Changeset 251786 in webkit

Timestamp:

Oct 30, 2019 11:32:59 AM (5 years ago)

Author:

Chris Dumez

Message:

REGRESSION (r238252): HTTP POST is losing application/x-www-form-urlencoded body if there's a redirect to different host
​https://bugs.webkit.org/show_bug.cgi?id=201950
<rdar://problem/55577782>

Reviewed by Alex Christensen.

Source/WebKit:

The resource request body was getting lost on cross-site redirects. This was caused by the fact that a cross-site
redirect would cause a process-swap and the request to start again from a new process. This would work fine if
the request does not have a body. However, we have an optimization in place which avoids encoding the request body
whenever it is sent over IPC. Because the WebResourceLoader::WillSendRequest IPC would not encode the request body,
any decision to process swap as a result of this IPC (i.e. redirect) would cause the new request in the new process
to be missing its body. To address the issue, we now make sure to pass the request body in the WillSendRequest IPC
and reconsile the request with its body on the recipient side.

Test: http/tests/misc/form-submit-file-cross-site-redirect.html

• NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest):

• NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp:

(WebKit::ServiceWorkerFetchTask::didReceiveRedirectResponse):

• WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::willSendRequest):

• WebProcess/Network/WebResourceLoader.h:
• WebProcess/Network/WebResourceLoader.messages.in:

LayoutTests:

Add layout test coverage.

• http/tests/misc/form-submit-file-cross-site-redirect-expected.txt: Added.
• http/tests/misc/form-submit-file-cross-site-redirect.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/misc/form-submit-file-cross-site-redirect-expected.txt (added)
• LayoutTests/http/tests/misc/form-submit-file-cross-site-redirect.html (added)
• LayoutTests/platform/win/TestExpectations (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (modified) (1 diff)
• Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp (modified) (1 diff)
• Source/WebKit/WebProcess/Network/WebResourceLoader.cpp (modified) (2 diffs)
• Source/WebKit/WebProcess/Network/WebResourceLoader.h (modified) (2 diffs)
• Source/WebKit/WebProcess/Network/WebResourceLoader.messages.in (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-10-30  Chris Dumez  <cdumez@apple.com>
+
+        REGRESSION (r238252): HTTP POST is losing application/x-www-form-urlencoded body if there's a redirect to different host
+        https://bugs.webkit.org/show_bug.cgi?id=201950
+        <rdar://problem/55577782>
+
+        Reviewed by Alex Christensen.
+
+        Add layout test coverage.
+
+        * http/tests/misc/form-submit-file-cross-site-redirect-expected.txt: Added.
+        * http/tests/misc/form-submit-file-cross-site-redirect.html: Added.
+
 2019-10-30  Antti Koivisto  <antti@apple.com>
 

trunk/LayoutTests/platform/win/TestExpectations

@@ -214 +214 @@
 fast/forms/file/recover-file-input-in-unposted-form.html [ Skip ]
 http/tests/misc/form-submit-file-cross-site.html [ Skip ]
+http/tests/misc/form-submit-file-cross-site-redirect.html [ Skip ]
 http/tests/xmlhttprequest/post-blob-content-type-async.html [ Skip ]
 http/tests/xmlhttprequest/post-blob-content-type-sync.html [ Skip ]

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-10-30  Chris Dumez  <cdumez@apple.com>
+
+        REGRESSION (r238252): HTTP POST is losing application/x-www-form-urlencoded body if there's a redirect to different host
+        https://bugs.webkit.org/show_bug.cgi?id=201950
+        <rdar://problem/55577782>
+
+        Reviewed by Alex Christensen.
+
+        The resource request body was getting lost on cross-site redirects. This was caused by the fact that a cross-site
+        redirect would cause a process-swap and the request to start again from a new process. This would work fine if
+        the request does not have a body. However, we have an optimization in place which avoids encoding the request body
+        whenever it is sent over IPC. Because the WebResourceLoader::WillSendRequest IPC would not encode the request body,
+        any decision to process swap as a result of this IPC (i.e. redirect) would cause the new request in the new process
+        to be missing its body. To address the issue, we now make sure to pass the request body in the WillSendRequest IPC
+        and reconsile the request with its body on the recipient side.
+
+        Test: http/tests/misc/form-submit-file-cross-site-redirect.html
+
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::continueWillSendRedirectedRequest):
+        * NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp:
+        (WebKit::ServiceWorkerFetchTask::didReceiveRedirectResponse):
+        * WebProcess/Network/WebResourceLoader.cpp:
+        (WebKit::WebResourceLoader::willSendRequest):
+        * WebProcess/Network/WebResourceLoader.h:
+        * WebProcess/Network/WebResourceLoader.messages.in:
+
 2019-10-30  Jer Noble  <jer.noble@apple.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

@@ -724 +724 @@
         networkSession->handleAdClickAttributionConversion(WTFMove(*adClickConversion), request.url(), redirectRequest);
 
-    send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, sanitizeResponseIfPossible(WTFMove(redirectResponse), ResourceResponse::SanitizationType::Redirection)));
+    // We send the request body separately because the ResourceRequest body normally does not get encoded when sent over IPC, as an optimization.
+    // However, we really need the body here because a redirect cross-site may cause a process-swap and the request to start again in a new WebContent process.
+    send(Messages::WebResourceLoader::WillSendRequest(redirectRequest, IPC::FormDataReference { redirectRequest.httpBody() }, sanitizeResponseIfPossible(WTFMove(redirectResponse), ResourceResponse::SanitizationType::Redirection)));
 }
 

trunk/Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp

@@ -112 +112 @@
     auto newRequest = m_currentRequest.redirectedRequest(response, m_loader.parameters().shouldClearReferrerOnHTTPSToHTTPRedirect);
 
-    sendToClient(Messages::WebResourceLoader::WillSendRequest { newRequest, response });
+    sendToClient(Messages::WebResourceLoader::WillSendRequest { newRequest, IPC::FormDataReference { newRequest.httpBody() }, response });
 }
 

trunk/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp

@@ -28 +28 @@
 
 #include "DataReference.h"
+#include "FormDataReference.h"
 #include "Logging.h"
 #include "NetworkProcessConnection.h"
@@ -93 +94 @@
 }
 
-void WebResourceLoader::willSendRequest(ResourceRequest&& proposedRequest, ResourceResponse&& redirectResponse)
+void WebResourceLoader::willSendRequest(ResourceRequest&& proposedRequest, IPC::FormDataReference&& proposedRequestBody, ResourceResponse&& redirectResponse)
 {
     Ref<WebResourceLoader> protectedThis(*this);
+
+    // Make the request whole again as we do not normally encode the request's body when sending it over IPC, for performance reasons.
+    proposedRequest.setHTTPBody(proposedRequestBody.takeData());
 
     LOG(Network, "(WebProcess) WebResourceLoader::willSendRequest to '%s'", proposedRequest.url().string().latin1().data());

trunk/Source/WebKit/WebProcess/Network/WebResourceLoader.h

@@ -38 +38 @@
 namespace IPC {
 class DataReference;
+class FormDataReference;
 }
 
@@ -80 +81 @@
     uint64_t messageSenderDestinationID() const override;
 
-    void willSendRequest(WebCore::ResourceRequest&&, WebCore::ResourceResponse&&);
+    void willSendRequest(WebCore::ResourceRequest&&, IPC::FormDataReference&& requestBody, WebCore::ResourceResponse&&);
     void didSendData(uint64_t bytesSent, uint64_t totalBytesToBeSent);
     void didReceiveResponse(const WebCore::ResourceResponse&, bool needsContinueDidReceiveResponseMessage);

trunk/Source/WebKit/WebProcess/Network/WebResourceLoader.messages.in

@@ -22 +22 @@
 
 messages -> WebResourceLoader LegacyReceiver {
-    WillSendRequest(WebCore::ResourceRequest request, WebCore::ResourceResponse redirectResponse)
+    WillSendRequest(WebCore::ResourceRequest request, IPC::FormDataReference requestBody, WebCore::ResourceResponse redirectResponse)
     DidSendData(uint64_t bytesSent, uint64_t totalBytesToBeSent)
     DidReceiveResponse(WebCore::ResourceResponse response, bool needsContinueDidReceiveResponseMessage)