Changeset 220549 in webkit


Ignore:
Timestamp:
Aug 10, 2017 2:51:15 PM (7 years ago)
Author:
Chris Dumez
Message:

[Beacon] Do connect-src CSP check on redirects as well
https://bugs.webkit.org/show_bug.cgi?id=175410
<rdar://problem/33815470>

Reviewed by Youenn Fablet.

Source/WebCore:

Pass ContentSecurityPolicy object to createPingHandle so that we can send
enough data to the NetworkProcess so do CSP checks for Ping loads such
as Beacon. For the IPC, we serialize the ContentSecurityPolicy's response
headers. Those headers are now cached in ContentSecurityPolicy for
performance reasons. CSP headers are rarely updated in practice but
sendBeacon() may get called repeatedly for a given document.

Tests: http/wpt/beacon/connect-src-beacon-redirect-allowed.sub.html

http/wpt/beacon/connect-src-beacon-redirect-blocked.sub.html

  • loader/LoaderStrategy.h:
  • loader/PingLoader.cpp:

(WebCore::PingLoader::loadImage):
(WebCore::PingLoader::sendPing):
(WebCore::PingLoader::sendViolationReport):
(WebCore::PingLoader::startPingLoad):

  • loader/PingLoader.h:
  • loader/cache/CachedResource.cpp:

(WebCore::CachedResource::load):

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::responseHeaders const):
(WebCore::ContentSecurityPolicy::didReceiveHeader):

  • page/csp/ContentSecurityPolicy.h:
  • page/csp/ContentSecurityPolicyResponseHeaders.h:

(WebCore::ContentSecurityPolicyResponseHeaders::encode const):
(WebCore::ContentSecurityPolicyResponseHeaders::decode):

Source/WebKit:

Pass CSP Response headers to the NetworkProcess via NetworkResourceLoadParameters
when doing a PingLoad. This allows PingLoad to do CSP checks (in particular
connect-src ones) in case the ping load gets redirected. Those checks need to be
done on the NetworkProcess side at this point because there is no guarantee the
WebContent process is still around.

To do the CSP checks, PingLoad lazily reconstructs a ContentSecurityPolicy object
from the CSP response headers.

  • NetworkProcess/NetworkResourceLoadParameters.cpp:

(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):

  • NetworkProcess/NetworkResourceLoadParameters.h:
  • NetworkProcess/PingLoad.cpp:

(WebKit::PingLoad::willPerformHTTPRedirection):
(WebKit::PingLoad::contentSecurityPolicy):

  • NetworkProcess/PingLoad.h:
  • WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::createPingHandle):

  • WebProcess/Network/WebLoaderStrategy.h:

Source/WebKitLegacy:

Update createPingHandle() to take in ContentSecurityPolicy
object in but no behavior change for WK1.

  • WebCoreSupport/WebResourceLoadScheduler.cpp:

(WebResourceLoadScheduler::createPingHandle):

  • WebCoreSupport/WebResourceLoadScheduler.h:

LayoutTests:

Add layout test coverage.

  • http/wpt/beacon/connect-src-beacon-redirect-allowed.sub-expected.txt: Added.
  • http/wpt/beacon/connect-src-beacon-redirect-allowed.sub.html: Added.
  • http/wpt/beacon/connect-src-beacon-redirect-blocked.sub-expected.txt: Added.
  • http/wpt/beacon/connect-src-beacon-redirect-blocked.sub.html: Added.
Location:
trunk
Files:
4 added
19 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r220543 r220549  
     12017-08-10  Chris Dumez  <cdumez@apple.com>
     2
     3        [Beacon] Do connect-src CSP check on redirects as well
     4        https://bugs.webkit.org/show_bug.cgi?id=175410
     5        <rdar://problem/33815470>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        Add layout test coverage.
     10
     11        * http/wpt/beacon/connect-src-beacon-redirect-allowed.sub-expected.txt: Added.
     12        * http/wpt/beacon/connect-src-beacon-redirect-allowed.sub.html: Added.
     13        * http/wpt/beacon/connect-src-beacon-redirect-blocked.sub-expected.txt: Added.
     14        * http/wpt/beacon/connect-src-beacon-redirect-blocked.sub.html: Added.
     15
    1162017-08-10  Jonathan Bedard  <jbedard@apple.com>
    217
  • trunk/Source/WebCore/ChangeLog

    r220548 r220549  
     12017-08-10  Chris Dumez  <cdumez@apple.com>
     2
     3        [Beacon] Do connect-src CSP check on redirects as well
     4        https://bugs.webkit.org/show_bug.cgi?id=175410
     5        <rdar://problem/33815470>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        Pass ContentSecurityPolicy object to createPingHandle so that we can send
     10        enough data to the NetworkProcess so do CSP checks for Ping loads such
     11        as Beacon. For the IPC, we serialize the ContentSecurityPolicy's response
     12        headers. Those headers are now cached in ContentSecurityPolicy for
     13        performance reasons. CSP headers are rarely updated in practice but
     14        sendBeacon() may get called repeatedly for a given document.
     15
     16        Tests: http/wpt/beacon/connect-src-beacon-redirect-allowed.sub.html
     17               http/wpt/beacon/connect-src-beacon-redirect-blocked.sub.html
     18
     19        * loader/LoaderStrategy.h:
     20        * loader/PingLoader.cpp:
     21        (WebCore::PingLoader::loadImage):
     22        (WebCore::PingLoader::sendPing):
     23        (WebCore::PingLoader::sendViolationReport):
     24        (WebCore::PingLoader::startPingLoad):
     25        * loader/PingLoader.h:
     26        * loader/cache/CachedResource.cpp:
     27        (WebCore::CachedResource::load):
     28        * page/csp/ContentSecurityPolicy.cpp:
     29        (WebCore::ContentSecurityPolicy::responseHeaders const):
     30        (WebCore::ContentSecurityPolicy::didReceiveHeader):
     31        * page/csp/ContentSecurityPolicy.h:
     32        * page/csp/ContentSecurityPolicyResponseHeaders.h:
     33        (WebCore::ContentSecurityPolicyResponseHeaders::encode const):
     34        (WebCore::ContentSecurityPolicyResponseHeaders::decode):
     35
    1362017-08-09  Yusuke Suzuki  <utatane.tea@gmail.com>
    237
  • trunk/Source/WebCore/loader/LoaderStrategy.h

    r220442 r220549  
    3535
    3636class CachedResource;
     37class ContentSecurityPolicy;
    3738class Frame;
    3839class NetscapePlugInStreamLoader;
     
    6364    virtual void resumePendingRequests() = 0;
    6465
    65     virtual void createPingHandle(NetworkingContext*, ResourceRequest&, Ref<SecurityOrigin>&& sourceOrigin, const FetchOptions&) = 0;
     66    virtual void createPingHandle(NetworkingContext*, ResourceRequest&, Ref<SecurityOrigin>&& sourceOrigin, ContentSecurityPolicy*, const FetchOptions&) = 0;
    6667
    6768    virtual void storeDerivedDataToCache(const SHA1::Digest& bodyKey, const String& type, const String& partition, WebCore::SharedBuffer&) = 0;
  • trunk/Source/WebCore/loader/PingLoader.cpp

    r220442 r220549  
    104104    frame.loader().addExtraFieldsToSubresourceRequest(request);
    105105
    106     startPingLoad(frame, request, document.securityOrigin(), ShouldFollowRedirects::Yes);
     106    startPingLoad(frame, request, document, ShouldFollowRedirects::Yes);
    107107}
    108108
     
    140140    }
    141141
    142     startPingLoad(frame, request, sourceOrigin, ShouldFollowRedirects::Yes);
     142    startPingLoad(frame, request, document, ShouldFollowRedirects::Yes);
    143143}
    144144
     
    177177        request.setHTTPReferrer(referrer);
    178178
    179     startPingLoad(frame, request, document.securityOrigin(), ShouldFollowRedirects::No);
    180 }
    181 
    182 void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request, SecurityOrigin& sourceOrigin, ShouldFollowRedirects shouldFollowRedirects)
     179    startPingLoad(frame, request, document, ShouldFollowRedirects::No);
     180}
     181
     182void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request, Document& document, ShouldFollowRedirects shouldFollowRedirects)
    183183{
    184184    unsigned long identifier = frame.page()->progress().createUniqueIdentifier();
     
    195195    InspectorInstrumentation::continueAfterPingLoader(frame, identifier, frame.loader().activeDocumentLoader(), request, ResourceResponse());
    196196
    197     platformStrategies()->loaderStrategy()->createPingHandle(frame.loader().networkingContext(), request, sourceOrigin, options);
    198 }
    199 
    200 }
     197    auto* contentSecurityPolicy = document.shouldBypassMainWorldContentSecurityPolicy() ? nullptr : document.contentSecurityPolicy();
     198    platformStrategies()->loaderStrategy()->createPingHandle(frame.loader().networkingContext(), request, document.securityOrigin(), contentSecurityPolicy, options);
     199}
     200
     201}
  • trunk/Source/WebCore/loader/PingLoader.h

    r220442 r220549  
    3838namespace WebCore {
    3939
     40class Document;
    4041class FormData;
    4142class Frame;
    4243class URL;
    4344class ResourceRequest;
    44 class SecurityOrigin;
    4545
    4646enum class ViolationReportType {
     
    5757private:
    5858    enum class ShouldFollowRedirects { No, Yes };
    59     static void startPingLoad(Frame&, ResourceRequest&, SecurityOrigin& sourceOrigin, ShouldFollowRedirects);
     59    static void startPingLoad(Frame&, ResourceRequest&, Document&, ShouldFollowRedirects);
    6060};
    6161
  • trunk/Source/WebCore/loader/cache/CachedResource.cpp

    r220442 r220549  
    263263    if (m_options.keepAlive && type() == CachedResource::Beacon) {
    264264        ASSERT(m_origin);
    265         platformStrategies()->loaderStrategy()->createPingHandle(frame.loader().networkingContext(), request, *m_origin, m_options);
     265        // Beacon is not exposed to workers so it is safe to rely on the document here.
     266        auto* document = cachedResourceLoader.document();
     267        auto* contentSecurityPolicy = document && !document->shouldBypassMainWorldContentSecurityPolicy() ? document->contentSecurityPolicy() : nullptr;
     268        platformStrategies()->loaderStrategy()->createPingHandle(frame.loader().networkingContext(), request, *m_origin, contentSecurityPolicy, m_options);
    266269        return;
    267270    }
  • trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp

    r218951 r220549  
    165165ContentSecurityPolicyResponseHeaders ContentSecurityPolicy::responseHeaders() const
    166166{
    167     ContentSecurityPolicyResponseHeaders result;
    168     result.m_headers.reserveInitialCapacity(m_policies.size());
    169     for (auto& policy : m_policies)
    170         result.m_headers.uncheckedAppend({ policy->header(), policy->headerType() });
    171     return result;
     167    if (!m_cachedResponseHeaders) {
     168        ContentSecurityPolicyResponseHeaders result;
     169        result.m_headers.reserveInitialCapacity(m_policies.size());
     170        for (auto& policy : m_policies)
     171            result.m_headers.uncheckedAppend({ policy->header(), policy->headerType() });
     172        m_cachedResponseHeaders = WTFMove(result);
     173    }
     174    return *m_cachedResponseHeaders;
    172175}
    173176
     
    188191        m_hasAPIPolicy = true;
    189192    }
     193
     194    m_cachedResponseHeaders = std::nullopt;
    190195
    191196    // RFC2616, section 4.2 specifies that headers appearing multiple times can
  • trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h

    r218951 r220549  
    6666public:
    6767    explicit ContentSecurityPolicy(ScriptExecutionContext&);
    68     explicit ContentSecurityPolicy(const SecurityOrigin&, const Frame* = nullptr);
    69     ~ContentSecurityPolicy();
     68    WEBCORE_EXPORT explicit ContentSecurityPolicy(const SecurityOrigin&, const Frame* = nullptr);
     69    WEBCORE_EXPORT ~ContentSecurityPolicy();
    7070
    7171    void copyStateFrom(const ContentSecurityPolicy*);
     
    8080        Inherited,
    8181    };
    82     ContentSecurityPolicyResponseHeaders responseHeaders() const;
     82    WEBCORE_EXPORT ContentSecurityPolicyResponseHeaders responseHeaders() const;
    8383    enum ReportParsingErrors { No, Yes };
    84     void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&, ReportParsingErrors = ReportParsingErrors::Yes);
     84    WEBCORE_EXPORT void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&, ReportParsingErrors = ReportParsingErrors::Yes);
    8585    void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicy::PolicyFrom);
    8686
     
    108108    bool allowChildFrameFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const;
    109109    bool allowChildContextFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const;
    110     bool allowConnectToSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const;
     110    WEBCORE_EXPORT bool allowConnectToSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const;
    111111    bool allowFormAction(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const;
    112112
     
    217217    OptionSet<ContentSecurityPolicyHashAlgorithm> m_hashAlgorithmsForInlineStylesheets;
    218218    HashSet<RefPtr<SecurityOrigin>> m_insecureNavigationRequestsToUpgrade;
     219    mutable std::optional<ContentSecurityPolicyResponseHeaders> m_cachedResponseHeaders;
    219220};
    220221
  • trunk/Source/WebCore/page/csp/ContentSecurityPolicyResponseHeaders.h

    r208646 r220549  
    4343class ContentSecurityPolicyResponseHeaders {
    4444public:
     45    ContentSecurityPolicyResponseHeaders() = default;
    4546    explicit ContentSecurityPolicyResponseHeaders(const ResourceResponse&);
    4647
    4748    ContentSecurityPolicyResponseHeaders isolatedCopy() const;
    4849
     50    template <class Encoder> void encode(Encoder&) const;
     51    template <class Decoder> static bool decode(Decoder&, ContentSecurityPolicyResponseHeaders&);
     52
    4953private:
    5054    friend class ContentSecurityPolicy;
    51 
    52     ContentSecurityPolicyResponseHeaders() = default;
    5355
    5456    Vector<std::pair<String, ContentSecurityPolicyHeaderType>> m_headers;
    5557};
    5658
     59template <class Encoder>
     60void ContentSecurityPolicyResponseHeaders::encode(Encoder& encoder) const
     61{
     62    encoder << static_cast<uint64_t>(m_headers.size());
     63    for (auto& pair : m_headers) {
     64        encoder << pair.first;
     65        encoder.encodeEnum(pair.second);
     66    }
     67}
     68
     69template <class Decoder>
     70bool ContentSecurityPolicyResponseHeaders::decode(Decoder& decoder, ContentSecurityPolicyResponseHeaders& headers)
     71{
     72    uint64_t headersSize;
     73    if (!decoder.decode(headersSize))
     74        return false;
     75    headers.m_headers.reserveCapacity(static_cast<size_t>(headersSize));
     76    for (size_t i = 0; i < headersSize; ++i) {
     77        String header;
     78        if (!decoder.decode(header))
     79            return false;
     80        ContentSecurityPolicyHeaderType headerType;
     81        if (!decoder.decodeEnum(headerType))
     82            return false;
     83        headers.m_headers.append(std::make_pair(header, headerType));
     84    }
     85
     86    return true;
     87}
     88
    5789} // namespace WebCore
  • trunk/Source/WebKit/ChangeLog

    r220542 r220549  
     12017-08-10  Chris Dumez  <cdumez@apple.com>
     2
     3        [Beacon] Do connect-src CSP check on redirects as well
     4        https://bugs.webkit.org/show_bug.cgi?id=175410
     5        <rdar://problem/33815470>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        Pass CSP Response headers to the NetworkProcess via NetworkResourceLoadParameters
     10        when doing a PingLoad. This allows PingLoad to do CSP checks (in particular
     11        connect-src ones) in case the ping load gets redirected. Those checks need to be
     12        done on the NetworkProcess side at this point because there is no guarantee the
     13        WebContent process is still around.
     14
     15        To do the CSP checks, PingLoad lazily reconstructs a ContentSecurityPolicy object
     16        from the CSP response headers.
     17
     18        * NetworkProcess/NetworkResourceLoadParameters.cpp:
     19        (WebKit::NetworkResourceLoadParameters::encode const):
     20        (WebKit::NetworkResourceLoadParameters::decode):
     21        * NetworkProcess/NetworkResourceLoadParameters.h:
     22        * NetworkProcess/PingLoad.cpp:
     23        (WebKit::PingLoad::willPerformHTTPRedirection):
     24        (WebKit::PingLoad::contentSecurityPolicy):
     25        * NetworkProcess/PingLoad.h:
     26        * WebProcess/Network/WebLoaderStrategy.cpp:
     27        (WebKit::WebLoaderStrategy::createPingHandle):
     28        * WebProcess/Network/WebLoaderStrategy.h:
     29
    1302017-08-10  Brian Burg  <bburg@apple.com>
    231
  • trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp

    r220442 r220549  
    8888        encoder << SecurityOriginData::fromSecurityOrigin(*sourceOrigin);
    8989    encoder.encodeEnum(mode);
     90    encoder << cspResponseHeaders;
    9091}
    9192
     
    164165    if (!decoder.decodeEnum(result.mode))
    165166        return false;
     167    if (!decoder.decode(result.cspResponseHeaders))
     168        return false;
    166169
    167170    return true;
  • trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.h

    r220442 r220549  
    2929#include "NetworkLoadParameters.h"
    3030#include "SandboxExtension.h"
     31#include <WebCore/ContentSecurityPolicyResponseHeaders.h>
    3132#include <WebCore/FetchOptions.h>
    3233#include <WebCore/ResourceHandle.h>
     
    5859    RefPtr<WebCore::SecurityOrigin> sourceOrigin;
    5960    WebCore::FetchOptions::Mode mode;
     61    std::optional<WebCore::ContentSecurityPolicyResponseHeaders> cspResponseHeaders;
    6062};
    6163
  • trunk/Source/WebKit/NetworkProcess/PingLoad.cpp

    r220497 r220549  
    3333#include "NetworkCORSPreflightChecker.h"
    3434#include "SessionTracker.h"
     35#include <WebCore/ContentSecurityPolicy.h>
    3536#include <WebCore/CrossOriginAccessControl.h>
    3637
     
    9293        return;
    9394    }
    94     // FIXME: Do CSP check.
     95
     96    if (auto* contentSecurityPolicy = this->contentSecurityPolicy()) {
     97        if (!contentSecurityPolicy->allowConnectToSource(request.url(), redirectResponse.isNull() ? ContentSecurityPolicy::RedirectResponseReceived::No : ContentSecurityPolicy::RedirectResponseReceived::Yes)) {
     98            RELEASE_LOG_IF_ALLOWED("willPerformHTTPRedirection - Redirect was blocked by CSP");
     99            completionHandler({ });
     100            return;
     101        }
     102    }
     103
    95104    // FIXME: We should ensure the number of redirects does not exceed 20.
     105
    96106    if (!needsCORSPreflight(request)) {
    97107        completionHandler(request);
     
    174184
    175185    return !m_isSameOriginRequest || !securityOrigin().canRequest(request.url());
     186}
     187
     188ContentSecurityPolicy* PingLoad::contentSecurityPolicy() const
     189{
     190    if (!m_contentSecurityPolicy && m_parameters.cspResponseHeaders) {
     191        m_contentSecurityPolicy = std::make_unique<ContentSecurityPolicy>(*m_parameters.sourceOrigin);
     192        m_contentSecurityPolicy->didReceiveHeaders(*m_parameters.cspResponseHeaders, ContentSecurityPolicy::ReportParsingErrors::No);
     193    }
     194    return m_contentSecurityPolicy.get();
    176195}
    177196
  • trunk/Source/WebKit/NetworkProcess/PingLoad.h

    r220497 r220549  
    3131#include "NetworkResourceLoadParameters.h"
    3232
     33namespace WebCore {
     34class ContentSecurityPolicy;
     35}
     36
    3337namespace WebKit {
    3438
     
    4145private:
    4246    ~PingLoad();
     47
     48    WebCore::ContentSecurityPolicy* contentSecurityPolicy() const;
    4349
    4450    void willPerformHTTPRedirection(WebCore::ResourceResponse&&, WebCore::ResourceRequest&&, RedirectCompletionHandler&&) final;
     
    6571    bool m_isSameOriginRequest;
    6672    RedirectCompletionHandler m_redirectHandler;
     73    mutable std::unique_ptr<WebCore::ContentSecurityPolicy> m_contentSecurityPolicy;
    6774};
    6875
  • trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp

    r220442 r220549  
    4747#include <WebCore/ApplicationCacheHost.h>
    4848#include <WebCore/CachedResource.h>
     49#include <WebCore/ContentSecurityPolicy.h>
    4950#include <WebCore/DiagnosticLoggingClient.h>
    5051#include <WebCore/DiagnosticLoggingKeys.h>
     
    386387}
    387388
    388 void WebLoaderStrategy::createPingHandle(NetworkingContext* networkingContext, ResourceRequest& request, Ref<SecurityOrigin>&& sourceOrigin, const FetchOptions& options)
     389void WebLoaderStrategy::createPingHandle(NetworkingContext* networkingContext, ResourceRequest& request, Ref<SecurityOrigin>&& sourceOrigin, ContentSecurityPolicy* contentSecurityPolicy, const FetchOptions& options)
    389390{
    390391    // It's possible that call to createPingHandle might be made during initial empty Document creation before a NetworkingContext exists.
     
    406407    loadParameters.shouldFollowRedirects = options.redirect == FetchOptions::Redirect::Follow;
    407408    loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = networkingContext->shouldClearReferrerOnHTTPSToHTTPRedirect();
     409    if (contentSecurityPolicy)
     410        loadParameters.cspResponseHeaders = contentSecurityPolicy->responseHeaders();
    408411
    409412    WebProcess::singleton().networkConnection().connection().send(Messages::NetworkConnectionToWebProcess::LoadPing(loadParameters), 0);
  • trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h

    r220442 r220549  
    4242typedef uint64_t ResourceLoadIdentifier;
    4343
    44 class WebLoaderStrategy : public WebCore::LoaderStrategy {
     44class WebLoaderStrategy final : public WebCore::LoaderStrategy {
    4545    WTF_MAKE_NONCOPYABLE(WebLoaderStrategy); WTF_MAKE_FAST_ALLOCATED;
    4646public:
    4747    WebLoaderStrategy();
    48     ~WebLoaderStrategy() override;
     48    ~WebLoaderStrategy() final;
    4949   
    50     RefPtr<WebCore::SubresourceLoader> loadResource(WebCore::Frame&, WebCore::CachedResource&, const WebCore::ResourceRequest&, const WebCore::ResourceLoaderOptions&) override;
    51     void loadResourceSynchronously(WebCore::NetworkingContext*, unsigned long resourceLoadIdentifier, const WebCore::ResourceRequest&, WebCore::StoredCredentials, WebCore::ClientCredentialPolicy, WebCore::ResourceError&, WebCore::ResourceResponse&, Vector<char>& data) override;
     50    RefPtr<WebCore::SubresourceLoader> loadResource(WebCore::Frame&, WebCore::CachedResource&, const WebCore::ResourceRequest&, const WebCore::ResourceLoaderOptions&) final;
     51    void loadResourceSynchronously(WebCore::NetworkingContext*, unsigned long resourceLoadIdentifier, const WebCore::ResourceRequest&, WebCore::StoredCredentials, WebCore::ClientCredentialPolicy, WebCore::ResourceError&, WebCore::ResourceResponse&, Vector<char>& data) final;
    5252
    53     void remove(WebCore::ResourceLoader*) override;
    54     void setDefersLoading(WebCore::ResourceLoader*, bool) override;
    55     void crossOriginRedirectReceived(WebCore::ResourceLoader*, const WebCore::URL& redirectURL) override;
     53    void remove(WebCore::ResourceLoader*) final;
     54    void setDefersLoading(WebCore::ResourceLoader*, bool) final;
     55    void crossOriginRedirectReceived(WebCore::ResourceLoader*, const WebCore::URL& redirectURL) final;
    5656   
    57     void servePendingRequests(WebCore::ResourceLoadPriority minimumPriority) override;
     57    void servePendingRequests(WebCore::ResourceLoadPriority minimumPriority) final;
    5858
    59     void suspendPendingRequests() override;
    60     void resumePendingRequests() override;
     59    void suspendPendingRequests() final;
     60    void resumePendingRequests() final;
    6161
    62     void createPingHandle(WebCore::NetworkingContext*, WebCore::ResourceRequest&, Ref<WebCore::SecurityOrigin>&& sourceOrigin, const WebCore::FetchOptions&) override;
     62    void createPingHandle(WebCore::NetworkingContext*, WebCore::ResourceRequest&, Ref<WebCore::SecurityOrigin>&& sourceOrigin, WebCore::ContentSecurityPolicy*, const WebCore::FetchOptions&) final;
    6363
    64     void storeDerivedDataToCache(const SHA1::Digest& bodyHash, const String& type, const String& partition, WebCore::SharedBuffer&) override;
     64    void storeDerivedDataToCache(const SHA1::Digest& bodyHash, const String& type, const String& partition, WebCore::SharedBuffer&) final;
    6565
    66     void setCaptureExtraNetworkLoadMetricsEnabled(bool) override;
     66    void setCaptureExtraNetworkLoadMetricsEnabled(bool) final;
    6767
    6868    WebResourceLoader* webResourceLoaderForIdentifier(ResourceLoadIdentifier identifier) const { return m_webResourceLoaders.get(identifier); }
  • trunk/Source/WebKitLegacy/ChangeLog

    r220442 r220549  
     12017-08-10  Chris Dumez  <cdumez@apple.com>
     2
     3        [Beacon] Do connect-src CSP check on redirects as well
     4        https://bugs.webkit.org/show_bug.cgi?id=175410
     5        <rdar://problem/33815470>
     6
     7        Reviewed by Youenn Fablet.
     8
     9        Update createPingHandle() to take in ContentSecurityPolicy
     10        object in but no behavior change for WK1.
     11
     12        * WebCoreSupport/WebResourceLoadScheduler.cpp:
     13        (WebResourceLoadScheduler::createPingHandle):
     14        * WebCoreSupport/WebResourceLoadScheduler.h:
     15
    1162017-08-08  Chris Dumez  <cdumez@apple.com>
    217
  • trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp

    r220442 r220549  
    364364}
    365365
    366 void WebResourceLoadScheduler::createPingHandle(NetworkingContext* networkingContext, ResourceRequest& request, Ref<SecurityOrigin>&&, const FetchOptions& options)
     366void WebResourceLoadScheduler::createPingHandle(NetworkingContext* networkingContext, ResourceRequest& request, Ref<SecurityOrigin>&&, WebCore::ContentSecurityPolicy*, const FetchOptions& options)
    367367{
    368368    // PingHandle manages its own lifetime, deleting itself when its purpose has been fulfilled.
  • trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.h

    r220442 r220549  
    6060    void resumePendingRequests() override;
    6161
    62     void createPingHandle(WebCore::NetworkingContext*, WebCore::ResourceRequest&, Ref<WebCore::SecurityOrigin>&& sourceOrigin, const WebCore::FetchOptions&) override;
     62    void createPingHandle(WebCore::NetworkingContext*, WebCore::ResourceRequest&, Ref<WebCore::SecurityOrigin>&& sourceOrigin, WebCore::ContentSecurityPolicy*, const WebCore::FetchOptions&) override;
    6363
    6464    void storeDerivedDataToCache(const SHA1::Digest&, const String&, const String&, WebCore::SharedBuffer&) override { }
Note: See TracChangeset for help on using the changeset viewer.