();
@@ -178,8 +178,9 @@
bool clientDefersImage(const URL&) const;
void reloadImagesIfNotDeferred();
+ bool canRequestAfterRedirection(CachedResource::Type, const URL&, const ResourceLoaderOptions&) const;
bool canRequestInContentDispositionAttachmentSandbox(CachedResource::Type, const URL&) const;
-
+
HashSet<String> m_validatedURLs;
mutable DocumentResourceMap m_documentResources;
Document* m_document;
Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp (207751 => 207752)
--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2016-10-24 07:19:04 UTC (rev 207751)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2016-10-24 07:49:14 UTC (rev 207752)
@@ -105,19 +105,24 @@
WebCore::updateRequestForAccessControl(m_resourceRequest, *document.securityOrigin(), m_options.allowCredentials);
}
-void CachedResourceRequest::upgradeInsecureRequestIfNeeded(Document& document)
+void upgradeInsecureResourceRequestIfNeeded(ResourceRequest& request, Document& document)
{
- URL url = ""
+ URL url = ""
ASSERT(document.contentSecurityPolicy());
document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(url, ContentSecurityPolicy::InsecureRequestType::Load);
- if (url == m_resourceRequest.url())
+ if (url == request.url())
return;
- m_resourceRequest.setURL(url);
+ request.setURL(url);
}
+void CachedResourceRequest::upgradeInsecureRequestIfNeeded(Document& document)
+{
+ upgradeInsecureResourceRequestIfNeeded(m_resourceRequest, document);
+}
+
#if ENABLE(CACHE_PARTITIONING)
void CachedResourceRequest::setDomainForCachePartition(Document& document)
{
Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.h (207751 => 207752)
--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.h 2016-10-24 07:19:04 UTC (rev 207751)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.h 2016-10-24 07:49:14 UTC (rev 207752)
@@ -94,6 +94,8 @@
String m_fragmentIdentifier;
};
+void upgradeInsecureResourceRequestIfNeeded(ResourceRequest&, Document&);
+
} // namespace WebCore
#endif
