Context Navigation

Changeset 230495 in webkit

Timestamp:

Apr 10, 2018 3:16:27 PM (6 years ago)

Author:

youenn@apple.com

Message:

Beacon redirect responses should be CORS validated
https://bugs.webkit.org/show_bug.cgi?id=184378

Reviewed by Chris Dumez.

Source/WebKit:

Add CORS checks to any redirection response if mode is CORS.
Update response tainting and redirected accordingly.

(WebKit::NetworkLoadChecker::checkRedirection):
(WebKit::NetworkLoadChecker::validateResponse):

(WebKit::PingLoad::willPerformHTTPRedirection):

LayoutTests:

(main):

Location:

trunk

Files:

-                      r230493
+                      r230495
+-04-10  Youenn Fablet  <youenn@apple.com>
+        Beacon redirect responses should be CORS validated
+        https://bugs.webkit.org/show_bug.cgi?id=184378
+        Reviewed by Chris Dumez.
+        * TestExpectations:
+        * http/wpt/beacon/cors/cors-redirect-failure-expected.txt: Added.
+        * http/wpt/beacon/cors/cors-redirect-failure.html: Added.
+        * http/wpt/beacon/resources/redirect.py:
+        (main):
 -04-10  Youenn Fablet  <youenn@apple.com>

r230483	r230495
1005	1005	http/wpt/beacon/contentextensions [ Skip ]
1006	1006
	1007	http/wpt/beacon/cors/cors-redirect-failure.html [ DumpJSConsoleLogInStdErr ]
	1008
1007	1009	webkit.org/b/149072 svg/animations/svgboolean-animation-1.html [ Pass Failure ]
1008	1010

-                      r220497
+                      r230495
                ("Pragma", "no-cache"),
                ("Access-Control-Allow-Credentials", "true")]
+    headers.append(("Access-Control-Allow-Origin", request.headers.get("Origin", "*")))
+    if not "disallowCorsOnResponseNotPreflight" in request.GET or request.method == "OPTIONS":
+        headers.append(("Access-Control-Allow-Origin", request.headers.get("Origin", "*")))
     token = None
     if "token" in request.GET:
         token = request.GET.first("token")

-                      r230489
+                      r230495
+-04-10  Youenn Fablet  <youenn@apple.com>
+        Beacon redirect responses should be CORS validated
+        https://bugs.webkit.org/show_bug.cgi?id=184378
+        Reviewed by Chris Dumez.
+        Add CORS checks to any redirection response if mode is CORS.
+        Update response tainting and redirected accordingly.
+        * NetworkProcess/NetworkLoadChecker.cpp:
+        (WebKit::NetworkLoadChecker::checkRedirection):
+        (WebKit::NetworkLoadChecker::validateResponse):
+        * NetworkProcess/NetworkLoadChecker.h:
+        * NetworkProcess/PingLoad.cpp:
+        (WebKit::PingLoad::willPerformHTTPRedirection):
 -04-10  Sihui Liu  <sihui_liu@apple.com>

-                      r230223
+                      r230495
+}
 void NetworkLoadChecker::checkRedirection(ResourceRequest&& request, ValidationHandler&& handler)
+void NetworkLoadChecker::checkRedirection(WebCore::ResourceResponse& redirectResponse, ResourceRequest&& request, ValidationHandler&& handler)
+{
     ASSERT(!isChecking());
+    auto error = validateResponse(redirectResponse);
+    if (!error.isNull()) {
+        handler(makeUnexpected(WTFMove(error)));
+        return;
+    }
     m_previousURL = WTFMove(m_url);
 …
     checkRequest(WTFMove(request), WTFMove(handler));
+}
+ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response)
+{
+    if (m_redirectCount)
+        response.setRedirected(true);
+    if (m_isSameOriginRequest) {
+        response.setTainting(ResourceResponse::Tainting::Basic);
+        return { };
+    }
+    if (m_mode == FetchOptions::Mode::NoCors) {
+        response.setTainting(ResourceResponse::Tainting::Opaque);
+        return { };
+    }
+    ASSERT(m_mode == FetchOptions::Mode::Cors);
+    String errorMessage;
+    if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage))
+        return ResourceError { errorDomainWebKitInternal, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl };
+    response.setTainting(ResourceResponse::Tainting::Cors);
+    return { };
+}

-                      r230223
+                      r230495
     using ValidationHandler = CompletionHandler<void(RequestOrError&&)>;
     void check(WebCore::ResourceRequest&&, ValidationHandler&&);
+    void checkRedirection(WebCore::ResourceRequest&&, ValidationHandler&&);
+    void checkRedirection(WebCore::ResourceResponse&, WebCore::ResourceRequest&&, ValidationHandler&&);
+    WebCore::ResourceError validateResponse(WebCore::ResourceResponse&);
     void setCSPResponseHeaders(WebCore::ContentSecurityPolicyResponseHeaders&& headers) { m_cspResponseHeaders = WTFMove(headers); }

-                      r230223
+                      r230495
 void PingLoad::willPerformHTTPRedirection(ResourceResponse&& redirectResponse, ResourceRequest&& request, RedirectCompletionHandler&& completionHandler)
+{
+    m_networkLoadChecker->checkRedirection(WTFMove(request), [this, completionHandler = WTFMove(completionHandler)](auto&& result) {
+    m_networkLoadChecker->checkRedirection(redirectResponse, WTFMove(request), [this, completionHandler = WTFMove(completionHandler)](auto&& result) {
         if (!result.has_value()) {
             completionHandler({ });

Note: See TracChangeset for help on using the changeset viewer.