Changeset 201679 in webkit
- Timestamp:
- Jun 4, 2016 12:20:17 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 64 added
- 22 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r201677 r201679 1 2016-06-04 Brent Fulgham <bfulgham@apple.com> 2 3 CSP: Content Security Policy directive, upgrade-insecure-requests (UIR) 4 https://bugs.webkit.org/show_bug.cgi?id=143653 5 <rdar://problem/23032067> 6 7 Reviewed by Andy Estes. 8 9 Some of these tests are based on a set of Blink patches by Mike West <mkwst@chromium.org>. 10 <https://src.chromium.org/viewvc/blink?revision=192607&view=revision>, 11 <https://codereview.chromium.org/1178093002>, <https://codereview.chromium.org/1964303003> 12 13 The rest of them are based on our own mixedContent tests, revised for upgraded requests. 14 15 Note that WebSockets are not part of this testing at present due to https://bugs.webkit.org/show_bug.cgi?id=157884. 16 17 * http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure.php: Added. 18 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests: Added. 19 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-cors.https-expected.txt: Added. 20 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-cors.https.html: Added. 21 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https-expected.txt: Added. 22 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https.html: Added. 23 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/form-upgrade-expected.txt: Added. 24 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/form-upgrade.html: Added. 25 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-auxiliary-expected.txt: Added. 26 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-auxiliary.html: Added. 27 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-nested-expected.txt: Added. 28 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-nested.html: Added. 29 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-subresource-expected.txt: Added. 30 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-subresource.html: Added. 31 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-top-level-expected.txt: Added. 32 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-top-level.html: Added. 33 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt: Added. 34 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https.html: Added. 35 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt: Added. 36 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades.html: Added. 37 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-open-window-upgrades-expected.txt: Added. 38 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-open-window-upgrades.html: Added. 39 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources: Added. 40 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/basic-upgrade-cors.https.html: Added. 41 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/check-https-header.pl: Added. 42 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/echo-https-header.pl: Added. 43 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-insecure-audio-video.html: Added. 44 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-insecure-css.html: Added. 45 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-insecure-image.html: Added. 46 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-redirect-http-to-https-script.html: Added. 47 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-redirect-https-to-http-script.html: Added. 48 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/insecure-xhr-in-main-frame-window.html: Added. 49 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/mixed-content-with-upgrade.html: Added. 50 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/post-https-header.pl: Added. 51 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-audio-video-in-main-frame-expected.txt: Added. 52 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-audio-video-in-main-frame.html: Added. 53 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe-expected.txt: Added. 54 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe.html: Added. 55 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-image-in-main-frame-expected.txt: Added. 56 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-image-in-main-frame.html: Added. 57 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-xhr-in-main-frame-expected.txt: Added. 58 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-xhr-in-main-frame.html: Added. 59 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe-expected.txt: Added. 60 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe.html: Added. 61 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt: Added. 62 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html: Added. 63 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrades-mixed-content-expected.txt: Added. 64 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrades-mixed-content.html: Added. 65 * http/tests/security/resources/post-origin-to-parent.html: Added. 66 * http/tests/ssl/iframe-upgrade.https-expected.txt: Added. 67 * http/tests/ssl/iframe-upgrade.https.html: Added. 68 * http/tests/ssl/upgrade-origin-usage-expected.txt: Added. 69 * http/tests/ssl/upgrade-origin-usage.html: Added. 70 * http/tests/ssl/resources/origin-usage-iframe-1.html: Added. 71 * http/tests/ssl/resources/origin-usage-iframe-1.manifest: Added. 72 * http/tests/ssl/resources/origin-usage-iframe-2.html: Added. 73 * http/tests/ssl/resources/origin-usage-iframe-2.manifest: Added. 74 * http/tests/websocket/tests/hybi/upgrade-simple-ws-expected.txt: Added. 75 * http/tests/websocket/tests/hybi/upgrade-simple-ws.html: Added. 76 * TestExpectations: Skip http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-simple-ws.html since the 77 WebSocket server does not currently support wss sockets. 78 1 79 2016-06-03 Myles C. Maxfield <mmaxfield@apple.com> 2 80 -
trunk/LayoutTests/platform/mac/TestExpectations
r201549 r201679 1348 1348 1349 1349 webkit.org/b/158101 imported/blink/http/tests/plugins/get-url-notify-on-removal.html [ Pass Timeout ] 1350 1351 webkit.org/b/143653 [ Yosemite ] http/tests/websocket/tests/hybi/upgrade-simple-ws.html [ Skip ] # Timeout -
trunk/Source/WebCore/ChangeLog
r201677 r201679 1 2016-06-04 Brent Fulgham <bfulgham@apple.com> 2 3 CSP: Content Security Policy directive, upgrade-insecure-requests (UIR) 4 https://bugs.webkit.org/show_bug.cgi?id=143653 5 <rdar://problem/23032067> 6 7 Reviewed by Andy Estes. 8 9 Modify our loading logic so that we recognize and upgrade insecure requests to secure 10 requests if the Content Security Policy directive 'upgrade-insecure-requests' is 11 present. 12 13 Add a static helper function to ContentSecurityPolicy to upgrade insecure URLs so 14 that we don't have to sprinkle the same code all over the loader system. 15 16 Tests: http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure.php 17 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-cors.https.html 18 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https.html 19 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/form-upgrade.html 20 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-auxiliary.html 21 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-nested.html 22 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-subresource.html 23 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-top-level.html 24 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https.html 25 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades.html 26 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-open-window-upgrades.html 27 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-audio-video-in-main-frame.html 28 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe.html 29 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-image-in-main-frame.html 30 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-simple-ws.html 31 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-xhr-in-main-frame.html 32 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe.html 33 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html 34 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrades-mixed-content.html 35 http/tests/ssl/iframe-upgrade.https.html 36 http/tests/ssl/upgrade-origin-usage.html 37 http/tests/websocket/tests/hybi/upgrade-simple-ws.html 38 39 * Modules/websockets/WebSocket.cpp: 40 (WebCore::WebSocket::connect): Upgrade insecure requests if the CSP 41 indicates we should. 42 * dom/Document.cpp: 43 (WebCore::Document::initSecurityContext): Populate new document CSP with sets of upgrade host and port combinations. 44 * dom/ScriptElement.cpp: 45 (WebCore::ScriptElement::requestScript): Upgrade insecure requests if 46 the CSP indicates we should. 47 * html/HTMLMediaElement.cpp: 48 (WebCore::HTMLMediaElement::loadResource): Ditto. 49 * loader/DocumentWriter.cpp: 50 (WebCore::DocumentWriter::begin): Ditto. 51 * loader/FormSubmission.cpp: 52 (WebCore::FormSubmission::create): Ditto. 53 (WebCore::FormSubmission::populateFrameLoadRequest): Add "Upgrade-Insecure-Requests" 54 header to frame load requests. 55 * loader/FrameLoader.cpp: 56 (WebCore::FrameLoader::addExtraFieldsToMainResourceRequest): Add the 57 'Update-Insecure-Requests' header field if necessary. 58 (WebCore::FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded): Added helper function. 59 (WebCore::FrameLoader::loadPostRequest): Upgrade insecure requests if the CSP 60 indicates we should. 61 (WebCore::FrameLoader::loadResourceSynchronously): Ditto. 62 (WebCore::FrameLoader::loadDifferentDocumentItem): If loading a form, add the 63 'Update-Insecure-Requests' header field if necessary. 64 (WebCore::createWindow): Upgrade insecure requests if the CSP 65 indicates we should. 66 * loader/FrameLoader.h: 67 * loader/PingLoader.cpp: 68 (WebCore::PingLoader::loadImage): Upgrade insecure requests if the CSP 69 indicates we should. 70 (WebCore::PingLoader::sendPing): Ditto. 71 (WebCore::PingLoader::sendViolationReport): Ditto. 72 * loader/ResourceLoader.cpp: 73 (WebCore::ResourceLoader::willSendRequestInternal): Ditto. 74 * loader/SubframeLoader.cpp: 75 (WebCore::SubframeLoader::requestFrame): Ditto. 76 (WebCore::SubframeLoader::requestObject): Ditto. 77 * loader/appcache/ApplicationCacheHost.cpp: 78 (WebCore::ApplicationCacheHost::shouldLoadResourceFromApplicationCache): Ditto. 79 * loader/cache/CachedResourceLoader.cpp: 80 (WebCore::CachedResourceLoader::requestImage): Ditto. 81 (WebCore::CachedResourceLoader::requestResource): Ditto. 82 * page/DOMWindow.cpp: 83 (WebCore::DOMWindow::createWindow): Add the 'Update-Insecure-Requests' header 84 field if necessary. 85 * page/csp/ContentSecurityPolicy.cpp: 86 (WebCore::ContentSecurityPolicy::copyStateFrom): Populate upgraded resource set 87 from other context. 88 (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Added helper function 89 to upgrade requests when the upgrade-insecure-requests CSP policy is present, or if 90 the host and port combination have previously been upgraded. 91 (WebCore::ContentSecurityPolicy::upgradeInsecureNavigationRequestIfNeeded): Added 92 helper function to upgrade requests that have been previously upgraded. Cross-site 93 navigations only get upgraded when they have been previously upgraded. 94 (WebCore::ContentSecurityPolicy::addInsecureNavigationRequestsToUpgrade): Added. 95 (WebCore::ContentSecurityPolicy::populateInsecureNavigationRequestsToUpgradeFromOther): Added. 96 * page/csp/ContentSecurityPolicy.h: 97 (WebCore::ContentSecurityPolicy::setUpgradeInsecureRequests): Added. 98 (WebCore::ContentSecurityPolicy::upgradeInsecureRequests): Added. 99 * page/csp/ContentSecurityPolicyDirectiveList.cpp: 100 (WebCore::ContentSecurityPolicyDirectiveList::ContentSecurityPolicyDirectiveList): Use 101 more C++11 initializations. 102 (WebCore::ContentSecurityPolicyDirectiveList::setUpgradeInsecureRequests): Added. 103 (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Teach this function to 104 recognize the new directive. 105 * page/csp/ContentSecurityPolicyDirectiveList.h: 106 * page/csp/ContentSecurityPolicyDirectiveNames.cpp: 107 * page/csp/ContentSecurityPolicyDirectiveNames.h: 108 * platform/network/HTTPHeaderNames.in: Add new 'Upgrade-Insecure-Requests' header field. 109 * xml/XMLHttpRequest.cpp: 110 (WebCore::XMLHttpRequest::open): Upgrade insecure requests if the CSP if needed. 111 1 112 2016-06-03 Myles C. Maxfield <mmaxfield@apple.com> 2 113 -
trunk/Source/WebCore/Modules/websockets/WebSocket.cpp
r201575 r201679 1 1 /* 2 2 * Copyright (C) 2011 Google Inc. All rights reserved. 3 * Copyright (C) 2015-2016 Apple Inc. All rights reserved. 3 4 * 4 5 * Redistribution and use in source and binary forms, with or without … … 231 232 return; 232 233 } 234 235 scriptExecutionContext()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(m_url, ContentSecurityPolicy::InsecureRequestType::Load); 236 233 237 if (!portAllowed(m_url)) { 234 238 scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "WebSocket port " + String::number(m_url.port()) + " blocked"); -
trunk/Source/WebCore/dom/Document.cpp
r201655 r201679 5161 5161 // If we do not obtain a meaningful origin from the URL, then we try to 5162 5162 // find one via the frame hierarchy. 5163 5164 Frame* ownerFrame = m_frame->tree().parent(); 5163 Frame* parentFrame = m_frame->tree().parent(); 5164 Frame* openerFrame = m_frame->loader().opener(); 5165 5166 Frame* ownerFrame = parentFrame; 5165 5167 if (!ownerFrame) 5166 ownerFrame = m_frame->loader().opener();5168 ownerFrame = openerFrame; 5167 5169 5168 5170 if (!ownerFrame) { … … 5170 5172 return; 5171 5173 } 5172 5174 5175 Document* openerDocument = openerFrame ? openerFrame->document() : nullptr; 5176 5177 // Per <http://www.w3.org/TR/upgrade-insecure-requests/>, new browsing contexts must inherit from an 5178 // ongoing set of upgraded requests. When opening a new browsing context, we need to capture its 5179 // existing upgrade request. Nested browsing contexts are handled during DocumentWriter::begin. 5180 if (openerDocument) 5181 contentSecurityPolicy()->inheritInsecureNavigationRequestsToUpgradeFromOpener(*openerDocument->contentSecurityPolicy()); 5182 5173 5183 if (isSandboxed(SandboxOrigin)) { 5174 5184 // If we're supposed to inherit our security origin from our owner, -
trunk/Source/WebCore/dom/ScriptElement.cpp
r201482 r201679 3 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 4 4 * (C) 2001 Dirk Mueller (mueller@kde.org) 5 * Copyright (C) 2003 , 2004, 2005, 2006, 2007, 2008Apple Inc. All rights reserved.5 * Copyright (C) 2003-2016 Apple Inc. All rights reserved. 6 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> 7 7 * … … 265 265 CachedResourceRequest request(ResourceRequest(m_element.document().completeURL(sourceUrl)), options); 266 266 267 m_element.document().contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request.mutableResourceRequest(), ContentSecurityPolicy::InsecureRequestType::Load); 268 267 269 String crossOriginMode = m_element.fastGetAttribute(HTMLNames::crossoriginAttr); 268 270 if (!crossOriginMode.isNull()) { -
trunk/Source/WebCore/loader/DocumentWriter.cpp
r192947 r201679 30 30 #include "DocumentWriter.h" 31 31 32 #include "ContentSecurityPolicy.h" 32 33 #include "DOMImplementation.h" 33 34 #include "DOMWindow.h" … … 144 145 document->createDOMWindow(); 145 146 147 // Per <http://www.w3.org/TR/upgrade-insecure-requests/>, we need to retain an ongoing set of upgraded 148 // requests in new navigation contexts. Although this information is present when we construct the 149 // Document object, it is discard in the subsequent 'clear' statements below. So, we must capture it 150 // so we can restore it. 151 HashSet<RefPtr<SecurityOrigin>> insecureNavigationRequestsToUpgrade; 152 bool upgradeInsecureRequests = false; 153 if (auto* existingDocument = m_frame->document()) { 154 upgradeInsecureRequests = existingDocument->contentSecurityPolicy()->upgradeInsecureRequests(); 155 insecureNavigationRequestsToUpgrade = existingDocument->contentSecurityPolicy()->takeNavigationRequestsToUpgrade(); 156 } 157 146 158 m_frame->loader().clear(document.ptr(), !shouldReuseDefaultView, !shouldReuseDefaultView); 147 159 clear(); … … 157 169 m_frame->loader().setOutgoingReferrer(url); 158 170 m_frame->setDocument(document.copyRef()); 171 172 document->contentSecurityPolicy()->setUpgradeInsecureRequests(upgradeInsecureRequests); 173 document->contentSecurityPolicy()->setInsecureNavigationRequestsToUpgrade(WTFMove(insecureNavigationRequestsToUpgrade)); 159 174 160 175 if (m_decoder) -
trunk/Source/WebCore/loader/FormSubmission.cpp
r195452 r201679 1 1 /* 2 2 * Copyright (C) 2010 Google Inc. All rights reserved. 3 * Copyright (C) 2015-2016 Apple Inc. All rights reserved. 3 4 * 4 5 * Redistribution and use in source and binary forms, with or without … … 32 33 #include "FormSubmission.h" 33 34 35 #include "ContentSecurityPolicy.h" 34 36 #include "DOMFormData.h" 35 37 #include "Document.h" … … 189 191 String encodingType = copiedAttributes.encodingType(); 190 192 193 document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(actionURL, ContentSecurityPolicy::InsecureRequestType::FormSubmission); 194 191 195 if (copiedAttributes.method() == PostMethod) { 192 196 isMultiPartForm = copiedAttributes.isMultiPartForm(); … … 270 274 frameRequest.resourceRequest().setURL(requestURL()); 271 275 FrameLoader::addHTTPOriginIfNeeded(frameRequest.resourceRequest(), m_origin); 272 } 273 274 } 276 FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded(frameRequest.resourceRequest()); 277 } 278 279 } -
trunk/Source/WebCore/loader/FrameLoader.cpp
r200986 r201679 370 370 371 371 addHTTPOriginIfNeeded(frameRequest.resourceRequest(), outgoingOrigin()); 372 m_frame.document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(frameRequest.resourceRequest(), ContentSecurityPolicy::InsecureRequestType::Navigation); 372 373 373 374 loadFrameRequest(frameRequest, triggeringEvent, nullptr); … … 2548 2549 // If we are only preparing to load the main resource, that is previous load's load type! 2549 2550 addExtraFieldsToRequest(request, m_loadType, true); 2551 2552 // Upgrade-Insecure-Requests should only be added to main resource requests 2553 addHTTPUpgradeInsecureRequestsIfNeeded(request); 2550 2554 } 2551 2555 … … 2654 2658 } 2655 2659 2660 void FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded(ResourceRequest& request) 2661 { 2662 if (request.url().protocolIs("https")) { 2663 // FIXME: Identify HSTS cases and avoid adding the header. <https://bugs.webkit.org/show_bug.cgi?id=157885> 2664 return; 2665 } 2666 2667 request.setHTTPHeaderField(HTTPHeaderName::UpgradeInsecureRequests, ASCIILiteral("1")); 2668 } 2669 2656 2670 void FrameLoader::loadPostRequest(const FrameLoadRequest& request, const String& referrer, FrameLoadType loadType, Event* event, PassRefPtr<FormState> prpFormState) 2657 2671 { … … 2677 2691 workingResourceRequest.setHTTPContentType(contentType); 2678 2692 addExtraFieldsToRequest(workingResourceRequest, loadType, true); 2693 2694 if (Document* document = m_frame.document()) 2695 document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(workingResourceRequest, ContentSecurityPolicy::InsecureRequestType::Load); 2679 2696 2680 2697 NavigationAction action(workingResourceRequest, loadType, true, event, request.shouldOpenExternalURLsPolicy(), request.downloadAttribute()); … … 2736 2753 #endif 2737 2754 2755 m_frame.document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(newRequest, ContentSecurityPolicy::InsecureRequestType::Load); 2756 2738 2757 if (error.isNull()) { 2739 2758 ASSERT(!newRequest.isNull()); … … 3319 3338 RefPtr<SecurityOrigin> securityOrigin = SecurityOrigin::createFromString(item.referrer()); 3320 3339 addHTTPOriginIfNeeded(request, securityOrigin->toString()); 3340 addHTTPUpgradeInsecureRequestsIfNeeded(request); 3321 3341 3322 3342 // Make sure to add extra fields to the request after the Origin header is added for the FormData case. … … 3609 3629 requestWithReferrer.resourceRequest().setHTTPReferrer(referrer); 3610 3630 FrameLoader::addHTTPOriginIfNeeded(requestWithReferrer.resourceRequest(), openerFrame.loader().outgoingOrigin()); 3631 FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded(requestWithReferrer.resourceRequest()); 3611 3632 3612 3633 Page* oldPage = openerFrame.page(); -
trunk/Source/WebCore/loader/FrameLoader.h
r200519 r201679 203 203 204 204 static void addHTTPOriginIfNeeded(ResourceRequest&, const String& origin); 205 static void addHTTPUpgradeInsecureRequestsIfNeeded(ResourceRequest&); 205 206 206 207 FrameLoaderClient& client() const { return m_client; } -
trunk/Source/WebCore/loader/PingLoader.cpp
r199900 r201679 2 2 * Copyright (C) 2010 Google Inc. All rights reserved. 3 3 * Copyright (C) 2015 Roopesh Chander (roop@roopc.net) 4 * Copyright (C) 2015-2016 Apple Inc. All rights reserved. 4 5 * 5 6 * Redistribution and use in source and binary forms, with or without … … 34 35 #include "PingLoader.h" 35 36 37 #include "ContentSecurityPolicy.h" 36 38 #include "Document.h" 37 39 #include "FormData.h" … … 81 83 #endif 82 84 85 if (Document* document = frame.document()) 86 document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load); 87 83 88 request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "max-age=0"); 84 89 String referrer = SecurityPolicy::generateReferrerHeader(frame.document()->referrerPolicy(), request.url(), frame.loader().outgoingReferrer()); … … 102 107 return; 103 108 #endif 109 110 frame.document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load); 104 111 105 112 request.setHTTPMethod("POST"); … … 133 140 return; 134 141 #endif 142 143 if (Document* document = frame.document()) 144 document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load); 135 145 136 146 request.setHTTPMethod(ASCIILiteral("POST")); -
trunk/Source/WebCore/loader/SubframeLoader.cpp
r201205 r201679 1 1 /* 2 * Copyright (C) 2006 , 2007, 2008, 2009, 2010, 2011Apple Inc. All rights reserved.2 * Copyright (C) 2006-2016 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 4 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/) … … 232 232 completedURL = completeURL(url); 233 233 234 document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(completedURL, ContentSecurityPolicy::InsecureRequestType::Load); 235 234 236 bool hasFallbackContent = is<HTMLObjectElement>(ownerElement) && downcast<HTMLObjectElement>(ownerElement).hasFallbackContent(); 235 237 … … 301 303 } 302 304 303 Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement& ownerElement, const URL& url, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList) 304 { 305 Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement& ownerElement, const URL& requestUrl, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList) 306 { 307 URL url = requestUrl; 308 ownerElement.document().contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(url, ContentSecurityPolicy::InsecureRequestType::Load); 309 305 310 Frame* frame = ownerElement.contentFrame(); 306 311 if (frame) -
trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp
r201596 r201679 1 1 /* 2 * Copyright (C) 2008 , 2009Apple Inc. All Rights Reserved.2 * Copyright (C) 2008-2016 Apple Inc. All Rights Reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 30 30 #include "ApplicationCacheGroup.h" 31 31 #include "ApplicationCacheResource.h" 32 #include "ContentSecurityPolicy.h" 32 33 #include "DocumentLoader.h" 33 34 #include "DOMApplicationCache.h" … … 371 372 } 372 373 373 bool ApplicationCacheHost::shouldLoadResourceFromApplicationCache(const ResourceRequest& request, ApplicationCacheResource*& resource)374 bool ApplicationCacheHost::shouldLoadResourceFromApplicationCache(const ResourceRequest& originalRequest, ApplicationCacheResource*& resource) 374 375 { 375 376 ApplicationCache* cache = applicationCache(); … … 377 378 return false; 378 379 380 ResourceRequest request(originalRequest); 381 if (Frame* loaderFrame = m_documentLoader.frame()) { 382 if (Document* document = loaderFrame->document()) 383 document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load); 384 } 385 379 386 // If the resource is not to be fetched using the HTTP GET mechanism or equivalent, or if its URL has a different 380 387 // <scheme> component than the application cache's manifest, then fetch the resource normally. -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r201596 r201679 3 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) 4 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) 5 Copyright (C) 2004 , 2005, 2006, 2007, 2008, 2009, 2010, 2011Apple Inc. All rights reserved.5 Copyright (C) 2004-2016 Apple Inc. All rights reserved. 6 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ 7 7 … … 180 180 if (Frame* frame = this->frame()) { 181 181 if (frame->loader().pageDismissalEventBeingDispatched() != FrameLoader::PageDismissalType::None) { 182 if (Document* document = frame->document()) 183 document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request.mutableResourceRequest(), ContentSecurityPolicy::InsecureRequestType::Load); 182 184 URL requestURL = request.resourceRequest().url(); 183 185 if (requestURL.isValid() && canRequest(CachedResource::ImageResource, requestURL, request.options(), request.forPreload())) … … 548 550 CachedResourceHandle<CachedResource> CachedResourceLoader::requestResource(CachedResource::Type type, CachedResourceRequest& request) 549 551 { 552 if (Document* document = this->document()) 553 document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request.mutableResourceRequest(), ContentSecurityPolicy::InsecureRequestType::Load); 554 550 555 URL url = request.resourceRequest().url(); 551 556 -
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
r200130 r201679 47 47 #include "ParsingUtilities.h" 48 48 #include "PingLoader.h" 49 #include "ResourceRequest.h" 49 50 #include "RuntimeEnabledFeatures.h" 50 51 #include "SchemeRegistry.h" … … 112 113 for (auto& policy : other->m_policies) 113 114 didReceiveHeader(policy->header(), policy->headerType(), ContentSecurityPolicy::PolicyFrom::Inherited); 115 116 m_upgradeInsecureRequests = other->m_upgradeInsecureRequests; 117 m_insecureNavigationRequestsToUpgrade.add(other->m_insecureNavigationRequestsToUpgrade.begin(), other->m_insecureNavigationRequestsToUpgrade.end()); 114 118 } 115 119 … … 755 759 #endif 756 760 } 761 762 void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(ResourceRequest& request, InsecureRequestType requestType) 763 { 764 URL url = request.url(); 765 upgradeInsecureRequestIfNeeded(url, requestType); 766 request.setURL(url); 767 } 768 769 void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(URL& url, InsecureRequestType requestType) 770 { 771 if (!url.protocolIs("http") && !url.protocolIs("ws")) 772 return; 773 774 bool upgradeRequest = m_insecureNavigationRequestsToUpgrade.contains(SecurityOrigin::create(url)); 775 if (requestType == InsecureRequestType::Load || requestType == InsecureRequestType::FormSubmission) 776 upgradeRequest |= m_upgradeInsecureRequests; 757 777 758 } 778 if (!upgradeRequest) 779 return; 780 781 if (url.protocolIs("http")) 782 url.setProtocol("https"); 783 else if (url.protocolIs("ws")) 784 url.setProtocol("wss"); 785 else 786 return; 787 788 if (url.port() == 80) 789 url.setPort(443); 790 } 791 792 void ContentSecurityPolicy::setUpgradeInsecureRequests(bool upgradeInsecureRequests) 793 { 794 m_upgradeInsecureRequests = upgradeInsecureRequests; 795 if (!m_upgradeInsecureRequests) 796 return; 797 798 if (!m_scriptExecutionContext) 799 return; 800 801 // Store the upgrade domain as an 'insecure' protocol so we can quickly identify 802 // origins we should upgrade. 803 URL upgradeURL = m_scriptExecutionContext->url(); 804 if (upgradeURL.protocolIs("https")) 805 upgradeURL.setProtocol("http"); 806 else if (upgradeURL.protocolIs("wss")) 807 upgradeURL.setProtocol("ws"); 808 809 m_insecureNavigationRequestsToUpgrade.add(SecurityOrigin::create(upgradeURL)); 810 } 811 812 void ContentSecurityPolicy::inheritInsecureNavigationRequestsToUpgradeFromOpener(const ContentSecurityPolicy& other) 813 { 814 m_insecureNavigationRequestsToUpgrade.add(other.m_insecureNavigationRequestsToUpgrade.begin(), other.m_insecureNavigationRequestsToUpgrade.end()); 815 } 816 817 HashSet<RefPtr<SecurityOrigin>>&& ContentSecurityPolicy::takeNavigationRequestsToUpgrade() 818 { 819 return WTFMove(m_insecureNavigationRequestsToUpgrade); 820 } 821 822 void ContentSecurityPolicy::setInsecureNavigationRequestsToUpgrade(HashSet<RefPtr<SecurityOrigin>>&& insecureNavigationRequests) 823 { 824 m_insecureNavigationRequestsToUpgrade = WTFMove(insecureNavigationRequests); 825 } 826 827 } -
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h
r200130 r201679 28 28 29 29 #include "ContentSecurityPolicyResponseHeaders.h" 30 #include "SecurityOrigin.h" 31 #include "SecurityOriginHash.h" 32 #include <wtf/HashSet.h> 30 33 #include <wtf/OptionSet.h> 31 34 #include <wtf/Vector.h> … … 48 51 class Frame; 49 52 class JSDOMWindowShell; 53 class ResourceRequest; 50 54 class ScriptExecutionContext; 51 55 class SecurityOrigin; … … 149 153 bool protocolMatchesSelf(const URL&) const; 150 154 155 void setUpgradeInsecureRequests(bool); 156 bool upgradeInsecureRequests() const { return m_upgradeInsecureRequests; } 157 enum class InsecureRequestType { Load, FormSubmission, Navigation }; 158 void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType); 159 void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType); 160 161 HashSet<RefPtr<SecurityOrigin>>&& takeNavigationRequestsToUpgrade(); 162 void inheritInsecureNavigationRequestsToUpgradeFromOpener(const ContentSecurityPolicy&); 163 void setInsecureNavigationRequestsToUpgrade(HashSet<RefPtr<SecurityOrigin>>&&); 164 151 165 private: 152 166 void logToConsole(const String& message, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), JSC::ExecState* = nullptr) const; … … 175 189 bool m_overrideInlineStyleAllowed { false }; 176 190 bool m_isReportingEnabled { true }; 191 bool m_upgradeInsecureRequests { false }; 177 192 OptionSet<ContentSecurityPolicyHashAlgorithm> m_hashAlgorithmsForInlineScripts; 178 193 OptionSet<ContentSecurityPolicyHashAlgorithm> m_hashAlgorithmsForInlineStylesheets; 194 HashSet<RefPtr<SecurityOrigin>> m_insecureNavigationRequestsToUpgrade; 179 195 }; 180 196 -
trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
r199612 r201679 101 101 : m_policy(policy) 102 102 , m_headerType(type) 103 , m_reportOnly(false)104 , m_haveSandboxPolicy(false)105 103 { 106 104 m_reportOnly = (type == ContentSecurityPolicyHeaderType::Report || type == ContentSecurityPolicyHeaderType::PrefixedReport); … … 434 432 if (!invalidTokens.isNull()) 435 433 m_policy.reportInvalidSandboxFlags(invalidTokens); 434 } 435 436 void ContentSecurityPolicyDirectiveList::setUpgradeInsecureRequests(const String& name) 437 { 438 if (m_reportOnly) { 439 m_policy.reportInvalidDirectiveInReportOnlyMode(name); 440 return; 441 } 442 if (m_upgradeInsecureRequests) { 443 m_policy.reportDuplicateDirective(name); 444 return; 445 } 446 m_upgradeInsecureRequests = true; 447 m_policy.setUpgradeInsecureRequests(true); 436 448 } 437 449 … … 482 494 else if (equalIgnoringASCIICase(name, ContentSecurityPolicyDirectiveNames::reportURI)) 483 495 parseReportURI(name, value); 496 else if (equalIgnoringASCIICase(name, ContentSecurityPolicyDirectiveNames::upgradeInsecureRequests)) 497 setUpgradeInsecureRequests(name); 484 498 else 485 499 m_policy.reportUnsupportedDirective(name); -
trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h
r199642 r201679 87 87 void addDirective(const String& name, const String& value); 88 88 void applySandboxPolicy(const String& name, const String& sandboxPolicy); 89 void setUpgradeInsecureRequests(const String& name); 89 90 90 91 template <class CSPDirectiveType> … … 101 102 ContentSecurityPolicyHeaderType m_headerType; 102 103 103 bool m_reportOnly; 104 bool m_haveSandboxPolicy; 104 bool m_reportOnly { false }; 105 bool m_haveSandboxPolicy { false }; 106 bool m_upgradeInsecureRequests { false }; 105 107 106 108 std::unique_ptr<ContentSecurityPolicyMediaListDirective> m_pluginTypes; -
trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.cpp
r199525 r201679 47 47 const char* const scriptSrc = "script-src"; 48 48 const char* const styleSrc = "style-src"; 49 const char* const upgradeInsecureRequests = "upgrade-insecure-requests"; 49 50 50 51 } // namespace ContentSecurityPolicyDirectiveNames -
trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h
r199525 r201679 46 46 extern const char* const scriptSrc; 47 47 extern const char* const styleSrc; 48 extern const char* const upgradeInsecureRequests; 48 49 49 50 } // namespace ContentSecurityPolicyDirectiveNames -
trunk/Source/WebCore/platform/network/HTTPHeaderNames.in
r200219 r201679 90 90 Transfer-Encoding 91 91 Upgrade 92 Upgrade-Insecure-Requests 92 93 User-Agent 93 94 Vary -
trunk/Source/WebCore/xml/XMLHttpRequest.cpp
r201557 r201679 1 1 /* 2 * Copyright (C) 2004 , 2006, 2008Apple Inc. All rights reserved.2 * Copyright (C) 2004-2016 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> 4 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> … … 481 481 482 482 m_url = url; 483 scriptExecutionContext()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(m_url, ContentSecurityPolicy::InsecureRequestType::Load); 483 484 484 485 m_async = async;
Note: See TracChangeset
for help on using the changeset viewer.