Changeset 246872 in webkit

Timestamp:

Jun 26, 2019 11:33:50 PM (5 years ago)

Author:

jiewen_tan@apple.com

Message:

SubFrameSOAuthorizationSession should preserve the referrer header when fall back to web path
​https://bugs.webkit.org/show_bug.cgi?id=199232
<rdar://problem/51718328>

Reviewed by Youenn Fablet.

Source/WebKit:

The fall back to web path mechanism in SubFrameSOAuthorizationSession doesn't actually resume
the previous navigation. Instead it starts a new one. The current implementation doesn't carry
any information from the previous navigation. It is problematic when it comes to http referrer
as the server might use that to determine what kind of responses to send back. Therefore, we
add that information now.

To accomplish the above, the patch teaches WebFrameProxy::loadURL to carry referrer information
when it is available. Then SubFrameSOAuthorizationSession can reuses the referrer from the
original request.

• UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm:

(WebKit::SubFrameSOAuthorizationSession::fallBackToWebPathInternal):

• UIProcess/WebFrameProxy.cpp:

(WebKit::WebFrameProxy::loadURL):

• UIProcess/WebFrameProxy.h:
• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::loadURLInFrame):

• WebProcess/WebPage/WebPage.h:
• WebProcess/WebPage/WebPage.messages.in:

Tools:

• TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:

(TestWebKitAPI::TEST):
Add a test that utilizes TCPServer as local files always omit referrer.

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm (modified) (1 diff)
• Source/WebKit/UIProcess/WebFrameProxy.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/WebFrameProxy.h (modified) (1 diff)
• Source/WebKit/WebProcess/WebPage/WebPage.cpp (modified) (2 diffs)
• Source/WebKit/WebProcess/WebPage/WebPage.h (modified) (1 diff)
• Source/WebKit/WebProcess/WebPage/WebPage.messages.in (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm (modified) (5 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-06-26  Jiewen Tan  <jiewen_tan@apple.com>
+
+        SubFrameSOAuthorizationSession should preserve the referrer header when fall back to web path
+        https://bugs.webkit.org/show_bug.cgi?id=199232
+        <rdar://problem/51718328>
+
+        Reviewed by Youenn Fablet.
+
+        The fall back to web path mechanism in SubFrameSOAuthorizationSession doesn't actually resume
+        the previous navigation. Instead it starts a new one. The current implementation doesn't carry
+        any information from the previous navigation. It is problematic when it comes to http referrer
+        as the server might use that to determine what kind of responses to send back. Therefore, we
+        add that information now.
+
+        To accomplish the above, the patch teaches WebFrameProxy::loadURL to carry referrer information
+        when it is available. Then SubFrameSOAuthorizationSession can reuses the referrer from the
+        original request.
+
+        * UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm:
+        (WebKit::SubFrameSOAuthorizationSession::fallBackToWebPathInternal):
+        * UIProcess/WebFrameProxy.cpp:
+        (WebKit::WebFrameProxy::loadURL):
+        * UIProcess/WebFrameProxy.h:
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::loadURLInFrame):
+        * WebProcess/WebPage/WebPage.h:
+        * WebProcess/WebPage/WebPage.messages.in:
+
 2019-06-26  Fujii Hironori  <Hironori.Fujii@sony.com>
 

trunk/Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm

@@ -69 +69 @@
                 page->setShouldSuppressSOAuthorizationInNextNavigationPolicyDecision();
                 // Issue a new load to the original URL as the original load is aborted before start.
-                frame->loadURL(navigationActionPtr->request().url());
+                frame->loadURL(navigationActionPtr->request().url(), navigationActionPtr->request().httpReferrer());
             }
         }

trunk/Source/WebKit/UIProcess/WebFrameProxy.cpp

@@ -80 +80 @@
 }
 
-void WebFrameProxy::loadURL(const URL& url)
-{
-    if (!m_page)
-        return;
-
-    m_page->process().send(Messages::WebPage::LoadURLInFrame(url, m_frameID), m_page->pageID());
+void WebFrameProxy::loadURL(const URL& url, const String& referrer)
+{
+    if (!m_page)
+        return;
+
+    m_page->process().send(Messages::WebPage::LoadURLInFrame(url, referrer, m_frameID), m_page->pageID());
 }
 

trunk/Source/WebKit/UIProcess/WebFrameProxy.h

@@ -79 +79 @@
     FrameLoadState& frameLoadState() { return m_frameLoadState; }
 
-    void loadURL(const URL&);
+    void loadURL(const URL&, const String& referrer = String());
     // Sub frames only. For main frames, use WebPageProxy::loadData.
     void loadData(const IPC::DataReference&, const String& MIMEType, const String& encodingName, const URL& baseURL);

trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp

@@ -1489 +1489 @@
 }
 
-void WebPage::loadURLInFrame(URL&& url, uint64_t frameID)
+void WebPage::loadURLInFrame(URL&& url, const String& referrer, uint64_t frameID)
 {
     WebFrame* frame = WebProcess::singleton().webFrame(frameID);
@@ -1495 +1495 @@
         return;
 
-    frame->coreFrame()->loader().load(FrameLoadRequest(*frame->coreFrame(), ResourceRequest(url), ShouldOpenExternalURLsPolicy::ShouldNotAllow));
+    frame->coreFrame()->loader().load(FrameLoadRequest(*frame->coreFrame(), ResourceRequest(url, referrer), ShouldOpenExternalURLsPolicy::ShouldNotAllow));
 }
 

trunk/Source/WebKit/WebProcess/WebPage/WebPage.h

@@ -1338 +1338 @@
     static bool logicalScroll(WebCore::Page*, WebCore::ScrollLogicalDirection, WebCore::ScrollGranularity);
 
-    void loadURLInFrame(URL&&, uint64_t frameID);
+    void loadURLInFrame(URL&&, const String& referrer, uint64_t frameID);
     void loadDataInFrame(IPC::DataReference&&, String&& MIMEType, String&& encodingName, URL&& baseURL, uint64_t frameID);
 

trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in

@@ -159 +159 @@
     TryRestoreScrollPosition()
 
-    LoadURLInFrame(URL url, uint64_t frameID)
+    LoadURLInFrame(URL url, String referrer, uint64_t frameID)
     LoadDataInFrame(IPC::DataReference data, String MIMEType, String encodingName, URL baseURL, uint64_t frameID)
     LoadRequest(struct WebKit::LoadParameters loadParameters)

trunk/Tools/ChangeLog

@@ +1 @@
+2019-06-26  Jiewen Tan  <jiewen_tan@apple.com>
+
+        SubFrameSOAuthorizationSession should preserve the referrer header when fall back to web path
+        https://bugs.webkit.org/show_bug.cgi?id=199232
+        <rdar://problem/51718328>
+
+        Reviewed by Youenn Fablet.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:
+        (TestWebKitAPI::TEST):
+        Add a test that utilizes TCPServer as local files always omit referrer.
+
 2019-06-26  Aakash Jain  <aakash_jain@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm

@@ -32 +32 @@
 #import "InstanceMethodSwizzler.h"
 #import "PlatformUtilities.h"
+#import "TCPServer.h"
 #import "TestWKWebView.h"
 #import <WebKit/WKNavigationActionPrivate.h>
 #import <WebKit/WKNavigationDelegatePrivate.h>
 #import <WebKit/WKNavigationPrivate.h>
+#import <WebKit/WKWebViewPrivate.h>
 #import <pal/cocoa/AppSSOSoftLink.h>
 #import <pal/spi/cocoa/AuthKitSPI.h>
@@ -42 +44 @@
 #import <wtf/StringPrintStream.h>
 #import <wtf/URL.h>
+#import <wtf/text/StringConcatenateNumbers.h>
 #import <wtf/text/WTFString.h>
 
@@ -96 +99 @@
 static const char* parentTemplate =
 "<html>"
+"<meta name='referrer' content='origin' />"
 "<iframe src='%s'></iframe>"
 "<script>"
@@ -111 +115 @@
 "<script>"
 "parent.postMessage('Hello.', '*');"
+"%s"
 "</script>"
 "</html>";
@@ -2125 +2130 @@
 }
 
+TEST(SOAuthorizationSubFrame, InterceptionErrorWithReferrer)
+{
+    resetState();
+    ClassMethodSwizzler swizzler1(PAL::getSOAuthorizationClass(), @selector(canPerformAuthorizationWithURL:responseCode:), reinterpret_cast<IMP>(overrideCanPerformAuthorizationWithURL));
+    InstanceMethodSwizzler swizzler2(PAL::getSOAuthorizationClass(), @selector(setDelegate:), reinterpret_cast<IMP>(overrideSetDelegate));
+    InstanceMethodSwizzler swizzler3(PAL::getSOAuthorizationClass(), @selector(beginAuthorizationWithURL:httpHeaders:httpBody:), reinterpret_cast<IMP>(overrideBeginAuthorizationWithURL));
+    ClassMethodSwizzler swizzler4([AKAuthorizationController class], @selector(isURLFromAppleOwnedDomain:), reinterpret_cast<IMP>(overrideIsURLFromAppleOwnedDomain));
+
+    TCPServer server([parentHtml = generateHtml(parentTemplate, "simple.html"), frameHtml = generateHtml(iframeTemplate, "parent.postMessage('Referrer: ' + document.referrer, '*');")] (int socket) {
+        NSString *firstResponse = [NSString stringWithFormat:
+            @"HTTP/1.1 200 OK\r\n"
+            "Content-Length: %d\r\n\r\n"
+            "%@",
+            parentHtml.length(),
+            (id)parentHtml
+        ];
+        NSString *secondResponse = [NSString stringWithFormat:
+            @"HTTP/1.1 200 OK\r\n"
+            "Content-Length: %d\r\n\r\n"
+            "%@",
+            frameHtml.length(),
+            (id)frameHtml
+        ];
+
+        TCPServer::read(socket);
+        TCPServer::write(socket, firstResponse.UTF8String, firstResponse.length);
+        TCPServer::read(socket);
+        TCPServer::write(socket, secondResponse.UTF8String, secondResponse.length);
+    });
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[TestSOAuthorizationNavigationDelegate alloc] init]);
+    configureSOAuthorizationWebView(webView.get(), delegate.get());
+
+    auto origin = makeString("http://127.0.0.1:", static_cast<unsigned>(server.port()));
+    [webView _loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:(id)origin]] shouldOpenExternalURLs:NO];
+    [webView waitForMessage:(id)origin];
+    [webView waitForMessage:@"SOAuthorizationDidStart"];
+
+    [gDelegate authorization:gAuthorization didCompleteWithError:adoptNS([[NSError alloc] initWithDomain:NSCocoaErrorDomain code:0 userInfo:nil]).get()];
+    [webView waitForMessage:(id)origin];
+    [webView waitForMessage:@"SOAuthorizationDidCancel"];
+    [webView waitForMessage:(id)makeString("Referrer: ", origin, "/")]; // Referrer policy requires '/' after origin.
+}
+
 } // namespace TestWebKitAPI