Changeset 230495 in webkit
- Timestamp:
- Apr 10, 2018 3:16:27 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r230493 r230495 1 2018-04-10 Youenn Fablet <youenn@apple.com> 2 3 Beacon redirect responses should be CORS validated 4 https://bugs.webkit.org/show_bug.cgi?id=184378 5 6 Reviewed by Chris Dumez. 7 8 * TestExpectations: 9 * http/wpt/beacon/cors/cors-redirect-failure-expected.txt: Added. 10 * http/wpt/beacon/cors/cors-redirect-failure.html: Added. 11 * http/wpt/beacon/resources/redirect.py: 12 (main): 13 1 14 2018-04-10 Youenn Fablet <youenn@apple.com> 2 15 -
trunk/LayoutTests/TestExpectations
r230483 r230495 1005 1005 http/wpt/beacon/contentextensions [ Skip ] 1006 1006 1007 http/wpt/beacon/cors/cors-redirect-failure.html [ DumpJSConsoleLogInStdErr ] 1008 1007 1009 webkit.org/b/149072 svg/animations/svgboolean-animation-1.html [ Pass Failure ] 1008 1010 -
trunk/LayoutTests/http/wpt/beacon/resources/redirect.py
r220497 r230495 9 9 ("Pragma", "no-cache"), 10 10 ("Access-Control-Allow-Credentials", "true")] 11 headers.append(("Access-Control-Allow-Origin", request.headers.get("Origin", "*"))) 11 if not "disallowCorsOnResponseNotPreflight" in request.GET or request.method == "OPTIONS": 12 headers.append(("Access-Control-Allow-Origin", request.headers.get("Origin", "*"))) 13 12 14 token = None 13 14 15 if "token" in request.GET: 15 16 token = request.GET.first("token") -
trunk/Source/WebKit/ChangeLog
r230489 r230495 1 2018-04-10 Youenn Fablet <youenn@apple.com> 2 3 Beacon redirect responses should be CORS validated 4 https://bugs.webkit.org/show_bug.cgi?id=184378 5 6 Reviewed by Chris Dumez. 7 8 Add CORS checks to any redirection response if mode is CORS. 9 Update response tainting and redirected accordingly. 10 11 * NetworkProcess/NetworkLoadChecker.cpp: 12 (WebKit::NetworkLoadChecker::checkRedirection): 13 (WebKit::NetworkLoadChecker::validateResponse): 14 * NetworkProcess/NetworkLoadChecker.h: 15 * NetworkProcess/PingLoad.cpp: 16 (WebKit::PingLoad::willPerformHTTPRedirection): 17 1 18 2018-04-10 Sihui Liu <sihui_liu@apple.com> 2 19 -
trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
r230223 r230495 65 65 } 66 66 67 void NetworkLoadChecker::checkRedirection( ResourceRequest&& request, ValidationHandler&& handler)67 void NetworkLoadChecker::checkRedirection(WebCore::ResourceResponse& redirectResponse, ResourceRequest&& request, ValidationHandler&& handler) 68 68 { 69 69 ASSERT(!isChecking()); 70 71 auto error = validateResponse(redirectResponse); 72 if (!error.isNull()) { 73 handler(makeUnexpected(WTFMove(error))); 74 return; 75 } 70 76 71 77 m_previousURL = WTFMove(m_url); … … 88 94 89 95 checkRequest(WTFMove(request), WTFMove(handler)); 96 } 97 98 ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response) 99 { 100 if (m_redirectCount) 101 response.setRedirected(true); 102 103 if (m_isSameOriginRequest) { 104 response.setTainting(ResourceResponse::Tainting::Basic); 105 return { }; 106 } 107 108 if (m_mode == FetchOptions::Mode::NoCors) { 109 response.setTainting(ResourceResponse::Tainting::Opaque); 110 return { }; 111 } 112 113 ASSERT(m_mode == FetchOptions::Mode::Cors); 114 115 String errorMessage; 116 if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage)) 117 return ResourceError { errorDomainWebKitInternal, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl }; 118 119 response.setTainting(ResourceResponse::Tainting::Cors); 120 return { }; 90 121 } 91 122 -
trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.h
r230223 r230495 52 52 using ValidationHandler = CompletionHandler<void(RequestOrError&&)>; 53 53 void check(WebCore::ResourceRequest&&, ValidationHandler&&); 54 void checkRedirection(WebCore::ResourceRequest&&, ValidationHandler&&); 54 void checkRedirection(WebCore::ResourceResponse&, WebCore::ResourceRequest&&, ValidationHandler&&); 55 56 WebCore::ResourceError validateResponse(WebCore::ResourceResponse&); 55 57 56 58 void setCSPResponseHeaders(WebCore::ContentSecurityPolicyResponseHeaders&& headers) { m_cspResponseHeaders = WTFMove(headers); } -
trunk/Source/WebKit/NetworkProcess/PingLoad.cpp
r230223 r230495 94 94 void PingLoad::willPerformHTTPRedirection(ResourceResponse&& redirectResponse, ResourceRequest&& request, RedirectCompletionHandler&& completionHandler) 95 95 { 96 97 m_networkLoadChecker->checkRedirection(WTFMove(request), [this, completionHandler = WTFMove(completionHandler)](auto&& result) { 96 m_networkLoadChecker->checkRedirection(redirectResponse, WTFMove(request), [this, completionHandler = WTFMove(completionHandler)](auto&& result) { 98 97 if (!result.has_value()) { 99 98 completionHandler({ });
Note: See TracChangeset
for help on using the changeset viewer.