Diff
Modified: trunk/LayoutTests/ChangeLog (89154 => 89155)
--- trunk/LayoutTests/ChangeLog 2011-06-17 19:09:51 UTC (rev 89154)
+++ trunk/LayoutTests/ChangeLog 2011-06-17 19:11:14 UTC (rev 89155)
@@ -1,3 +1,13 @@
+2011-06-17 Chris Evans <cev...@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Detect mixed-scripting involving https -> http redirects
+ https://bugs.webkit.org/show_bug.cgi?id=62846
+
+ * http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt: Update expectation.
+ * http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html: Remove FIXME as the test is now working as expected.
+
2011-06-12 Robert Hogan <rob...@webkit.org>
Reviewed by Alexey Proskuryakov.
Modified: trunk/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt (89154 => 89155)
--- trunk/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt 2011-06-17 19:09:51 UTC (rev 89154)
+++ trunk/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt 2011-06-17 19:11:14 UTC (rev 89155)
@@ -1,6 +1,9 @@
frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
main frame - didFinishDocumentLoadForFrame
frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: line 1: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-script.html ran insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
+
+didRunInsecureContent
frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
main frame - didHandleOnloadEventsForFrame
@@ -8,6 +11,4 @@
main frame - didFinishLoadForFrame
This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should trigger a mixed content callback because an active network attacker can end up controling the script.
-FIXME: This test current does not trigger a mixed content callback!
-
Modified: trunk/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html (89154 => 89155)
--- trunk/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html 2011-06-17 19:09:51 UTC (rev 89154)
+++ trunk/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html 2011-06-17 19:11:14 UTC (rev 89155)
@@ -9,8 +9,6 @@
<p>This test loads a secure iframe that loads an insecure script (but with a
tricky redirect). We should trigger a mixed content callback because an active
network attacker can end up controling the script.</p>
-
-<p>FIXME: This test current does not trigger a mixed content callback!</p>
<iframe src=""
></iframe>
</body>
Modified: trunk/Source/WebCore/ChangeLog (89154 => 89155)
--- trunk/Source/WebCore/ChangeLog 2011-06-17 19:09:51 UTC (rev 89154)
+++ trunk/Source/WebCore/ChangeLog 2011-06-17 19:11:14 UTC (rev 89155)
@@ -1,3 +1,19 @@
+2011-06-17 Chris Evans <cev...@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Detect mixed-scripting involving https -> http redirects
+ https://bugs.webkit.org/show_bug.cgi?id=62846
+
+ Test: http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html
+
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::checkInsecureContent):
+ (WebCore::CachedResourceLoader::canRequest): break out insecure content logic.
+ * loader/cache/CachedResourceLoader.h:
+ * loader/cache/CachedResourceRequest.cpp:
+ (WebCore::CachedResourceRequest::willSendRequest): check the redirect target for possible insecure content issues.
+
2011-06-12 Robert Hogan <rob...@webkit.org>
Reviewed by Alexey Proskuryakov.
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (89154 => 89155)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2011-06-17 19:09:51 UTC (rev 89154)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2011-06-17 19:11:14 UTC (rev 89155)
@@ -199,6 +199,41 @@
}
#endif
+bool CachedResourceLoader::checkInsecureContent(CachedResource::Type type, const KURL& url) const
+{
+ switch (type) {
+ case CachedResource::Script:
+#if ENABLE(XSLT)
+ case CachedResource::XSLStyleSheet:
+#endif
+ case CachedResource::CSSStyleSheet:
+ // These resource can inject script into the current document (Script,
+ // XSL) or exfiltrate the content of the current document (CSS).
+ if (Frame* f = frame())
+ if (!f->loader()->checkIfRunInsecureContent(m_document->securityOrigin(), url))
+ return false;
+ break;
+ case CachedResource::ImageResource:
+ case CachedResource::FontResource: {
+ // These resources can corrupt only the frame's pixels.
+ if (Frame* f = frame()) {
+ Frame* top = f->tree()->top();
+ if (!top->loader()->checkIfDisplayInsecureContent(top->document()->securityOrigin(), url))
+ return false;
+ }
+ break;
+ }
+#if ENABLE(LINK_PREFETCH)
+ case CachedResource::LinkPrefetch:
+ case CachedResource::LinkPrerender:
+ case CachedResource::LinkSubresource:
+ // Prefetch cannot affect the current document.
+ break;
+#endif
+ }
+ return true;
+}
+
bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url, bool forPreload)
{
if (!document()->securityOrigin()->canDisplay(url)) {
@@ -237,42 +272,10 @@
// Given that the load is allowed by the same-origin policy, we should
// check whether the load passes the mixed-content policy.
//
- // Note: Currently, we always allow mixed content, but we generate a
- // callback to the FrameLoaderClient in case the embedder wants to
- // update any security indicators.
- //
// FIXME: Should we consider forPreload here?
- //
- switch (type) {
- case CachedResource::Script:
-#if ENABLE(XSLT)
- case CachedResource::XSLStyleSheet:
-#endif
- case CachedResource::CSSStyleSheet:
- // These resource can inject script into the current document (Script,
- // XSL) or exfiltrate the content of the current document (CSS).
- if (Frame* f = frame())
- if (!f->loader()->checkIfRunInsecureContent(m_document->securityOrigin(), url))
- return false;
- break;
- case CachedResource::ImageResource:
- case CachedResource::FontResource: {
- // These resources can corrupt only the frame's pixels.
- if (Frame* f = frame()) {
- Frame* top = f->tree()->top();
- if (!top->loader()->checkIfDisplayInsecureContent(top->document()->securityOrigin(), url))
- return false;
- }
- break;
- }
-#if ENABLE(LINK_PREFETCH)
- case CachedResource::LinkPrefetch:
- case CachedResource::LinkPrerender:
- case CachedResource::LinkSubresource:
- // Prefetch cannot affect the current document.
- break;
-#endif
- }
+ if (!checkInsecureContent(type, url))
+ return false;
+
// FIXME: Consider letting the embedder block mixed content loads.
switch (type) {
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.h (89154 => 89155)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2011-06-17 19:09:51 UTC (rev 89154)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2011-06-17 19:11:14 UTC (rev 89155)
@@ -102,6 +102,7 @@
void preload(CachedResource::Type, ResourceRequest&, const String& charset, bool referencedFromBody);
void checkForPendingPreloads();
void printPreloadStats();
+ bool checkInsecureContent(CachedResource::Type, const KURL&) const;
private:
CachedResource* requestResource(CachedResource::Type, ResourceRequest&, const String& charset, ResourceLoadPriority = ResourceLoadPriorityUnresolved, bool isPreload = false);
Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp (89154 => 89155)
--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2011-06-17 19:09:51 UTC (rev 89154)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2011-06-17 19:11:14 UTC (rev 89155)
@@ -134,8 +134,12 @@
return request.release();
}
-void CachedResourceRequest::willSendRequest(SubresourceLoader*, ResourceRequest&, const ResourceResponse&)
+void CachedResourceRequest::willSendRequest(SubresourceLoader* loader, ResourceRequest& req, const ResourceResponse&)
{
+ if (!m_cachedResourceLoader->checkInsecureContent(m_resource->type(), req.url())) {
+ loader->cancel();
+ return;
+ }
m_resource->setRequestedFromNetworkingLayer();
}
