Changeset 199612 in webkit
- Timestamp:
- Apr 15, 2016 3:23:44 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 55 added
- 30 edited
- 1 copied
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r199611 r199612 1 2016-04-15 Daniel Bates <dabates@apple.com> 2 3 CSP: Ignore paths in CSP matching after redirects 4 https://bugs.webkit.org/show_bug.cgi?id=153154 5 <rdar://problem/24383215> 6 7 Reviewed by Brent Fulgham. 8 9 Add tests to ensure that we ignore the path component of a source expression when matching 10 a sub-resource URL that is the result of a redirect. 11 12 * TestExpectations: Unskip test http/tests/security/contentSecurityPolicy/redirect-does-not-match-paths.html as it now passes. 13 * http/tests/security/contentSecurityPolicy/audio-redirect-allowed2-expected.txt: Added. 14 * http/tests/security/contentSecurityPolicy/audio-redirect-allowed2.html: Added. 15 * http/tests/security/contentSecurityPolicy/embed-redirect-allowed-expected.txt: Added. 16 * http/tests/security/contentSecurityPolicy/embed-redirect-allowed.html: Added. 17 * http/tests/security/contentSecurityPolicy/embed-redirect-allowed2-expected.txt: Added. 18 * http/tests/security/contentSecurityPolicy/embed-redirect-allowed2.html: Added. 19 * http/tests/security/contentSecurityPolicy/embed-redirect-blocked-expected.txt: Added. 20 * http/tests/security/contentSecurityPolicy/embed-redirect-blocked.html: Added. 21 * http/tests/security/contentSecurityPolicy/embed-redirect-blocked2-expected.txt: Added. 22 * http/tests/security/contentSecurityPolicy/embed-redirect-blocked2.html: Added. 23 * http/tests/security/contentSecurityPolicy/embed-redirect-blocked3-expected.txt: Added. 24 * http/tests/security/contentSecurityPolicy/embed-redirect-blocked3.html: Added. 25 * http/tests/security/contentSecurityPolicy/font-redirect-allowed2-expected.txt: Added. 26 * http/tests/security/contentSecurityPolicy/font-redirect-allowed2.html: Added. 27 * http/tests/security/contentSecurityPolicy/form-action-src-redirect-allowed-expected.txt: Added. 28 * http/tests/security/contentSecurityPolicy/form-action-src-redirect-allowed.html: Added. 29 * http/tests/security/contentSecurityPolicy/form-action-src-redirect-allowed2-expected.txt: Added. 30 * http/tests/security/contentSecurityPolicy/form-action-src-redirect-allowed2.html: Added. 31 * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src-expected.txt: Added. 32 * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src.html: Added. 33 * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src2-expected.txt: Added. 34 * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src2.html: Added. 35 * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src-expected.txt: Added. 36 * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src.html: Added. 37 * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src2-expected.txt: Added. 38 * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src2.html: Added. 39 * http/tests/security/contentSecurityPolicy/iframe-redirect-blocked-by-child-src-expected.txt: Added. 40 * http/tests/security/contentSecurityPolicy/iframe-redirect-blocked-by-child-src.html: Added. 41 * http/tests/security/contentSecurityPolicy/iframe-redirect-blocked-by-frame-src-expected.txt: Added. 42 * http/tests/security/contentSecurityPolicy/iframe-redirect-blocked-by-frame-src.html: Added. 43 * http/tests/security/contentSecurityPolicy/image-redirect-allowed2-expected.txt: Added. 44 * http/tests/security/contentSecurityPolicy/image-redirect-allowed2.html: Added. 45 * http/tests/security/contentSecurityPolicy/object-redirect-allowed-expected.txt: Added. 46 * http/tests/security/contentSecurityPolicy/object-redirect-allowed.html: Added. 47 * http/tests/security/contentSecurityPolicy/object-redirect-allowed2-expected.txt: Added. 48 * http/tests/security/contentSecurityPolicy/object-redirect-allowed2.html: Added. 49 * http/tests/security/contentSecurityPolicy/object-redirect-blocked-expected.txt: Added. 50 * http/tests/security/contentSecurityPolicy/object-redirect-blocked.html: Added. 51 * http/tests/security/contentSecurityPolicy/object-redirect-blocked2-expected.txt: Added. 52 * http/tests/security/contentSecurityPolicy/object-redirect-blocked2.html: Added. 53 * http/tests/security/contentSecurityPolicy/object-redirect-blocked3-expected.txt: Added. 54 * http/tests/security/contentSecurityPolicy/object-redirect-blocked3.html: Added. 55 * http/tests/security/contentSecurityPolicy/redirect-does-not-match-paths-expected.txt: Update expected result now that we pass this test. 56 * http/tests/security/contentSecurityPolicy/resources/alert-pass.html: 57 * http/tests/security/contentSecurityPolicy/resources/redirect.pl: For resourceType == "image", load image http://127.0.0.1:8000/security/resources/abe.png 58 instead of http://127.0.0.1:8000/resources/square20.jpg as the latter does not exist. 59 * http/tests/security/contentSecurityPolicy/resources/xsl-redirect-allowed.php: 60 * http/tests/security/contentSecurityPolicy/script-redirect-allowed2-expected.txt: Added. 61 * http/tests/security/contentSecurityPolicy/script-redirect-allowed2.html: Added. 62 * http/tests/security/contentSecurityPolicy/stylesheet-redirect-allowed2-expected.txt: Added. 63 * http/tests/security/contentSecurityPolicy/stylesheet-redirect-allowed2.html: Added. 64 * http/tests/security/contentSecurityPolicy/svg-font-redirect-allowed2-expected.txt: Added. 65 * http/tests/security/contentSecurityPolicy/svg-font-redirect-allowed2.html: Added. 66 * http/tests/security/contentSecurityPolicy/svg-image-redirect-allowed2-expected.txt: Added. 67 * http/tests/security/contentSecurityPolicy/svg-image-redirect-allowed2.html: Added. 68 * http/tests/security/contentSecurityPolicy/track-redirect-allowed2-expected.txt: Added. 69 * http/tests/security/contentSecurityPolicy/track-redirect-allowed2.html: Added. 70 * http/tests/security/contentSecurityPolicy/video-redirect-allowed2-expected.txt: Added. 71 * http/tests/security/contentSecurityPolicy/video-redirect-allowed2.html: Added. 72 * http/tests/security/contentSecurityPolicy/xsl-redirect-allowed.html: 73 * http/tests/security/contentSecurityPolicy/xsl-redirect-allowed2-expected.txt: Added. 74 * http/tests/security/contentSecurityPolicy/xsl-redirect-allowed2.html: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/xsl-redirect-allowed.html. 75 * platform/ios-simulator/TestExpectations: Skip tests {embed, object}-redirect-blocked{2, 3}.html as they make 76 use of a plug-in and plug-ins are not supported on iOS. 77 * platform/wk2/TestExpectations: Skip tests {embed, object}-redirect-blocked3.html on WebKit2 as they fail 78 because of <https://bugs.webkit.org/show_bug.cgi?id=156612>. 79 1 80 2016-04-15 Myles C. Maxfield <mmaxfield@apple.com> 2 81 -
trunk/LayoutTests/TestExpectations
r199596 r199612 816 816 webkit.org/b/153152 http/tests/security/contentSecurityPolicy/manifest-src-allowed.html # Needs testRunner.getManifestThen() 817 817 webkit.org/b/153152 http/tests/security/contentSecurityPolicy/manifest-src-blocked.html # Needs testRunner.getManifestThen() 818 webkit.org/b/153154 http/tests/security/contentSecurityPolicy/redirect-does-not-match-paths.html819 818 webkit.org/b/153155 http/tests/security/contentSecurityPolicy/1.1/scripthash-basic-blocked-error-event.html 820 819 webkit.org/b/153155 http/tests/security/contentSecurityPolicy/1.1/stylehash-basic-blocked-error-event.html -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/redirect-does-not-match-paths-expected.txt
r195367 r199612 1 1 2 CONSOLE MESSAGE: XMLHttpRequest cannot load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.pl. Request header field Accept-Encoding is not allowed by Access-Control-Allow-Headers.3 FAIL: Timed out waiting for notifyDone to be called4 2 3 PASS CSP ignores paths of redirected resources in matching algorithm for scripts. 4 PASS CSP ignores paths of redirect resources in matching algorithm for images. 5 PASS CSP ignores paths of redirect resources in matching algorithm for frames. 6 PASS CSP ignores paths of redirected resources in matching algorithm for stylesheets. 7 PASS CSP ignores paths of redirect resources in matching algorithm for XHR. 8 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/alert-pass.html
r84460 r199612 1 1 <script> 2 alert('PASS'); 2 alert("PASS"); 3 4 var shouldNotifyDone = document.location.search.indexOf("?notifyDone=1") !== -1 && window.testRunner; 5 if (shouldNotifyDone) 6 testRunner.notifyDone(); 3 7 </script> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/redirect.pl
r195367 r199612 12 12 13 13 if ($resourceType eq "image") { 14 print "Location: http://127.0.0.1:8000/ resources/square20.jpg";14 print "Location: http://127.0.0.1:8000/security/resources/abe.png"; 15 15 } 16 16 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/xsl-redirect-allowed.php
r198292 r199612 1 1 <?php 2 require "determine-content-security-policy-header.php"; 3 2 4 header("Content-Type: application/xhtml+xml"); 3 header("Content-Security-Policy: script-src http://127.0.0.1:8000/resources/redirect.php http://localhost:8000 'unsafe-inline'");4 5 echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; 5 6 echo '<?xml-stylesheet type="text/xsl" href="http://127.0.0.1:8000/resources/redirect.php?code=307&url=http%3A%2F%2Flocalhost%3A8000/security/contentSecurityPolicy/resources/alert-pass.xsl"?>' . "\n"; -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-redirect-allowed.html
r198292 r199612 13 13 </head> 14 14 <body> 15 <iframe src="resources/xsl-redirect-allowed.php "></iframe>15 <iframe src="resources/xsl-redirect-allowed.php?csp=script-src+http%3A//127.0.0.1%3A8000/resources/redirect.php+http%3A//localhost%3A8000+%27unsafe-inline%27"></iframe> 16 16 </body> 17 17 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/xsl-redirect-allowed2.html
r199611 r199612 13 13 </head> 14 14 <body> 15 <iframe src="resources/xsl-redirect-allowed.php "></iframe>15 <iframe src="resources/xsl-redirect-allowed.php?csp=script-src+http%3A//127.0.0.1%3A8000/resources/redirect.php+http%3A//localhost%3A8000/this-path-should-be-ignored-when-matching-a-redirected-request+%27unsafe-inline%27"></iframe> 16 16 </body> 17 17 </html> -
trunk/LayoutTests/platform/ios-simulator/TestExpectations
r199553 r199612 90 90 http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-01.html 91 91 http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-02.html 92 http/tests/security/contentSecurityPolicy/embed-redirect-blocked2.html 93 http/tests/security/contentSecurityPolicy/embed-redirect-blocked3.html 92 94 http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-default-src-star.html 93 95 http/tests/security/contentSecurityPolicy/embed-with-no-url-allowed-by-star.html 96 http/tests/security/contentSecurityPolicy/object-redirect-blocked2.html 97 http/tests/security/contentSecurityPolicy/object-redirect-blocked3.html 94 98 http/tests/security/contentSecurityPolicy/object-src-param-code-blocked.html 95 99 http/tests/security/contentSecurityPolicy/object-src-param-movie-blocked.html -
trunk/LayoutTests/platform/wk2/TestExpectations
r198575 r199612 42 42 ######################################## 43 43 ### START OF (1) Classified failures with bug reports 44 45 webkit.org/b/156612 http/tests/security/contentSecurityPolicy/embed-redirect-blocked3.html [ Failure ] 46 webkit.org/b/156612 http/tests/security/contentSecurityPolicy/object-redirect-blocked3.html [ Failure ] 44 47 45 48 # WebKitTestRunner needs to implement testRunner.dumpIconChanges(). -
trunk/Source/WebCore/ChangeLog
r199611 r199612 1 2016-04-15 Daniel Bates <dabates@apple.com> 2 3 CSP: Ignore paths in CSP matching after redirects 4 https://bugs.webkit.org/show_bug.cgi?id=153154 5 <rdar://problem/24383215> 6 7 Reviewed by Brent Fulgham. 8 9 For sub-resources that redirect, match the URL that is the result of the redirect against 10 the source expressions in Content Security Policy ignoring any paths in those source 11 expressions as per section Paths and Redirects of the Content Security Policy Level 2 spec., 12 <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015). 13 14 Tests: http/tests/security/contentSecurityPolicy/audio-redirect-allowed2.html 15 http/tests/security/contentSecurityPolicy/embed-redirect-allowed.html 16 http/tests/security/contentSecurityPolicy/embed-redirect-allowed2.html 17 http/tests/security/contentSecurityPolicy/embed-redirect-blocked.html 18 http/tests/security/contentSecurityPolicy/embed-redirect-blocked2.html 19 http/tests/security/contentSecurityPolicy/embed-redirect-blocked3.html 20 http/tests/security/contentSecurityPolicy/font-redirect-allowed2.html 21 http/tests/security/contentSecurityPolicy/form-action-src-redirect-allowed.html 22 http/tests/security/contentSecurityPolicy/form-action-src-redirect-allowed2.html 23 http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src.html 24 http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src2.html 25 http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src.html 26 http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src2.html 27 http/tests/security/contentSecurityPolicy/iframe-redirect-blocked-by-child-src.html 28 http/tests/security/contentSecurityPolicy/iframe-redirect-blocked-by-frame-src.html 29 http/tests/security/contentSecurityPolicy/image-redirect-allowed2.html 30 http/tests/security/contentSecurityPolicy/object-redirect-allowed.html 31 http/tests/security/contentSecurityPolicy/object-redirect-allowed2.html 32 http/tests/security/contentSecurityPolicy/object-redirect-blocked.html 33 http/tests/security/contentSecurityPolicy/object-redirect-blocked2.html 34 http/tests/security/contentSecurityPolicy/object-redirect-blocked3.html 35 http/tests/security/contentSecurityPolicy/script-redirect-allowed2.html 36 http/tests/security/contentSecurityPolicy/stylesheet-redirect-allowed2.html 37 http/tests/security/contentSecurityPolicy/svg-font-redirect-allowed2.html 38 http/tests/security/contentSecurityPolicy/svg-image-redirect-allowed2.html 39 http/tests/security/contentSecurityPolicy/track-redirect-allowed2.html 40 http/tests/security/contentSecurityPolicy/video-redirect-allowed2.html 41 http/tests/security/contentSecurityPolicy/xsl-redirect-allowed2.html 42 43 * loader/DocumentLoader.cpp: 44 (WebCore::DocumentLoader::willSendRequest): Define a local variable didReceiveRedirectResponse as 45 to whether this request follows from having received a redirect response from the server. Pass this 46 information to FrameLoader::checkIfFormActionAllowedByCSP() and PolicyChecker::checkNavigationPolicy() 47 for its consideration. 48 * loader/DocumentThreadableLoader.cpp: 49 (WebCore::DocumentThreadableLoader::redirectReceived): Pass whether we have a non-null redirect 50 response (i.e. received a redirect response from the server) to DocumentThreadableLoader::isAllowedByContentSecurityPolicy() 51 for its consideration. 52 (WebCore::DocumentThreadableLoader::loadRequest): Pass whether we performed a redirect to 53 DocumentThreadableLoader::isAllowedByContentSecurityPolicy() for its consideration. 54 (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Modified to take a boolean 55 argument as to whether a redirect was performed. We pass this information to the appropriate 56 ContentSecurityPolicy method. 57 * loader/DocumentThreadableLoader.h: 58 * loader/FrameLoader.cpp: 59 (WebCore::FrameLoader::checkIfFormActionAllowedByCSP): Modified to take a boolean argument as to whether 60 a redirect response was received and passes this information to ContentSecurityPolicy::allowFormAction() 61 for its consideration. 62 (WebCore::FrameLoader::loadURL): Modified to tell PolicyChecker::checkNavigationPolicy() that the navigation 63 is not in response to having received a redirect response from the server. 64 (WebCore::FrameLoader::loadWithDocumentLoader): Ditto. 65 * loader/FrameLoader.h: 66 * loader/PolicyChecker.cpp: 67 (WebCore::isAllowedByContentSecurityPolicy): Modified to take a boolean argument as to whether 68 a redirect response was received and passes this information to the appropriate ContentSecurityPolicy member 69 function for consideration. 70 (WebCore::PolicyChecker::checkNavigationPolicy): Modified to take a boolean argument as to whether a redirect 71 response was received and passes this information through to WebCore::isAllowedByContentSecurityPolicy(). 72 * loader/PolicyChecker.h: 73 * loader/SubresourceLoader.cpp: 74 (WebCore::SubresourceLoader::willSendRequestInternal): Modified to tell CachedResourceLoader::canRequest() that 75 the request is in response to having received a redirect response from the server. 76 * loader/cache/CachedResourceLoader.cpp: 77 (WebCore::CachedResourceLoader::canRequest): Modified to take a boolean argument as to whether a redirect 78 response was received and passes this information through to the appropriate ContentSecurityPolicy member 79 function for consideration. 80 * loader/cache/CachedResourceLoader.h: 81 * page/csp/ContentSecurityPolicy.cpp: 82 (WebCore::ContentSecurityPolicy::allowScriptFromSource): Modified to take an argument as to whether a 83 redirect response was received and passes this information through to ContentSecurityPolicyDirectiveList. 84 (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto. 85 (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto. 86 (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto. 87 (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto. 88 (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto. 89 (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto. 90 (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto. 91 (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto. 92 (WebCore::ContentSecurityPolicy::allowFormAction): Ditto. 93 * page/csp/ContentSecurityPolicy.h: 94 * page/csp/ContentSecurityPolicyDirectiveList.cpp: 95 (WebCore::checkSource): 96 (WebCore::checkFrameAncestors): 97 (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForChildContext): Modified to take an argument 98 as to whether a redirect response was received and passes this information through to the CSP directive. 99 (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForConnectSource): Ditto. 100 (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFont): Ditto. 101 (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction): Ditto. 102 (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFrame): Ditto. 103 (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForImage): Ditto. 104 (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForMedia): Ditto. 105 (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForObjectSource): Ditto. 106 (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForScript): Ditto. 107 (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle): Ditto. 108 * page/csp/ContentSecurityPolicyDirectiveList.h: 109 * page/csp/ContentSecurityPolicySource.cpp: 110 (WebCore::ContentSecurityPolicySource::matches): Modified to take an argument as to whether a redirect response 111 was received. When the specified URL follows from having received a redirect response then ignore the path 112 component of the source expression when checking for a match. Otherwise, consider the path component of the 113 source expression when performing the match. 114 * page/csp/ContentSecurityPolicySource.h: 115 * page/csp/ContentSecurityPolicySourceList.cpp: 116 (WebCore::ContentSecurityPolicySourceList::matches): Modified to take an argument as to whether a redirect 117 response was received and pass this information through to ContentSecurityPolicySource::matches(). 118 * page/csp/ContentSecurityPolicySourceList.h: 119 * page/csp/ContentSecurityPolicySourceListDirective.cpp: 120 (WebCore::ContentSecurityPolicySourceListDirective::allows): Modified to take an argument as to whether a 121 redirect response was received and pass this information through to ContentSecurityPolicySourceList::matches(). 122 * page/csp/ContentSecurityPolicySourceListDirective.h: 123 1 124 2016-04-15 Myles C. Maxfield <mmaxfield@apple.com> 2 125 -
trunk/Source/WebCore/loader/DocumentLoader.cpp
r198956 r199612 504 504 ASSERT(!newRequest.isNull()); 505 505 506 if (!frameLoader()->checkIfFormActionAllowedByCSP(newRequest.url())) { 506 bool didReceiveRedirectResponse = !redirectResponse.isNull(); 507 if (!frameLoader()->checkIfFormActionAllowedByCSP(newRequest.url(), didReceiveRedirectResponse)) { 507 508 cancelMainResourceLoad(frameLoader()->cancelledError(newRequest)); 508 509 return; … … 510 511 511 512 ASSERT(timing().fetchStart()); 512 if ( !redirectResponse.isNull()) {513 if (didReceiveRedirectResponse) { 513 514 // If the redirecting url is not allowed to display content from the target origin, 514 515 // then block the redirect. … … 562 563 setRequest(newRequest); 563 564 564 if ( !redirectResponse.isNull()) {565 if (didReceiveRedirectResponse) { 565 566 // We checked application cache for initial URL, now we need to check it for redirected one. 566 567 ASSERT(!m_substituteData.isValid()); … … 577 578 // listener tells us to. In practice that means the navigation policy needs to be decided 578 579 // synchronously for these redirect cases. 579 if ( redirectResponse.isNull())580 if (!didReceiveRedirectResponse) 580 581 return; 581 582 582 583 ASSERT(!m_waitingForNavigationPolicy); 583 584 m_waitingForNavigationPolicy = true; 584 frameLoader()->policyChecker().checkNavigationPolicy(newRequest, [this](const ResourceRequest& request, PassRefPtr<FormState>, bool shouldContinue) {585 frameLoader()->policyChecker().checkNavigationPolicy(newRequest, didReceiveRedirectResponse, [this](const ResourceRequest& request, PassRefPtr<FormState>, bool shouldContinue) { 585 586 continueAfterNavigationPolicy(request, shouldContinue); 586 587 }); -
trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp
r198395 r199612 192 192 193 193 Ref<DocumentThreadableLoader> protect(*this); 194 if (!isAllowedByContentSecurityPolicy(request.url() )) {194 if (!isAllowedByContentSecurityPolicy(request.url(), !redirectResponse.isNull())) { 195 195 m_client->didFailRedirectCheck(); 196 196 request = ResourceRequest(); … … 420 420 // request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was 421 421 // requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials. 422 if (requestURL != response.url() && (!isAllowedByContentSecurityPolicy(response.url()) || !isAllowedRedirect(response.url()))) { 422 bool didRedirect = requestURL != response.url(); 423 if (didRedirect && (!isAllowedByContentSecurityPolicy(response.url(), didRedirect) || !isAllowedRedirect(response.url()))) { 423 424 m_client->didFailRedirectCheck(); 424 425 return; … … 432 433 } 433 434 434 bool DocumentThreadableLoader::isAllowedByContentSecurityPolicy(const URL& url) 435 { 435 bool DocumentThreadableLoader::isAllowedByContentSecurityPolicy(const URL& url, bool didRedirect) 436 { 437 bool overrideContentSecurityPolicy = false; 438 ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived = didRedirect ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No; 439 436 440 switch (m_options.contentSecurityPolicyEnforcement) { 437 441 case ContentSecurityPolicyEnforcement::DoNotEnforce: 438 442 return true; 439 443 case ContentSecurityPolicyEnforcement::EnforceChildSrcDirective: 440 return contentSecurityPolicy().allowChildContextFromSource(url, false); // Do not override policy444 return contentSecurityPolicy().allowChildContextFromSource(url, overrideContentSecurityPolicy, redirectResponseReceived); 441 445 case ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective: 442 return contentSecurityPolicy().allowConnectToSource(url, false); // Do not override policy446 return contentSecurityPolicy().allowConnectToSource(url, overrideContentSecurityPolicy, redirectResponseReceived); 443 447 case ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective: 444 return contentSecurityPolicy().allowScriptFromSource(url, false); // Do not override policy448 return contentSecurityPolicy().allowScriptFromSource(url, overrideContentSecurityPolicy, redirectResponseReceived); 445 449 } 446 450 ASSERT_NOT_REACHED(); -
trunk/Source/WebCore/loader/DocumentThreadableLoader.h
r197566 r199612 95 95 void loadRequest(const ResourceRequest&, SecurityCheckPolicy); 96 96 bool isAllowedRedirect(const URL&); 97 bool isAllowedByContentSecurityPolicy(const URL& );97 bool isAllowedByContentSecurityPolicy(const URL&, bool didRedirect = false); 98 98 99 99 bool isXMLHttpRequest() const final; -
trunk/Source/WebCore/loader/FrameLoader.cpp
r199181 r199612 937 937 } 938 938 939 bool FrameLoader::checkIfFormActionAllowedByCSP(const URL& url ) const939 bool FrameLoader::checkIfFormActionAllowedByCSP(const URL& url, bool didReceiveRedirectResponse) const 940 940 { 941 941 if (m_submittedFormURL.isEmpty()) 942 942 return true; 943 943 944 return m_frame.document()->contentSecurityPolicy()->allowFormAction(url); 944 auto redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No; 945 return m_frame.document()->contentSecurityPolicy()->allowFormAction(url, false /* overrideContentSecurityPolicy */, redirectResponseReceived); 945 946 } 946 947 … … 1241 1242 policyChecker().stopCheck(); 1242 1243 policyChecker().setLoadType(newLoadType); 1243 policyChecker().checkNavigationPolicy(request, oldDocumentLoader.get(), formState.release(), [this](const ResourceRequest& request, PassRefPtr<FormState>, bool shouldContinue) {1244 policyChecker().checkNavigationPolicy(request, false /* didReceiveRedirectResponse */, oldDocumentLoader.get(), formState.release(), [this](const ResourceRequest& request, PassRefPtr<FormState>, bool shouldContinue) { 1244 1245 continueFragmentScrollAfterNavigationPolicy(request, shouldContinue); 1245 1246 }); … … 1431 1432 oldDocumentLoader->setLastCheckedRequest(ResourceRequest()); 1432 1433 policyChecker().stopCheck(); 1433 policyChecker().checkNavigationPolicy(loader->request(), oldDocumentLoader.get(), formState, [this](const ResourceRequest& request, PassRefPtr<FormState>, bool shouldContinue) {1434 policyChecker().checkNavigationPolicy(loader->request(), false /* didReceiveRedirectResponse */, oldDocumentLoader.get(), formState, [this](const ResourceRequest& request, PassRefPtr<FormState>, bool shouldContinue) { 1434 1435 continueFragmentScrollAfterNavigationPolicy(request, shouldContinue); 1435 1436 }); … … 1458 1459 } 1459 1460 1460 policyChecker().checkNavigationPolicy(loader->request(), loader, formState, [this, allowNavigationToInvalidURL](const ResourceRequest& request, PassRefPtr<FormState> formState, bool shouldContinue) {1461 policyChecker().checkNavigationPolicy(loader->request(), false /* didReceiveRedirectResponse */, loader, formState, [this, allowNavigationToInvalidURL](const ResourceRequest& request, PassRefPtr<FormState> formState, bool shouldContinue) { 1461 1462 continueLoadAfterNavigationPolicy(request, formState, shouldContinue, allowNavigationToInvalidURL); 1462 1463 }); -
trunk/Source/WebCore/loader/FrameLoader.h
r198893 r199612 227 227 SandboxFlags effectiveSandboxFlags() const; 228 228 229 bool checkIfFormActionAllowedByCSP(const URL& ) const;229 bool checkIfFormActionAllowedByCSP(const URL&, bool didReceiveRedirectResponse) const; 230 230 231 231 Frame* opener(); -
trunk/Source/WebCore/loader/PolicyChecker.cpp
r199527 r199612 50 50 namespace WebCore { 51 51 52 static bool isAllowedByContentSecurityPolicy(const URL& url, const Element* ownerElement )52 static bool isAllowedByContentSecurityPolicy(const URL& url, const Element* ownerElement, bool didReceiveRedirectResponse) 53 53 { 54 54 if (!ownerElement) 55 55 return true; 56 auto redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No; 56 57 if (is<HTMLPlugInElement>(ownerElement)) 57 return ownerElement->document().contentSecurityPolicy()->allowObjectFromSource(url, ownerElement->isInUserAgentShadowTree() );58 return ownerElement->document().contentSecurityPolicy()->allowChildFrameFromSource(url, ownerElement->isInUserAgentShadowTree() );58 return ownerElement->document().contentSecurityPolicy()->allowObjectFromSource(url, ownerElement->isInUserAgentShadowTree(), redirectResponseReceived); 59 return ownerElement->document().contentSecurityPolicy()->allowChildFrameFromSource(url, ownerElement->isInUserAgentShadowTree(), redirectResponseReceived); 59 60 } 60 61 … … 67 68 } 68 69 69 void PolicyChecker::checkNavigationPolicy(const ResourceRequest& newRequest, NavigationPolicyDecisionFunction function)70 { 71 checkNavigationPolicy(newRequest, m_frame.loader().activeDocumentLoader(), nullptr, WTFMove(function));72 } 73 74 void PolicyChecker::checkNavigationPolicy(const ResourceRequest& request, DocumentLoader* loader, PassRefPtr<FormState> formState, NavigationPolicyDecisionFunction function)70 void PolicyChecker::checkNavigationPolicy(const ResourceRequest& newRequest, bool didReceiveRedirectResponse, NavigationPolicyDecisionFunction function) 71 { 72 checkNavigationPolicy(newRequest, didReceiveRedirectResponse, m_frame.loader().activeDocumentLoader(), nullptr, WTFMove(function)); 73 } 74 75 void PolicyChecker::checkNavigationPolicy(const ResourceRequest& request, bool didReceiveRedirectResponse, DocumentLoader* loader, PassRefPtr<FormState> formState, NavigationPolicyDecisionFunction function) 75 76 { 76 77 NavigationAction action = loader->triggeringAction(); … … 97 98 } 98 99 99 if (!isAllowedByContentSecurityPolicy(request.url(), m_frame.ownerElement() )) {100 if (!isAllowedByContentSecurityPolicy(request.url(), m_frame.ownerElement(), didReceiveRedirectResponse)) { 100 101 function(request, 0, false); 101 102 return; -
trunk/Source/WebCore/loader/PolicyChecker.h
r198893 r199612 56 56 explicit PolicyChecker(Frame&); 57 57 58 void checkNavigationPolicy(const ResourceRequest&, DocumentLoader*, PassRefPtr<FormState>, NavigationPolicyDecisionFunction);59 void checkNavigationPolicy(const ResourceRequest&, NavigationPolicyDecisionFunction);58 void checkNavigationPolicy(const ResourceRequest&, bool didReceiveRedirectResponse, DocumentLoader*, PassRefPtr<FormState>, NavigationPolicyDecisionFunction); 59 void checkNavigationPolicy(const ResourceRequest&, bool didReceiveRedirectResponse, NavigationPolicyDecisionFunction); 60 60 void checkNewWindowPolicy(const NavigationAction&, const ResourceRequest&, PassRefPtr<FormState>, const String& frameName, NewWindowPolicyDecisionFunction); 61 61 void checkContentPolicy(const ResourceResponse&, ContentPolicyDecisionFunction); -
trunk/Source/WebCore/loader/SubresourceLoader.cpp
r198395 r199612 186 186 m_frame->mainFrame().diagnosticLoggingClient().logDiagnosticMessageWithResult(DiagnosticLoggingKeys::cachedResourceRevalidationKey(), emptyString(), DiagnosticLoggingResultFail, ShouldSample::Yes); 187 187 } 188 189 if (!m_documentLoader->cachedResourceLoader().canRequest(m_resource->type(), newRequest.url(), options() )) {188 189 if (!m_documentLoader->cachedResourceLoader().canRequest(m_resource->type(), newRequest.url(), options(), false /* forPreload */, true /* didReceiveRedirectResponse */)) { 190 190 cancel(); 191 191 return; -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r198542 r199612 374 374 } 375 375 376 bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options, bool forPreload )376 bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options, bool forPreload, bool didReceiveRedirectResponse) 377 377 { 378 378 if (document() && !document()->securityOrigin()->canDisplay(url)) { … … 384 384 385 385 bool skipContentSecurityPolicyCheck = options.contentSecurityPolicyImposition() == ContentSecurityPolicyImposition::SkipPolicyCheck; 386 ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No; 386 387 387 388 // Some types of resources can be loaded only from the same origin. Other … … 425 426 #if ENABLE(XSLT) 426 427 case CachedResource::XSLStyleSheet: 427 if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, skipContentSecurityPolicyCheck ))428 if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, skipContentSecurityPolicyCheck, redirectResponseReceived)) 428 429 return false; 429 430 break; 430 431 #endif 431 432 case CachedResource::Script: 432 if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, skipContentSecurityPolicyCheck ))433 if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, skipContentSecurityPolicyCheck, redirectResponseReceived)) 433 434 return false; 434 435 if (frame() && !frame()->settings().isScriptEnabled()) … … 436 437 break; 437 438 case CachedResource::CSSStyleSheet: 438 if (!m_document->contentSecurityPolicy()->allowStyleFromSource(url, skipContentSecurityPolicyCheck ))439 if (!m_document->contentSecurityPolicy()->allowStyleFromSource(url, skipContentSecurityPolicyCheck, redirectResponseReceived)) 439 440 return false; 440 441 break; 441 442 case CachedResource::SVGDocumentResource: 442 443 case CachedResource::ImageResource: 443 if (!m_document->contentSecurityPolicy()->allowImageFromSource(url, skipContentSecurityPolicyCheck ))444 if (!m_document->contentSecurityPolicy()->allowImageFromSource(url, skipContentSecurityPolicyCheck, redirectResponseReceived)) 444 445 return false; 445 446 break; … … 448 449 #endif 449 450 case CachedResource::FontResource: { 450 if (!m_document->contentSecurityPolicy()->allowFontFromSource(url, skipContentSecurityPolicyCheck ))451 if (!m_document->contentSecurityPolicy()->allowFontFromSource(url, skipContentSecurityPolicyCheck, redirectResponseReceived)) 451 452 return false; 452 453 break; … … 463 464 case CachedResource::TextTrackResource: 464 465 #endif 465 if (!m_document->contentSecurityPolicy()->allowMediaFromSource(url, skipContentSecurityPolicyCheck ))466 if (!m_document->contentSecurityPolicy()->allowMediaFromSource(url, skipContentSecurityPolicyCheck, redirectResponseReceived)) 466 467 return false; 467 468 break; -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.h
r198292 r199612 132 132 void checkForPendingPreloads(); 133 133 void printPreloadStats(); 134 bool canRequest(CachedResource::Type, const URL&, const ResourceLoaderOptions&, bool forPreload = false); 134 135 bool canRequest(CachedResource::Type, const URL&, const ResourceLoaderOptions&, bool forPreload = false, bool didReceiveRedirectResponse = false); 135 136 136 137 static const ResourceLoaderOptions& defaultCachedResourceOptions(); -
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
r199525 r199612 366 366 } 367 367 368 bool ContentSecurityPolicy::allowScriptFromSource(const URL& url, bool overrideContentSecurityPolicy ) const369 { 370 if (overrideContentSecurityPolicy) 371 return true; 372 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 373 return true; 374 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForScript, url );368 bool ContentSecurityPolicy::allowScriptFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 369 { 370 if (overrideContentSecurityPolicy) 371 return true; 372 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 373 return true; 374 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForScript, url, redirectResponseReceived == RedirectResponseReceived::Yes); 375 375 if (!violatedDirective) 376 376 return true; … … 380 380 } 381 381 382 bool ContentSecurityPolicy::allowObjectFromSource(const URL& url, bool overrideContentSecurityPolicy ) const382 bool ContentSecurityPolicy::allowObjectFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 383 383 { 384 384 if (overrideContentSecurityPolicy) … … 389 389 // "If plugin content is loaded without an associated URL (perhaps an object element lacks a data attribute, but loads some default plugin based 390 390 // on the specified type), it MUST be blocked if object-src's value is 'none', but will otherwise be allowed". 391 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForObjectSource, url, ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone::Yes);391 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForObjectSource, url, redirectResponseReceived == RedirectResponseReceived::Yes, ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone::Yes); 392 392 if (!violatedDirective) 393 393 return true; … … 397 397 } 398 398 399 bool ContentSecurityPolicy::allowChildFrameFromSource(const URL& url, bool overrideContentSecurityPolicy ) const400 { 401 if (overrideContentSecurityPolicy) 402 return true; 403 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 404 return true; 405 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForFrame, url );399 bool ContentSecurityPolicy::allowChildFrameFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 400 { 401 if (overrideContentSecurityPolicy) 402 return true; 403 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 404 return true; 405 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForFrame, url, redirectResponseReceived == RedirectResponseReceived::Yes); 406 406 if (!violatedDirective) 407 407 return true; … … 412 412 } 413 413 414 bool ContentSecurityPolicy::allowChildContextFromSource(const URL& url, bool overrideContentSecurityPolicy ) const415 { 416 if (overrideContentSecurityPolicy) 417 return true; 418 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 419 return true; 420 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForChildContext, url );414 bool ContentSecurityPolicy::allowChildContextFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 415 { 416 if (overrideContentSecurityPolicy) 417 return true; 418 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 419 return true; 420 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForChildContext, url, redirectResponseReceived == RedirectResponseReceived::Yes); 421 421 if (!violatedDirective) 422 422 return true; … … 426 426 } 427 427 428 bool ContentSecurityPolicy::allowImageFromSource(const URL& url, bool overrideContentSecurityPolicy ) const429 { 430 if (overrideContentSecurityPolicy) 431 return true; 432 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 433 return true; 434 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForImage, url );428 bool ContentSecurityPolicy::allowImageFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 429 { 430 if (overrideContentSecurityPolicy) 431 return true; 432 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 433 return true; 434 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForImage, url, redirectResponseReceived == RedirectResponseReceived::Yes); 435 435 if (!violatedDirective) 436 436 return true; … … 440 440 } 441 441 442 bool ContentSecurityPolicy::allowStyleFromSource(const URL& url, bool overrideContentSecurityPolicy ) const443 { 444 if (overrideContentSecurityPolicy) 445 return true; 446 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 447 return true; 448 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle, url );442 bool ContentSecurityPolicy::allowStyleFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 443 { 444 if (overrideContentSecurityPolicy) 445 return true; 446 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 447 return true; 448 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle, url, redirectResponseReceived == RedirectResponseReceived::Yes); 449 449 if (!violatedDirective) 450 450 return true; … … 454 454 } 455 455 456 bool ContentSecurityPolicy::allowFontFromSource(const URL& url, bool overrideContentSecurityPolicy ) const457 { 458 if (overrideContentSecurityPolicy) 459 return true; 460 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 461 return true; 462 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForFont, url );456 bool ContentSecurityPolicy::allowFontFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 457 { 458 if (overrideContentSecurityPolicy) 459 return true; 460 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 461 return true; 462 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForFont, url, redirectResponseReceived == RedirectResponseReceived::Yes); 463 463 if (!violatedDirective) 464 464 return true; … … 468 468 } 469 469 470 bool ContentSecurityPolicy::allowMediaFromSource(const URL& url, bool overrideContentSecurityPolicy ) const471 { 472 if (overrideContentSecurityPolicy) 473 return true; 474 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 475 return true; 476 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForMedia, url );470 bool ContentSecurityPolicy::allowMediaFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 471 { 472 if (overrideContentSecurityPolicy) 473 return true; 474 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 475 return true; 476 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForMedia, url, redirectResponseReceived == RedirectResponseReceived::Yes); 477 477 if (!violatedDirective) 478 478 return true; … … 482 482 } 483 483 484 bool ContentSecurityPolicy::allowConnectToSource(const URL& url, bool overrideContentSecurityPolicy ) const485 { 486 if (overrideContentSecurityPolicy) 487 return true; 488 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 489 return true; 490 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForConnectSource, url );484 bool ContentSecurityPolicy::allowConnectToSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 485 { 486 if (overrideContentSecurityPolicy) 487 return true; 488 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 489 return true; 490 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForConnectSource, url, redirectResponseReceived == RedirectResponseReceived::Yes); 491 491 if (!violatedDirective) 492 492 return true; … … 496 496 } 497 497 498 bool ContentSecurityPolicy::allowFormAction(const URL& url, bool overrideContentSecurityPolicy ) const499 { 500 if (overrideContentSecurityPolicy) 501 return true; 502 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 503 return true; 504 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction, url );498 bool ContentSecurityPolicy::allowFormAction(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 499 { 500 if (overrideContentSecurityPolicy) 501 return true; 502 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 503 return true; 504 const ContentSecurityPolicyDirective* violatedDirective = violatedDirectiveInAnyPolicy(&ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction, url, redirectResponseReceived == RedirectResponseReceived::Yes); 505 505 if (!violatedDirective) 506 506 return true; -
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h
r199525 r199612 76 76 void processHTTPEquiv(const String& content, ContentSecurityPolicyHeaderType type) { didReceiveHeader(content, type, ContentSecurityPolicy::PolicyFrom::HTTPEquivMeta); } 77 77 78 bool allowScriptWithNonce(const String& nonce, bool overrideContentSecurityPolicy = false) const; 79 bool allowStyleWithNonce(const String& nonce, bool overrideContentSecurityPolicy = false) const; 80 78 81 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false) const; 79 82 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false) const; 80 bool allowScriptWithNonce(const String& nonce, bool overrideContentSecurityPolicy = false) const;81 83 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, const String& scriptContent, bool overrideContentSecurityPolicy = false) const; 82 bool allowStyleWithNonce(const String& nonce, bool overrideContentSecurityPolicy = false) const;83 84 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, const String& styleContent, bool overrideContentSecurityPolicy = false) const; 85 84 86 bool allowEval(JSC::ExecState*, bool overrideContentSecurityPolicy = false) const; 87 85 88 bool allowPluginType(const String& type, const String& typeAttribute, const URL&, bool overrideContentSecurityPolicy = false) const; 86 bool allowScriptFromSource(const URL&, bool overrideContentSecurityPolicy = false) const; 87 bool allowObjectFromSource(const URL&, bool overrideContentSecurityPolicy = false) const; 88 bool allowChildFrameFromSource(const URL&, bool overrideContentSecurityPolicy = false) const; 89 bool allowChildContextFromSource(const URL&, bool overrideContentSecurityPolicy = false) const; 90 bool allowImageFromSource(const URL&, bool overrideContentSecurityPolicy = false) const; 91 bool allowStyleFromSource(const URL&, bool overrideContentSecurityPolicy = false) const; 92 bool allowFontFromSource(const URL&, bool overrideContentSecurityPolicy = false) const; 93 bool allowMediaFromSource(const URL&, bool overrideContentSecurityPolicy = false) const; 94 bool allowConnectToSource(const URL&, bool overrideContentSecurityPolicy = false) const; 95 bool allowFormAction(const URL&, bool overrideContentSecurityPolicy = false) const; 89 90 bool allowFrameAncestors(const Frame&, const URL&, bool overrideContentSecurityPolicy = false) const; 91 92 enum class RedirectResponseReceived { No, Yes }; 93 bool allowScriptFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 94 bool allowChildFrameFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 95 bool allowChildContextFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 96 bool allowImageFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 97 bool allowStyleFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 98 bool allowFontFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 99 bool allowMediaFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 100 bool allowConnectToSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 101 bool allowFormAction(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 102 103 bool allowObjectFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 96 104 bool allowBaseURI(const URL&, bool overrideContentSecurityPolicy = false) const; 97 bool allowFrameAncestors(const Frame&, const URL&, bool overrideContentSecurityPolicy = false) const;98 105 99 106 void setOverrideAllowInlineStyle(bool); -
trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
r199525 r199612 62 62 } 63 63 64 static inline bool checkSource(ContentSecurityPolicySourceListDirective* directive, const URL& url, ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone shouldAllowEmptyURLIfSourceListEmpty = ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone::No)65 { 66 return !directive || directive->allows(url, shouldAllowEmptyURLIfSourceListEmpty);64 static inline bool checkSource(ContentSecurityPolicySourceListDirective* directive, const URL& url, bool didReceiveRedirectResponse = false, ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone shouldAllowEmptyURLIfSourceListEmpty = ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone::No) 65 { 66 return !directive || directive->allows(url, didReceiveRedirectResponse, shouldAllowEmptyURLIfSourceListEmpty); 67 67 } 68 68 … … 81 81 if (!directive) 82 82 return true; 83 bool didReceiveRedirectResponse = false; 83 84 for (Frame* current = frame.tree().parent(); current; current = current->tree().parent()) { 84 if (!directive->allows(current->document()->url(), ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone::No))85 if (!directive->allows(current->document()->url(), didReceiveRedirectResponse, ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone::No)) 85 86 return false; 86 87 } … … 190 191 } 191 192 192 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForChildContext(const URL& url ) const193 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForChildContext(const URL& url, bool didReceiveRedirectResponse) const 193 194 { 194 195 ContentSecurityPolicySourceListDirective* operativeDirective = this->operativeDirective(m_childSrc.get()); 195 if (checkSource(operativeDirective, url ))196 return nullptr; 197 return operativeDirective; 198 } 199 200 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForConnectSource(const URL& url ) const196 if (checkSource(operativeDirective, url, didReceiveRedirectResponse)) 197 return nullptr; 198 return operativeDirective; 199 } 200 201 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForConnectSource(const URL& url, bool didReceiveRedirectResponse) const 201 202 { 202 203 ContentSecurityPolicySourceListDirective* operativeDirective = this->operativeDirective(m_connectSrc.get()); 203 if (checkSource(operativeDirective, url ))204 return nullptr; 205 return operativeDirective; 206 } 207 208 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForFont(const URL& url ) const204 if (checkSource(operativeDirective, url, didReceiveRedirectResponse)) 205 return nullptr; 206 return operativeDirective; 207 } 208 209 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForFont(const URL& url, bool didReceiveRedirectResponse) const 209 210 { 210 211 ContentSecurityPolicySourceListDirective* operativeDirective = this->operativeDirective(m_fontSrc.get()); 211 if (checkSource(operativeDirective, url ))212 return nullptr; 213 return operativeDirective; 214 } 215 216 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction(const URL& url ) const217 { 218 if (checkSource(m_formAction.get(), url ))212 if (checkSource(operativeDirective, url, didReceiveRedirectResponse)) 213 return nullptr; 214 return operativeDirective; 215 } 216 217 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction(const URL& url, bool didReceiveRedirectResponse) const 218 { 219 if (checkSource(m_formAction.get(), url, didReceiveRedirectResponse)) 219 220 return nullptr; 220 221 return m_formAction.get(); 221 222 } 222 223 223 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForFrame(const URL& url ) const224 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForFrame(const URL& url, bool didReceiveRedirectResponse) const 224 225 { 225 226 if (url.isBlankURL()) … … 229 230 // context by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested> (29 August 2015). 230 231 ContentSecurityPolicySourceListDirective* operativeDirective = this->operativeDirective(m_frameSrc ? m_frameSrc.get() : m_childSrc.get()); 231 if (checkSource(operativeDirective, url ))232 if (checkSource(operativeDirective, url, didReceiveRedirectResponse)) 232 233 return nullptr; 233 234 return operativeDirective; … … 241 242 } 242 243 243 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForImage(const URL& url ) const244 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForImage(const URL& url, bool didReceiveRedirectResponse) const 244 245 { 245 246 ContentSecurityPolicySourceListDirective* operativeDirective = this->operativeDirective(m_imgSrc.get()); 246 if (checkSource(operativeDirective, url ))247 return nullptr; 248 return operativeDirective; 249 } 250 251 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForMedia(const URL& url ) const247 if (checkSource(operativeDirective, url, didReceiveRedirectResponse)) 248 return nullptr; 249 return operativeDirective; 250 } 251 252 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForMedia(const URL& url, bool didReceiveRedirectResponse) const 252 253 { 253 254 ContentSecurityPolicySourceListDirective* operativeDirective = this->operativeDirective(m_mediaSrc.get()); 254 if (checkSource(operativeDirective, url ))255 return nullptr; 256 return operativeDirective; 257 } 258 259 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForObjectSource(const URL& url, ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone shouldAllowEmptyURLIfSourceListEmpty) const255 if (checkSource(operativeDirective, url, didReceiveRedirectResponse)) 256 return nullptr; 257 return operativeDirective; 258 } 259 260 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForObjectSource(const URL& url, bool didReceiveRedirectResponse, ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone shouldAllowEmptyURLIfSourceListEmpty) const 260 261 { 261 262 if (url.isBlankURL()) 262 263 return nullptr; 263 264 ContentSecurityPolicySourceListDirective* operativeDirective = this->operativeDirective(m_objectSrc.get()); 264 if (checkSource(operativeDirective, url, shouldAllowEmptyURLIfSourceListEmpty))265 if (checkSource(operativeDirective, url, didReceiveRedirectResponse, shouldAllowEmptyURLIfSourceListEmpty)) 265 266 return nullptr; 266 267 return operativeDirective; … … 274 275 } 275 276 276 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForScript(const URL& url ) const277 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForScript(const URL& url, bool didReceiveRedirectResponse) const 277 278 { 278 279 ContentSecurityPolicySourceListDirective* operativeDirective = this->operativeDirective(m_scriptSrc.get()); 279 if (checkSource(operativeDirective, url ))280 return nullptr; 281 return operativeDirective; 282 } 283 284 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle(const URL& url ) const280 if (checkSource(operativeDirective, url, didReceiveRedirectResponse)) 281 return nullptr; 282 return operativeDirective; 283 } 284 285 const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle(const URL& url, bool didReceiveRedirectResponse) const 285 286 { 286 287 ContentSecurityPolicySourceListDirective* operativeDirective = this->operativeDirective(m_styleSrc.get()); 287 if (checkSource(operativeDirective, url ))288 if (checkSource(operativeDirective, url, didReceiveRedirectResponse)) 288 289 return nullptr; 289 290 return operativeDirective; -
trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h
r199525 r199612 58 58 59 59 const ContentSecurityPolicyDirective* violatedDirectiveForBaseURI(const URL&) const; 60 const ContentSecurityPolicyDirective* violatedDirectiveForChildContext(const URL& ) const;61 const ContentSecurityPolicyDirective* violatedDirectiveForConnectSource(const URL& ) const;62 const ContentSecurityPolicyDirective* violatedDirectiveForFont(const URL& ) const;63 const ContentSecurityPolicyDirective* violatedDirectiveForFormAction(const URL& ) const;64 const ContentSecurityPolicyDirective* violatedDirectiveForFrame(const URL& ) const;60 const ContentSecurityPolicyDirective* violatedDirectiveForChildContext(const URL&, bool didReceiveRedirectResponse) const; 61 const ContentSecurityPolicyDirective* violatedDirectiveForConnectSource(const URL&, bool didReceiveRedirectResponse) const; 62 const ContentSecurityPolicyDirective* violatedDirectiveForFont(const URL&, bool didReceiveRedirectResponse) const; 63 const ContentSecurityPolicyDirective* violatedDirectiveForFormAction(const URL&, bool didReceiveRedirectResponse) const; 64 const ContentSecurityPolicyDirective* violatedDirectiveForFrame(const URL&, bool didReceiveRedirectResponse) const; 65 65 const ContentSecurityPolicyDirective* violatedDirectiveForFrameAncestor(const Frame&) const; 66 const ContentSecurityPolicyDirective* violatedDirectiveForImage(const URL& ) const;67 const ContentSecurityPolicyDirective* violatedDirectiveForMedia(const URL& ) const;68 const ContentSecurityPolicyDirective* violatedDirectiveForObjectSource(const URL&, ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone) const;66 const ContentSecurityPolicyDirective* violatedDirectiveForImage(const URL&, bool didReceiveRedirectResponse) const; 67 const ContentSecurityPolicyDirective* violatedDirectiveForMedia(const URL&, bool didReceiveRedirectResponse) const; 68 const ContentSecurityPolicyDirective* violatedDirectiveForObjectSource(const URL&, bool didReceiveRedirectResponse, ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone) const; 69 69 const ContentSecurityPolicyDirective* violatedDirectiveForPluginType(const String& type, const String& typeAttribute) const; 70 const ContentSecurityPolicyDirective* violatedDirectiveForScript(const URL& ) const;71 const ContentSecurityPolicyDirective* violatedDirectiveForStyle(const URL& ) const;70 const ContentSecurityPolicyDirective* violatedDirectiveForScript(const URL&, bool didReceiveRedirectResponse) const; 71 const ContentSecurityPolicyDirective* violatedDirectiveForStyle(const URL&, bool didReceiveRedirectResponse) const; 72 72 73 73 const ContentSecurityPolicyDirective* defaultSrc() const { return m_defaultSrc.get(); } -
trunk/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp
r196350 r199612 44 44 } 45 45 46 bool ContentSecurityPolicySource::matches(const URL& url ) const46 bool ContentSecurityPolicySource::matches(const URL& url, bool didReceiveRedirectResponse) const 47 47 { 48 48 if (!schemeMatches(url)) … … 50 50 if (isSchemeOnly()) 51 51 return true; 52 return hostMatches(url) && portMatches(url) && pathMatches(url);52 return hostMatches(url) && portMatches(url) && (didReceiveRedirectResponse || pathMatches(url)); 53 53 } 54 54 -
trunk/Source/WebCore/page/csp/ContentSecurityPolicySource.h
r196350 r199612 39 39 ContentSecurityPolicySource(const ContentSecurityPolicy&, const String& scheme, const String& host, int port, const String& path, bool hostHasWildcard, bool portHasWildcard); 40 40 41 bool matches(const URL& ) const;41 bool matches(const URL&, bool didReceiveRedirectResponse = false) const; 42 42 43 43 private: -
trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp
r199525 r199612 129 129 } 130 130 131 bool ContentSecurityPolicySourceList::matches(const URL& url )131 bool ContentSecurityPolicySourceList::matches(const URL& url, bool didReceiveRedirectResponse) 132 132 { 133 133 if (m_allowStar && isProtocolAllowedByStar(url)) … … 138 138 139 139 for (auto& entry : m_list) { 140 if (entry.matches(url ))140 if (entry.matches(url, didReceiveRedirectResponse)) 141 141 return true; 142 142 } -
trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceList.h
r198936 r199612 46 46 void parse(const String&); 47 47 48 bool matches(const URL& );48 bool matches(const URL&, bool didReceiveRedirectResponse); 49 49 bool matches(const ContentSecurityPolicyHash&) const; 50 50 bool matches(const String& nonce) const; -
trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceListDirective.cpp
r198936 r199612 41 41 } 42 42 43 bool ContentSecurityPolicySourceListDirective::allows(const URL& url, ShouldAllowEmptyURLIfSourceListIsNotNone shouldAllowEmptyURLIfSourceListEmpty)43 bool ContentSecurityPolicySourceListDirective::allows(const URL& url, bool didReceiveRedirectResponse, ShouldAllowEmptyURLIfSourceListIsNotNone shouldAllowEmptyURLIfSourceListEmpty) 44 44 { 45 45 if (url.isEmpty()) 46 46 return shouldAllowEmptyURLIfSourceListEmpty == ShouldAllowEmptyURLIfSourceListIsNotNone::Yes && !m_sourceList.isNone(); 47 return m_sourceList.matches(url );47 return m_sourceList.matches(url, didReceiveRedirectResponse); 48 48 } 49 49 -
trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceListDirective.h
r198936 r199612 40 40 41 41 enum class ShouldAllowEmptyURLIfSourceListIsNotNone { No, Yes }; 42 bool allows(const URL&, ShouldAllowEmptyURLIfSourceListIsNotNone);42 bool allows(const URL&, bool didReceiveRedirectResponse, ShouldAllowEmptyURLIfSourceListIsNotNone); 43 43 bool allows(const ContentSecurityPolicyHash&) const; 44 44 bool allows(const String& nonce) const;
Note: See TracChangeset
for help on using the changeset viewer.