Changeset 244544 in webkit

Timestamp:

Apr 23, 2019 9:14:05 AM (5 years ago)

Author:

wilander@apple.com

Message:

Ad Click Attribution redirects to well-known location should not trigger a conversion if they are blocked by content blockers
​https://bugs.webkit.org/show_bug.cgi?id=197183
<rdar://problem/47763188>

Reviewed by Alex Christensen.

Source/WebKit:

Ad Click Attribution conversions are picked up in the redirect handler
in WebKit::NetworkResourceLoader. Content blocking typically happens in
the continued redirect request handling in the web content process and
a blocked request comes back empty.

We need to call the WebKit::NetworkLoadChecker in the network process
for these specific redirects, just like we do for Ping.

The change makes use of the existing function
NetworkLoadChecker::enableContentExtensionsCheck() for this purpose.

In essence, this change makes it possible to block all conversions made
to a "/.well-known/ad-click-attribution/" URL.

• NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::handleAdClickAttributionConversion):

New convenience function.

(WebKit::NetworkResourceLoader::willSendRedirectedRequest):

Now calls NetworkLoadChecker::enableContentExtensionsCheck() if
an Ad Click Attribution conversion was found in the redirect URL.

(WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest):

If the request was not blocked, it will store any found conversion here.

• NetworkProcess/NetworkResourceLoader.h:

LayoutTests:

• http/tests/contentextensions/block-ad-click-attribution-expected.txt: Added.
• http/tests/contentextensions/block-ad-click-attribution.html: Added.
• http/tests/contentextensions/block-ad-click-attribution.html.json: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/contentextensions/block-ad-click-attribution-expected.txt (added)
• LayoutTests/http/tests/contentextensions/block-ad-click-attribution.html (added)
• LayoutTests/http/tests/contentextensions/block-ad-click-attribution.html.json (added)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (modified) (4 diffs)
• Source/WebKit/NetworkProcess/NetworkResourceLoader.h (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-04-23  John Wilander  <wilander@apple.com>
+
+        Ad Click Attribution redirects to well-known location should not trigger a conversion if they are blocked by content blockers
+        https://bugs.webkit.org/show_bug.cgi?id=197183
+        <rdar://problem/47763188>
+
+        Reviewed by Alex Christensen.
+
+        * http/tests/contentextensions/block-ad-click-attribution-expected.txt: Added.
+        * http/tests/contentextensions/block-ad-click-attribution.html: Added.
+        * http/tests/contentextensions/block-ad-click-attribution.html.json: Added.
+
 2019-04-23  Shawn Roberts  <sroberts@apple.com>
 

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-04-23  John Wilander  <wilander@apple.com>
+
+        Ad Click Attribution redirects to well-known location should not trigger a conversion if they are blocked by content blockers
+        https://bugs.webkit.org/show_bug.cgi?id=197183
+        <rdar://problem/47763188>
+
+        Reviewed by Alex Christensen.
+
+        Ad Click Attribution conversions are picked up in the redirect handler
+        in WebKit::NetworkResourceLoader. Content blocking typically happens in
+        the continued redirect request handling in the web content process and
+        a blocked request comes back empty.
+
+        We need to call the WebKit::NetworkLoadChecker in the network process
+        for these specific redirects, just like we do for Ping.
+
+        The change makes use of the existing function
+        NetworkLoadChecker::enableContentExtensionsCheck() for this purpose.
+
+        In essence, this change makes it possible to block all conversions made
+        to a "/.well-known/ad-click-attribution/" URL.
+
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::handleAdClickAttributionConversion):
+            New convenience function.
+        (WebKit::NetworkResourceLoader::willSendRedirectedRequest):
+            Now calls NetworkLoadChecker::enableContentExtensionsCheck() if
+            an Ad Click Attribution conversion was found in the redirect URL.
+        (WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest):
+            If the request was not blocked, it will store any found conversion here.
+        * NetworkProcess/NetworkResourceLoader.h:
+
 2019-04-23  Don Olmstead  <don.olmstead@sony.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

@@ -43 +43 @@
 #include "WebResourceLoaderMessages.h"
 #include "WebsiteDataStoreParameters.h"
-#include <WebCore/AdClickAttribution.h>
 #include <WebCore/BlobDataFileReference.h>
 #include <WebCore/CertificateInfo.h>
@@ -582 +581 @@
 }
 
+void NetworkResourceLoader::handleAdClickAttributionConversion(AdClickAttribution::Conversion&& conversion, const URL& requestURL, const WebCore::ResourceRequest& redirectRequest)
+{
+    ASSERT(!sessionID().isEphemeral());
+
+    RegistrableDomain redirectDomain { redirectRequest.url() };
+    auto& firstPartyURL = redirectRequest.firstPartyForCookies();
+    NetworkSession* networkSession = nullptr;
+    // The redirect has to be done by the same registrable domain and it has to be a third-party request.
+    if (redirectDomain.matches(requestURL) && !redirectDomain.matches(firstPartyURL) && (networkSession = m_connection->networkProcess().networkSession(sessionID())))
+        networkSession->convertAdClickAttribution(AdClickAttribution::Source { WTFMove(redirectDomain) }, AdClickAttribution::Destination { firstPartyURL }, WTFMove(conversion));
+}
+
 void NetworkResourceLoader::willSendRedirectedRequest(ResourceRequest&& request, ResourceRequest&& redirectRequest, ResourceResponse&& redirectResponse)
 {
     ++m_redirectCount;
 
-    auto& redirectURL = redirectRequest.url();
-    if (!sessionID().isEphemeral()) {
-        if (auto adClickConversion = AdClickAttribution::parseConversionRequest(redirectURL)) {
-            RegistrableDomain redirectDomain { redirectURL };
-            auto& firstPartyURL = redirectRequest.firstPartyForCookies();
-            NetworkSession* networkSession = nullptr;
-            // The redirect has to be done by the same registrable domain and it has to be a third-party request.
-            if (redirectDomain.matches(request.url()) && !redirectDomain.matches(firstPartyURL) && (networkSession = m_connection->networkProcess().networkSession(sessionID())))
-                networkSession->convertAdClickAttribution(AdClickAttribution::Source { WTFMove(redirectDomain) }, AdClickAttribution::Destination { firstPartyURL }, WTFMove(*adClickConversion));
-        }
-    }
+    Optional<AdClickAttribution::Conversion> adClickConversion;
+    if (!sessionID().isEphemeral())
+        adClickConversion = AdClickAttribution::parseConversionRequest(redirectRequest.url());
 
     auto maxAgeCap = validateCacheEntryForMaxAgeCapValidation(request, redirectRequest, redirectResponse);
@@ -603 +606 @@
 
     if (m_networkLoadChecker) {
+        if (adClickConversion)
+            m_networkLoadChecker->enableContentExtensionsCheck();
         m_networkLoadChecker->storeRedirectionIfNeeded(request, redirectResponse);
-        m_networkLoadChecker->checkRedirection(WTFMove(request), WTFMove(redirectRequest), WTFMove(redirectResponse), this, [protectedThis = makeRef(*this), this, storedCredentialsPolicy = m_networkLoadChecker->storedCredentialsPolicy()](auto&& result) mutable {
+        m_networkLoadChecker->checkRedirection(WTFMove(request), WTFMove(redirectRequest), WTFMove(redirectResponse), this, [protectedThis = makeRef(*this), this, storedCredentialsPolicy = m_networkLoadChecker->storedCredentialsPolicy(), adClickConversion = WTFMove(adClickConversion)](auto&& result) mutable {
             if (!result.has_value()) {
                 if (result.error().isCancellation())
@@ -632 +637 @@
 
             m_shouldRestartLoad = storedCredentialsPolicy != m_networkLoadChecker->storedCredentialsPolicy();
-            this->continueWillSendRedirectedRequest(WTFMove(result->request), WTFMove(result->redirectRequest), WTFMove(result->redirectResponse));
+            this->continueWillSendRedirectedRequest(WTFMove(result->request), WTFMove(result->redirectRequest), WTFMove(result->redirectResponse), WTFMove(adClickConversion));
         });
         return;
     }
-    continueWillSendRedirectedRequest(WTFMove(request), WTFMove(redirectRequest), WTFMove(redirectResponse));
-}
-
-void NetworkResourceLoader::continueWillSendRedirectedRequest(ResourceRequest&& request, ResourceRequest&& redirectRequest, ResourceResponse&& redirectResponse)
+    continueWillSendRedirectedRequest(WTFMove(request), WTFMove(redirectRequest), WTFMove(redirectResponse), WTFMove(adClickConversion));
+}
+
+void NetworkResourceLoader::continueWillSendRedirectedRequest(ResourceRequest&& request, ResourceRequest&& redirectRequest, ResourceResponse&& redirectResponse, Optional<AdClickAttribution::Conversion>&& adClickConversion)
 {
     ASSERT(!isSynchronous());
 
+    if (adClickConversion)
+        handleAdClickAttributionConversion(WTFMove(*adClickConversion), request.url(), redirectRequest);
     send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, sanitizeResponseIfPossible(WTFMove(redirectResponse), ResourceResponse::SanitizationType::Redirection)));
 }

trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h

@@ -32 +32 @@
 #include "NetworkLoadClient.h"
 #include "NetworkResourceLoadParameters.h"
+#include <WebCore/AdClickAttribution.h>
 #include <WebCore/ContentSecurityPolicyClient.h>
 #include <WebCore/ResourceResponse.h>
@@ -160 +161 @@
 #endif
 
-    void continueWillSendRedirectedRequest(WebCore::ResourceRequest&&, WebCore::ResourceRequest&& redirectRequest, WebCore::ResourceResponse&&);
+    void continueWillSendRedirectedRequest(WebCore::ResourceRequest&&, WebCore::ResourceRequest&& redirectRequest, WebCore::ResourceResponse&&, Optional<WebCore::AdClickAttribution::Conversion>&&);
     void didFinishWithRedirectResponse(WebCore::ResourceResponse&&);
     WebCore::ResourceResponse sanitizeResponseIfPossible(WebCore::ResourceResponse&&, WebCore::ResourceResponse::SanitizationType);
@@ -170 +171 @@
 
     void logSlowCacheRetrieveIfNeeded(const NetworkCache::Cache::RetrieveInfo&);
+
+    void handleAdClickAttributionConversion(WebCore::AdClickAttribution::Conversion&&, const URL&, const WebCore::ResourceRequest&);
 
     Optional<Seconds> validateCacheEntryForMaxAgeCapValidation(const WebCore::ResourceRequest&, const WebCore::ResourceRequest& redirectRequest, const WebCore::ResourceResponse&);