Changeset 291726 in webkit

Timestamp:

Mar 22, 2022 4:53:16 PM (4 months ago)

Author:

sihui_liu@apple.com

Message:

Check if origin can access storage in Storage API
​https://bugs.webkit.org/show_bug.cgi?id=238158

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

• web-platform-tests/file-system-access/opaque-origin.https.window-expected.txt:
• web-platform-tests/storage/opaque-origin.https.window-expected.txt:

Source/WebCore:

According to spec ​https://storage.spec.whatwg.org/#obtain-a-storage-key, origin should not access Storage API if
it's opaque. Also, origin should not access storage if it's blocked by storage policy, so we use
SecurityOrigin::canAccessStorage to perform the origin check, like what we do for the other storage APIs.

Updated expectation for imported tests.

• Modules/storage/StorageManager.cpp:

(WebCore::connectionInfo):

• page/SecurityOrigin.h:

(WebCore::SecurityOrigin::canAccessStorageManager const):

Location:

trunk

Files:

• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/file-system-access/opaque-origin.https.window-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/storage/opaque-origin.https.window-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/storage/StorageManager.cpp (modified) (1 diff)
• Source/WebCore/page/SecurityOrigin.h (modified) (1 diff)

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2022-03-22  Sihui Liu  <sihui_liu@apple.com>
+
+        Check if origin can access storage in Storage API
+        https://bugs.webkit.org/show_bug.cgi?id=238158
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/file-system-access/opaque-origin.https.window-expected.txt:
+        * web-platform-tests/storage/opaque-origin.https.window-expected.txt:
+
 2022-03-22  Commit Queue  <commit-queue@webkit.org>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/file-system-access/opaque-origin.https.window-expected.txt

@@ -3 +3 @@
 PASS FileSystemDirectoryHandle must be undefined for data URI iframes.
 FAIL navigator.storage.getDirectory() and showDirectoryPicker() must reject in a sandboxed iframe. assert_equals: expected "showDirectoryPicker(): REJECTED: SecurityError" but got "showDirectoryPicker(): EXCEPTION: TypeError"
-FAIL navigator.storage.getDirectory() and showDirectoryPicker() must reject in a sandboxed opened window. assert_equals: expected "showDirectoryPicker(): REJECTED: SecurityError" but got "showDirectoryPicker(): EXCEPTION: TypeError"
+FAIL navigator.storage.getDirectory() and showDirectoryPicker() must reject in a sandboxed opened window. assert_equals: expected "showDirectoryPicker(): REJECTED: SecurityError" but got "navigator.storage.getDirectory(): REJECTED: TypeError"
 

trunk/LayoutTests/imported/w3c/web-platform-tests/storage/opaque-origin.https.window-expected.txt

@@ -1 +1 @@
 
 PASS navigator.storage.persisted() in non-sandboxed iframe should not reject
-FAIL navigator.storage.persisted() in sandboxed iframe should reject with TypeError assert_equals: navigator.storage.persisted() should reject with TypeError expected "correct rejection" but got "no rejection"
+PASS navigator.storage.persisted() in sandboxed iframe should reject with TypeError
 FAIL navigator.storage.estimate() in non-sandboxed iframe should not reject assert_equals: navigator.storage.estimate() should not reject expected "no rejection" but got "API access threw"
 FAIL navigator.storage.estimate() in sandboxed iframe should reject with TypeError assert_equals: navigator.storage.estimate() should reject with TypeError expected "correct rejection" but got "API access threw"
 PASS navigator.storage.persist() in non-sandboxed iframe should not reject
-FAIL navigator.storage.persist() in sandboxed iframe should reject with TypeError assert_equals: navigator.storage.persist() should reject with TypeError expected "correct rejection" but got "no rejection"
+PASS navigator.storage.persist() in sandboxed iframe should reject with TypeError
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2022-03-22  Sihui Liu  <sihui_liu@apple.com>
+
+        Check if origin can access storage in Storage API
+        https://bugs.webkit.org/show_bug.cgi?id=238158
+
+        Reviewed by Chris Dumez.
+
+        According to spec https://storage.spec.whatwg.org/#obtain-a-storage-key, origin should not access Storage API if
+        it's opaque. Also, origin should not access storage if it's blocked by storage policy, so we use 
+        SecurityOrigin::canAccessStorage to perform the origin check, like what we do for the other storage APIs.
+
+        Updated expectation for imported tests.
+
+        * Modules/storage/StorageManager.cpp:
+        (WebCore::connectionInfo):
+        * page/SecurityOrigin.h:
+        (WebCore::SecurityOrigin::canAccessStorageManager const):
+
 2022-03-22  Alan Bujtas  <zalan@apple.com>
 

trunk/Source/WebCore/Modules/storage/StorageManager.cpp

@@ -71 +71 @@
     if (!origin)
         return Exception { InvalidStateError, "Origin is invalid"_s };
-    
+
+    if (!origin->canAccessStorageManager())
+        return Exception { TypeError, "Origin should not access storage" };
+
     if (is<Document>(context)) {
         if (auto* connection = downcast<Document>(context)->storageConnection())

trunk/Source/WebCore/page/SecurityOrigin.h

@@ -150 +150 @@
     bool canAccessSessionStorage(const SecurityOrigin& topOrigin) const { return canAccessStorage(&topOrigin, AlwaysAllowFromThirdParty); }
     bool canAccessLocalStorage(const SecurityOrigin* topOrigin) const { return canAccessStorage(topOrigin); };
+    bool canAccessStorageManager() const { return canAccessStorage(nullptr); }
     bool canAccessPluginStorage(const SecurityOrigin& topOrigin) const { return canAccessStorage(&topOrigin); }
     bool canAccessApplicationCache(const SecurityOrigin& topOrigin) const { return canAccessStorage(&topOrigin); }