Diff
Modified: releases/WebKitGTK/webkit-2.8/LayoutTests/ChangeLog (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/LayoutTests/ChangeLog 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/ChangeLog 2015-07-06 08:47:03 UTC (rev 186319)
@@ -1,3 +1,15 @@
+2015-05-19 Brady Eidson <[email protected]>
+
+ X-Frame-Options headers not respected when loading from application cache.
+ <rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
+
+ Reviewed by Alexey Proskuryakov.
+
+ * http/tests/appcache/resources/x-frame-options-prevents-framing-test.html: Added.
+ * http/tests/appcache/resources/x-frame-options-prevents-framing.manifest: Added.
+ * http/tests/appcache/x-frame-options-prevents-framing-expected.txt: Added.
+ * http/tests/appcache/x-frame-options-prevents-framing.php: Added.
+
2015-05-19 Zalan Bujtas <[email protected]>
Merged anonymous blocks should invalidate simple line layout path.
Added: releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing-test.html (0 => 186319)
--- releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing-test.html (rev 0)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing-test.html 2015-07-06 08:47:03 UTC (rev 186319)
@@ -0,0 +1,14 @@
+<script>
+
+function loaded()
+{
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+window._onload_ = loaded();
+
+</script>
+The following iframe is a document that was cached in the application cache.<br>
+It also had "x-frame-options: deny" set, so it should not actually show up in the iframe<br>
+<iframe src=""
Added: releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing.manifest (0 => 186319)
--- releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing.manifest (rev 0)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/resources/x-frame-options-prevents-framing.manifest 2015-07-06 08:47:03 UTC (rev 186319)
@@ -0,0 +1,2 @@
+CACHE MANIFEST
+empty.txt
Added: releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing-expected.txt (0 => 186319)
--- releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing-expected.txt 2015-07-06 08:47:03 UTC (rev 186319)
@@ -0,0 +1,9 @@
+CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/appcache/x-frame-options-prevents-framing.php' in a frame because it set 'X-Frame-Options' to 'deny'.
+The following iframe is a document that was cached in the application cache.
+It also had "x-frame-options: deny" set, so it should not actually show up in the iframe
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
Added: releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing.php (0 => 186319)
--- releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing.php (rev 0)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/http/tests/appcache/x-frame-options-prevents-framing.php 2015-07-06 08:47:03 UTC (rev 186319)
@@ -0,0 +1,22 @@
+<?php
+header("X-FRAME-OPTIONS: deny");
+?>
+<html manifest="resources/x-frame-options-prevents-framing.manifest">
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ testRunner.waitUntilDone();
+}
+
+function cached()
+{
+ window.location.href = ""
+}
+applicationCache.addEventListener('cached', cached, false);
+
+</script>
+This document should not be frameable.<br>
+If you see this text in an iframe, then there is a bug.<br>
+</html>
Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog 2015-07-06 08:47:03 UTC (rev 186319)
@@ -1,3 +1,44 @@
+2015-05-19 Brady Eidson <[email protected]>
+
+ X-Frame-Options headers not respected when loading from application cache.
+ <rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
+
+ Reviewed by Alexey Proskuryakov.
+
+ Test: http/tests/appcache/x-frame-options-prevents-framing.php
+
+ This patch updates SubstituteData to hold on to a ResourceResponse instead of just a URL.
+
+ It also updates all users of SubstituteData to reflect this.
+
+ Finally it updates ApplicationCacheHost to put the full response (including x-frame-options header)
+ in the SubstituteData so they can be checked at the appropriate times.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::handleSubstituteDataLoadNow):
+ (WebCore::DocumentLoader::responseReceived): Update an ASSERT to reflect that it's okay to not have
+ a main resource as long as you have a substitute identifier for it.
+ (WebCore::DocumentLoader::documentURL):
+ (WebCore::DocumentLoader::contentFilterDidDecide):
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::loadArchive):
+ (WebCore::FrameLoader::defaultSubstituteDataForURL):
+
+ * loader/SubstituteData.h:
+ (WebCore::SubstituteData::SubstituteData):
+ (WebCore::SubstituteData::shouldRevealToSessionHistory):
+ (WebCore::SubstituteData::mimeType):
+ (WebCore::SubstituteData::textEncoding):
+ (WebCore::SubstituteData::response):
+ (WebCore::SubstituteData::responseURL): Deleted.
+
+ * loader/appcache/ApplicationCacheHost.cpp:
+ (WebCore::ApplicationCacheHost::maybeLoadMainResource): Put the full ResourceResponse here, which
+ includes x-frame-options headers sent back when the resources was initially loaded from the network.
+
+ * platform/network/ResourceResponseBase.h:
+
2015-05-19 Zalan Bujtas <[email protected]>
Merged anonymous blocks should invalidate simple line layout path.
Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/DocumentLoader.cpp (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/DocumentLoader.cpp 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/DocumentLoader.cpp 2015-07-06 08:47:03 UTC (rev 186319)
@@ -469,10 +469,10 @@
void DocumentLoader::handleSubstituteDataLoadNow()
{
- URL url = ""
- if (url.isEmpty())
- url = ""
- ResourceResponse response(url, m_substituteData.mimeType(), m_substituteData.content()->size(), m_substituteData.textEncoding());
+ ResourceResponse response = m_substituteData.response();
+ if (response.url().isEmpty())
+ response = ResourceResponse(m_request.url(), m_substituteData.mimeType(), m_substituteData.content()->size(), m_substituteData.textEncoding());
+
responseReceived(0, response);
}
@@ -609,7 +609,7 @@
auto it = commonHeaders.find(HTTPHeaderName::XFrameOptions);
if (it != commonHeaders.end()) {
String content = it->value;
- ASSERT(m_mainResource);
+ ASSERT(m_identifierForLoadWithoutResourceLoader || m_mainResource);
unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : m_mainResource->identifier();
ASSERT(identifier);
if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), identifier)) {
@@ -1269,7 +1269,7 @@
URL DocumentLoader::documentURL() const
{
- URL url = ""
+ URL url = ""
#if ENABLE(WEB_ARCHIVE)
if (url.isEmpty() && m_archive && m_archive->type() == Archive::WebArchive)
url = ""
Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/FrameLoader.cpp (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/FrameLoader.cpp 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/FrameLoader.cpp 2015-07-06 08:47:03 UTC (rev 186319)
@@ -929,8 +929,9 @@
ASSERT(mainResource);
if (!mainResource)
return;
-
- SubstituteData substituteData(mainResource->data(), mainResource->mimeType(), mainResource->textEncoding(), URL());
+
+ ResourceResponse response(URL(), mainResource->mimeType(), mainResource->data()->size(), mainResource->textEncoding());
+ SubstituteData substituteData(mainResource->data(), URL(), response, SubstituteData::SessionHistoryVisibility::Hidden);
ResourceRequest request(mainResource->url());
#if PLATFORM(MAC)
@@ -1277,7 +1278,9 @@
String srcdoc = m_frame.ownerElement()->fastGetAttribute(srcdocAttr);
ASSERT(!srcdoc.isNull());
CString encodedSrcdoc = srcdoc.utf8();
- return SubstituteData(SharedBuffer::create(encodedSrcdoc.data(), encodedSrcdoc.length()), "text/html", "UTF-8", URL());
+
+ ResourceResponse response(URL(), ASCIILiteral("text/html"), encodedSrcdoc.length(), ASCIILiteral("UTF-8"));
+ return SubstituteData(SharedBuffer::create(encodedSrcdoc.data(), encodedSrcdoc.length()), URL(), response, SubstituteData::SessionHistoryVisibility::Hidden);
}
void FrameLoader::load(const FrameLoadRequest& passedRequest)
Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/SubstituteData.h (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/SubstituteData.h 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/SubstituteData.h 2015-07-06 08:47:03 UTC (rev 186319)
@@ -26,8 +26,9 @@
#ifndef SubstituteData_h
#define SubstituteData_h
-#include "URL.h"
+#include "ResourceResponse.h"
#include "SharedBuffer.h"
+#include "URL.h"
#include <wtf/PassRefPtr.h>
#include <wtf/RefPtr.h>
@@ -35,41 +36,37 @@
class SubstituteData {
public:
+ enum class SessionHistoryVisibility {
+ Visible,
+ Hidden,
+ };
+
SubstituteData()
- : m_shouldRevealToSessionHistory(false)
{
}
- SubstituteData(PassRefPtr<SharedBuffer> content, const String& mimeType,
- const String& textEncoding, const URL& failingURL,
- const URL& responseURL = URL(), bool shouldRevealToSessionHistory = false)
+ SubstituteData(PassRefPtr<SharedBuffer> content, const URL& failingURL, const ResourceResponse& response, SessionHistoryVisibility shouldRevealToSessionHistory)
: m_content(content)
- , m_mimeType(mimeType)
- , m_textEncoding(textEncoding)
, m_failingURL(failingURL)
- , m_responseURL(responseURL)
+ , m_response(response)
, m_shouldRevealToSessionHistory(shouldRevealToSessionHistory)
{
}
- static const bool ShouldRevealToSessionHistory = true;
-
bool isValid() const { return m_content != 0; }
- bool shouldRevealToSessionHistory() const { return m_shouldRevealToSessionHistory; }
+ bool shouldRevealToSessionHistory() const { return m_shouldRevealToSessionHistory == SessionHistoryVisibility::Visible; }
const SharedBuffer* content() const { return m_content.get(); }
- const String& mimeType() const { return m_mimeType; }
- const String& textEncoding() const { return m_textEncoding; }
+ const String& mimeType() const { return m_response.mimeType(); }
+ const String& textEncoding() const { return m_response.textEncodingName(); }
const URL& failingURL() const { return m_failingURL; }
- const URL& responseURL() const { return m_responseURL; }
+ const ResourceResponse& response() const { return m_response; }
private:
RefPtr<SharedBuffer> m_content;
- String m_mimeType;
- String m_textEncoding;
URL m_failingURL;
- URL m_responseURL;
- bool m_shouldRevealToSessionHistory;
+ ResourceResponse m_response;
+ SessionHistoryVisibility m_shouldRevealToSessionHistory { SessionHistoryVisibility::Hidden };
};
}
Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp 2015-07-06 08:47:03 UTC (rev 186319)
@@ -83,12 +83,20 @@
if (m_mainResourceApplicationCache) {
// Get the resource from the application cache. By definition, cacheForMainRequest() returns a cache that contains the resource.
ApplicationCacheResource* resource = m_mainResourceApplicationCache->resourceForRequest(request);
+
+ // ApplicationCache resources have fragment identifiers stripped off of their URLs,
+ // but we'll need to restore that for the SubstituteData.
+ ResourceResponse responseToUse = resource->response();
+ if (request.url().hasFragmentIdentifier()) {
+ URL url = ""
+ url.setFragmentIdentifier(request.url().fragmentIdentifier());
+ responseToUse.setURL(url);
+ }
+
substituteData = SubstituteData(resource->data(),
- resource->response().mimeType(),
- resource->response().textEncodingName(),
URL(),
- URL(),
- SubstituteData::ShouldRevealToSessionHistory);
+ responseToUse,
+ SubstituteData::SessionHistoryVisibility::Visible);
}
}
}
Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/platform/network/ResourceResponseBase.h (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebCore/platform/network/ResourceResponseBase.h 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/platform/network/ResourceResponseBase.h 2015-07-06 08:47:03 UTC (rev 186319)
@@ -135,7 +135,7 @@
};
WEBCORE_EXPORT ResourceResponseBase();
- ResourceResponseBase(const URL&, const String& mimeType, long long expectedLength, const String& textEncodingName);
+ WEBCORE_EXPORT ResourceResponseBase(const URL&, const String& mimeType, long long expectedLength, const String& textEncodingName);
WEBCORE_EXPORT void lazyInit(InitLevel) const;
Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit/mac/ChangeLog (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebKit/mac/ChangeLog 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit/mac/ChangeLog 2015-07-06 08:47:03 UTC (rev 186319)
@@ -1,3 +1,13 @@
+2015-05-19 Brady Eidson <[email protected]>
+
+ X-Frame-Options headers not respected when loading from application cache.
+ <rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
+
+ Reviewed by Alexey Proskuryakov.
+
+ * WebView/WebFrame.mm:
+ (-[WebFrame _loadData:MIMEType:textEncodingName:baseURL:unreachableURL:]):
+
2015-02-24 Yusuke Suzuki <[email protected]>
REGRESSION(r179429): Can't type comments in Facebook
Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit/mac/WebView/WebFrame.mm (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebKit/mac/WebView/WebFrame.mm 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit/mac/WebView/WebFrame.mm 2015-07-06 08:47:03 UTC (rev 186319)
@@ -2554,7 +2554,8 @@
[NSURLProtocol setProperty:@"" forKey:@"WebDataRequest" inRequest:(NSMutableURLRequest *)request.nsURLRequest(UpdateHTTPBody)];
#endif
- SubstituteData substituteData(WebCore::SharedBuffer::wrapNSData(data), MIMEType, encodingName, [unreachableURL absoluteURL], responseURL);
+ ResourceResponse response(responseURL, MIMEType, [data length], encodingName);
+ SubstituteData substituteData(WebCore::SharedBuffer::wrapNSData(data), [unreachableURL absoluteURL], response, SubstituteData::SessionHistoryVisibility::Hidden);
_private->coreFrame->loader().load(FrameLoadRequest(_private->coreFrame, request, substituteData));
}
Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit/win/ChangeLog (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebKit/win/ChangeLog 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit/win/ChangeLog 2015-07-06 08:47:03 UTC (rev 186319)
@@ -1,3 +1,13 @@
+2015-05-19 Brady Eidson <[email protected]>
+
+ X-Frame-Options headers not respected when loading from application cache.
+ <rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
+
+ Reviewed by Alexey Proskuryakov.
+
+ * WebFrame.cpp:
+ (WebFrame::loadData):
+
2015-02-24 Yusuke Suzuki <[email protected]>
REGRESSION(r179429): Can't type comments in Facebook
Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit/win/WebFrame.cpp (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebKit/win/WebFrame.cpp 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit/win/WebFrame.cpp 2015-07-06 08:47:03 UTC (rev 186319)
@@ -561,12 +561,13 @@
// FIXME: We should really be using MarshallingHelpers::BSTRToKURL here,
// but that would turn a null BSTR into a null URL, and we crash inside of
// WebCore if we use a null URL in constructing the ResourceRequest.
- URL baseKURL = URL(URL(), String(baseURL ? baseURL : L"", SysStringLen(baseURL)));
+ URL baseCoreURL = URL(URL(), String(baseURL ? baseURL : L"", SysStringLen(baseURL)));
- URL failingKURL = MarshallingHelpers::BSTRToKURL(failingURL);
+ URL failingCoreURL = MarshallingHelpers::BSTRToKURL(failingURL);
- ResourceRequest request(baseKURL);
- SubstituteData substituteData(data, mimeTypeString, encodingString, failingKURL);
+ ResourceRequest request(baseCoreURL);
+ ResourceResponse response(URL(), mimeTypeString, data->size(), encodingString);
+ SubstituteData substituteData(data, failingCoreURL, response, SubstituteData::SessionHistoryVisibility::Hidden);
// This method is only called from IWebFrame methods, so don't ASSERT that the Frame pointer isn't null.
if (Frame* coreFrame = core(this))
Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit2/ChangeLog (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebKit2/ChangeLog 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit2/ChangeLog 2015-07-06 08:47:03 UTC (rev 186319)
@@ -1,3 +1,13 @@
+2015-05-19 Brady Eidson <[email protected]>
+
+ X-Frame-Options headers not respected when loading from application cache.
+ <rdar://problem/14877623> and https://bugs.webkit.org/show_bug.cgi?id=131800
+
+ Reviewed by Alexey Proskuryakov.
+
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::loadDataImpl):
+
2015-05-19 Chris Dumez <[email protected]>
Mark static variables as const when possible
Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (186318 => 186319)
--- releases/WebKitGTK/webkit-2.8/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2015-07-06 08:31:12 UTC (rev 186318)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2015-07-06 08:47:03 UTC (rev 186319)
@@ -1099,7 +1099,8 @@
m_pendingNavigationID = navigationID;
ResourceRequest request(baseURL);
- SubstituteData substituteData(sharedBuffer, MIMEType, encodingName, unreachableURL);
+ ResourceResponse response(URL(), MIMEType, sharedBuffer->size(), encodingName);
+ SubstituteData substituteData(sharedBuffer, unreachableURL, response, SubstituteData::SessionHistoryVisibility::Hidden);
// Let the InjectedBundle know we are about to start the load, passing the user data from the UIProcess
// to all the client to set up any needed state.
