Changeset 250288 in webkit
- Timestamp:
- Sep 23, 2019 11:59:52 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 1 deleted
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r250283 r250288 1 2019-09-23 Youenn Fablet <youenn@apple.com> 2 3 Support sync-xhr feature policy 4 https://bugs.webkit.org/show_bug.cgi?id=202098 5 6 Reviewed by Alex Christensen. 7 8 * TestExpectations: enable test. 9 * platform/mac-wk1/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt: Deleted. 10 1 11 2019-09-23 Alex Christensen <achristensen@webkit.org> 2 12 -
trunk/LayoutTests/TestExpectations
r250283 r250288 696 696 imported/w3c/web-platform-tests/xhr/send-redirect-bogus-sync.htm [ DumpJSConsoleLogInStdErr ] 697 697 698 imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html [ Skip ]699 698 webkit.org/b/179607 imported/w3c/web-platform-tests/xhr/access-control-and-redirects-async.htm [ Pass Failure ] 700 699 webkit.org/b/179607 imported/w3c/web-platform-tests/xhr/access-control-and-redirects-async-same-origin.htm [ Pass Failure ] -
trunk/LayoutTests/imported/w3c/ChangeLog
r250283 r250288 1 2019-09-23 Youenn Fablet <youenn@apple.com> 2 3 Support sync-xhr feature policy 4 https://bugs.webkit.org/show_bug.cgi?id=202098 5 6 Reviewed by Alex Christensen. 7 8 Update test to use hosts[alt][]. 9 10 * web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt: 11 * web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html: 12 1 13 2019-09-23 Alex Christensen <achristensen@webkit.org> 2 14 -
trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt
r235354 r250288 1 Blocked access to external URL http://www.localhost:8800/XMLHttpRequest/xmlhttprequest-sync-default-feature-policy.sub.html#iframe#sync-xhr2 Blocked access to external URL http://www.localhost:8800/XMLHttpRequest/xmlhttprequest-sync-default-feature-policy.sub.html#iframe#sync-xhr3 4 5 Harness Error (TIMEOUT), message = null6 1 7 2 PASS Default "sync-xhr" feature policy ["*"] allows the top-level document. 8 3 PASS Default "sync-xhr" feature policy ["*"] allows same-origin iframes. 9 TIMEOUT Default "sync-xhr" feature policy ["*"] allows cross-origin iframes. Test timed out 10 TIMEOUT Feature policy "sync-xhr" can be disabled in cross-origin iframes using "allow" attribute. Test timed out 4 PASS Default "sync-xhr" feature policy ["*"] allows cross-origin iframes. 5 PASS Feature policy "sync-xhr" can be disabled in cross-origin iframes using "allow" attribute. 11 6 -
trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html
r235354 r250288 10 10 'use strict'; 11 11 run_all_fp_tests_allow_all( 12 'http://{{ domains[www]}}:{{ports[http][0]}}',12 'http://{{hosts[alt][]}}:{{ports[http][0]}}', 13 13 'sync-xhr', 14 14 'NetworkError', -
trunk/Source/WebCore/ChangeLog
r250287 r250288 1 2019-09-23 Youenn Fablet <youenn@apple.com> 2 3 Support sync-xhr feature policy 4 https://bugs.webkit.org/show_bug.cgi?id=202098 5 6 Reviewed by Alex Christensen. 7 8 Add support for sync-xhr feature policy parsing. 9 Use this feature policy to control use of sync XHR in documents 10 as per https://xhr.spec.whatwg.org/#the-send()-method step 12. 11 12 Covered by updated test. 13 14 * html/FeaturePolicy.cpp: 15 (WebCore::FeaturePolicy::parse): 16 (WebCore::FeaturePolicy::allows const): 17 * html/FeaturePolicy.h: 18 * xml/XMLHttpRequest.cpp: 19 (WebCore::isSyncXHRAllowedByFeaturePolicy): 20 (WebCore::XMLHttpRequest::createRequest): 21 1 22 2019-09-23 Chris Dumez <cdumez@apple.com> 2 23 -
trunk/Source/WebCore/html/FeaturePolicy.cpp
r245681 r250288 101 101 bool isMicrophoneInitialized = false; 102 102 bool isDisplayCaptureInitialized = false; 103 bool isSyncXHRInitialized = false; 103 104 for (auto allowItem : allowAttributeValue.split(';')) { 104 105 auto item = allowItem.stripLeadingAndTrailingMatchedCharacters(isHTMLSpace<UChar>); … … 118 119 continue; 119 120 } 121 if (item.startsWith("sync-xhr")) { 122 isSyncXHRInitialized = true; 123 updateList(document, policy.m_syncXHRRule, item.substring(8)); 124 continue; 125 } 120 126 } 121 127 … … 127 133 if (!isDisplayCaptureInitialized) 128 134 policy.m_displayCaptureRule.allowedList.add(document.securityOrigin().data()); 135 136 if (!isSyncXHRInitialized) 137 policy.m_syncXHRRule.type = AllowRule::Type::All; 129 138 130 139 return policy; … … 140 149 case Type::DisplayCapture: 141 150 return isAllowedByFeaturePolicy(m_displayCaptureRule, origin); 151 case Type::SyncXHR: 152 return isAllowedByFeaturePolicy(m_syncXHRRule, origin); 142 153 } 143 154 ASSERT_NOT_REACHED(); -
trunk/Source/WebCore/html/FeaturePolicy.h
r245625 r250288 38 38 static FeaturePolicy parse(Document&, StringView); 39 39 40 enum class Type { Camera, Microphone, DisplayCapture };40 enum class Type { Camera, Microphone, DisplayCapture, SyncXHR }; 41 41 bool allows(Type, const SecurityOriginData&) const; 42 42 … … 51 51 AllowRule m_microphoneRule; 52 52 AllowRule m_displayCaptureRule; 53 AllowRule m_syncXHRRule; 53 54 }; 54 55 -
trunk/Source/WebCore/xml/XMLHttpRequest.cpp
r250153 r250288 34 34 #include "File.h" 35 35 #include "HTMLDocument.h" 36 #include "HTMLIFrameElement.h" 36 37 #include "HTTPHeaderNames.h" 37 38 #include "HTTPHeaderValues.h" … … 570 571 } 571 572 573 static inline bool isSyncXHRAllowedByFeaturePolicy(Document& document) 574 { 575 auto& topDocument = document.topDocument(); 576 if (&document != &topDocument) { 577 for (auto* ancestorDocument = &document; ancestorDocument != &topDocument; ancestorDocument = ancestorDocument->parentDocument()) { 578 auto* element = ancestorDocument->ownerElement(); 579 ASSERT(element); 580 if (element && is<HTMLIFrameElement>(*element)) { 581 auto& featurePolicy = downcast<HTMLIFrameElement>(*element).featurePolicy(); 582 if (!featurePolicy.allows(FeaturePolicy::Type::SyncXHR, ancestorDocument->securityOrigin().data())) 583 return false; 584 } 585 } 586 } 587 return true; 588 } 589 572 590 ExceptionOr<void> XMLHttpRequest::createRequest() 573 591 { … … 643 661 setPendingActivity(*this); 644 662 } else { 663 if (scriptExecutionContext()->isDocument() && !isSyncXHRAllowedByFeaturePolicy(*document())) 664 return Exception { NetworkError }; 665 645 666 request.setDomainForCachePartition(scriptExecutionContext()->domainForCachePartition()); 646 667 InspectorInstrumentation::willLoadXHRSynchronously(scriptExecutionContext());
Note: See TracChangeset
for help on using the changeset viewer.