Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 20bb72696993b4d1eef22ef1cc459b95a187a1d1
https://github.com/WebKit/WebKit/commit/20bb72696993b4d1eef22ef1cc459b95a187a1d1
Author: Nitin Mahendru <[email protected]>
Date: 2024-10-09 (Wed, 09 Oct 2024)
Changed paths:
A
LayoutTests/http/tests/download/anchor-download-redirect-cross-origin-expected.txt
A LayoutTests/http/tests/download/anchor-download-redirect-cross-origin.html
A
LayoutTests/http/tests/download/anchor-download-redirect-same-origin-expected.txt
A LayoutTests/http/tests/download/anchor-download-redirect-same-origin.html
A
LayoutTests/http/tests/download/resources/iframe-anchor-cross-origin-redirect-download.html
A
LayoutTests/http/tests/download/resources/iframe-anchor-same-origin-redirect-download.html
M LayoutTests/platform/mac-wk1/TestExpectations
M Source/WebCore/loader/EmptyClients.cpp
M Source/WebCore/loader/EmptyFrameLoaderClient.h
M Source/WebCore/loader/LocalFrameLoaderClient.h
M Source/WebCore/loader/PolicyChecker.cpp
M Source/WebKit/NetworkProcess/Downloads/DownloadManager.cpp
M Source/WebKit/NetworkProcess/Downloads/DownloadManager.h
M Source/WebKit/NetworkProcess/Downloads/PendingDownload.cpp
M Source/WebKit/NetworkProcess/Downloads/PendingDownload.h
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
M Source/WebKit/Scripts/webkit/messages.py
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h
M Source/WebKit/WebProcess/WebPage/WebFrame.cpp
M Source/WebKit/WebProcess/WebPage/WebFrame.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.h
M Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.mm
Log Message:
-----------
Block cross origin redirect downloads in iframe.
rdar://130901951
Reviewed by Matthew Finkel.
With this change, we are trying to block downloads triggered due to navigation
to an anchor element inside an iframe where the redirect is cross origin.
This could lead to attacker controlled javascript get access to cross origin
cookies which should
not be.
Tests have been added to check the positive and negative scenarios for the same.
*
LayoutTests/http/tests/download/anchor-download-redirect-cross-origin-expected.txt:
Added.
* LayoutTests/http/tests/download/anchor-download-redirect-cross-origin.html:
Added.
*
LayoutTests/http/tests/download/anchor-download-redirect-same-origin-expected.txt:
Added.
* LayoutTests/http/tests/download/anchor-download-redirect-same-origin.html:
Added.
*
LayoutTests/http/tests/download/resources/iframe-anchor-cross-origin-redirect-download.html:
Added.
*
LayoutTests/http/tests/download/resources/iframe-anchor-same-origin-redirect-download.html:
Added.
* Source/WebCore/loader/EmptyClients.cpp:
(WebCore::EmptyFrameLoaderClient::startDownload):
* Source/WebCore/loader/EmptyFrameLoaderClient.h:
* Source/WebCore/loader/LocalFrameLoaderClient.h:
* Source/WebCore/loader/PolicyChecker.cpp:
(WebCore::PolicyChecker::checkNavigationPolicy):
* Source/WebKit/NetworkProcess/Downloads/DownloadManager.cpp:
(WebKit::DownloadManager::startDownload):
* Source/WebKit/NetworkProcess/Downloads/DownloadManager.h:
(WebKit::DownloadManager::startDownload):
* Source/WebKit/NetworkProcess/Downloads/PendingDownload.cpp:
(WebKit::PendingDownload::PendingDownload):
(WebKit::PendingDownload::isDownloadTriggeredWithDownloadAttribute):
(WebKit::isRedirectCrossOrigin):
(WebKit::PendingDownload::willSendRedirectedRequest):
(WebKit::PendingDownload::didFailLoading):
* Source/WebKit/NetworkProcess/Downloads/PendingDownload.h:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::startDownload):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
(WebKit::NetworkConnectionToWebProcess::startDownload):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/Scripts/webkit/messages.py:
(headers_for_type):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::startDownload):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h:
* Source/WebKit/WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::startDownload):
* Source/WebKit/WebProcess/WebPage/WebFrame.h:
(WebKit::WebFrame::startDownload):
* Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::startDownload):
Originally-landed-as: 280938.23@safari-7619-branch (de194eeed8a1).
rdar://136111465
Canonical link: https://commits.webkit.org/284937@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
