Changeset 138817 in webkit


Ignore:
Timestamp:
Jan 4, 2013 11:09:12 AM (11 years ago)
Author:
mkwst@chromium.org
Message:

CSP: XHR from an isolated world should bypass a page's policy.
https://bugs.webkit.org/show_bug.cgi?id=104480

Reviewed by Adam Barth.

Source/WebCore:

Connections of various types are governed by the page's Content Security
Policy 'connect-src' directive. In the special case of connections
generated from an isolated world, we'd like to bypass these restrictions
in order to allow things like extensions to enjoy their uniquely high-
privilege lifestyle. This patch does just that.

We'll lock them down to their own policy in webkit.org/b/104520, but
that's a bit far away at the moment. Soon!

Test: http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html

  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::connect):

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::canRequest):

  • page/EventSource.cpp:

(WebCore::EventSource::create):

  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::open):

Check whether or not code is running in an isolated world that has
its own Content Security Policy. If so, bypass the main world's CSP
checks. Isolated worlds gotta be free, man.

LayoutTests:

  • http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html: Added.

A new test! How wonderful!

  • platform/efl/TestExpectations:
  • platform/mac/TestExpectations:
  • platform/qt/TestExpectations:
  • platform/win/TestExpectations:
  • platform/wincairo/TestExpectations:

Skipping the new test on ports that don't support it.

Location:
trunk
Files:
2 added
11 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r138816 r138817  
     12013-01-04  Mike West  <mkwst@chromium.org>
     2
     3        CSP: XHR from an isolated world should bypass a page's policy.
     4        https://bugs.webkit.org/show_bug.cgi?id=104480
     5
     6        Reviewed by Adam Barth.
     7
     8        * http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-expected.txt: Added.
     9        * http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html: Added.
     10            A new test! How wonderful!
     11        * platform/efl/TestExpectations:
     12        * platform/mac/TestExpectations:
     13        * platform/qt/TestExpectations:
     14        * platform/win/TestExpectations:
     15        * platform/wincairo/TestExpectations:
     16            Skipping the new test on ports that don't support it.
     17
    1182013-01-04  Mike Lawther  <mikelawther@chromium.org>
    219

  • trunk/LayoutTests/platform/efl/TestExpectations

    r138794 r138817  
    11301130# JSC also doesn't support setIsolatedWorldContentSecurityPolicy
    11311131webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp.html [ Failure ]
     1132webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html [ Failure ]
    11321133
    11331134#__worldID is undefined in isolated world

  • trunk/LayoutTests/platform/mac/TestExpectations

    r138782 r138817  
    440440
    441441# JSC also doesn't support setIsolatedWorldContentSecurityPolicy (webkit.org/b/100815)
    442 http/tests/security/isolatedWorld/bypass-main-world-csp.html
     442webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp.html [ Failure ]
     443webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html [ Failure ]
    443444
    444445# https://bugs.webkit.org/show_bug.cgi?id=63282 layerTreeAsText doesn't work for iframes

  • trunk/LayoutTests/platform/qt/TestExpectations

    r138801 r138817  
    206206
    207207# JSC also doesn't support setIsolatedWorldContentSecurityPolicy (webkit.org/b/100815)
    208 http/tests/security/isolatedWorld/bypass-main-world-csp.html
     208webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp.html [ Failure ]
     209webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html [ Failure ]
    209210
    210211# This test is for clients that choose to make the missing plugin indicator a button

  • trunk/LayoutTests/platform/win/TestExpectations

    r138766 r138817  
    14941494
    14951495# JSC also doesn't support setIsolatedWorldContentSecurityPolicy (webkit.org/b/100815)
    1496 http/tests/security/isolatedWorld/bypass-main-world-csp.html
     1496webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp.html [ Failure ]
     1497webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html [ Failure ]
    14971498
    14981499# ENABLE(WEBGL) is disabled

  • trunk/LayoutTests/platform/wincairo/TestExpectations

    r138499 r138817  
    20242024
    20252025# JSC also doesn't support setIsolatedWorldContentSecurityPolicy (webkit.org/b/100815)
    2026 http/tests/security/isolatedWorld/bypass-main-world-csp.html
     2026webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp.html [ Failure ]
     2027webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html [ Failure ]
    20272028
    20282029# ENABLE(WEBGL) is disabled

  • trunk/Source/WebCore/ChangeLog

    r138816 r138817  
     12013-01-04  Mike West  <mkwst@chromium.org>
     2
     3        CSP: XHR from an isolated world should bypass a page's policy.
     4        https://bugs.webkit.org/show_bug.cgi?id=104480
     5
     6        Reviewed by Adam Barth.
     7
     8        Connections of various types are governed by the page's Content Security
     9        Policy 'connect-src' directive. In the special case of connections
     10        generated from an isolated world, we'd like to bypass these restrictions
     11        in order to allow things like extensions to enjoy their uniquely high-
     12        privilege lifestyle. This patch does just that.
     13
     14        We'll lock them down to their own policy in webkit.org/b/104520, but
     15        that's a bit far away at the moment. Soon!
     16
     17        Test: http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html
     18
     19        * Modules/websockets/WebSocket.cpp:
     20        (WebCore::WebSocket::connect):
     21        * loader/cache/CachedResourceLoader.cpp:
     22        (WebCore::CachedResourceLoader::canRequest):
     23        * page/EventSource.cpp:
     24        (WebCore::EventSource::create):
     25        * xml/XMLHttpRequest.cpp:
     26        (WebCore::XMLHttpRequest::open):
     27            Check whether or not code is running in an isolated world that has
     28            its own Content Security Policy. If so, bypass the main world's CSP
     29            checks. Isolated worlds gotta be free, man.
     30
    1312013-01-04  Mike Lawther  <mikelawther@chromium.org>
    232

  • trunk/Source/WebCore/Modules/websockets/WebSocket.cpp

    r137318 r138817  
    4040#include "ContentSecurityPolicy.h"
    4141#include "DOMWindow.h"
     42#include "Document.h"
    4243#include "Event.h"
    4344#include "EventException.h"
     
    4546#include "EventNames.h"
    4647#include "ExceptionCode.h"
     48#include "Frame.h"
    4749#include "Logging.h"
    4850#include "MessageEvent.h"
     
    239241    }
    240242
    241     if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) {
     243    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
     244    bool shouldBypassMainWorldContentSecurityPolicy = false;
     245    if (scriptExecutionContext()->isDocument()) {
     246        Document* document = static_cast<Document*>(scriptExecutionContext());
     247        shouldBypassMainWorldContentSecurityPolicy = document->frame()->script()->shouldBypassMainWorldContentSecurityPolicy();
     248    }
     249    if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) {
    242250        m_state = CLOSED;
    243251

  • trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

    r138658 r138817  
    311311    }
    312312
     313    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
    313314    bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->script()->shouldBypassMainWorldContentSecurityPolicy());
    314315

  • trunk/Source/WebCore/page/EventSource.cpp

    r138285 r138817  
    3737#include "DOMWindow.h"
    3838#include "Dictionary.h"
     39#include "Document.h"
    3940#include "Event.h"
    4041#include "EventException.h"
    4142#include "ExceptionCode.h"
     43#include "Frame.h"
    4244#include "MemoryCache.h"
    4345#include "MessageEvent.h"
     
    8486    }
    8587
    86     if (!context->contentSecurityPolicy()->allowConnectToSource(fullURL)) {
     88    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
     89    bool shouldBypassMainWorldContentSecurityPolicy = false;
     90    if (context->isDocument()) {
     91        Document* document = static_cast<Document*>(context);
     92        shouldBypassMainWorldContentSecurityPolicy = document->frame()->script()->shouldBypassMainWorldContentSecurityPolicy();
     93    }
     94    if (!shouldBypassMainWorldContentSecurityPolicy && !context->contentSecurityPolicy()->allowConnectToSource(fullURL)) {
    8795        // FIXME: Should this be throwing an exception?
    8896        ec = SECURITY_ERR;

  • trunk/Source/WebCore/xml/XMLHttpRequest.cpp

    r137318 r138817  
    494494    }
    495495
    496     if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) {
     496    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
     497    bool shouldBypassMainWorldContentSecurityPolicy = false;
     498    if (scriptExecutionContext()->isDocument()) {
     499        Document* document = static_cast<Document*>(scriptExecutionContext());
     500        shouldBypassMainWorldContentSecurityPolicy = document->frame()->script()->shouldBypassMainWorldContentSecurityPolicy();
     501    }
     502    if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) {
    497503        // FIXME: Should this be throwing an exception?
    498504        ec = SECURITY_ERR;
Note: See TracChangeset for help on using the changeset viewer.