Changeset 230810 in webkit

Timestamp:

Apr 19, 2018 10:54:35 AM (6 years ago)

Author:

youenn@apple.com

Message:

NetworkProcess should use CSP/content blockers for sync XHR
​https://bugs.webkit.org/show_bug.cgi?id=184760

Reviewed by Chris Dumez.

Source/WebKit:

Setting CSP/ContentBlockers parameters for sync XHR loads.

• NetworkProcess/NetworkResourceLoader.cpp:

LayoutTests:

• http/tests/contentextensions/sync-xhr-redirection-blocked-expected.txt: Added.
• http/tests/contentextensions/sync-xhr-redirection-blocked.html: Added.
• http/tests/contentextensions/sync-xhr-redirection-blocked.html.json: Added.
• http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/insecure-sync-xhr-in-main-frame-window.html: Added.
• http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-sync-xhr-in-main-frame-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-sync-xhr-in-main-frame.html: Added.
• platform/mac-wk1/TestExpectations:
• platform/win/TestExpectations:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/contentextensions/sync-xhr-redirection-blocked-expected.txt (added)
• LayoutTests/http/tests/contentextensions/sync-xhr-redirection-blocked.html (added)
• LayoutTests/http/tests/contentextensions/sync-xhr-redirection-blocked.html.json (added)
• LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/insecure-sync-xhr-in-main-frame-window.html (added)
• LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-sync-xhr-in-main-frame-expected.txt (added)
• LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-sync-xhr-in-main-frame.html (added)
• LayoutTests/platform/mac-wk1/TestExpectations (modified) (1 diff)
• LayoutTests/platform/win/TestExpectations (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2018-04-19  Youenn Fablet  <youenn@apple.com>
+
+        NetworkProcess should use CSP/content blockers for sync XHR
+        https://bugs.webkit.org/show_bug.cgi?id=184760
+
+        Reviewed by Chris Dumez.
+
+        * http/tests/contentextensions/sync-xhr-redirection-blocked-expected.txt: Added.
+        * http/tests/contentextensions/sync-xhr-redirection-blocked.html: Added.
+        * http/tests/contentextensions/sync-xhr-redirection-blocked.html.json: Added.
+        * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/insecure-sync-xhr-in-main-frame-window.html: Added.
+        * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-sync-xhr-in-main-frame-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-sync-xhr-in-main-frame.html: Added.
+        * platform/mac-wk1/TestExpectations:
+        * platform/win/TestExpectations:
+
 2018-04-19  Ryan Haddad  <ryanhaddad@apple.com>
 

trunk/LayoutTests/platform/mac-wk1/TestExpectations

@@ -97 +97 @@
 # rdar://problem/34716163 Breaks subsequent tests using response.xml
 [ HighSierra+ ] http/tests/xmlhttprequest/range-test.html [ Skip ]
+
+# WK1 does not support sync XHR redirections as does WK2
+http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-sync-xhr-in-main-frame.html [ Skip ]
 
 ### END OF (1) Failures with bug reports

trunk/LayoutTests/platform/win/TestExpectations

@@ -2211 +2211 @@
 webkit.org/b/140703 http/tests/xmlhttprequest/remember-bad-password.html [ Failure ]
 webkit.org/b/140703 http/tests/xmlhttprequest/failed-auth.html [ Failure ]
+
+# WK1 does not support sync XHR redirections as does WK2
+http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-sync-xhr-in-main-frame.html [ Skip ]
 
 # CSP Stuff

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-04-19  Youenn Fablet  <youenn@apple.com>
+
+        NetworkProcess should use CSP/content blockers for sync XHR
+        https://bugs.webkit.org/show_bug.cgi?id=184760
+
+        Reviewed by Chris Dumez.
+
+        Setting CSP/ContentBlockers parameters for sync XHR loads.
+        * NetworkProcess/NetworkResourceLoader.cpp:
+
 2018-04-19  Nan Wang  <n_wang@apple.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

@@ -110 +110 @@
     if (synchronousReply) {
         m_networkLoadChecker = NetworkLoadChecker::create(FetchOptions { m_parameters.options }, m_parameters.sessionID, HTTPHeaderMap { m_parameters.originalRequestHeaders }, URL { m_parameters.request.url() }, m_parameters.sourceOrigin.copyRef());
+        if (m_parameters.cspResponseHeaders)
+            m_networkLoadChecker->setCSPResponseHeaders(ContentSecurityPolicyResponseHeaders { m_parameters.cspResponseHeaders.value() });
+#if ENABLE(CONTENT_EXTENSIONS)
+        m_networkLoadChecker->setContentExtensionController(URL { m_parameters.mainDocumentURL }, m_parameters.userContentControllerIdentifier);
+#endif
         m_synchronousLoadData = std::make_unique<SynchronousLoadData>(WTFMove(synchronousReply));
     }