Diff
Modified: trunk/LayoutTests/ChangeLog (201422 => 201423)
--- trunk/LayoutTests/ChangeLog 2016-05-26 17:23:02 UTC (rev 201422)
+++ trunk/LayoutTests/ChangeLog 2016-05-26 18:19:30 UTC (rev 201423)
@@ -1,3 +1,25 @@
+2016-05-26 Pranjal Jumde <[email protected]>
+
+ Sites served over insecure connections should not be allowed to use geolocation.
+ https://bugs.webkit.org/show_bug.cgi?id=157423
+ <rdar://problem/23751632>
+
+ Reviewed by Brent Fulgham.
+
+ * http/tests/security/geolocation-over-insecure-content.html: Added.
+ * http/tests/security/geolocation-over-mixed-content-block.html: Added.
+ * http/tests/security/geolocation-over-mixed-content.html: Added.
+ * http/tests/security/insecure-geolocation-expected.txt: Added.
+ * http/tests/security/insecure-geolocation.html: Added.
+ * http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt: Added.
+ * http/tests/security/mixedcontent-geolocation-block-insecure-content.html: Added.
+ * http/tests/security/mixedcontent-geolocation-expected.txt: Added.
+ * http/tests/security/mixedcontent-geolocation.html: Added.
+ * http/tests/security/sandboxed-iframe-geolocation-watchPosition.html:
+ iframe is loaded over secure connection to avoid geolocation failures
+ * http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html:
+ iframe is loaded over secure connection to avoid geolocation failures
+
2016-05-26 Brady Eidson <[email protected]>
Implement internals.observeGC to get called back when a _javascript_ object is GC'ed.
Added: trunk/LayoutTests/http/tests/security/insecure-geolocation-expected.txt (0 => 201423)
--- trunk/LayoutTests/http/tests/security/insecure-geolocation-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/insecure-geolocation-expected.txt 2016-05-26 18:19:30 UTC (rev 201423)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 4: [blocked] Access to geolocation was blocked over insecure connection to http://127.0.0.1:8080.
+
+This test loads an insecure frame that tries to access geolocation. Access to geolocation is blocked over insecure connections.
Added: trunk/LayoutTests/http/tests/security/insecure-geolocation.html (0 => 201423)
--- trunk/LayoutTests/http/tests/security/insecure-geolocation.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/insecure-geolocation.html 2016-05-26 18:19:30 UTC (rev 201423)
@@ -0,0 +1,22 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+</script>
+<p>This test loads an insecure frame that tries to access geolocation. Access to geolocation is blocked over insecure connections.</p>
+<script>
+_onload_ = function() {
+ window.open("http://127.0.0.1:8080/security/resources/geolocation-over-insecure-content.html");
+}
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt (0 => 201423)
--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt 2016-05-26 18:19:30 UTC (rev 201423)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 14: [blocked] The page at https://127.0.0.1:8443/security/resources/geolocation-over-mixed-content-block.html was not allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+This test loads a secure frame with insecure content that tries to access geolocation before loading insecure content. Access to insecure content is blocked over secure connections when geolocation is accessed.
Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html (0 => 201423)
--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html 2016-05-26 18:19:30 UTC (rev 201423)
@@ -0,0 +1,22 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+</script>
+<p>This test loads a secure frame with insecure content that tries to access geolocation before loading insecure content. Access to insecure content is blocked over secure connections when geolocation is accessed.</p>
+<script>
+_onload_ = function() {
+ window.open("https://127.0.0.1:8443/security/resources/geolocation-over-mixed-content-block.html");
+}
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt (0 => 201423)
--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt 2016-05-26 18:19:30 UTC (rev 201423)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: line 2: The page at https://127.0.0.1:8443/security/resources/geolocation-over-mixed-content.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+CONSOLE MESSAGE: line 5: [blocked] Access to geolocation was blocked over secure connection with mixed content to https://127.0.0.1:8443.
+
+This test loads a secure frame with mixed content that tries to access geolocation. Access to geolocation is blocked over secure connections with mixed content.
Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation.html (0 => 201423)
--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation.html 2016-05-26 18:19:30 UTC (rev 201423)
@@ -0,0 +1,22 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+</script>
+<p>This test loads a secure frame with mixed content that tries to access geolocation. Access to geolocation is blocked over secure connections with mixed content.</p>
+<script>
+_onload_ = function() {
+ window.open("https://127.0.0.1:8443/security/resources/geolocation-over-mixed-content.html");
+}
+</script>
+</body>
+</html>
Modified: trunk/LayoutTests/http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html (201422 => 201423)
--- trunk/LayoutTests/http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html 2016-05-26 17:23:02 UTC (rev 201422)
+++ trunk/LayoutTests/http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html 2016-05-26 18:19:30 UTC (rev 201423)
@@ -11,6 +11,6 @@
</head>
<body>
<p>Tests that navigator.geolocation.getCurrentPosition() returns error POSITION_UNAVAILABLE when called from a document in a sandboxed iframe.</p>
-<iframe src="" sandbox="allow-scripts" width="100%" height="300"></iframe>
+<iframe src="" sandbox="allow-scripts" width="100%" height="300"></iframe>
</body>
</html>
Modified: trunk/LayoutTests/http/tests/security/sandboxed-iframe-geolocation-watchPosition.html (201422 => 201423)
--- trunk/LayoutTests/http/tests/security/sandboxed-iframe-geolocation-watchPosition.html 2016-05-26 17:23:02 UTC (rev 201422)
+++ trunk/LayoutTests/http/tests/security/sandboxed-iframe-geolocation-watchPosition.html 2016-05-26 18:19:30 UTC (rev 201423)
@@ -11,6 +11,6 @@
</head>
<body>
<p>Tests that navigator.geolocation.watchPosition() returns error POSITION_UNAVAILABLE when called from a document in a sandboxed iframe.</p>
-<iframe src="" sandbox="allow-scripts" width="100%" height="300"></iframe>
+<iframe src="" sandbox="allow-scripts" width="100%" height="300"></iframe>
</body>
</html>
Modified: trunk/Source/WebCore/ChangeLog (201422 => 201423)
--- trunk/Source/WebCore/ChangeLog 2016-05-26 17:23:02 UTC (rev 201422)
+++ trunk/Source/WebCore/ChangeLog 2016-05-26 18:19:30 UTC (rev 201423)
@@ -1,3 +1,38 @@
+2016-05-26 Pranjal Jumde <[email protected]>
+
+ Sites served over insecure connections should not be allowed to use geolocation.
+ https://bugs.webkit.org/show_bug.cgi?id=157423
+ <rdar://problem/23751632>
+
+ Reviewed by Brent Fulgham.
+
+ Tests: http/tests/security/insecure-geolocation.html
+ http/tests/security/mixedcontent-geolocation-block-insecure-content.html
+ http/tests/security/mixedcontent-geolocation.html
+
+ * Modules/geolocation/Geolocation.cpp:
+ (WebCore::logError):
+ Logs an error to the console if geolocation is blocked.
+ (WebCore::Geolocation::startRequest):
+ Access to Geolocation will be blocked if site is not secure. An error will be logged when access to Geolocation is blocked.
+ (WebCore::Geolocation::shouldBlockGeolocationRequests)
+ Returns true if the access to geolocation should be blocked.
+ * Modules/geolocation/Geolocation.h:
+ * dom/SecurityContext.h:
+ (WebCore::SecurityContext::foundMixedContent):
+ Returns true if insecure content was accessed over secure connection.
+ (WebCore::SecurityContext::setFoundMixedContent):
+ Sets m_foundMixedContent to true if insecure content is accessed over secure connection.
+ (WebCore::SecurityContext::geolocationAccessed):
+ Returns true if geolocation was accessed
+ (WebCore::SecurityContext::setGeolocationAccessed):
+ Sets m_geolocationAccessed to true if geolocation was accessed.
+ * loader/MixedContentChecker.cpp:
+ (WebCore::MixedContentChecker::canDisplayInsecureContent):
+ Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
+ (WebCore::MixedContentChecker::canRunInsecureContent):
+ Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
+
2016-05-26 Brady Eidson <[email protected]>
Implement internals.observeGC to get called back when a _javascript_ object is GC'ed.
Modified: trunk/Source/WebCore/Modules/geolocation/Geolocation.cpp (201422 => 201423)
--- trunk/Source/WebCore/Modules/geolocation/Geolocation.cpp 2016-05-26 17:23:02 UTC (rev 201422)
+++ trunk/Source/WebCore/Modules/geolocation/Geolocation.cpp 2016-05-26 18:19:30 UTC (rev 201423)
@@ -43,6 +43,7 @@
#include "SecurityOrigin.h"
#include <wtf/CurrentTime.h>
#include <wtf/Ref.h>
+#include <wtf/text/StringBuilder.h>
namespace WebCore {
@@ -172,7 +173,7 @@
{
return true;
}
-
+
void Geolocation::suspend(ReasonForSuspension reason)
{
if (reason == ActiveDOMObject::PageCache) {
@@ -337,12 +338,44 @@
return watchID;
}
+static void logError(const String& target, const bool isSecure, const bool isMixedContent, Document* document)
+{
+ StringBuilder message;
+ message.append("[blocked] Access to geolocation was blocked over");
+
+ if (!isSecure)
+ message.append(" insecure connection to ");
+ else if (isMixedContent)
+ message.append(" secure connection with mixed content to ");
+ else
+ return;
+
+ message.append(target);
+ message.append(".\n");
+ document->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message.toString());
+}
+
+bool Geolocation::shouldBlockGeolocationRequests()
+{
+ bool isSecure = SecurityOrigin::isSecure(document()->url());
+ bool hasMixedContent = document()->foundMixedContent();
+ bool isLocalFile = document()->url().isLocalFile();
+ if (securityOrigin()->canRequestGeolocation()) {
+ if (isLocalFile || (isSecure && !hasMixedContent))
+ return false;
+ }
+
+ logError(securityOrigin()->toString(), isSecure, hasMixedContent, document());
+ return true;
+}
+
void Geolocation::startRequest(GeoNotifier* notifier)
{
- if (!securityOrigin()->canRequestGeolocation()) {
+ if (shouldBlockGeolocationRequests()) {
notifier->setFatalError(PositionError::create(PositionError::POSITION_UNAVAILABLE, ASCIILiteral(originCannotRequestGeolocationErrorMessage)));
return;
}
+ document()->setGeolocationAccessed();
// Check whether permissions have already been denied. Note that if this is the case,
// the permission state can not change again in the lifetime of this page.
Modified: trunk/Source/WebCore/Modules/geolocation/Geolocation.h (201422 => 201423)
--- trunk/Source/WebCore/Modules/geolocation/Geolocation.h 2016-05-26 17:23:02 UTC (rev 201422)
+++ trunk/Source/WebCore/Modules/geolocation/Geolocation.h 2016-05-26 18:19:30 UTC (rev 201423)
@@ -72,6 +72,7 @@
void positionChanged();
void setError(GeolocationError*);
+ bool shouldBlockGeolocationRequests();
private:
explicit Geolocation(ScriptExecutionContext*);
Modified: trunk/Source/WebCore/dom/SecurityContext.h (201422 => 201423)
--- trunk/Source/WebCore/dom/SecurityContext.h 2016-05-26 17:23:02 UTC (rev 201422)
+++ trunk/Source/WebCore/dom/SecurityContext.h 2016-05-26 18:19:30 UTC (rev 201423)
@@ -75,6 +75,10 @@
WEBCORE_EXPORT SecurityOrigin* securityOrigin() const;
static SandboxFlags parseSandboxPolicy(const String& policy, String& invalidTokensErrorMessage);
+ bool foundMixedContent() const { return m_foundMixedContent; }
+ void setFoundMixedContent() { m_foundMixedContent = true; }
+ bool geolocationAccessed() const { return m_geolocationAccessed; }
+ void setGeolocationAccessed() { m_geolocationAccessed = true; }
protected:
SecurityContext();
@@ -90,6 +94,8 @@
SandboxFlags m_sandboxFlags;
RefPtr<SecurityOriginPolicy> m_securityOriginPolicy;
std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
+ bool m_foundMixedContent { false };
+ bool m_geolocationAccessed { false };
};
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/MixedContentChecker.cpp (201422 => 201423)
--- trunk/Source/WebCore/loader/MixedContentChecker.cpp 2016-05-26 17:23:02 UTC (rev 201422)
+++ trunk/Source/WebCore/loader/MixedContentChecker.cpp 2016-05-26 18:19:30 UTC (rev 201423)
@@ -65,11 +65,13 @@
if (!isMixedContent(securityOrigin, url))
return true;
- bool allowed = m_frame.settings().allowDisplayOfInsecureContent() || type == ContentType::ActiveCanWarn;
+ bool allowed = (m_frame.settings().allowDisplayOfInsecureContent() || type == ContentType::ActiveCanWarn) && !m_frame.document()->geolocationAccessed();
logWarning(allowed, "display", url);
- if (allowed)
+ if (allowed) {
+ m_frame.document()->setFoundMixedContent();
client().didDisplayInsecureContent();
+ }
return allowed;
}
@@ -79,11 +81,13 @@
if (!isMixedContent(securityOrigin, url))
return true;
- bool allowed = m_frame.settings().allowRunningOfInsecureContent();
+ bool allowed = m_frame.settings().allowRunningOfInsecureContent() && !m_frame.document()->geolocationAccessed();
logWarning(allowed, "run", url);
- if (allowed)
+ if (allowed) {
+ m_frame.document()->setFoundMixedContent();
client().didRunInsecureContent(securityOrigin, url);
+ }
return allowed;
}
