Context Navigation

← Previous Changeset
Next Changeset →

Changeset 224019 in webkit

Timestamp:

Oct 26, 2017 8:14:33 AM (6 years ago)

Author:

Brent Fulgham

Message:

XMLHttpRequest should not treat file URLs as same origin
https://bugs.webkit.org/show_bug.cgi?id=178565
<rdar://problem/11115901>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Do not treat file URLs as same-origin for XHR requests.

Test: fast/xmlhttprequest/xmlhttprequest-access-self-as-file.html

loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Use new helper method.

page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::requestIsSameOrigin): New method to recognize same-origin
requests, with special handling for XHR.

page/SecurityOrigin.h:

LayoutTests:

fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-file-real.html: Added.
fast/xmlhttprequest/xmlhttprequest-access-self-as-file.html: Added.
fast/xmlhttprequest/xmlhttprequest-access-self-as-file-expected.txt: Added.
fast/xmlhttprequest/xmlhttprequest-access-self-as-blob-expected.txt: Added.
fast/xmlhttprequest/xmlhttprequest-access-self-as-blob.html: Added.
fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt: Rebaseline test now that we reject XHR to local file URLs.
platform/ios/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt: Rebaselined.
platform/wk2/TestExpectations: Skip test since 'beginDragWithFiles' is not supported in WKTR.

Location:

trunk

Files:

: 6 added
: 8 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-blob-real.html (added)
LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-file-real.html (added)
LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-blob-expected.txt (added)
LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-blob.html (added)
LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-file-expected.txt (added)
LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-file.html (added)
LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt (modified) (2 diffs)
LayoutTests/platform/ios/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt (modified) (2 diffs)
LayoutTests/platform/wk2/TestExpectations (modified) (1 diff)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/loader/DocumentThreadableLoader.cpp (modified) (1 diff)
Source/WebCore/page/SecurityOrigin.cpp (modified) (2 diffs)
Source/WebCore/page/SecurityOrigin.h (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r224015
+                      r224019
+-10-25  Brent Fulgham  <bfulgham@apple.com>
+        XMLHttpRequest should not treat file URLs as same origin
+        https://bugs.webkit.org/show_bug.cgi?id=178565
+        <rdar://problem/11115901>
+        Reviewed by Ryosuke Niwa.
+        * fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-file-real.html: Added.
+        * fast/xmlhttprequest/xmlhttprequest-access-self-as-file.html: Added.
+        * fast/xmlhttprequest/xmlhttprequest-access-self-as-file-expected.txt: Added.
+        * fast/xmlhttprequest/xmlhttprequest-access-self-as-blob-expected.txt: Added.
+        * fast/xmlhttprequest/xmlhttprequest-access-self-as-blob.html: Added.
+        * fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt: Rebaseline test now that we reject
+          XHR to local file URLs.
+        * platform/ios/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt: Rebaselined.
+        * platform/wk2/TestExpectations: Skip test since 'beginDragWithFiles' is not supported in WKTR.
 -10-26  Carlos Garcia Campos  <cgarcia@igalia.com>

trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt

-                      r220751
+                      r224019
 CONSOLE MESSAGE: line 64: Not allowed to load local resource: nonexistent.html
 CONSOLE MESSAGE: line 64: XMLHttpRequest cannot load nonexistent.html. Not allowed to request resource
+CONSOLE MESSAGE: line 64: XMLHttpRequest cannot load nonexistent.html. Cross origin requests are only supported for HTTP.
+CONSOLE MESSAGE: line 42: XMLHttpRequest cannot load . Cross origin requests are only supported for HTTP.
 Bug 22475: REGRESSION: Async XMLHttpRequest never finishes on nonexistent files anymore
 …
 ReadyState handler: readyState = 1
 ReadyState handler: readyState = 4
+Error handler: readyState = 4

trunk/LayoutTests/platform/ios/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt

-                      r211125
+                      r224019
+CONSOLE MESSAGE: line 64: XMLHttpRequest cannot load nonexistent.html. Cross origin requests are only supported for HTTP.
+CONSOLE MESSAGE: line 42: XMLHttpRequest cannot load . Cross origin requests are only supported for HTTP.
 Bug 22475: REGRESSION: Async XMLHttpRequest never finishes on nonexistent files anymore
 …
 ReadyState handler: readyState = 1
 ReadyState handler: readyState = 4
+Error handler: readyState = 4

trunk/LayoutTests/platform/wk2/TestExpectations

r223565	r224019
197	197	fast/events/ondrop-text-html.html
198	198	editing/pasteboard/drag-drop-url-with-style.html
	199	fast/xmlhttprequest/xmlhttprequest-access-self-as-blob.html
199	200
200	201	# WTR needs an implementation for eventSender.continuousMouseScrollBy

trunk/Source/WebCore/ChangeLog

-                      r224018
+                      r224019
+-10-25  Brent Fulgham  <bfulgham@apple.com>
+        XMLHttpRequest should not treat file URLs as same origin
+        https://bugs.webkit.org/show_bug.cgi?id=178565
+        <rdar://problem/11115901>
+        Reviewed by Ryosuke Niwa.
+        Do not treat file URLs as same-origin for XHR requests.
+        Test: fast/xmlhttprequest/xmlhttprequest-access-self-as-file.html
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Use new helper method.
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::requestIsSameOrigin): New method to recognize same-origin
+        requests, with special handling for XHR.
+        * page/SecurityOrigin.h:
 -10-26  Christopher Reid  <chris.reid@sony.com>

trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

r223994	r224019
95	95	, m_origin(WTFMove(origin))
96	96	, m_referrer(WTFMove(referrer))
97		, m_sameOriginRequest(securityOrigin().~~canRequest(request.url()~~))
	97	, m_sameOriginRequest(securityOrigin().requestIsSameOrigin(request))
98	98	, m_simpleRequest(true)
99	99	, m_async(blockingBehavior == LoadAsynchronously)

trunk/Source/WebCore/page/SecurityOrigin.cpp

-                      r221978
+                      r224019
 #include "BlobURL.h"
 #include "FileSystem.h"
+#include "ResourceRequest.h"
 #include "URL.h"
 #include "SchemeRegistry.h"
 …
+}
+bool SecurityOrigin::requestIsSameOrigin(const ResourceRequest& request)
+{
+    if (m_universalAccess)
+        return true;
+    if (!canRequest(request.url()))
+        return false;
+    if (request.requester() != ResourceRequest::Requester::XHR)
+        return true;
+    // XHR to a file URL should never be treated as same-origin.
+    if (request.url().protocolIs("file"))
+        return false;
+    if (auto blobOrigin = getCachedOrigin(request.url()))
+        return blobOrigin->protocol() != "file";
+    return true;
+}
 bool SecurityOrigin::canReceiveDragData(const SecurityOrigin& dragInitiator) const
+{

trunk/Source/WebCore/page/SecurityOrigin.h

-                      r221392
+                      r224019
 namespace WebCore {
+class ResourceRequest;
 class URL;
 …
     bool canRequestGeolocation() const { return !isUnique(); }
     Policy canShowNotifications() const;
+    bool requestIsSameOrigin(const ResourceRequest&);
     // The local SecurityOrigin is the most privileged SecurityOrigin.

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 224019 in webkit

Legend:

Download in other formats: