Diff
Modified: trunk/LayoutTests/ChangeLog (239633 => 239634)
--- trunk/LayoutTests/ChangeLog 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/LayoutTests/ChangeLog 2019-01-04 21:22:30 UTC (rev 239634)
@@ -1,3 +1,17 @@
+2019-01-04 Youenn Fablet <[email protected]>
+
+ CSP violation reports should bypass CSP checks
+ https://bugs.webkit.org/show_bug.cgi?id=192857
+ <rdar://problem/46887236>
+
+ Reviewed by Chris Dumez.
+
+ * http/wpt/fetch/csp-reports-bypass-csp-checks-expected.txt: Added.
+ * http/wpt/fetch/csp-reports-bypass-csp-checks.html: Added.
+ * http/wpt/fetch/csp-reports-bypass-csp-checks.html.headers: Added.
+ * http/wpt/fetch/resources/store-csp-report.py: Added.
+ (main):
+
2019-01-04 Chris Fleizach <[email protected]>
AX: String check: "Rule" does not reflect the meaning of the <hr> html tag
Added: trunk/LayoutTests/http/wpt/fetch/csp-reports-bypass-csp-checks-expected.txt (0 => 239634)
--- trunk/LayoutTests/http/wpt/fetch/csp-reports-bypass-csp-checks-expected.txt (rev 0)
+++ trunk/LayoutTests/http/wpt/fetch/csp-reports-bypass-csp-checks-expected.txt 2019-01-04 21:22:30 UTC (rev 239634)
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Refused to connect to http://localhost:8888/test because it does not appear in the connect-src directive of the Content Security Policy.
+
+PASS CSP violation reports should not be CSP checked
+
Added: trunk/LayoutTests/http/wpt/fetch/csp-reports-bypass-csp-checks.html (0 => 239634)
--- trunk/LayoutTests/http/wpt/fetch/csp-reports-bypass-csp-checks.html (rev 0)
+++ trunk/LayoutTests/http/wpt/fetch/csp-reports-bypass-csp-checks.html 2019-01-04 21:22:30 UTC (rev 239634)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<script src=""
+<script src=""
+<title>CSP violation reports should not be CSP checked</title>
+<body>
+<script>
+document.addEventListener("securitypolicyviolation", async () => {
+ const response = await fetch("/WebKit/fetch/resources/store-csp-report.py?retrieve=true&file=reports-bypass-csp-checks");
+ let results = await response.json();
+
+ const report = results["csp-report"];
+ if (report["effective-directive"] === "connect-src") {
+ assert_equals(report["blocked-uri"], "http://localhost:8888");
+ done();
+ }
+});
+
+fetch("http://localhost:8888/test").catch(() => {});
+</script>
+</body>
Added: trunk/LayoutTests/http/wpt/fetch/csp-reports-bypass-csp-checks.html.headers (0 => 239634)
--- trunk/LayoutTests/http/wpt/fetch/csp-reports-bypass-csp-checks.html.headers (rev 0)
+++ trunk/LayoutTests/http/wpt/fetch/csp-reports-bypass-csp-checks.html.headers 2019-01-04 21:22:30 UTC (rev 239634)
@@ -0,0 +1 @@
+Content-Security-Policy: connect-src 'self'; style-src 'self'; script-src 'self' 'unsafe-inline'; default-src 'none'; report-uri http://localhost:8801/WebKit/fetch/resources/store-csp-report.py?file=reports-bypass-csp-checks
Added: trunk/LayoutTests/http/wpt/fetch/resources/store-csp-report.py (0 => 239634)
--- trunk/LayoutTests/http/wpt/fetch/resources/store-csp-report.py (rev 0)
+++ trunk/LayoutTests/http/wpt/fetch/resources/store-csp-report.py 2019-01-04 21:22:30 UTC (rev 239634)
@@ -0,0 +1,38 @@
+import hashlib
+
+def main(request, response):
+ ## Get the query parameter (key) from URL ##
+ ## Tests will record POST requests (CSP Report) and GET (rest) ##
+ if request.GET:
+ key = request.GET['file']
+ elif request.POST:
+ key = request.POST['file']
+
+ ## Convert the key from String to UUID valid String ##
+ testId = hashlib.md5(key).hexdigest()
+
+ ## Handle the header retrieval request ##
+ if 'retrieve' in request.GET:
+ response.writer.write_status(200)
+ response.headers.set("Access-Control-Allow-Origin", "*")
+ response.headers.set("Cache-Control", "no-cache, no-store, must-revalidate")
+ response.headers.set("Pragma", "no-cache")
+ response.headers.set("Expires", "0")
+ response.writer.end_headers()
+ try:
+ value = request.server.stash.take(testId)
+ response.writer.write(value)
+ except (KeyError, ValueError) as e:
+ response.writer.write("No report has been recorded " + str(e))
+ pass
+
+ response.close_connection = True
+ return
+
+ request.server.stash.put(testId, request.body)
+ response.headers.set("Access-Control-Allow-Origin", "*")
+ response.headers.set("Cache-Control", "no-cache, no-store, must-revalidate")
+ response.headers.set("Pragma", "no-cache")
+ response.headers.set("Expires", "0")
+ response.writer.end_headers()
+
Modified: trunk/Source/WebCore/ChangeLog (239633 => 239634)
--- trunk/Source/WebCore/ChangeLog 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebCore/ChangeLog 2019-01-04 21:22:30 UTC (rev 239634)
@@ -1,3 +1,30 @@
+2019-01-04 Youenn Fablet <[email protected]>
+
+ CSP violation reports should bypass CSP checks
+ https://bugs.webkit.org/show_bug.cgi?id=192857
+ <rdar://problem/46887236>
+
+ Reviewed by Chris Dumez.
+
+ For ping loads, pass the option to do CSP checks from PingLoader to LoaderStrategy.
+ This new option is unused by WebKit Legacy.
+ It is used by WebKit loader strategy to only send any CSP response header to network process
+ in case CSP checks should be done.
+
+ This option is used to disable CSP checks for Ping Loads that report CSP violations.
+
+ Test: http/wpt/fetch/csp-reports-bypass-csp-checks.html
+
+ * loader/LoaderStrategy.h:
+ * loader/PingLoader.cpp:
+ (WebCore::PingLoader::loadImage):
+ (WebCore::PingLoader::sendPing):
+ (WebCore::PingLoader::sendViolationReport):
+ (WebCore::PingLoader::startPingLoad):
+ * loader/PingLoader.h:
+ * loader/cache/CachedResource.cpp:
+ (WebCore::CachedResource::load):
+
2019-01-04 Wenson Hsieh <[email protected]>
[Cocoa] Merge WebEditCommandProxy::nameForEditAction and undoNameForEditAction into a single function
Modified: trunk/Source/WebCore/loader/LoaderStrategy.h (239633 => 239634)
--- trunk/Source/WebCore/loader/LoaderStrategy.h 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebCore/loader/LoaderStrategy.h 2019-01-04 21:22:30 UTC (rev 239634)
@@ -68,7 +68,7 @@
virtual void resumePendingRequests() = 0;
using PingLoadCompletionHandler = WTF::Function<void(const ResourceError&, const ResourceResponse&)>;
- virtual void startPingLoad(Frame&, ResourceRequest&, const HTTPHeaderMap& originalRequestHeaders, const FetchOptions&, PingLoadCompletionHandler&& = { }) = 0;
+ virtual void startPingLoad(Frame&, ResourceRequest&, const HTTPHeaderMap& originalRequestHeaders, const FetchOptions&, ContentSecurityPolicyImposition, PingLoadCompletionHandler&& = { }) = 0;
using PreconnectCompletionHandler = WTF::Function<void(const ResourceError&)>;
virtual void preconnectTo(FrameLoader&, const URL&, StoredCredentialsPolicy, PreconnectCompletionHandler&&) = 0;
Modified: trunk/Source/WebCore/loader/PingLoader.cpp (239633 => 239634)
--- trunk/Source/WebCore/loader/PingLoader.cpp 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebCore/loader/PingLoader.cpp 2019-01-04 21:22:30 UTC (rev 239634)
@@ -107,7 +107,7 @@
request.setHTTPReferrer(referrer);
frame.loader().addExtraFieldsToSubresourceRequest(request);
- startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes);
+ startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes, ContentSecurityPolicyImposition::DoPolicyCheck);
}
// http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing
@@ -146,7 +146,7 @@
}
}
- startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes);
+ startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes, ContentSecurityPolicyImposition::DoPolicyCheck);
}
void PingLoader::sendViolationReport(Frame& frame, const URL& reportURL, Ref<FormData>&& report, ViolationReportType reportType)
@@ -185,10 +185,10 @@
if (!referrer.isEmpty())
request.setHTTPReferrer(referrer);
- startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::No);
+ startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::No, ContentSecurityPolicyImposition::SkipPolicyCheck);
}
-void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects shouldFollowRedirects)
+void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects shouldFollowRedirects, ContentSecurityPolicyImposition policyCheck)
{
unsigned long identifier = frame.page()->progress().createUniqueIdentifier();
// FIXME: Why activeDocumentLoader? I would have expected documentLoader().
@@ -204,7 +204,7 @@
// FIXME: Move ping loads to normal subresource loading to get normal inspector request instrumentation hooks.
InspectorInstrumentation::willSendRequestOfType(&frame, identifier, frame.loader().activeDocumentLoader(), request, InspectorInstrumentation::LoadType::Ping);
- platformStrategies()->loaderStrategy()->startPingLoad(frame, request, WTFMove(originalRequestHeaders), options, [protectedFrame = makeRef(frame), identifier] (const ResourceError& error, const ResourceResponse& response) {
+ platformStrategies()->loaderStrategy()->startPingLoad(frame, request, WTFMove(originalRequestHeaders), options, policyCheck, [protectedFrame = makeRef(frame), identifier] (const ResourceError& error, const ResourceResponse& response) {
if (!response.isNull())
InspectorInstrumentation::didReceiveResourceResponse(protectedFrame, identifier, protectedFrame->loader().activeDocumentLoader(), response, nullptr);
if (error.isNull()) {
Modified: trunk/Source/WebCore/loader/PingLoader.h (239633 => 239634)
--- trunk/Source/WebCore/loader/PingLoader.h 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebCore/loader/PingLoader.h 2019-01-04 21:22:30 UTC (rev 239634)
@@ -47,6 +47,8 @@
XSSAuditor,
};
+enum class ContentSecurityPolicyImposition : uint8_t;
+
class PingLoader {
public:
static void loadImage(Frame&, const URL&);
@@ -55,7 +57,7 @@
private:
enum class ShouldFollowRedirects { No, Yes };
- static void startPingLoad(Frame&, ResourceRequest&, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects);
+ static void startPingLoad(Frame&, ResourceRequest&, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects, ContentSecurityPolicyImposition);
};
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/cache/CachedResource.cpp (239633 => 239634)
--- trunk/Source/WebCore/loader/cache/CachedResource.cpp 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebCore/loader/cache/CachedResource.cpp 2019-01-04 21:22:30 UTC (rev 239634)
@@ -288,7 +288,7 @@
unsigned long identifier = frame.page()->progress().createUniqueIdentifier();
InspectorInstrumentation::willSendRequestOfType(&frame, identifier, frameLoader.activeDocumentLoader(), request, InspectorInstrumentation::LoadType::Beacon);
- platformStrategies()->loaderStrategy()->startPingLoad(frame, request, m_originalRequest->httpHeaderFields(), m_options, [this, protectedThis = WTFMove(protectedThis), protectedFrame = makeRef(frame), identifier] (const ResourceError& error, const ResourceResponse& response) {
+ platformStrategies()->loaderStrategy()->startPingLoad(frame, request, m_originalRequest->httpHeaderFields(), m_options, m_options.contentSecurityPolicyImposition, [this, protectedThis = WTFMove(protectedThis), protectedFrame = makeRef(frame), identifier] (const ResourceError& error, const ResourceResponse& response) {
if (!response.isNull())
InspectorInstrumentation::didReceiveResourceResponse(protectedFrame, identifier, protectedFrame->loader().activeDocumentLoader(), response, nullptr);
if (error.isNull()) {
Modified: trunk/Source/WebKit/ChangeLog (239633 => 239634)
--- trunk/Source/WebKit/ChangeLog 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebKit/ChangeLog 2019-01-04 21:22:30 UTC (rev 239634)
@@ -1,3 +1,15 @@
+2019-01-04 Youenn Fablet <[email protected]>
+
+ CSP violation reports should bypass CSP checks
+ https://bugs.webkit.org/show_bug.cgi?id=192857
+ <rdar://problem/46887236>
+
+ Reviewed by Chris Dumez.
+
+ * WebProcess/Network/WebLoaderStrategy.cpp:
+ (WebKit::WebLoaderStrategy::startPingLoad):
+ * WebProcess/Network/WebLoaderStrategy.h:
+
2019-01-04 Alex Christensen <[email protected]>
Use WebsiteDataStoreParameters instead of NetworkProcessCreationParameters for IndexedDB directories
Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (239633 => 239634)
--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp 2019-01-04 21:22:30 UTC (rev 239634)
@@ -575,7 +575,7 @@
return ++identifier;
}
-void WebLoaderStrategy::startPingLoad(Frame& frame, ResourceRequest& request, const HTTPHeaderMap& originalRequestHeaders, const FetchOptions& options, PingLoadCompletionHandler&& completionHandler)
+void WebLoaderStrategy::startPingLoad(Frame& frame, ResourceRequest& request, const HTTPHeaderMap& originalRequestHeaders, const FetchOptions& options, ContentSecurityPolicyImposition policyCheck, PingLoadCompletionHandler&& completionHandler)
{
auto* document = frame.document();
if (!document) {
@@ -595,8 +595,8 @@
loadParameters.originalRequestHeaders = originalRequestHeaders;
loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(&frame);
loadParameters.shouldRestrictHTTPResponseAccess = shouldPerformSecurityChecks();
- if (!document->shouldBypassMainWorldContentSecurityPolicy()) {
- if (auto * contentSecurityPolicy = document->contentSecurityPolicy())
+ if (policyCheck == ContentSecurityPolicyImposition::DoPolicyCheck && !document->shouldBypassMainWorldContentSecurityPolicy()) {
+ if (auto* contentSecurityPolicy = document->contentSecurityPolicy())
loadParameters.cspResponseHeaders = contentSecurityPolicy->responseHeaders();
}
Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h (239633 => 239634)
--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h 2019-01-04 21:22:30 UTC (rev 239634)
@@ -62,7 +62,7 @@
void suspendPendingRequests() final;
void resumePendingRequests() final;
- void startPingLoad(WebCore::Frame&, WebCore::ResourceRequest&, const WebCore::HTTPHeaderMap& originalRequestHeaders, const WebCore::FetchOptions&, PingLoadCompletionHandler&&) final;
+ void startPingLoad(WebCore::Frame&, WebCore::ResourceRequest&, const WebCore::HTTPHeaderMap& originalRequestHeaders, const WebCore::FetchOptions&, WebCore::ContentSecurityPolicyImposition, PingLoadCompletionHandler&&) final;
void didFinishPingLoad(uint64_t pingLoadIdentifier, WebCore::ResourceError&&, WebCore::ResourceResponse&&);
void preconnectTo(WebCore::FrameLoader&, const URL&, WebCore::StoredCredentialsPolicy, PreconnectCompletionHandler&&) final;
Modified: trunk/Source/WebKitLegacy/ChangeLog (239633 => 239634)
--- trunk/Source/WebKitLegacy/ChangeLog 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebKitLegacy/ChangeLog 2019-01-04 21:22:30 UTC (rev 239634)
@@ -1,3 +1,15 @@
+2019-01-04 Youenn Fablet <[email protected]>
+
+ CSP violation reports should bypass CSP checks
+ https://bugs.webkit.org/show_bug.cgi?id=192857
+ <rdar://problem/46887236>
+
+ Reviewed by Chris Dumez.
+
+ * WebCoreSupport/WebResourceLoadScheduler.cpp:
+ (WebResourceLoadScheduler::startPingLoad):
+ * WebCoreSupport/WebResourceLoadScheduler.h:
+
2018-12-27 Alex Christensen <[email protected]>
Resurrect Mac CMake build
Modified: trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp (239633 => 239634)
--- trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp 2019-01-04 21:22:30 UTC (rev 239634)
@@ -370,7 +370,7 @@
return m_requestsLoading.size() >= (webResourceLoadScheduler().isSerialLoadingEnabled() ? 1 : m_maxRequestsInFlight);
}
-void WebResourceLoadScheduler::startPingLoad(Frame& frame, ResourceRequest& request, const HTTPHeaderMap&, const FetchOptions& options, PingLoadCompletionHandler&& completionHandler)
+void WebResourceLoadScheduler::startPingLoad(Frame& frame, ResourceRequest& request, const HTTPHeaderMap&, const FetchOptions& options, ContentSecurityPolicyImposition, PingLoadCompletionHandler&& completionHandler)
{
// PingHandle manages its own lifetime, deleting itself when its purpose has been fulfilled.
new PingHandle(frame.loader().networkingContext(), request, options.credentials != FetchOptions::Credentials::Omit, options.redirect == FetchOptions::Redirect::Follow, WTFMove(completionHandler));
Modified: trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.h (239633 => 239634)
--- trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.h 2019-01-04 21:14:14 UTC (rev 239633)
+++ trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.h 2019-01-04 21:22:30 UTC (rev 239634)
@@ -37,11 +37,6 @@
class WebResourceLoadScheduler;
-namespace WebCore {
-struct FetchOptions;
-class SecurityOrigin;
-}
-
WebResourceLoadScheduler& webResourceLoadScheduler();
class WebResourceLoadScheduler final : public WebCore::LoaderStrategy {
@@ -61,7 +56,7 @@
void suspendPendingRequests() final;
void resumePendingRequests() final;
- void startPingLoad(WebCore::Frame&, WebCore::ResourceRequest&, const WebCore::HTTPHeaderMap&, const WebCore::FetchOptions&, PingLoadCompletionHandler&&) final;
+ void startPingLoad(WebCore::Frame&, WebCore::ResourceRequest&, const WebCore::HTTPHeaderMap&, const WebCore::FetchOptions&, WebCore::ContentSecurityPolicyImposition, PingLoadCompletionHandler&&) final;
void preconnectTo(WebCore::FrameLoader&, const URL&, WebCore::StoredCredentialsPolicy, PreconnectCompletionHandler&&) final;
