[webkit-changes] [230118] trunk

youenn Fri, 30 Mar 2018 14:50:40 -0700

Title: [230118] trunk

Revision: 230118
Author: [email protected]
Date: 2018-03-30 14:50:02 -0700 (Fri, 30 Mar 2018)

Log Message

NetworkLoadChecker should upgrade redirects if needed
https://bugs.webkit.org/show_bug.cgi?id=184098


Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/beacon/resources/beacon-preflight.py: Added.
* web-platform-tests/beacon/resources/redirect.py: Added.
* web-platform-tests/beacon/resources/upgrade-iframe.html: Added.
* web-platform-tests/beacon/resources/upgrade-redirect-iframe.html: Added.
* web-platform-tests/beacon/upgrade-beacon.https-expected.txt: Added.
* web-platform-tests/beacon/upgrade-beacon.https.html: Added.

Source/WebCore:

Test: imported/w3c/web-platform-tests/beacon/upgrade-beacon.https.html

* page/csp/ContentSecurityPolicy.h:

Source/WebKit:

In case of redirections, upgrade URL according CSP.

* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::checkRequest):
(WebKit::NetworkLoadChecker::contentSecurityPolicy const):

Modified Paths

trunk/LayoutTests/imported/w3c/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h
trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp

Added Paths

trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/beacon-preflight.py
trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/redirect.py
trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/upgrade-iframe.html
trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/upgrade-beacon.https-expected.txt
trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/upgrade-beacon.https.html

Diff

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (230117 => 230118)


--- trunk/LayoutTests/imported/w3c/ChangeLog	2018-03-30 21:01:35 UTC (rev 230117)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2018-03-30 21:50:02 UTC (rev 230118)
@@ -1,3 +1,17 @@
+2018-03-30  Youenn Fablet  <[email protected]>
+
+        NetworkLoadChecker should upgrade redirects if needed
+        https://bugs.webkit.org/show_bug.cgi?id=184098
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/beacon/resources/beacon-preflight.py: Added.
+        * web-platform-tests/beacon/resources/redirect.py: Added.
+        * web-platform-tests/beacon/resources/upgrade-iframe.html: Added.
+        * web-platform-tests/beacon/resources/upgrade-redirect-iframe.html: Added.
+        * web-platform-tests/beacon/upgrade-beacon.https-expected.txt: Added.
+        * web-platform-tests/beacon/upgrade-beacon.https.html: Added.
+
 2018-03-28  Antoine Quint  <[email protected]>
 
         [Web Animations] Implement more CSSPropertyBlendingClient methods

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/beacon-preflight.py (0 => 230118)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/beacon-preflight.py	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/beacon-preflight.py	2018-03-30 21:50:02 UTC (rev 230118)
@@ -0,0 +1,55 @@
+import json
+
+def respondToCORSPreflight(request, response):
+  allow_cors = int(request.GET.first("allowCors", 0)) != 0;
+
+  if not allow_cors:
+    response.set_error(400, "Not allowed")
+    return "ERROR: Not allowed"
+
+  if not "Access-Control-Request-Method" in request.headers:
+    response.set_error(400, "No Access-Control-Request-Method header")
+    return "ERROR: No access-control-request-method in preflight!"
+
+  headers = [("Content-Type", "text/plain")]
+  headers.append(("Access-Control-Allow-Origin", request.headers.get("Origin", "*")))
+  headers.append(("Access-Control-Allow-Credentials", "true"))
+  requested_method = request.headers.get("Access-Control-Request-Method", None)
+  headers.append(("Access-Control-Allow-Methods", requested_method))
+  requested_headers = request.headers.get("Access-Control-Request-Headers", None)
+  headers.append(("Access-Control-Allow-Headers", requested_headers))
+  headers.append(("Access-Control-Max-Age", "60"))
+  return headers, ""
+
+def main(request, response):
+  command = request.GET.first("cmd").lower();
+  test_id = request.GET.first("id")
+  stashed_data = request.server.stash.take(test_id)
+  if stashed_data is None:
+    stashed_data = { 'preflight': 0, 'beacon': 0, 'preflight_requested_method': '', 'preflight_requested_headers': '', 'preflight_referrer': '', 'preflight_cookie_header': '', 'beacon_cookie_header': '' }
+
+  if command == "put":
+    if request.method == "OPTIONS":
+      stashed_data['preflight'] = 1;
+      stashed_data['preflight_requested_method'] = request.headers.get("Access-Control-Request-Method", "")
+      stashed_data['preflight_requested_headers'] = request.headers.get("Access-Control-Request-Headers", "")
+      stashed_data['preflight_cookie_header'] = request.headers.get("Cookie", "");
+      stashed_data['preflight_referer'] = request.headers.get("Referer", "")
+      stashed_data['preflight_origin'] = request.headers.get("Origin", "")
+      request.server.stash.put(test_id, stashed_data)
+      return respondToCORSPreflight(request, response)
+    elif request.method == "POST":
+      stashed_data['beacon'] = 1;
+      stashed_data['beacon_cookie_header'] = request.headers.get("Cookie", "")
+      stashed_data['beacon_origin'] = request.headers.get("Origin", "")
+      stashed_data['url'] = request.url
+      request.server.stash.put(test_id, stashed_data)
+    return [("Content-Type", "text/plain")], ""
+
+  if command == "get":
+    if stashed_data is not None:
+      return [("Content-Type", "text/plain")], json.dumps(stashed_data)
+    return [("Content-Type", "text/plain")], ""
+
+  response.set_error(400, "Bad Command")
+  return "ERROR: Bad Command!"

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/redirect.py (0 => 230118)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/redirect.py	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/redirect.py	2018-03-30 21:50:02 UTC (rev 230118)
@@ -0,0 +1,63 @@
+from urllib import urlencode
+from urlparse import urlparse
+
+def main(request, response):
+    stashed_data = {'count': 0, 'preflight': "0"}
+    status = 302
+    headers = [("Content-Type", "text/plain"),
+               ("Cache-Control", "no-cache"),
+               ("Pragma", "no-cache"),
+               ("Access-Control-Allow-Credentials", "true")]
+    headers.append(("Access-Control-Allow-Origin", request.headers.get("Origin", "*")))
+    token = None
+
+    if "token" in request.GET:
+        token = request.GET.first("token")
+        data = ""
+        if data:
+            stashed_data = data
+
+    if request.method == "OPTIONS":
+        requested_method = request.headers.get("Access-Control-Request-Method", None)
+        headers.append(("Access-Control-Allow-Methods", requested_method))
+        requested_headers = request.headers.get("Access-Control-Request-Headers", None)
+        headers.append(("Access-Control-Allow-Headers", requested_headers))
+        stashed_data['preflight'] = "1"
+        #Preflight is not redirected: return 200
+        if not "redirect_preflight" in request.GET:
+            if token:
+              request.server.stash.put(request.GET.first("token"), stashed_data)
+            return 200, headers, ""
+
+    if "redirect_status" in request.GET:
+        status = int(request.GET['redirect_status'])
+
+    stashed_data['count'] += 1
+
+    if "location" in request.GET:
+        url = ""
+        scheme = urlparse(url).scheme
+        if scheme == "" or scheme == "http" or scheme == "https":
+            url += "&" if '?' in url else "?"
+            #keep url parameters in location
+            url_parameters = {}
+            for item in request.GET.items():
+                url_parameters[item[0]] = item[1][0]
+            url += urlencode(url_parameters)
+            #make sure location changes during redirection loop
+            url += "&count=" + str(stashed_data['count'])
+        headers.append(("Location", url))
+
+    if "redirect_referrerpolicy" in request.GET:
+        headers.append(("Referrer-Policy", request.GET['redirect_referrerpolicy']))
+
+    if token:
+        request.server.stash.put(request.GET.first("token"), stashed_data)
+        if "max_count" in request.GET:
+            max_count =  int(request.GET['max_count'])
+            #stop redirecting and return count
+            if stashed_data['count'] > max_count:
+                # -1 because the last is not a redirection
+                return str(stashed_data['count'] - 1)
+
+    return status, headers, ""

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/upgrade-iframe.html (0 => 230118)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/upgrade-iframe.html	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/upgrade-iframe.html	2018-03-30 21:50:02 UTC (rev 230118)
@@ -0,0 +1,41 @@
+<html>
+<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+<body>
+<script src=""
+<script src=""
+<script>
+var id = self.token();
+var hostInfo = get_host_info();
+var beaconURL = "http://" + hostInfo.ORIGINAL_HOST + ":" + hostInfo.HTTPS_PORT + "/beacon/resources/beacon-preflight.py?allowCors=1&cmd=put&id=" + id;
+
+function sendBeacon()
+{
+    return navigator.sendBeacon(beaconURL, "test");
+}
+
+function sendRedirectedBeacon()
+{
+    return navigator.sendBeacon("redirect.py?redirect_status=307&location=" + beaconURL, "test");
+}
+
+function waitFor(test, duration)
+{
+    return new Promise((resolve) => test.step_timeout(resolve, duration));
+}
+
+async function checkBeaconURL(test)
+{
+    var checkURL = "beacon-preflight.py?cmd=get&id=" + id;
+    var counter = 0;
+    while (++counter < 20) {
+        let response = await fetch(checkURL);
+        let body = await response.json();
+        if (body.url)
+            return body.url.startsWith('https://');
+        await waitFor(test, 50);
+    }
+}
+</script>
+
+</body>
+</html>

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/upgrade-beacon.https-expected.txt (0 => 230118)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/upgrade-beacon.https-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/upgrade-beacon.https-expected.txt	2018-03-30 21:50:02 UTC (rev 230118)
@@ -0,0 +1,5 @@
+
+
+PASS Ensure beacon gets upgraded 
+PASS Ensure beacon gets upgraded after redirection 
+

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/upgrade-beacon.https.html (0 => 230118)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/upgrade-beacon.https.html	                        (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/upgrade-beacon.https.html	2018-03-30 21:50:02 UTC (rev 230118)
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script src=""
+<script>
+function with_iframe(url) {
+    return new Promise(function(resolve) {
+        var frame = document.createElement('iframe');
+        frame.src = ""
+        frame._onload_ = function() { resolve(frame); };
+        document.body.appendChild(frame);
+    });
+}
+var frame;
+promise_test(async (test) => {
+    frame = await with_iframe('resources/upgrade-iframe.html');
+    assert_true(frame.contentWindow.sendBeacon(), "Send beacon successfully");
+    assert_true(await frame.contentWindow.checkBeaconURL(test), "Upgraded beacon URL");
+}, "Ensure beacon gets upgraded");
+
+promise_test(async (test) => {
+    assert_true(frame.contentWindow.sendRedirectedBeacon(), "Send beacon successfully");
+    assert_true(await frame.contentWindow.checkBeaconURL(test), "Upgraded beacon URL");
+}, "Ensure beacon gets upgraded after redirection");
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (230117 => 230118)


--- trunk/Source/WebCore/ChangeLog	2018-03-30 21:01:35 UTC (rev 230117)
+++ trunk/Source/WebCore/ChangeLog	2018-03-30 21:50:02 UTC (rev 230118)
@@ -1,3 +1,14 @@
+2018-03-30  Youenn Fablet  <[email protected]>
+
+        NetworkLoadChecker should upgrade redirects if needed
+        https://bugs.webkit.org/show_bug.cgi?id=184098
+
+        Reviewed by Chris Dumez.
+
+        Test: imported/w3c/web-platform-tests/beacon/upgrade-beacon.https.html
+
+        * page/csp/ContentSecurityPolicy.h:
+
 2018-03-30  Daniel Bates  <[email protected]>
 
         ASSERTION FAILED: ASSERT(!containsImage || MIMETypeRegistry::isSupportedImageResourceMIMEType([resource MIMEType])) in -[NSPasteboard(WebExtras) _web_writePromisedRTFDFromArchive:containsImage:]

Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h (230117 => 230118)


--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h	2018-03-30 21:01:35 UTC (rev 230117)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h	2018-03-30 21:50:02 UTC (rev 230118)
@@ -162,7 +162,7 @@
     bool upgradeInsecureRequests() const { return m_upgradeInsecureRequests; }
     enum class InsecureRequestType { Load, FormSubmission, Navigation };
     void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType) const;
-    void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType) const;
+    WEBCORE_EXPORT void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType) const;
 
     HashSet<SecurityOriginData> takeNavigationRequestsToUpgrade();
     void inheritInsecureNavigationRequestsToUpgradeFromOpener(const ContentSecurityPolicy&);

Modified: trunk/Source/WebKit/ChangeLog (230117 => 230118)


--- trunk/Source/WebKit/ChangeLog	2018-03-30 21:01:35 UTC (rev 230117)
+++ trunk/Source/WebKit/ChangeLog	2018-03-30 21:50:02 UTC (rev 230118)
@@ -1,3 +1,16 @@
+2018-03-30  Youenn Fablet  <[email protected]>
+
+        NetworkLoadChecker should upgrade redirects if needed
+        https://bugs.webkit.org/show_bug.cgi?id=184098
+
+        Reviewed by Chris Dumez.
+
+        In case of redirections, upgrade URL according CSP.
+
+        * NetworkProcess/NetworkLoadChecker.cpp:
+        (WebKit::NetworkLoadChecker::checkRequest):
+        (WebKit::NetworkLoadChecker::contentSecurityPolicy const):
+
 2018-03-30  JF Bastien  <[email protected]>
 
         Update messages.py codegen for String, fix tests

Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (230117 => 230118)


--- trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp	2018-03-30 21:01:35 UTC (rev 230117)
+++ trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp	2018-03-30 21:50:02 UTC (rev 230118)
@@ -102,6 +102,13 @@
 #endif
 
     if (auto* contentSecurityPolicy = this->contentSecurityPolicy()) {
+        if (isRedirected()) {
+            URL url = ""
+            auto type = m_mode == FetchOptions::Mode::Navigate ? ContentSecurityPolicy::InsecureRequestType::Navigation : ContentSecurityPolicy::InsecureRequestType::Load;
+            contentSecurityPolicy->upgradeInsecureRequestIfNeeded(url, type);
+            if (url != request.url())
+                request.setURL(url);
+        }
         if (!contentSecurityPolicy->allowConnectToSource(request.url(), isRedirected() ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No)) {
             handler(returnError(ASCIILiteral("Blocked by Content Security Policy")));
             return;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [230118] trunk

Log Message

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (230117 => 230118)

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/beacon-preflight.py (0 => 230118)

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/redirect.py (0 => 230118)

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/resources/upgrade-iframe.html (0 => 230118)

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/upgrade-beacon.https-expected.txt (0 => 230118)

Added: trunk/LayoutTests/imported/w3c/web-platform-tests/beacon/upgrade-beacon.https.html (0 => 230118)

Modified: trunk/Source/WebCore/ChangeLog (230117 => 230118)

Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h (230117 => 230118)

Modified: trunk/Source/WebKit/ChangeLog (230117 => 230118)

Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (230117 => 230118)

Reply via email to