Changeset 221027 in webkit

Timestamp:

Aug 22, 2017 11:16:39 AM (7 years ago)

Author:

Chris Dumez

Message:

Add sanity check for source origin in WebLoaderStrategy::startPingLoad()
​https://bugs.webkit.org/show_bug.cgi?id=175827

Reviewed by Geoffrey Garen.

• WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::startPingLoad):

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• WebProcess/Network/WebLoaderStrategy.cpp (modified) (2 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2017-08-22  Chris Dumez  <cdumez@apple.com>
+
+        Add sanity check for source origin in WebLoaderStrategy::startPingLoad()
+        https://bugs.webkit.org/show_bug.cgi?id=175827
+
+        Reviewed by Geoffrey Garen.
+
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::WebLoaderStrategy::startPingLoad):
+
 2017-08-22  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp

@@ -426 +426 @@
     loadParameters.request = request;
     loadParameters.sourceOrigin = &document->securityOrigin();
+    ASSERT(loadParameters.request.httpHeaderField(HTTPHeaderName::Origin).isNull() || loadParameters.request.httpHeaderField(HTTPHeaderName::Origin) == loadParameters.sourceOrigin->toString());
     loadParameters.sessionID = webPage ? webPage->sessionID() : PAL::SessionID::defaultSessionID();
     loadParameters.allowStoredCredentials = options.credentials == FetchOptions::Credentials::Omit ? DoNotAllowStoredCredentials : AllowStoredCredentials;
@@ -432 +433 @@
     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = networkingContext->shouldClearReferrerOnHTTPSToHTTPRedirect();
     if (!document->shouldBypassMainWorldContentSecurityPolicy()) {
-        if (auto * contentSecurityPolicy = document->contentSecurityPolicy())
+        if (auto* contentSecurityPolicy = document->contentSecurityPolicy())
             loadParameters.cspResponseHeaders = contentSecurityPolicy->responseHeaders();
     }