Changeset 207752 in webkit

Timestamp:

Oct 24, 2016 12:49:14 AM (8 years ago)

Author:

commit-queue@webkit.org

Message:

Redirections should be upgraded if CSP policy says so
​https://bugs.webkit.org/show_bug.cgi?id=163544

Patch by Youenn Fablet <​youenn@apple.com> on 2016-10-24
Reviewed by Darin Adler.

Source/WebCore:

Test: http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html

Introducing CachedResourceLoader::updateRequestAfterRedirection to do the checks that CachedResourceLoader is doing
to the initial request, but for redirection requests.

Implemented URL upgrade according CSP policy, as specified by fetch algorithm.
Minor refactoring in CachedResourceRequest to share some code.
Fixing some constness issues.

• loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::willSendRequestInternal):

• loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::allowedByContentSecurityPolicy):
(WebCore::CachedResourceLoader::canRequestAfterRedirection):
(WebCore::CachedResourceLoader::updateRequestAfterRedirection):

• loader/cache/CachedResourceLoader.h:
• loader/cache/CachedResourceRequest.cpp:

(WebCore::upgradeInsecureResourceRequestIfNeeded):
(WebCore::CachedResourceRequest::upgradeInsecureRequestIfNeeded):

• loader/cache/CachedResourceRequest.h:

LayoutTests:

• http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html: Added.
• http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt:
• http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html:
• platform/mac/TestExpectations:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https-expected.txt (added)
• LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html (added)
• LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt (modified) (2 diffs)
• LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html (modified) (1 diff)
• LayoutTests/platform/mac/TestExpectations (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/SubresourceLoader.cpp (modified) (1 diff)
• Source/WebCore/loader/cache/CachedResourceLoader.cpp (modified) (3 diffs)
• Source/WebCore/loader/cache/CachedResourceLoader.h (modified) (3 diffs)
• Source/WebCore/loader/cache/CachedResourceRequest.cpp (modified) (1 diff)
• Source/WebCore/loader/cache/CachedResourceRequest.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2016-10-24  Youenn Fablet  <youenn@apple.com>
+
+        Redirections should be upgraded if CSP policy says so
+        https://bugs.webkit.org/show_bug.cgi?id=163544
+
+        Reviewed by Darin Adler.
+
+        * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html: Added.
+        * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt:
+        * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html:
+        * platform/mac/TestExpectations:
+
 2016-10-22  Sam Weinig  <sam@webkit.org>
 

trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt

@@ -2 +2 @@
 main frame - didFinishDocumentLoadForFrame
 frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
-CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-redirect-https-to-http-script.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
-
 frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
 frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
@@ -9 +7 @@
 frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
 main frame - didFinishLoadForFrame
-This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should upgrade the relevant requests for the any top-level frames, but not sub-resources of those frames, triggering a mixed content callback.
+This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should upgrade the relevant requests.
 
 

trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html

@@ -8 +8 @@
 }
 </script>
-<p>This test loads a secure iframe that loads an insecure script (but with a
-tricky redirect).  We should upgrade the relevant requests for the any top-level
-frames, but not sub-resources of those frames, triggering a mixed content callback.</p>
+<p>This test loads a secure iframe that loads an insecure script (but with a tricky redirect).  We should upgrade the relevant requests.</p>
 <iframe src="https://127.0.0.1:8443/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-redirect-https-to-http-script.html"></iframe>
 </body>

trunk/LayoutTests/platform/mac/TestExpectations

@@ -1332 +1332 @@
 webkit.org/b/155140 js/promises-tests/promises-tests-2-3-3.html [ Pass Failure ]
 
+webkit.org/b/163544 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html [ Pass Timeout ]
+
 # Content Security Policy for media redirects is not supported on some OSes.
 [ Yosemite ElCapitan ] http/tests/security/contentSecurityPolicy/audio-redirect-blocked.html [ Failure ]

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-10-24  Youenn Fablet  <youenn@apple.com>
+
+        Redirections should be upgraded if CSP policy says so
+        https://bugs.webkit.org/show_bug.cgi?id=163544
+
+        Reviewed by Darin Adler.
+
+        Test: http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html
+
+        Introducing CachedResourceLoader::updateRequestAfterRedirection to do the checks that CachedResourceLoader is doing
+        to the initial request, but for redirection requests.
+
+        Implemented URL upgrade according CSP policy, as specified by fetch algorithm.
+        Minor refactoring in CachedResourceRequest to share some code.
+        Fixing some constness issues.
+
+        * loader/SubresourceLoader.cpp:
+        (WebCore::SubresourceLoader::willSendRequestInternal):
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::allowedByContentSecurityPolicy):
+        (WebCore::CachedResourceLoader::canRequestAfterRedirection):
+        (WebCore::CachedResourceLoader::updateRequestAfterRedirection):
+        * loader/cache/CachedResourceLoader.h:
+        * loader/cache/CachedResourceRequest.cpp:
+        (WebCore::upgradeInsecureResourceRequestIfNeeded):
+        (WebCore::CachedResourceRequest::upgradeInsecureRequestIfNeeded):
+        * loader/cache/CachedResourceRequest.h:
+
 2016-10-22  Sam Weinig  <sam@webkit.org>
 

trunk/Source/WebCore/loader/SubresourceLoader.cpp

@@ -204 +204 @@
         }
 
-        if (!m_documentLoader->cachedResourceLoader().canRequestAfterRedirection(m_resource->type(), newRequest.url(), options())) {
+        if (!m_documentLoader->cachedResourceLoader().updateRequestAfterRedirection(m_resource->type(), newRequest, options())) {
             cancel();
             return;

trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

@@ -381 +381 @@
 }
 
-bool CachedResourceLoader::allowedByContentSecurityPolicy(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options, ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived)
+bool CachedResourceLoader::allowedByContentSecurityPolicy(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options, ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived) const
 {
     if (options.contentSecurityPolicyImposition == ContentSecurityPolicyImposition::SkipPolicyCheck)
@@ -471 +471 @@
 
 // FIXME: Should we find a way to know whether the redirection is for a preload request like we do for CachedResourceLoader::canRequest?
-bool CachedResourceLoader::canRequestAfterRedirection(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options)
+bool CachedResourceLoader::canRequestAfterRedirection(CachedResource::Type type, const URL& url, const ResourceLoaderOptions& options) const
 {
     if (document() && !document()->securityOrigin()->canDisplay(url)) {
@@ -496 +496 @@
 
     return true;
+}
+
+bool CachedResourceLoader::updateRequestAfterRedirection(CachedResource::Type type, ResourceRequest& request, const ResourceLoaderOptions& options)
+{
+    ASSERT(m_documentLoader);
+    if (auto* document = m_documentLoader->cachedResourceLoader().document())
+        upgradeInsecureResourceRequestIfNeeded(request, *document);
+
+    // FIXME: We might want to align the checks done here with the ones done in CachedResourceLoader::requestResource, content extensions blocking in particular.
+
+    return canRequestAfterRedirection(type, request.url(), options);
 }
 

trunk/Source/WebCore/loader/cache/CachedResourceLoader.h

@@ -137 +137 @@
     void printPreloadStats();
 
-    bool canRequestAfterRedirection(CachedResource::Type, const URL&, const ResourceLoaderOptions&);
+    bool updateRequestAfterRedirection(CachedResource::Type, ResourceRequest&, const ResourceLoaderOptions&);
 
     static const ResourceLoaderOptions& defaultCachedResourceOptions();
@@ -172 +172 @@
     bool shouldContinueAfterNotifyingLoadedFromMemoryCache(const CachedResourceRequest&, CachedResource*);
     bool checkInsecureContent(CachedResource::Type, const URL&) const;
-    bool allowedByContentSecurityPolicy(CachedResource::Type, const URL&, const ResourceLoaderOptions&, ContentSecurityPolicy::RedirectResponseReceived);
+    bool allowedByContentSecurityPolicy(CachedResource::Type, const URL&, const ResourceLoaderOptions&, ContentSecurityPolicy::RedirectResponseReceived) const;
 
     void performPostLoadActions();
@@ -179 +179 @@
     void reloadImagesIfNotDeferred();
 
+    bool canRequestAfterRedirection(CachedResource::Type, const URL&, const ResourceLoaderOptions&) const;
     bool canRequestInContentDispositionAttachmentSandbox(CachedResource::Type, const URL&) const;
-    
+
     HashSet<String> m_validatedURLs;
     mutable DocumentResourceMap m_documentResources;

trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp

@@ -106 +106 @@
 }
 
-void CachedResourceRequest::upgradeInsecureRequestIfNeeded(Document& document)
-{
-    URL url = m_resourceRequest.url();
+void upgradeInsecureResourceRequestIfNeeded(ResourceRequest& request, Document& document)
+{
+    URL url = request.url();
 
     ASSERT(document.contentSecurityPolicy());
     document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(url, ContentSecurityPolicy::InsecureRequestType::Load);
 
-    if (url == m_resourceRequest.url())
+    if (url == request.url())
         return;
 
-    m_resourceRequest.setURL(url);
+    request.setURL(url);
+}
+
+void CachedResourceRequest::upgradeInsecureRequestIfNeeded(Document& document)
+{
+    upgradeInsecureResourceRequestIfNeeded(m_resourceRequest, document);
 }
 

trunk/Source/WebCore/loader/cache/CachedResourceRequest.h

@@ -95 +95 @@
 };
 
+void upgradeInsecureResourceRequestIfNeeded(ResourceRequest&, Document&);
+
 } // namespace WebCore