Changeset 256073 in webkit

Timestamp:

Feb 7, 2020 3:30:29 PM (4 years ago)

Author:

achristensen@apple.com

Message:

Remember if we used legacy TLS in the back/forward cache like we remember if we have only secure content
​https://bugs.webkit.org/show_bug.cgi?id=207409
rdar://problem/59275641

Patch by Alex Christensen <​achristensen@apple.com> on 2020-02-07
Reviewed by Chris Dumez.

Source/WebCore:

Covered by an API test.

• history/CachedFrame.cpp:

(WebCore::CachedFrame::setHasInsecureContent):

• history/CachedFrame.h:

(WebCore::CachedFrame::usedLegacyTLS const):

• loader/EmptyFrameLoaderClient.h:
• loader/FrameLoader.cpp:

(WebCore::FrameLoader::receivedFirstData):
(WebCore::FrameLoader::commitProvisionalLoad):
(WebCore::FrameLoader::dispatchDidCommitLoad):

• loader/FrameLoader.h:
• loader/FrameLoaderClient.h:

Source/WebKit:

• Scripts/webkit/messages.py:
• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::hasInsecureContent):

• UIProcess/WebPageProxy.h:
• UIProcess/WebPageProxy.messages.in:
• WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDidCommitLoad):
(WebKit::WebFrameLoaderClient::savePlatformDataToCachedFrame):

• WebProcess/WebCoreSupport/WebFrameLoaderClient.h:

Source/WebKitLegacy/mac:

• WebCoreSupport/WebFrameLoaderClient.h:
• WebCoreSupport/WebFrameLoaderClient.mm:

(WebFrameLoaderClient::dispatchDidCommitLoad):

Source/WebKitLegacy/win:

• WebCoreSupport/WebFrameLoaderClient.cpp:

(WebFrameLoaderClient::dispatchDidCommitLoad):

• WebCoreSupport/WebFrameLoaderClient.h:

Tools:

• TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:

(TestWebKitAPI::TEST):

Location:

trunk

Files:

• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/history/CachedFrame.cpp (modified) (1 diff)
• Source/WebCore/history/CachedFrame.h (modified) (3 diffs)
• Source/WebCore/loader/EmptyFrameLoaderClient.h (modified) (1 diff)
• Source/WebCore/loader/FrameLoader.cpp (modified) (3 diffs)
• Source/WebCore/loader/FrameLoader.h (modified) (2 diffs)
• Source/WebCore/loader/FrameLoaderClient.h (modified) (2 diffs)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/Scripts/webkit/messages.py (modified) (1 diff)
• Source/WebKit/UIProcess/WebPageProxy.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/WebPageProxy.h (modified) (1 diff)
• Source/WebKit/UIProcess/WebPageProxy.messages.in (modified) (1 diff)
• Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (modified) (3 diffs)
• Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.h (modified) (1 diff)
• Source/WebKitLegacy/mac/ChangeLog (modified) (1 diff)
• Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.h (modified) (1 diff)
• Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.mm (modified) (1 diff)
• Source/WebKitLegacy/win/ChangeLog (modified) (1 diff)
• Source/WebKitLegacy/win/WebCoreSupport/WebFrameLoaderClient.cpp (modified) (1 diff)
• Source/WebKitLegacy/win/WebCoreSupport/WebFrameLoaderClient.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm (modified) (2 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-02-07  Alex Christensen  <achristensen@apple.com>
+
+        Remember if we used legacy TLS in the back/forward cache like we remember if we have only secure content
+        https://bugs.webkit.org/show_bug.cgi?id=207409
+        rdar://problem/59275641
+
+        Reviewed by Chris Dumez.
+
+        Covered by an API test.
+
+        * history/CachedFrame.cpp:
+        (WebCore::CachedFrame::setHasInsecureContent):
+        * history/CachedFrame.h:
+        (WebCore::CachedFrame::usedLegacyTLS const):
+        * loader/EmptyFrameLoaderClient.h:
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::receivedFirstData):
+        (WebCore::FrameLoader::commitProvisionalLoad):
+        (WebCore::FrameLoader::dispatchDidCommitLoad):
+        * loader/FrameLoader.h:
+        * loader/FrameLoaderClient.h:
+
 2020-02-07  Ryan Haddad  <ryanhaddad@apple.com>
 

trunk/Source/WebCore/history/CachedFrame.cpp

@@ -303 +303 @@
 }
 
-void CachedFrame::setHasInsecureContent(HasInsecureContent hasInsecureContent)
+void CachedFrame::setHasInsecureContent(HasInsecureContent hasInsecureContent, UsedLegacyTLS usedLegacyTLS)
 {
     m_hasInsecureContent = hasInsecureContent;
+    m_usedLegacyTLS = usedLegacyTLS;
 }
 

trunk/Source/WebCore/history/CachedFrame.h

@@ -40 +40 @@
 class Node;
 enum class HasInsecureContent : bool;
+enum class UsedLegacyTLS : bool;
 
 class CachedFrameBase {
@@ -64 +65 @@
     bool m_isMainFrame;
     Optional<HasInsecureContent> m_hasInsecureContent;
+    Optional<UsedLegacyTLS> m_usedLegacyTLS;
 
     Vector<std::unique_ptr<CachedFrame>> m_childFrames;
@@ -80 +82 @@
     WEBCORE_EXPORT CachedFramePlatformData* cachedFramePlatformData();
 
-    WEBCORE_EXPORT void setHasInsecureContent(HasInsecureContent);
+    WEBCORE_EXPORT void setHasInsecureContent(HasInsecureContent, UsedLegacyTLS);
     Optional<HasInsecureContent> hasInsecureContent() const { return m_hasInsecureContent; }
+    Optional<UsedLegacyTLS> usedLegacyTLS() const { return m_usedLegacyTLS; }
 
     using CachedFrameBase::document;

trunk/Source/WebCore/loader/EmptyFrameLoaderClient.h

@@ -90 +90 @@
     void dispatchDidStartProvisionalLoad() final { }
     void dispatchDidReceiveTitle(const StringWithDirection&) final { }
-    void dispatchDidCommitLoad(Optional<HasInsecureContent>) final { }
+    void dispatchDidCommitLoad(Optional<HasInsecureContent>, Optional<UsedLegacyTLS>) final { }
     void dispatchDidFailProvisionalLoad(const ResourceError&, WillContinueLoading) final { }
     void dispatchDidFailLoad(const ResourceError&) final { }

trunk/Source/WebCore/loader/FrameLoader.cpp

@@ -706 +706 @@
 void FrameLoader::receivedFirstData()
 {
-    dispatchDidCommitLoad(WTF::nullopt);
+    dispatchDidCommitLoad(WTF::nullopt, WTF::nullopt);
     dispatchDidClearWindowObjectsInAllWorlds();
     dispatchGlobalObjectAvailableInAllWorlds();
@@ -2073 +2073 @@
 
         Optional<HasInsecureContent> hasInsecureContent = cachedPage->cachedMainFrame()->hasInsecureContent();
-
-        dispatchDidCommitLoad(hasInsecureContent);
+        Optional<UsedLegacyTLS> usedLegacyTLS = cachedPage->cachedMainFrame()->usedLegacyTLS();
+
+        dispatchDidCommitLoad(hasInsecureContent, usedLegacyTLS);
 
         // FIXME: This API should be turned around so that we ground CachedPage into the Page.
@@ -4008 +4009 @@
 }
 
-void FrameLoader::dispatchDidCommitLoad(Optional<HasInsecureContent> initialHasInsecureContent)
+void FrameLoader::dispatchDidCommitLoad(Optional<HasInsecureContent> initialHasInsecureContent, Optional<UsedLegacyTLS> initialUsedLegacyTLS)
 {
     if (m_stateMachine.creatingInitialEmptyDocument())
         return;
 
-    m_client.dispatchDidCommitLoad(initialHasInsecureContent);
+    m_client.dispatchDidCommitLoad(initialHasInsecureContent, initialUsedLegacyTLS);
 
     if (m_frame.isMainFrame()) {

trunk/Source/WebCore/loader/FrameLoader.h

@@ -88 +88 @@
 enum class NavigationPolicyDecision : uint8_t;
 enum class ShouldTreatAsContinuingLoad : bool;
+enum class UsedLegacyTLS : bool;
 
 struct WindowFeatures;
@@ -378 +379 @@
     bool shouldReloadToHandleUnreachableURL(DocumentLoader&);
 
-    void dispatchDidCommitLoad(Optional<HasInsecureContent> initialHasInsecureContent);
+    void dispatchDidCommitLoad(Optional<HasInsecureContent> initialHasInsecureContent, Optional<UsedLegacyTLS> initialUsedLegacyTLS);
 
     void urlSelected(FrameLoadRequest&&, Event*, Optional<AdClickAttribution>&& = WTF::nullopt);

trunk/Source/WebCore/loader/FrameLoaderClient.h

@@ -103 +103 @@
 enum class LockBackForwardList : bool;
 enum class PolicyDecisionMode;
+enum class UsedLegacyTLS : bool;
 
 struct StringWithDirection;
@@ -174 +175 @@
     virtual void dispatchDidStartProvisionalLoad() = 0;
     virtual void dispatchDidReceiveTitle(const StringWithDirection&) = 0;
-    virtual void dispatchDidCommitLoad(Optional<HasInsecureContent>) = 0;
+    virtual void dispatchDidCommitLoad(Optional<HasInsecureContent>, Optional<UsedLegacyTLS>) = 0;
     virtual void dispatchDidFailProvisionalLoad(const ResourceError&, WillContinueLoading) = 0;
     virtual void dispatchDidFailLoad(const ResourceError&) = 0;

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-02-07  Alex Christensen  <achristensen@apple.com>
+
+        Remember if we used legacy TLS in the back/forward cache like we remember if we have only secure content
+        https://bugs.webkit.org/show_bug.cgi?id=207409
+        rdar://problem/59275641
+
+        Reviewed by Chris Dumez.
+
+        * Scripts/webkit/messages.py:
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::hasInsecureContent):
+        * UIProcess/WebPageProxy.h:
+        * UIProcess/WebPageProxy.messages.in:
+        * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+        (WebKit::WebFrameLoaderClient::dispatchDidCommitLoad):
+        (WebKit::WebFrameLoaderClient::savePlatformDataToCachedFrame):
+        * WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
+
 2020-02-07  Wenson Hsieh  <wenson_hsieh@apple.com>
 

trunk/Source/WebKit/Scripts/webkit/messages.py

@@ -603 +603 @@
         'WebCore::ThirdPartyCookieBlockingMode': ['<WebCore/NetworkStorageSession.h>'],
         'WebCore::FirstPartyWebsiteDataRemovalMode': ['<WebCore/NetworkStorageSession.h>'],
+        'WebCore::UsedLegacyTLS': ['<WebCore/ResourceResponseBase.h>'],
         'WebCore::ViewportAttributes': ['<WebCore/ViewportArguments.h>'],
         'WebCore::WillContinueLoading': ['<WebCore/FrameLoaderTypes.h>'],

trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

@@ -4225 +4225 @@
 }
 
-void WebPageProxy::hasInsecureContent(CompletionHandler<void(WebCore::HasInsecureContent)>&& completionHandler)
-{
-    completionHandler(m_pageLoadState.committedHasInsecureContent() ? HasInsecureContent::Yes : HasInsecureContent::No);
+void WebPageProxy::hasInsecureContent(CompletionHandler<void(WebCore::HasInsecureContent, WebCore::UsedLegacyTLS)>&& completionHandler)
+{
+    completionHandler(
+        m_pageLoadState.committedHasInsecureContent() ? HasInsecureContent::Yes : HasInsecureContent::No,
+        m_pageLoadState.hasNegotiatedLegacyTLS() ? UsedLegacyTLS::Yes : UsedLegacyTLS::No
+    );
 }
 

trunk/Source/WebKit/UIProcess/WebPageProxy.h

@@ -1761 +1761 @@
     void setNetworkRequestsInProgress(bool);
 
-    void hasInsecureContent(CompletionHandler<void(WebCore::HasInsecureContent)>&&);
+    void hasInsecureContent(CompletionHandler<void(WebCore::HasInsecureContent, WebCore::UsedLegacyTLS)>&&);
 
     void didDestroyNavigation(uint64_t navigationID);

trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in

@@ -143 +143 @@
     DidDestroyNavigation(uint64_t navigationID)
 
-    HasInsecureContent() -> (enum:bool WebCore::HasInsecureContent hasInsecureContent) Synchronous
+    HasInsecureContent() -> (enum:bool WebCore::HasInsecureContent hasInsecureContent, enum:bool WebCore::UsedLegacyTLS usedLegacyTLS) Synchronous
 
     MainFramePluginHandlesPageScaleGestureDidChange(bool mainFramePluginHandlesPageScaleGesture)

trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp

@@ -546 +546 @@
 }
 
-void WebFrameLoaderClient::dispatchDidCommitLoad(Optional<HasInsecureContent> hasInsecureContent)
+void WebFrameLoaderClient::dispatchDidCommitLoad(Optional<HasInsecureContent> hasInsecureContent, Optional<UsedLegacyTLS> usedLegacyTLSFromPageCache)
 {
     WebPage* webPage = m_frame->page();
@@ -560 +560 @@
     webPage->sandboxExtensionTracker().didCommitProvisionalLoad(m_frame);
 
+    bool usedLegacyTLS = documentLoader.response().usedLegacyTLS();
+    if (!usedLegacyTLS && usedLegacyTLSFromPageCache)
+        usedLegacyTLS = usedLegacyTLSFromPageCache == UsedLegacyTLS::Yes;
+    
     // Notify the UIProcess.
-    webPage->send(Messages::WebPageProxy::DidCommitLoadForFrame(m_frame->frameID(), documentLoader.navigationID(), documentLoader.response().mimeType(), m_frameHasCustomContentProvider, static_cast<uint32_t>(m_frame->coreFrame()->loader().loadType()), valueOrCompute(documentLoader.response().certificateInfo(), [] { return CertificateInfo(); }), documentLoader.response().usedLegacyTLS(), m_frame->coreFrame()->document()->isPluginDocument(), hasInsecureContent, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
+    webPage->send(Messages::WebPageProxy::DidCommitLoadForFrame(m_frame->frameID(), documentLoader.navigationID(), documentLoader.response().mimeType(), m_frameHasCustomContentProvider, static_cast<uint32_t>(m_frame->coreFrame()->loader().loadType()), valueOrCompute(documentLoader.response().certificateInfo(), [] { return CertificateInfo(); }), usedLegacyTLS, m_frame->coreFrame()->document()->isPluginDocument(), hasInsecureContent, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
     webPage->didCommitLoad(m_frame);
 }
@@ -1468 +1472 @@
 
     HasInsecureContent hasInsecureContent;
-    if (webPage->sendSync(Messages::WebPageProxy::HasInsecureContent(), Messages::WebPageProxy::HasInsecureContent::Reply(hasInsecureContent)))
-        cachedFrame->setHasInsecureContent(hasInsecureContent);
+    UsedLegacyTLS usedLegacyTLS;
+    if (webPage->sendSync(Messages::WebPageProxy::HasInsecureContent(), Messages::WebPageProxy::HasInsecureContent::Reply(hasInsecureContent, usedLegacyTLS)))
+        cachedFrame->setHasInsecureContent(hasInsecureContent, usedLegacyTLS);
 }
 

trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.h

@@ -115 +115 @@
     void dispatchDidStartProvisionalLoad() final;
     void dispatchDidReceiveTitle(const WebCore::StringWithDirection&) final;
-    void dispatchDidCommitLoad(Optional<WebCore::HasInsecureContent>) final;
+    void dispatchDidCommitLoad(Optional<WebCore::HasInsecureContent>, Optional<WebCore::UsedLegacyTLS>) final;
     void dispatchDidFailProvisionalLoad(const WebCore::ResourceError&, WebCore::WillContinueLoading) final;
     void dispatchDidFailLoad(const WebCore::ResourceError&) final;

trunk/Source/WebKitLegacy/mac/ChangeLog

@@ +1 @@
+2020-02-07  Alex Christensen  <achristensen@apple.com>
+
+        Remember if we used legacy TLS in the back/forward cache like we remember if we have only secure content
+        https://bugs.webkit.org/show_bug.cgi?id=207409
+        rdar://problem/59275641
+
+        Reviewed by Chris Dumez.
+
+        * WebCoreSupport/WebFrameLoaderClient.h:
+        * WebCoreSupport/WebFrameLoaderClient.mm:
+        (WebFrameLoaderClient::dispatchDidCommitLoad):
+
 2020-02-07  Ryan Haddad  <ryanhaddad@apple.com>
 

trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.h

@@ -116 +116 @@
     void dispatchDidStartProvisionalLoad() final;
     void dispatchDidReceiveTitle(const WebCore::StringWithDirection&) final;
-    void dispatchDidCommitLoad(Optional<WebCore::HasInsecureContent>) final;
+    void dispatchDidCommitLoad(Optional<WebCore::HasInsecureContent>, Optional<WebCore::UsedLegacyTLS>) final;
     void dispatchDidFailProvisionalLoad(const WebCore::ResourceError&, WebCore::WillContinueLoading) final;
     void dispatchDidFailLoad(const WebCore::ResourceError&) final;

trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebFrameLoaderClient.mm

@@ -699 +699 @@
 }
 
-void WebFrameLoaderClient::dispatchDidCommitLoad(Optional<WebCore::HasInsecureContent>)
+void WebFrameLoaderClient::dispatchDidCommitLoad(Optional<WebCore::HasInsecureContent>, Optional<WebCore::UsedLegacyTLS>)
 {
     // Tell the client we've committed this URL.

trunk/Source/WebKitLegacy/win/ChangeLog

@@ +1 @@
+2020-02-07  Alex Christensen  <achristensen@apple.com>
+
+        Remember if we used legacy TLS in the back/forward cache like we remember if we have only secure content
+        https://bugs.webkit.org/show_bug.cgi?id=207409
+        rdar://problem/59275641
+
+        Reviewed by Chris Dumez.
+
+        * WebCoreSupport/WebFrameLoaderClient.cpp:
+        (WebFrameLoaderClient::dispatchDidCommitLoad):
+        * WebCoreSupport/WebFrameLoaderClient.h:
+
 2020-02-06  Brent Fulgham  <bfulgham@apple.com>
 

trunk/Source/WebKitLegacy/win/WebCoreSupport/WebFrameLoaderClient.cpp

@@ -439 +439 @@
 }
 
-void WebFrameLoaderClient::dispatchDidCommitLoad(Optional<HasInsecureContent>)
+void WebFrameLoaderClient::dispatchDidCommitLoad(Optional<HasInsecureContent>, Optional<UsedLegacyTLS>)
 {
     WebView* webView = m_webFrame->webView();

trunk/Source/WebKitLegacy/win/WebCoreSupport/WebFrameLoaderClient.h

@@ -93 +93 @@
     void dispatchDidStartProvisionalLoad() override;
     void dispatchDidReceiveTitle(const WebCore::StringWithDirection&) override;
-    void dispatchDidCommitLoad(Optional<WebCore::HasInsecureContent>) override;
+    void dispatchDidCommitLoad(Optional<WebCore::HasInsecureContent>, Optional<WebCore::UsedLegacyTLS>) override;
     void dispatchDidFailProvisionalLoad(const WebCore::ResourceError&, WebCore::WillContinueLoading) override;
     void dispatchDidFailLoad(const WebCore::ResourceError&) override;

trunk/Tools/ChangeLog

@@ +1 @@
+2020-02-07  Alex Christensen  <achristensen@apple.com>
+
+        Remember if we used legacy TLS in the back/forward cache like we remember if we have only secure content
+        https://bugs.webkit.org/show_bug.cgi?id=207409
+        rdar://problem/59275641
+
+        Reviewed by Chris Dumez.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:
+        (TestWebKitAPI::TEST):
+
 2020-02-07  Ryan Haddad  <ryanhaddad@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm

@@ -313 +313 @@
 
     HTTPServer modernTLSServer({
-        { "/", { makeString("<script>fetch('https://127.0.0.1:", static_cast<unsigned>(legacyTLSServer.port()), "/',{mode:'no-cors'})</script>") } }
+        { "/", { makeString("<script>fetch('https://127.0.0.1:", static_cast<unsigned>(legacyTLSServer.port()), "/',{mode:'no-cors'})</script>") } },
+        { "/pageWithoutSubresource", { "hello" }}
     }, HTTPServer::Protocol::Https);
     
@@ -324 +325 @@
     while (![webView _negotiatedLegacyTLS])
         [observer waitUntilNegotiatedLegacyTLSChanged];
+    
+    EXPECT_TRUE([webView _negotiatedLegacyTLS]);
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"https://127.0.0.1:%d/pageWithoutSubresource", modernTLSServer.port()]]]];
+    [delegate waitForDidFinishNavigation];
+    EXPECT_FALSE([webView _negotiatedLegacyTLS]);
+
+    [webView goBack];
+    [delegate waitForDidFinishNavigation];
+    EXPECT_TRUE([webView _negotiatedLegacyTLS]);
 
     [webView removeObserver:observer.get() forKeyPath:@"_negotiatedLegacyTLS"];