Changeset 213126 in webkit

Timestamp:

Feb 28, 2017, 12:30:44 AM (8 years ago)

Author:

achristensen@apple.com

Message:

Main resource requests need cachePartition
​https://bugs.webkit.org/show_bug.cgi?id=168806
Source/WebCore:

<rdar://30639764>

Reviewed by Brady Eidson.

Test: http/tests/security/credentials-main-resource.html

r211751 caused an unintended regression on pages whose main resource is protected
by basic authentication. We were not setting the cache partition for main resource
requests, and we use the cache partition now for credentials, so the credentials for
the main resource were not being put into a partition in the CredentialStorage that
would not be used for subresources of the page, whose requests had the correct partition
for the domain of the page. This caused users to have to enter their credentials twice,
once for the main resource and once for any subresources. This is fixed by using the
domain from the main resource request as the cache partition. Elsewhere the Document is
used to get the cache partition, but there is no Document yet when requesting the main resource.

• loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::startLoadingMainResource):
Set the cache partition for the main resource loads based on the SecurityOrigin of the
initial request if we are loading the main resource for a new top document. If the main resource
request is redirected, then we will still use the partition of the initial request because that is
what the user requested and that is where the user entered the credentials.

• loader/cache/CachedResourceLoader.h:
• loader/cache/CachedResourceRequest.cpp:

(WebCore::CachedResourceRequest::setDomainForCachePartition):

• loader/cache/CachedResourceRequest.h:

Source/WebKit2:

Reviewed by Brady Eidson.

• NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::continueWillSendRequest):

LayoutTests:

Reviewed by Brady Eidson.

• http/tests/security/credentials-main-resource-expected.txt: Added.
• http/tests/security/credentials-main-resource.html: Added.
• http/tests/security/resources/credentials-main-resource.php: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/credentials-main-resource-expected.txt (added)
• LayoutTests/http/tests/security/credentials-main-resource.html (added)
• LayoutTests/http/tests/security/resources/credentials-main-resource.php (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/DocumentLoader.cpp (modified) (1 diff)
• Source/WebCore/loader/cache/CachedResourceLoader.h (modified) (1 diff)
• Source/WebCore/loader/cache/CachedResourceRequest.cpp (modified) (1 diff)
• Source/WebCore/loader/cache/CachedResourceRequest.h (modified) (1 diff)
• Source/WebKit2/ChangeLog (modified) (1 diff)
• Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2017-02-28  Alex Christensen  <achristensen@webkit.org>
+
+        Main resource requests need cachePartition
+        https://bugs.webkit.org/show_bug.cgi?id=168806
+
+        Reviewed by Brady Eidson.
+
+        * http/tests/security/credentials-main-resource-expected.txt: Added.
+        * http/tests/security/credentials-main-resource.html: Added.
+        * http/tests/security/resources/credentials-main-resource.php: Added.
+
 2017-02-28  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-02-28  Alex Christensen  <achristensen@webkit.org>
+
+        Main resource requests need cachePartition
+        https://bugs.webkit.org/show_bug.cgi?id=168806
+        <rdar://30639764>
+
+        Reviewed by Brady Eidson.
+
+        Test: http/tests/security/credentials-main-resource.html
+
+        r211751 caused an unintended regression on pages whose main resource is protected
+        by basic authentication.  We were not setting the cache partition for main resource
+        requests, and we use the cache partition now for credentials, so the credentials for
+        the main resource were not being put into a partition in the CredentialStorage that
+        would not be used for subresources of the page, whose requests had the correct partition
+        for the domain of the page.  This caused users to have to enter their credentials twice,
+        once for the main resource and once for any subresources.  This is fixed by using the
+        domain from the main resource request as the cache partition.  Elsewhere the Document is
+        used to get the cache partition, but there is no Document yet when requesting the main resource.
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::startLoadingMainResource):
+        Set the cache partition for the main resource loads based on the SecurityOrigin of the
+        initial request if we are loading the main resource for a new top document.  If the main resource
+        request is redirected, then we will still use the partition of the initial request because that is
+        what the user requested and that is where the user entered the credentials.
+        * loader/cache/CachedResourceLoader.h:
+        * loader/cache/CachedResourceRequest.cpp:
+        (WebCore::CachedResourceRequest::setDomainForCachePartition):
+        * loader/cache/CachedResourceRequest.h:
+
 2017-02-28  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebCore/loader/DocumentLoader.cpp

@@ -1480 +1480 @@
 
     static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, IncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
-    m_mainResource = m_cachedResourceLoader->requestMainResource(CachedResourceRequest(ResourceRequest(request), mainResourceLoadOptions));
+    CachedResourceRequest mainResourceRequest(ResourceRequest(request), mainResourceLoadOptions);
+    if (!m_frame->isMainFrame() && m_frame->document()) {
+        // If we are loading the main resource of a subframe, use the cache partition of the main document.
+        mainResourceRequest.setDomainForCachePartition(*m_frame->document());
+    } else {
+        auto origin = SecurityOrigin::create(request.url());
+        origin->setStorageBlockingPolicy(frameLoader()->frame().settings().storageBlockingPolicy());
+        mainResourceRequest.setDomainForCachePartition(origin->domainForCachePartition());
+    }
+    m_mainResource = m_cachedResourceLoader->requestMainResource(WTFMove(mainResourceRequest));
 
 #if ENABLE(CONTENT_EXTENSIONS)

trunk/Source/WebCore/loader/cache/CachedResourceLoader.h

@@ -54 +54 @@
 class Frame;
 class ImageLoader;
+class Settings;
 class URL;
 

trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp

@@ -135 +135 @@
 }
 
+void CachedResourceRequest::setDomainForCachePartition(const String& domain)
+{
+    m_resourceRequest.setDomainForCachePartition(domain);
+}
+
 static inline String acceptHeaderValueFromType(CachedResource::Type type)
 {

trunk/Source/WebCore/loader/cache/CachedResourceRequest.h

@@ -77 +77 @@
 #endif
     void setDomainForCachePartition(Document&);
+    void setDomainForCachePartition(const String&);
     bool isLinkPreload() const { return m_isLinkPreload; }
     void setIsLinkPreload() { m_isLinkPreload = true; }

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2017-02-28  Alex Christensen  <achristensen@webkit.org>
+
+        Main resource requests need cachePartition
+        https://bugs.webkit.org/show_bug.cgi?id=168806
+
+        Reviewed by Brady Eidson.
+
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::continueWillSendRequest):
+
 2017-02-27  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp

@@ -473 +473 @@
     RELEASE_LOG_IF_ALLOWED("continueWillSendRequest: (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ")", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier);
 
-    // If there is a match in the network cache, we need to reuse the original cache policy.
+    // If there is a match in the network cache, we need to reuse the original cache policy and partition.
     newRequest.setCachePolicy(originalRequest().cachePolicy());
+    newRequest.setCachePartition(originalRequest().cachePartition());
 
 #if ENABLE(NETWORK_CACHE)