[webkit-changes] [231263] trunk

[youenn]

Title: [231263] trunk

Revision

231263

Author

you...@apple.com

Date

2018-05-02 14:13:28 -0700 (Wed, 02 May 2018)

Log Message

Use NetworkLoadChecker for navigation loads
https://bugs.webkit.org/show_bug.cgi?id=184892
<rdar://problem/39652686>

Reviewed by Chris Dumez.

Source/WebCore:

Sanitize headers according response tainting.
If tainting is basic, it means same origin load in which case we only filter Cookie related headers.
If tainting is Opaque, we filter all uncommon headers.
If tainting is CORS, we filter all uncommon headers except the one explicitely allowed by CORS headers.
Covered by updated test.

* platform/network/ResourceResponseBase.cpp:
(WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
(WebCore::ResourceResponseBase::sanitizeHTTPHeaderFields):
* platform/network/ResourceResponseBase.h:

Source/WebKit:

Compute whether a response is same origin in no-cors case.
This allows providing more precise filtering.
In case of navigate loads, set the tainting to basic which will make filtering to the minimum.

Pass the sourceOrigin for navigation loads as well.
Enable to restrict HTTP response access for navigation load.

Content Blockers are disabled for now in NetworkLoadChecker for navigation loads.
They should be reenabled as a follow-up.

Add a specific case to allow any redirection to about:// URLs.
While this does not conform with the spec, this keeps the existing WebKit behavior.

* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::NetworkLoadChecker):
(WebKit::NetworkLoadChecker::validateResponse):
(WebKit::NetworkLoadChecker::continueCheckingRequest):
(WebKit::NetworkLoadChecker::doesNotNeedCORSCheck const):
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::sanitizeResponseIfPossible):
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
(WebKit::WebLoaderStrategy::isDoingLoadingSecurityChecks const):
We only do security checks if this runtime flag is on.
* WebProcess/Network/WebLoaderStrategy.h:

LayoutTests:

Updated header-filtering.https.html to expect full headers except cookie-related for same origin loads.
Updated expected.txt files accordingly.

* http/wpt/service-workers/header-filtering.https-expected.txt:
* http/wpt/service-workers/header-filtering.https.html:
* platform/mac/http/tests/webarchive/test-preload-resources-expected.txt:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/http/wpt/service-workers/header-filtering.https-expected.txt
• trunk/LayoutTests/http/wpt/service-workers/header-filtering.https.html
• trunk/LayoutTests/platform/mac/http/tests/webarchive/test-preload-resources-expected.txt
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp
• trunk/Source/WebCore/platform/network/ResourceResponseBase.h
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
• trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
• trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
• trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h

Diff

Modified: trunk/LayoutTests/ChangeLog (231262 => 231263)

--- trunk/LayoutTests/ChangeLog	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/LayoutTests/ChangeLog	2018-05-02 21:13:28 UTC (rev 231263)
@@ -1,3 +1,18 @@
+2018-05-02  Youenn Fablet  <you...@apple.com>
+
+        Use NetworkLoadChecker for navigation loads
+        https://bugs.webkit.org/show_bug.cgi?id=184892
+        <rdar://problem/39652686>
+
+        Reviewed by Chris Dumez.
+
+        Updated header-filtering.https.html to expect full headers except cookie-related for same origin loads.
+        Updated expected.txt files accordingly.
+
+        * http/wpt/service-workers/header-filtering.https-expected.txt:
+        * http/wpt/service-workers/header-filtering.https.html:
+        * platform/mac/http/tests/webarchive/test-preload-resources-expected.txt:
+
 2018-05-02  Myles C. Maxfield  <mmaxfi...@apple.com>
 
         Collection fragment identifiers don't use PostScript names

Modified: trunk/LayoutTests/http/wpt/service-workers/header-filtering.https-expected.txt (231262 => 231263)

--- trunk/LayoutTests/http/wpt/service-workers/header-filtering.https-expected.txt	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/LayoutTests/http/wpt/service-workers/header-filtering.https-expected.txt	2018-05-02 21:13:28 UTC (rev 231263)
@@ -1,5 +1,4 @@
 
-
 PASS Prepare tests: setup worker and register the client 
 PASS Prepare tests: Add a frame controlled by service worker 
 PASS Test same-origin fetch 
@@ -8,6 +7,6 @@
 PASS Test same-origin script load 
 PASS Test no-cors script load 
 PASS Test cors script load 
-FAIL Test HTML load assert_array_equals: lengths differ, expected 13 got 17
+PASS Test HTML load 
 PASS After tests clean-up 
 

Modified: trunk/LayoutTests/http/wpt/service-workers/header-filtering.https.html (231262 => 231263)

--- trunk/LayoutTests/http/wpt/service-workers/header-filtering.https.html	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/LayoutTests/http/wpt/service-workers/header-filtering.https.html	2018-05-02 21:13:28 UTC (rev 231263)
@@ -100,7 +100,7 @@
     frame.contentWindow.fetch(url2 + "?fetch-no-cors", { mode : "no-cors" });
     assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
         "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
-        "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+        "SourceMap","Timing-Allow-Origin","X-SourceMap"]);
 }, "Test no-cors cross-origin fetch");
 
 promise_test(async (test) => {
@@ -112,7 +112,7 @@
     frame.contentWindow.loadScript(url1 + "?script");
     assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
         "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
-        "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+        "Server","SourceMap","Timing-Allow-Origin","X-SourceMap","x-header1","x-header2"]);
 }, "Test same-origin script load");
 
 promise_test(async (test) => {
@@ -124,7 +124,7 @@
     frame.contentWindow.loadScript(url2 + "?script-nocors");
     assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
         "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
-        "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+        "SourceMap","Timing-Allow-Origin","X-SourceMap"]);
 }, "Test no-cors script load");
 
 promise_test(async (test) => {
@@ -148,7 +148,7 @@
     let frame = await withFrame(url1 + "?html");
     assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
         "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
-        "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+        "Server", "SourceMap","Timing-Allow-Origin","X-SourceMap","x-header1", "x-header2"]);
     frame.remove();
 }, "Test HTML load");
 

Modified: trunk/LayoutTests/platform/mac/http/tests/webarchive/test-preload-resources-expected.txt (231262 => 231263)

--- trunk/LayoutTests/platform/mac/http/tests/webarchive/test-preload-resources-expected.txt	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/LayoutTests/platform/mac/http/tests/webarchive/test-preload-resources-expected.txt	2018-05-02 21:13:28 UTC (rev 231263)
@@ -65,6 +65,8 @@
 					<string>"301925-21-45c7d72d3e780"</string>
 					<key>Last-Modified</key>
 					<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+					<key>Server</key>
+					<string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
 				</dict>
 				<key>expectedContentLength</key>
 				<integer>33</integer>
@@ -100,6 +102,8 @@
 					<string>"301925-21-45c7d72d3e780"</string>
 					<key>Last-Modified</key>
 					<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+					<key>Server</key>
+					<string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
 				</dict>
 				<key>expectedContentLength</key>
 				<integer>33</integer>
@@ -135,6 +139,8 @@
 					<string>"301925-21-45c7d72d3e780"</string>
 					<key>Last-Modified</key>
 					<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+					<key>Server</key>
+					<string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
 				</dict>
 				<key>expectedContentLength</key>
 				<integer>33</integer>
@@ -170,6 +176,8 @@
 					<string>"301925-21-45c7d72d3e780"</string>
 					<key>Last-Modified</key>
 					<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+					<key>Server</key>
+					<string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
 				</dict>
 				<key>expectedContentLength</key>
 				<integer>33</integer>
@@ -205,6 +213,8 @@
 					<string>"301925-21-45c7d72d3e780"</string>
 					<key>Last-Modified</key>
 					<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+					<key>Server</key>
+					<string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
 				</dict>
 				<key>expectedContentLength</key>
 				<integer>33</integer>
@@ -240,6 +250,8 @@
 					<string>"301925-21-45c7d72d3e780"</string>
 					<key>Last-Modified</key>
 					<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+					<key>Server</key>
+					<string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
 				</dict>
 				<key>expectedContentLength</key>
 				<integer>33</integer>
@@ -275,6 +287,8 @@
 					<string>"301925-21-45c7d72d3e780"</string>
 					<key>Last-Modified</key>
 					<string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+					<key>Server</key>
+					<string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
 				</dict>
 				<key>expectedContentLength</key>
 				<integer>33</integer>

Modified: trunk/Source/WebCore/ChangeLog (231262 => 231263)

--- trunk/Source/WebCore/ChangeLog	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/Source/WebCore/ChangeLog	2018-05-02 21:13:28 UTC (rev 231263)
@@ -1,3 +1,22 @@
+2018-05-02  Youenn Fablet  <you...@apple.com>
+
+        Use NetworkLoadChecker for navigation loads
+        https://bugs.webkit.org/show_bug.cgi?id=184892
+        <rdar://problem/39652686>
+
+        Reviewed by Chris Dumez.
+
+        Sanitize headers according response tainting.
+        If tainting is basic, it means same origin load in which case we only filter Cookie related headers.
+        If tainting is Opaque, we filter all uncommon headers.
+        If tainting is CORS, we filter all uncommon headers except the one explicitely allowed by CORS headers.
+        Covered by updated test.
+
+        * platform/network/ResourceResponseBase.cpp:
+        (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
+        (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFields):
+        * platform/network/ResourceResponseBase.h:
+
 2018-05-02  Myles C. Maxfield  <mmaxfi...@apple.com>
 
         Collection fragment identifiers don't use PostScript names

Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp (231262 => 231263)

--- trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp	2018-05-02 21:13:28 UTC (rev 231263)
@@ -389,6 +389,46 @@
         || name == HTTPHeaderName::XXSSProtection;
 }
 
+void ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting()
+{
+    switch (m_tainting) {
+    case ResourceResponse::Tainting::Basic:
+        return;
+    case ResourceResponse::Tainting::Cors: {
+        HTTPHeaderMap filteredHeaders;
+        for (auto& header : m_httpHeaderFields.commonHeaders()) {
+            if (isSafeCrossOriginResponseHeader(header.key))
+                filteredHeaders.add(header.key, WTFMove(header.value));
+        }
+        if (auto corsSafeHeaderSet = parseAccessControlAllowList(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders))) {
+            for (auto& headerName : *corsSafeHeaderSet) {
+                if (!filteredHeaders.contains(headerName)) {
+                    auto value = m_httpHeaderFields.get(headerName);
+                    if (!value.isNull())
+                        filteredHeaders.add(headerName, value);
+                }
+            }
+        }
+        m_httpHeaderFields = WTFMove(filteredHeaders);
+        return;
+    }
+    case ResourceResponse::Tainting::Opaque: {
+        HTTPHeaderMap filteredHeaders;
+        for (auto& header : m_httpHeaderFields.commonHeaders()) {
+            if (isSafeCrossOriginResponseHeader(header.key))
+                filteredHeaders.add(header.key, WTFMove(header.value));
+        }
+        m_httpHeaderFields = WTFMove(filteredHeaders);
+        return;
+    }
+    case ResourceResponse::Tainting::Opaqueredirect: {
+        auto location = httpHeaderField(HTTPHeaderName::Location);
+        m_httpHeaderFields.clear();
+        m_httpHeaderFields.add(HTTPHeaderName::Location, WTFMove(location));
+    }
+    }
+}
+
 void ResourceResponseBase::sanitizeHTTPHeaderFields(SanitizationType type)
 {
     lazyInit(AllFields);
@@ -408,24 +448,9 @@
         m_httpHeaderFields.uncommonHeaders().clear();
         return;
     }
-    case SanitizationType::CrossOriginSafe: {
-        HTTPHeaderMap filteredHeaders;
-        for (auto& header : m_httpHeaderFields.commonHeaders()) {
-            if (isSafeCrossOriginResponseHeader(header.key))
-                filteredHeaders.add(header.key, WTFMove(header.value));
-        }
-        if (auto corsSafeHeaderSet = parseAccessControlAllowList(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders))) {
-            for (auto& headerName : *corsSafeHeaderSet) {
-                if (!filteredHeaders.contains(headerName)) {
-                    auto value = m_httpHeaderFields.get(headerName);
-                    if (!value.isNull())
-                        filteredHeaders.add(headerName, value);
-                }
-            }
-        }
-        m_httpHeaderFields = WTFMove(filteredHeaders);
+    case SanitizationType::CrossOriginSafe:
+        sanitizeHTTPHeaderFieldsAccordingToTainting();
     }
-    }
 }
 
 bool ResourceResponseBase::isHTTP09() const

Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.h (231262 => 231263)

--- trunk/Source/WebCore/platform/network/ResourceResponseBase.h	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.h	2018-05-02 21:13:28 UTC (rev 231263)
@@ -199,6 +199,7 @@
 private:
     void parseCacheControlDirectives() const;
     void updateHeaderParsedState(HTTPHeaderName);
+    void sanitizeHTTPHeaderFieldsAccordingToTainting();
 
 protected:
     bool m_isNull;

Modified: trunk/Source/WebKit/ChangeLog (231262 => 231263)

--- trunk/Source/WebKit/ChangeLog	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/Source/WebKit/ChangeLog	2018-05-02 21:13:28 UTC (rev 231263)
@@ -1,3 +1,37 @@
+2018-05-02  Youenn Fablet  <you...@apple.com>
+
+        Use NetworkLoadChecker for navigation loads
+        https://bugs.webkit.org/show_bug.cgi?id=184892
+        <rdar://problem/39652686>
+
+        Reviewed by Chris Dumez.
+
+        Compute whether a response is same origin in no-cors case.
+        This allows providing more precise filtering.
+        In case of navigate loads, set the tainting to basic which will make filtering to the minimum.
+
+        Pass the sourceOrigin for navigation loads as well.
+        Enable to restrict HTTP response access for navigation load.
+
+        Content Blockers are disabled for now in NetworkLoadChecker for navigation loads.
+        They should be reenabled as a follow-up.
+
+        Add a specific case to allow any redirection to about:// URLs.
+        While this does not conform with the spec, this keeps the existing WebKit behavior.
+
+        * NetworkProcess/NetworkLoadChecker.cpp:
+        (WebKit::NetworkLoadChecker::NetworkLoadChecker):
+        (WebKit::NetworkLoadChecker::validateResponse):
+        (WebKit::NetworkLoadChecker::continueCheckingRequest):
+        (WebKit::NetworkLoadChecker::doesNotNeedCORSCheck const):
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::sanitizeResponseIfPossible):
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
+        (WebKit::WebLoaderStrategy::isDoingLoadingSecurityChecks const):
+        We only do security checks if this runtime flag is on.
+        * WebProcess/Network/WebLoaderStrategy.h:
+
 2018-05-02  Jer Noble  <jer.no...@apple.com>
 
         Make EncryptedMediaAPIEnabled an experimental feature

Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (231262 => 231263)

--- trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp	2018-05-02 21:13:28 UTC (rev 231263)
@@ -43,6 +43,11 @@
 
 using namespace WebCore;
 
+static inline bool isSameOrigin(const URL& url, const SecurityOrigin* origin)
+{
+    return url.protocolIsData() || url.protocolIsBlob() || !origin || origin->canRequest(url);
+}
+
 NetworkLoadChecker::NetworkLoadChecker(FetchOptions&& options, PAL::SessionID sessionID, HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin, PreflightPolicy preflightPolicy)
     : m_options(WTFMove(options))
     , m_sessionID(sessionID)
@@ -51,8 +56,7 @@
     , m_origin(WTFMove(sourceOrigin))
     , m_preflightPolicy(preflightPolicy)
 {
-    if (m_options.mode == FetchOptions::Mode::Cors || m_options.mode == FetchOptions::Mode::SameOrigin)
-        m_isSameOriginRequest = m_url.protocolIsData() || m_url.protocolIsBlob() || m_origin->canRequest(m_url);
+    m_isSameOriginRequest = isSameOrigin(m_url, m_origin.get());
     switch (options.credentials) {
     case FetchOptions::Credentials::Include:
         m_storedCredentialsPolicy = StoredCredentialsPolicy::Use;
@@ -128,7 +132,7 @@
         return { };
     }
 
-    if (m_isSameOriginRequest) {
+    if (m_options.mode == FetchOptions::Mode::Navigate || m_isSameOriginRequest) {
         response.setTainting(ResourceResponse::Tainting::Basic);
         return { };
     }
@@ -188,6 +192,8 @@
     if (m_options.credentials == FetchOptions::Credentials::SameOrigin)
         m_storedCredentialsPolicy = m_isSameOriginRequest && m_origin->canRequest(request.url()) ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
 
+    m_isSameOriginRequest = m_isSameOriginRequest && isSameOrigin(request.url(), m_origin.get());
+
     if (doesNotNeedCORSCheck(request.url())) {
         handler(WTFMove(request));
         return;
@@ -301,7 +307,7 @@
     if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol().toStringWithoutCopying()))
         return true;
 
-    return m_isSameOriginRequest && m_origin->canRequest(url);
+    return m_isSameOriginRequest;
 }
 
 ContentSecurityPolicy* NetworkLoadChecker::contentSecurityPolicy() const
@@ -316,7 +322,8 @@
 #if ENABLE(CONTENT_EXTENSIONS)
 void NetworkLoadChecker::processContentExtensionRulesForLoad(ResourceRequest&& request, CompletionHandler<void(ResourceRequest&&, const ContentExtensions::BlockedStatus&)>&& callback)
 {
-    if (!m_userContentControllerIdentifier) {
+    // FIXME: Enable content blockers for navigation loads.
+    if (!m_userContentControllerIdentifier || m_options.mode == FetchOptions::Mode::Navigate) {
         ContentExtensions::BlockedStatus status;
         callback(WTFMove(request), status);
         return;

Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (231262 => 231263)

--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp	2018-05-02 21:13:28 UTC (rev 231263)
@@ -604,16 +604,9 @@
 
 ResourceResponse NetworkResourceLoader::sanitizeResponseIfPossible(ResourceResponse&& response, ResourceResponse::SanitizationType type)
 {
-    if (m_parameters.shouldRestrictHTTPResponseAccess) {
-        if (type == ResourceResponse::SanitizationType::CrossOriginSafe) {
-            // We reduce filtering when it would otherwise be visible to scripts.
-            // FIXME: We should use response tainting once computed in Network Process.
-            bool isSameOrigin = m_parameters.sourceOrigin ? m_parameters.sourceOrigin->canRequest(response.url()) : protocolHostAndPortAreEqual(response.url(), m_parameters.request.url());
-            if (isSameOrigin && m_parameters.options.destination == FetchOptions::Destination::EmptyString)
-                type = ResourceResponse::SanitizationType::RemoveCookies;
-        }
+    if (m_parameters.shouldRestrictHTTPResponseAccess)
         response.sanitizeHTTPHeaderFields(type);
-    }
+
     return WTFMove(response);
 }
 
@@ -620,8 +613,8 @@
 void NetworkResourceLoader::continueWillSendRequest(ResourceRequest&& newRequest, bool isAllowedToAskUserForCredentials)
 {
     if (m_networkLoadChecker) {
-        // FIXME: We should be doing this check when receiving the redirection.
-        if (!newRequest.url().protocolIsInHTTPFamily() && m_redirectCount) {
+        // FIXME: We should be doing this check when receiving the redirection and not allow about protocol as per fetch spec.
+        if (!newRequest.url().protocolIsInHTTPFamily() && !newRequest.url().isBlankURL() && m_redirectCount) {
             didFailLoading(ResourceError { String { }, 0, newRequest.url(), ASCIILiteral("Redirection to URL with a scheme that is not HTTP(S)"), ResourceError::Type::AccessControl });
             return;
         }

Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (231262 => 231263)

--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp	2018-05-02 21:13:28 UTC (rev 231263)
@@ -301,20 +301,20 @@
     }
 #endif
 
+    // FIXME: All loaders should provide their origin if navigation mode is cors/no-cors/same-origin.
+    // As a temporary approach, we use the document origin if available or the HTTP Origin header otherwise.
+    if (resourceLoader.isSubresourceLoader())
+        loadParameters.sourceOrigin = static_cast<SubresourceLoader&>(resourceLoader).origin();
+
+    if (!loadParameters.sourceOrigin && document)
+        loadParameters.sourceOrigin = &document->securityOrigin();
+    if (!loadParameters.sourceOrigin) {
+        auto origin = request.httpOrigin();
+        if (!origin.isNull())
+            loadParameters.sourceOrigin = SecurityOrigin::createFromString(origin);
+    }
+
     if (loadParameters.options.mode != FetchOptions::Mode::Navigate) {
-        // FIXME: All loaders should provide their origin if navigation mode is cors/no-cors/same-origin.
-        // As a temporary approach, we use the document origin if available or the HTTP Origin header otherwise.
-        if (resourceLoader.isSubresourceLoader())
-            loadParameters.sourceOrigin = static_cast<SubresourceLoader&>(resourceLoader).origin();
-
-        auto* document = resourceLoader.frame() ? resourceLoader.frame()->document() : nullptr;
-        if (!loadParameters.sourceOrigin && document)
-            loadParameters.sourceOrigin = &document->securityOrigin();
-        if (!loadParameters.sourceOrigin) {
-            auto origin = request.httpOrigin();
-            if (!origin.isNull())
-                loadParameters.sourceOrigin = SecurityOrigin::createFromString(origin);
-        }
         ASSERT(loadParameters.sourceOrigin);
         if (!loadParameters.sourceOrigin) {
             scheduleInternallyFailedLoad(resourceLoader);
@@ -322,8 +322,7 @@
         }
     }
 
-    // FIXME: We should also sanitize redirect response for navigations.
-    loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() && resourceLoader.options().mode != FetchOptions::Mode::Navigate;
+    loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
 
     loadParameters.isMainFrameNavigation = resourceLoader.frame() && resourceLoader.frame()->isMainFrame() && resourceLoader.options().mode == FetchOptions::Mode::Navigate;
 
@@ -663,4 +662,9 @@
     return networkMetrics;
 }
 
+bool WebLoaderStrategy::isDoingLoadingSecurityChecks() const
+{
+    return RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
+}
+
 } // namespace WebKit

Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h (231262 => 231263)

--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h	2018-05-02 21:11:49 UTC (rev 231262)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h	2018-05-02 21:13:28 UTC (rev 231263)
@@ -83,8 +83,6 @@
     void addOnlineStateChangeListener(Function<void(bool)>&&) final;
     void setOnLineState(bool);
 
-    bool isDoingLoadingSecurityChecks() const final { return true; }
-
 private:
     void scheduleLoad(WebCore::ResourceLoader&, WebCore::CachedResource*, bool shouldClearReferrerOnHTTPSToHTTPRedirect);
     void scheduleInternallyFailedLoad(WebCore::ResourceLoader&);
@@ -95,6 +93,8 @@
     WebCore::ResourceResponse responseFromResourceLoadIdentifier(uint64_t resourceLoadIdentifier) final;
     WebCore::NetworkLoadMetrics networkMetricsFromResourceLoadIdentifier(uint64_t resourceLoadIdentifier) final;
 
+    bool isDoingLoadingSecurityChecks() const final;
+
     HashSet<RefPtr<WebCore::ResourceLoader>> m_internallyFailedResourceLoaders;
     RunLoop::Timer<WebLoaderStrategy> m_internallyFailedLoadTimer;
     

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes