Changeset 250288 in webkit


Ignore:
Timestamp:
Sep 23, 2019 11:59:52 PM (5 years ago)
Author:
youenn@apple.com
Message:

Support sync-xhr feature policy
https://bugs.webkit.org/show_bug.cgi?id=202098

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Update test to use hosts[alt][].

  • web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt:
  • web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html:

Source/WebCore:

Add support for sync-xhr feature policy parsing.
Use this feature policy to control use of sync XHR in documents
as per https://xhr.spec.whatwg.org/#the-send()-method step 12.

Covered by updated test.

  • html/FeaturePolicy.cpp:

(WebCore::FeaturePolicy::parse):
(WebCore::FeaturePolicy::allows const):

  • html/FeaturePolicy.h:
  • xml/XMLHttpRequest.cpp:

(WebCore::isSyncXHRAllowedByFeaturePolicy):
(WebCore::XMLHttpRequest::createRequest):

LayoutTests:

  • TestExpectations: enable test.
  • platform/mac-wk1/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt: Deleted.
Location:
trunk
Files:
1 deleted
9 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r250283 r250288  
     12019-09-23  Youenn Fablet  <youenn@apple.com>
     2
     3        Support sync-xhr feature policy
     4        https://bugs.webkit.org/show_bug.cgi?id=202098
     5
     6        Reviewed by Alex Christensen.
     7
     8        * TestExpectations: enable test.
     9        * platform/mac-wk1/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt: Deleted.
     10
    1112019-09-23  Alex Christensen  <achristensen@webkit.org>
    212
  • trunk/LayoutTests/TestExpectations

    r250283 r250288  
    696696imported/w3c/web-platform-tests/xhr/send-redirect-bogus-sync.htm [ DumpJSConsoleLogInStdErr ]
    697697
    698 imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html [ Skip ]
    699698webkit.org/b/179607 imported/w3c/web-platform-tests/xhr/access-control-and-redirects-async.htm [ Pass Failure ]
    700699webkit.org/b/179607 imported/w3c/web-platform-tests/xhr/access-control-and-redirects-async-same-origin.htm [ Pass Failure ]
  • trunk/LayoutTests/imported/w3c/ChangeLog

    r250283 r250288  
     12019-09-23  Youenn Fablet  <youenn@apple.com>
     2
     3        Support sync-xhr feature policy
     4        https://bugs.webkit.org/show_bug.cgi?id=202098
     5
     6        Reviewed by Alex Christensen.
     7
     8        Update test to use hosts[alt][].
     9
     10        * web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt:
     11        * web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html:
     12
    1132019-09-23  Alex Christensen  <achristensen@webkit.org>
    214
  • trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt

    r235354 r250288  
    1 Blocked access to external URL http://www.localhost:8800/XMLHttpRequest/xmlhttprequest-sync-default-feature-policy.sub.html#iframe#sync-xhr
    2 Blocked access to external URL http://www.localhost:8800/XMLHttpRequest/xmlhttprequest-sync-default-feature-policy.sub.html#iframe#sync-xhr
    3 
    4 
    5 Harness Error (TIMEOUT), message = null
    61
    72PASS Default "sync-xhr" feature policy ["*"] allows the top-level document.
    83PASS Default "sync-xhr" feature policy ["*"] allows same-origin iframes.
    9 TIMEOUT Default "sync-xhr" feature policy ["*"] allows cross-origin iframes. Test timed out
    10 TIMEOUT Feature policy "sync-xhr" can be disabled in cross-origin iframes using "allow" attribute. Test timed out
     4PASS Default "sync-xhr" feature policy ["*"] allows cross-origin iframes.
     5PASS Feature policy "sync-xhr" can be disabled in cross-origin iframes using "allow" attribute.
    116
  • trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html

    r235354 r250288  
    1010  'use strict';
    1111  run_all_fp_tests_allow_all(
    12       'http://{{domains[www]}}:{{ports[http][0]}}',
     12      'http://{{hosts[alt][]}}:{{ports[http][0]}}',
    1313      'sync-xhr',
    1414      'NetworkError',
  • trunk/Source/WebCore/ChangeLog

    r250287 r250288  
     12019-09-23  Youenn Fablet  <youenn@apple.com>
     2
     3        Support sync-xhr feature policy
     4        https://bugs.webkit.org/show_bug.cgi?id=202098
     5
     6        Reviewed by Alex Christensen.
     7
     8        Add support for sync-xhr feature policy parsing.
     9        Use this feature policy to control use of sync XHR in documents
     10        as per https://xhr.spec.whatwg.org/#the-send()-method step 12.
     11
     12        Covered by updated test.
     13
     14        * html/FeaturePolicy.cpp:
     15        (WebCore::FeaturePolicy::parse):
     16        (WebCore::FeaturePolicy::allows const):
     17        * html/FeaturePolicy.h:
     18        * xml/XMLHttpRequest.cpp:
     19        (WebCore::isSyncXHRAllowedByFeaturePolicy):
     20        (WebCore::XMLHttpRequest::createRequest):
     21
    1222019-09-23  Chris Dumez  <cdumez@apple.com>
    223
  • trunk/Source/WebCore/html/FeaturePolicy.cpp

    r245681 r250288  
    101101    bool isMicrophoneInitialized = false;
    102102    bool isDisplayCaptureInitialized = false;
     103    bool isSyncXHRInitialized = false;
    103104    for (auto allowItem : allowAttributeValue.split(';')) {
    104105        auto item = allowItem.stripLeadingAndTrailingMatchedCharacters(isHTMLSpace<UChar>);
     
    118119            continue;
    119120        }
     121        if (item.startsWith("sync-xhr")) {
     122            isSyncXHRInitialized = true;
     123            updateList(document, policy.m_syncXHRRule, item.substring(8));
     124            continue;
     125        }
    120126    }
    121127
     
    127133    if (!isDisplayCaptureInitialized)
    128134        policy.m_displayCaptureRule.allowedList.add(document.securityOrigin().data());
     135
     136    if (!isSyncXHRInitialized)
     137        policy.m_syncXHRRule.type = AllowRule::Type::All;
    129138
    130139    return policy;
     
    140149    case Type::DisplayCapture:
    141150        return isAllowedByFeaturePolicy(m_displayCaptureRule, origin);
     151    case Type::SyncXHR:
     152        return isAllowedByFeaturePolicy(m_syncXHRRule, origin);
    142153    }
    143154    ASSERT_NOT_REACHED();
  • trunk/Source/WebCore/html/FeaturePolicy.h

    r245625 r250288  
    3838    static FeaturePolicy parse(Document&, StringView);
    3939
    40     enum class Type { Camera, Microphone, DisplayCapture };
     40    enum class Type { Camera, Microphone, DisplayCapture, SyncXHR };
    4141    bool allows(Type, const SecurityOriginData&) const;
    4242
     
    5151    AllowRule m_microphoneRule;
    5252    AllowRule m_displayCaptureRule;
     53    AllowRule m_syncXHRRule;
    5354};
    5455
  • trunk/Source/WebCore/xml/XMLHttpRequest.cpp

    r250153 r250288  
    3434#include "File.h"
    3535#include "HTMLDocument.h"
     36#include "HTMLIFrameElement.h"
    3637#include "HTTPHeaderNames.h"
    3738#include "HTTPHeaderValues.h"
     
    570571}
    571572
     573static inline bool isSyncXHRAllowedByFeaturePolicy(Document& document)
     574{
     575    auto& topDocument = document.topDocument();
     576    if (&document != &topDocument) {
     577        for (auto* ancestorDocument = &document; ancestorDocument != &topDocument; ancestorDocument = ancestorDocument->parentDocument()) {
     578            auto* element = ancestorDocument->ownerElement();
     579            ASSERT(element);
     580            if (element && is<HTMLIFrameElement>(*element)) {
     581                auto& featurePolicy = downcast<HTMLIFrameElement>(*element).featurePolicy();
     582                if (!featurePolicy.allows(FeaturePolicy::Type::SyncXHR, ancestorDocument->securityOrigin().data()))
     583                    return false;
     584            }
     585        }
     586    }
     587    return true;
     588}
     589
    572590ExceptionOr<void> XMLHttpRequest::createRequest()
    573591{
     
    643661            setPendingActivity(*this);
    644662    } else {
     663        if (scriptExecutionContext()->isDocument() && !isSyncXHRAllowedByFeaturePolicy(*document()))
     664            return Exception { NetworkError };
     665
    645666        request.setDomainForCachePartition(scriptExecutionContext()->domainForCachePartition());
    646667        InspectorInstrumentation::willLoadXHRSynchronously(scriptExecutionContext());
Note: See TracChangeset for help on using the changeset viewer.