Context Navigation

← Previous Changeset
Next Changeset →

Changeset 205265 in webkit

Timestamp:

Aug 31, 2016 1:18:44 PM (8 years ago)

Author:

commit-queue@webkit.org

Message:

[Fetch API] Fetch API should be able to load data URL in Same Origin mode
https://bugs.webkit.org/show_bug.cgi?id=161434

Patch by Youenn Fablet <youenn@apple.com> on 2016-08-31
Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

web-platform-tests/fetch/api/basic/scheme-data-expected.txt:
web-platform-tests/fetch/api/basic/scheme-data-worker-expected.txt:
web-platform-tests/fetch/api/basic/scheme-data.js:

(checkFetchResponse):

web-platform-tests/fetch/api/redirect/redirect-to-dataurl-expected.txt: Added.
web-platform-tests/fetch/api/redirect/redirect-to-dataurl-worker-expected.txt: Added.
web-platform-tests/fetch/api/redirect/redirect-to-dataurl-worker.html: Added.
web-platform-tests/fetch/api/redirect/redirect-to-dataurl.html: Added.
web-platform-tests/fetch/api/redirect/redirect-to-dataurl.js: Added.

(redirectDataURL):

Source/WebCore:

Tests: imported/w3c/web-platform-tests/fetch/api/redirect/redirect-to-dataurl-worker.html

imported/w3c/web-platform-tests/fetch/api/redirect/redirect-to-dataurl.html

Covered also by added sub-test.

Moving SameDataURLOrigin option from ThreadableLoaderOptions to ResourceLoaderOptions.
This allows doing some of the checks in CachedResourceLoader/CachedResource.
This also allows setting this options in CachedResourceLoader clients, ImageLoader in that case.

Modules/fetch/FetchLoader.cpp:

(WebCore::FetchLoader::start): Setting sameOriginDataURL as ResourceLoader option.

loader/ImageLoader.cpp:

(WebCore::ImageLoader::updateFromElement): Setting sameOriginDataURL as specificied in
https://html.spec.whatwg.org/multipage/embedded-content.html#the-img-element.

loader/ResourceLoaderOptions.h: Adding sameOriginDataURL as ResourceLoader option.
loader/ThreadableLoader.cpp:

(WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing sameOriginDataURL option.

loader/ThreadableLoader.h:
loader/WorkerThreadableLoader.cpp: Setting sameOriginDataURL as ResourceLoader option.

(WebCore::LoaderTaskOptions::LoaderTaskOptions):

loader/cache/CachedResource.cpp:

(WebCore::CachedResource::load): If resource URL is a data url, we previously marked the resource as same origin.
We only do that now if the sameOriginDataURL flag is set as per fetch specification.
See https://fetch.spec.whatwg.org/#main-fetch.

loader/cache/CachedResourceLoader.cpp:

(WebCore::isSameOriginDataURL): Helper function.
(WebCore::CachedResourceLoader::canRequest): Allowing same origin loads of data URLs if flag is set and no redirection happens.
See https://fetch.spec.whatwg.org/#http-redirect-fetch for why we check redirection.

Location:

trunk

Files:

: 5 added
: 13 edited

LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/scheme-data-expected.txt (modified) (1 diff)
LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/scheme-data-worker-expected.txt (modified) (1 diff)
LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/scheme-data.js (modified) (2 diffs)
LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-to-dataurl-expected.txt (added)
LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-to-dataurl-worker-expected.txt (added)
LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-to-dataurl-worker.html (added)
LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-to-dataurl.html (added)
LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-to-dataurl.js (added)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/Modules/fetch/FetchLoader.cpp (modified) (1 diff)
Source/WebCore/loader/ImageLoader.cpp (modified) (1 diff)
Source/WebCore/loader/ResourceLoaderOptions.h (modified) (2 diffs)
Source/WebCore/loader/ThreadableLoader.cpp (modified) (2 diffs)
Source/WebCore/loader/ThreadableLoader.h (modified) (2 diffs)
Source/WebCore/loader/WorkerThreadableLoader.cpp (modified) (1 diff)
Source/WebCore/loader/cache/CachedResource.cpp (modified) (1 diff)
Source/WebCore/loader/cache/CachedResourceLoader.cpp (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/imported/w3c/ChangeLog

-                      r205253
+                      r205265
+-08-31  Youenn Fablet  <youenn@apple.com>
+        [Fetch API] Fetch API should be able to load data URL in Same Origin mode
+        https://bugs.webkit.org/show_bug.cgi?id=161434
+        Reviewed by Sam Weinig.
+        * web-platform-tests/fetch/api/basic/scheme-data-expected.txt:
+        * web-platform-tests/fetch/api/basic/scheme-data-worker-expected.txt:
+        * web-platform-tests/fetch/api/basic/scheme-data.js:
+        (checkFetchResponse):
+        * web-platform-tests/fetch/api/redirect/redirect-to-dataurl-expected.txt: Added.
+        * web-platform-tests/fetch/api/redirect/redirect-to-dataurl-worker-expected.txt: Added.
+        * web-platform-tests/fetch/api/redirect/redirect-to-dataurl-worker.html: Added.
+        * web-platform-tests/fetch/api/redirect/redirect-to-dataurl.html: Added.
+        * web-platform-tests/fetch/api/redirect/redirect-to-dataurl.js: Added.
+        (redirectDataURL):
 -08-31  Youenn Fablet  <youenn@apple.com>

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/scheme-data-expected.txt

r205113	r205265
1	1
2	2	PASS Fetching data:,response%27s%20body is OK
	3	PASS Fetching data:,response%27s%20body is OK (same-origin)
	4	PASS Fetching data:,response%27s%20body is OK (cors)
3	5	PASS Fetching data:text/plain;base64,cmVzcG9uc2UncyBib[...] is OK
4	6	PASS Fetching data:image/png;base64,cmVzcG9uc2UncyBib2[...] is OK

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/scheme-data-worker-expected.txt

r205113	r205265
1	1
2	2	PASS Fetching data:,response%27s%20body is OK
	3	PASS Fetching data:,response%27s%20body is OK (same-origin)
	4	PASS Fetching data:,response%27s%20body is OK (cors)
3	5	PASS Fetching data:text/plain;base64,cmVzcG9uc2UncyBib[...] is OK
4	6	PASS Fetching data:image/png;base64,cmVzcG9uc2UncyBib2[...] is OK

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/scheme-data.js

-                      r205113
+                      r205265
+}
 function checkFetchResponse(url, data, mime) {
+function checkFetchResponse(url, data, mime, fetchMode) {
   var cut = (url.length >= 40) ? "[...]" : "";
+  desc = "Fetching " + url.substring(0, 40) + cut + " is OK"
+  desc = "Fetching " + url.substring(0, 40) + cut + " is OK";
+  var init = { };
+  if (fetchMode) {
+    init.mode = fetchMode;
+    desc += " (" + fetchMode + ")";
+  }
   promise_test(function(test) {
     return fetch(url).then(function(resp) {
+    return fetch(url, init).then(function(resp) {
       assert_equals(resp.status, 200, "HTTP status is 200");
       assert_equals(resp.statusText, "OK", "HTTP statusText is OK");
 …
 checkFetchResponse("data:,response%27s%20body", "response's body", "text/plain;charset=US-ASCII");
+checkFetchResponse("data:,response%27s%20body", "response's body", "text/plain;charset=US-ASCII", "same-origin");
+checkFetchResponse("data:,response%27s%20body", "response's body", "text/plain;charset=US-ASCII", "cors");
 checkFetchResponse("data:text/plain;base64,cmVzcG9uc2UncyBib2R5", "response's body", "text/plain");
 checkFetchResponse("data:image/png;base64,cmVzcG9uc2UncyBib2R5",

trunk/Source/WebCore/ChangeLog

-                      r205263
+                      r205265
+-08-31  Youenn Fablet  <youenn@apple.com>
+        [Fetch API] Fetch API should be able to load data URL in Same Origin mode
+        https://bugs.webkit.org/show_bug.cgi?id=161434
+        Reviewed by Sam Weinig.
+        Tests: imported/w3c/web-platform-tests/fetch/api/redirect/redirect-to-dataurl-worker.html
+               imported/w3c/web-platform-tests/fetch/api/redirect/redirect-to-dataurl.html
+        Covered also by added sub-test.
+        Moving SameDataURLOrigin option from ThreadableLoaderOptions to ResourceLoaderOptions.
+        This allows doing some of the checks in CachedResourceLoader/CachedResource.
+        This also allows setting this options in CachedResourceLoader clients, ImageLoader in that case.
+        * Modules/fetch/FetchLoader.cpp:
+        (WebCore::FetchLoader::start): Setting sameOriginDataURL as ResourceLoader option.
+        * loader/ImageLoader.cpp:
+        (WebCore::ImageLoader::updateFromElement): Setting sameOriginDataURL as specificied in
+        https://html.spec.whatwg.org/multipage/embedded-content.html#the-img-element.
+        * loader/ResourceLoaderOptions.h: Adding sameOriginDataURL as ResourceLoader option.
+        * loader/ThreadableLoader.cpp:
+        (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing sameOriginDataURL option.
+        * loader/ThreadableLoader.h:
+        * loader/WorkerThreadableLoader.cpp: Setting sameOriginDataURL as ResourceLoader option.
+        (WebCore::LoaderTaskOptions::LoaderTaskOptions):
+        * loader/cache/CachedResource.cpp:
+        (WebCore::CachedResource::load): If resource URL is a data url, we previously marked the resource as same origin.
+        We only do that now if the sameOriginDataURL flag is set as per fetch specification.
+        See https://fetch.spec.whatwg.org/#main-fetch.
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::isSameOriginDataURL): Helper function.
+        (WebCore::CachedResourceLoader::canRequest): Allowing same origin loads of data URLs if flag is set and no redirection happens.
+        See https://fetch.spec.whatwg.org/#http-redirect-fetch for why we check redirection.
 -08-31  Ryosuke Niwa  <rniwa@webkit.org>

trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp

-                      r205113
+                      r205265
         context.shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective,
         String(cachedResourceRequestInitiators().fetch),
+        OpaqueResponseBodyPolicy::DoNotReceive,
+        SameOriginDataURLFlag::Set);
+        OpaqueResponseBodyPolicy::DoNotReceive);
     options.sendLoadCallbacks = SendCallbacks;
     options.dataBufferingPolicy = DoNotBufferData;
+    options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
     ResourceRequest fetchRequest = request.internalRequest();

trunk/Source/WebCore/loader/ImageLoader.cpp

r205134	r205265
176	176	ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
177	177	options.contentSecurityPolicyImposition = element().isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
	178	options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
178	179
179	180	CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))), options);

trunk/Source/WebCore/loader/ResourceLoaderOptions.h

-                      r204014
+                      r205265
 };
+enum class SameOriginDataURLFlag {
+    Set,
+    Unset
+};
 struct ResourceLoaderOptions : public FetchOptions {
     ResourceLoaderOptions() { }
 …
     DefersLoadingPolicy defersLoadingPolicy { DefersLoadingPolicy::AllowDefersLoading };
     CachingPolicy cachingPolicy { CachingPolicy::AllowCaching };
+    SameOriginDataURLFlag sameOriginDataURLFlag { SameOriginDataURLFlag::Unset };
     ClientCredentialPolicy clientCredentialPolicy { ClientCredentialPolicy::CannotAskClientForCredentials };

trunk/Source/WebCore/loader/ThreadableLoader.cpp

r205113	r205265
51	51	}
52	52
53		ThreadableLoaderOptions::ThreadableLoaderOptions(const ResourceLoaderOptions& baseOptions, PreflightPolicy preflightPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, String&& initiator, OpaqueResponseBodyPolicy opaqueResponse~~, SameOriginDataURLFlag sameOriginDataURLFlag~~)
	53	ThreadableLoaderOptions::ThreadableLoaderOptions(const ResourceLoaderOptions& baseOptions, PreflightPolicy preflightPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, String&& initiator, OpaqueResponseBodyPolicy opaqueResponse)
54	54	: ResourceLoaderOptions(baseOptions)
55	55	, preflightPolicy(preflightPolicy)
…	…
57	57	, initiator(WTFMove(initiator))
58	58	, opaqueResponse(opaqueResponse)
59		~~, sameOriginDataURLFlag(sameOriginDataURLFlag)~~
60	59	{
61	60	}

trunk/Source/WebCore/loader/ThreadableLoader.h

-                      r205113
+                      r205265
     };
-    enum class SameOriginDataURLFlag {
-        Set,
-        Unset
-    };
     struct ThreadableLoaderOptions : ResourceLoaderOptions {
         ThreadableLoaderOptions();
         ThreadableLoaderOptions(const ResourceLoaderOptions&, PreflightPolicy, ContentSecurityPolicyEnforcement, String&& initiator, OpaqueResponseBodyPolicy, SameOriginDataURLFlag);
+        ThreadableLoaderOptions(const ResourceLoaderOptions&, PreflightPolicy, ContentSecurityPolicyEnforcement, String&& initiator, OpaqueResponseBodyPolicy);
         ~ThreadableLoaderOptions();
 …
         String initiator; // This cannot be an AtomicString, as isolatedCopy() wouldn't create an object that's safe for passing to another thread.
         OpaqueResponseBodyPolicy opaqueResponse { OpaqueResponseBodyPolicy::Receive };
-        SameOriginDataURLFlag sameOriginDataURLFlag { SameOriginDataURLFlag::Unset };
     };

trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp

r205113	r205265
93	93
94	94	LoaderTaskOptions::LoaderTaskOptions(const ThreadableLoaderOptions& options, const String& referrer, const SecurityOrigin& origin)
95		: options(options, options.preflightPolicy, options.contentSecurityPolicyEnforcement, options.initiator.isolatedCopy(), options.opaqueResponse~~, options.sameOriginDataURLFlag~~)
	95	: options(options, options.preflightPolicy, options.contentSecurityPolicyEnforcement, options.initiator.isolatedCopy(), options.opaqueResponse)
96	96	, referrer(referrer.isolatedCopy())
97	97	, origin(origin.isolatedCopy())

trunk/Source/WebCore/loader/cache/CachedResource.cpp

r204019	r205265
310	310	ASSERT(m_origin);
311	311
312		if (!~~m_resourceRequest.url().protocolIsData()~~ && m_origin && !m_origin->canRequest(m_resourceRequest.url()))
	312	if (!(m_resourceRequest.url().protocolIsData() && options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set) && m_origin && !m_origin->canRequest(m_resourceRequest.url()))
313	313	setCrossOrigin();
314	314

trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

-                      r204976
+                      r205265
+}
+static inline bool isSameOriginDataURL(const URL& url, const ResourceLoaderOptions& options, bool didReceiveRedirectResponse)
+{
+    return !didReceiveRedirectResponse && url.protocolIsData() && options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set;
+}
 bool CachedResourceLoader::canRequest(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options, bool forPreload, bool didReceiveRedirectResponse)
+{
 …
     ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No;
+    // Some types of resources can be loaded only from the same origin.  Other
+    // types of resources, like Images, Scripts, and CSS, can be loaded from
+    // any URL.
+    // Some types of resources can be loaded only from the same origin. Other types of resources, like Images, Scripts, and CSS, can be loaded from any URL.
+    // FIXME: We should remove that check and handle it by setting the correct ResourceLoaderOptions::mode.
     switch (type) {
     case CachedResource::MainResource:
 …
     case CachedResource::TextTrackResource:
 #endif
         if (options.mode == FetchOptions::Mode::SameOrigin && !m_document->securityOrigin()->canRequest(url)) {
+        if (options.mode == FetchOptions::Mode::SameOrigin && !isSameOriginDataURL(url, options, didReceiveRedirectResponse) &&!m_document->securityOrigin()->canRequest(url)) {
             printAccessDeniedMessage(url);
             return false;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 205265 in webkit

Legend:

Download in other formats: