Changeset 57041 in webkit


Ignore:
Timestamp:
Apr 2, 2010, 9:20:26 PM (15 years ago)
Author:
abarth@webkit.org
Message:

2010-04-02 Justin Schuh <jschuh@chromium.org>

Reviewed by Alexey Proskuryakov.

XHR allows arbitrary XSRF across domains
https://bugs.webkit.org/show_bug.cgi?id=36843

Added a one-line change to prevent bypassing the XDC check on
synchronous preflighted requests. Added layout tests to cover
variations of this problem.

  • http/tests/xmlhttprequest/access-control-preflight-async-header-denied-expected.txt: Added.
  • http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html: Added.
  • http/tests/xmlhttprequest/access-control-preflight-async-method-denied-expected.txt: Added.
  • http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html: Added.
  • http/tests/xmlhttprequest/access-control-preflight-sync-header-denied-expected.txt: Added.
  • http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html: Added.
  • http/tests/xmlhttprequest/access-control-preflight-sync-method-denied-expected.txt: Added.
  • http/tests/xmlhttprequest/access-control-preflight-sync-method-denied.html: Added.
  • http/tests/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php: Added.

2010-04-02 Justin Schuh <jschuh@chromium.org>

Reviewed by Alexey Proskuryakov.

XHR allows arbitrary XSRF across domains
https://bugs.webkit.org/show_bug.cgi?id=36843

Added a one-line change to prevent bypassing the XDC check on
synchronous preflighted requests. Added layout tests to cover
variations of this problem.

Tests: http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html

http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html
http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html
http/tests/xmlhttprequest/access-control-preflight-sync-method-denied.html

  • loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::preflightFailure):
Location:
trunk
Files:
9 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r57023 r57041  
     12010-04-02  Justin Schuh  <jschuh@chromium.org>
     2
     3        Reviewed by Alexey Proskuryakov.
     4
     5        XHR allows arbitrary XSRF across domains
     6        https://bugs.webkit.org/show_bug.cgi?id=36843
     7
     8        Added a one-line change to prevent bypassing the XDC check on
     9        synchronous preflighted requests. Added layout tests to cover
     10        variations of this problem.
     11
     12        * http/tests/xmlhttprequest/access-control-preflight-async-header-denied-expected.txt: Added.
     13        * http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html: Added.
     14        * http/tests/xmlhttprequest/access-control-preflight-async-method-denied-expected.txt: Added.
     15        * http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html: Added.
     16        * http/tests/xmlhttprequest/access-control-preflight-sync-header-denied-expected.txt: Added.
     17        * http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html: Added.
     18        * http/tests/xmlhttprequest/access-control-preflight-sync-method-denied-expected.txt: Added.
     19        * http/tests/xmlhttprequest/access-control-preflight-sync-method-denied.html: Added.
     20        * http/tests/xmlhttprequest/resources/access-control-preflight-denied-xsrf.php: Added.
     21
    1222010-04-02  Andrew Scherkus  <scherkus@chromium.org>
    223
  • trunk/WebCore/ChangeLog

    r57039 r57041  
     12010-04-02  Justin Schuh  <jschuh@chromium.org>
     2
     3        Reviewed by Alexey Proskuryakov.
     4
     5        XHR allows arbitrary XSRF across domains
     6        https://bugs.webkit.org/show_bug.cgi?id=36843
     7
     8        Added a one-line change to prevent bypassing the XDC check on
     9        synchronous preflighted requests. Added layout tests to cover
     10        variations of this problem.
     11
     12        Tests: http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html
     13               http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html
     14               http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html
     15               http/tests/xmlhttprequest/access-control-preflight-sync-method-denied.html
     16
     17        * loader/DocumentThreadableLoader.cpp:
     18        (WebCore::DocumentThreadableLoader::preflightFailure):
     19
    1202010-04-02  Nayan Kumar K  <nayankk@gmail.com>
    221
  • trunk/WebCore/loader/DocumentThreadableLoader.cpp

    r56955 r57041  
    292292void DocumentThreadableLoader::preflightFailure()
    293293{
     294    m_actualRequest = 0; // Prevent didFinishLoading() from bypassing access check.
    294295    m_client->didFail(ResourceError());
    295296}
Note: See TracChangeset for help on using the changeset viewer.