Changeset 55893 in webkit

Timestamp:

Mar 12, 2010 6:06:31 AM (14 years ago)

Author:

eric@webkit.org

Message:

2010-03-12 Jochen Eisinger <​jochen@chromium.org>

Reviewed by Jeremy Orlow.

Test for referrer information being stripped when the header is removed in willSendRequest
​https://bugs.webkit.org/show_bug.cgi?id=35920

• http/tests/security/no-referrer-expected.txt: Added.
• http/tests/security/no-referrer.html: Added.
• http/tests/security/resources/no-referrer-frame.php: Added.
• http/tests/security/resources/no-referrer.php: Added.
• platform/gtk/Skipped:
• platform/qt/Skipped:

2010-03-12 Jochen Eisinger <​jochen@chromium.org>

Reviewed by Jeremy Orlow.

Introduce setWillSendRequestClearHeader to LayoutTestController to selectively remove headers in willSendRequest. Used in http/tests/security/no-referrer.html
​https://bugs.webkit.org/show_bug.cgi?id=35920

• DumpRenderTree/LayoutTestController.cpp: (setWillSendRequestClearHeaderCallback): (LayoutTestController::staticFunctions):
• DumpRenderTree/LayoutTestController.h: (LayoutTestController::willSendRequestClearHeaders): (LayoutTestController::setWillSendRequestClearHeader):
• DumpRenderTree/mac/ResourceLoadDelegate.mm: (-[ResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:]):
• DumpRenderTree/win/ResourceLoadDelegate.cpp: (ResourceLoadDelegate::willSendRequest):

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/no-referrer-expected.txt (added)
• LayoutTests/http/tests/security/no-referrer.html (added)
• LayoutTests/http/tests/security/resources/no-referrer-frame.php (added)
• LayoutTests/http/tests/security/resources/no-referrer.php (added)
• LayoutTests/platform/gtk/Skipped (modified) (1 diff)
• LayoutTests/platform/qt/Skipped (modified) (1 diff)
• WebKitTools/ChangeLog (modified) (1 diff)
• WebKitTools/DumpRenderTree/LayoutTestController.cpp (modified) (2 diffs)
• WebKitTools/DumpRenderTree/LayoutTestController.h (modified) (3 diffs)
• WebKitTools/DumpRenderTree/mac/ResourceLoadDelegate.mm (modified) (4 diffs)
• WebKitTools/DumpRenderTree/win/ResourceLoadDelegate.cpp (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2010-03-12  Jochen Eisinger  <jochen@chromium.org>
+
+        Reviewed by Jeremy Orlow.
+
+        Test for referrer information being stripped when the header is removed in willSendRequest
+        https://bugs.webkit.org/show_bug.cgi?id=35920
+
+        * http/tests/security/no-referrer-expected.txt: Added.
+        * http/tests/security/no-referrer.html: Added.
+        * http/tests/security/resources/no-referrer-frame.php: Added.
+        * http/tests/security/resources/no-referrer.php: Added.
+        * platform/gtk/Skipped:
+        * platform/qt/Skipped:
+
 2010-03-12  Nikolas Zimmermann  <nzimmermann@rim.com>
 

trunk/LayoutTests/platform/gtk/Skipped

@@ -5677 +5677 @@
 media/video-loop.html
 
+# GTK+ does not have layoutTestController.setWillSendRequestClearHeader.
+http/tests/security/no-referrer.html
+
 # GTK+ does not have layoutTestController.setWillSendRequestReturnsNull.
 fast/loader/onload-willSendRequest-null-for-script.html

trunk/LayoutTests/platform/qt/Skipped

@@ -199 +199 @@
 http/tests/misc/redirect-to-external-url.html
 http/tests/security/feed-urls-from-remote.html
+
+# Missing layoutTestController.setWillSendRequestClearHeader()
+http/tests/security/no-referrer.html
 
 # Missing layoutTestController.setWillSendRequestReturnsNull()

trunk/WebKitTools/ChangeLog

@@ +1 @@
+2010-03-12  Jochen Eisinger  <jochen@chromium.org>
+
+        Reviewed by Jeremy Orlow.
+
+        Introduce setWillSendRequestClearHeader to LayoutTestController to selectively remove headers in willSendRequest. Used in http/tests/security/no-referrer.html
+        https://bugs.webkit.org/show_bug.cgi?id=35920
+
+        * DumpRenderTree/LayoutTestController.cpp:
+        (setWillSendRequestClearHeaderCallback):
+        (LayoutTestController::staticFunctions):
+        * DumpRenderTree/LayoutTestController.h:
+        (LayoutTestController::willSendRequestClearHeaders):
+        (LayoutTestController::setWillSendRequestClearHeader):
+        * DumpRenderTree/mac/ResourceLoadDelegate.mm:
+        (-[ResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:]):
+        * DumpRenderTree/win/ResourceLoadDelegate.cpp:
+        (ResourceLoadDelegate::willSendRequest):
+
 2010-03-11  Fumitoshi Ukai  <ukai@chromium.org>
 

trunk/WebKitTools/DumpRenderTree/LayoutTestController.cpp

@@ -1020 +1020 @@
     LayoutTestController* controller = static_cast<LayoutTestController*>(JSObjectGetPrivate(thisObject));
     controller->setUserStyleSheetLocation(path.get());
+
+    return JSValueMakeUndefined(context);
+}
+
+static JSValueRef setWillSendRequestClearHeaderCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
+{
+    // Has mac & windows implementation
+    if (argumentCount < 1)
+        return JSValueMakeUndefined(context);
+
+    JSRetainPtr<JSStringRef> header(Adopt, JSValueToStringCopy(context, arguments[0], exception));
+    ASSERT(!*exception);
+
+    size_t maxLength = JSStringGetMaximumUTF8CStringSize(header.get());
+    char* headerBuffer = new char[maxLength + 1];
+    JSStringGetUTF8CString(header.get(), headerBuffer, maxLength + 1);
+
+    LayoutTestController* controller = static_cast<LayoutTestController*>(JSObjectGetPrivate(thisObject));
+    controller->setWillSendRequestClearHeader(headerBuffer);
 
     return JSValueMakeUndefined(context);
@@ -1464 +1483 @@
         { "setUserStyleSheetEnabled", setUserStyleSheetEnabledCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setUserStyleSheetLocation", setUserStyleSheetLocationCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
+        { "setWillSendRequestClearHeader", setWillSendRequestClearHeaderCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setWillSendRequestReturnsNull", setWillSendRequestReturnsNullCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setWillSendRequestReturnsNullOnRedirect", setWillSendRequestReturnsNullOnRedirectCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },

trunk/WebKitTools/DumpRenderTree/LayoutTestController.h

@@ -32 +32 @@
 #include <JavaScriptCore/JSObjectRef.h>
 #include <JavaScriptCore/JSRetainPtr.h>
-#include <wtf/RefCounted.h>
+#include <set>
 #include <string>
 #include <vector>
+#include <wtf/RefCounted.h>
 
 class LayoutTestController : public RefCounted<LayoutTestController> {
@@ -187 +188 @@
     void waitToDumpWatchdogTimerFired();
 
+    const std::set<std::string>& willSendRequestClearHeaders() const { return m_willSendRequestClearHeaders; }
+    void setWillSendRequestClearHeader(std::string header) { m_willSendRequestClearHeaders.insert(header); }
+
     bool willSendRequestReturnsNull() const { return m_willSendRequestReturnsNull; }
     void setWillSendRequestReturnsNull(bool returnsNull) { m_willSendRequestReturnsNull = returnsNull; }
@@ -285 +289 @@
     std::string m_testPathOrURL;
     std::string m_expectedPixelHash;    // empty string if no hash
+
+    std::set<std::string> m_willSendRequestClearHeaders;
     
     // origins which have been granted desktop notification access

trunk/WebKitTools/DumpRenderTree/mac/ResourceLoadDelegate.mm

@@ -36 +36 @@
 #import <wtf/Assertions.h>
 
+using namespace std;
+
 @interface NSURL (DRTExtras)
 - (NSString *)_drt_descriptionSuitableForTestResult;
@@ -122 +124 @@
 }
 
--(NSURLRequest *)webView: (WebView *)wv resource:identifier willSendRequest: (NSURLRequest *)newRequest redirectResponse:(NSURLResponse *)redirectResponse fromDataSource:(WebDataSource *)dataSource
-{
-    if (!done && gLayoutTestController->dumpResourceLoadCallbacks()) {
-        NSString *string = [NSString stringWithFormat:@"%@ - willSendRequest %@ redirectResponse %@", identifier, [newRequest _drt_descriptionSuitableForTestResult],
+-(NSURLRequest *)webView: (WebView *)wv resource:identifier willSendRequest: (NSURLRequest *)request redirectResponse:(NSURLResponse *)redirectResponse fromDataSource:(WebDataSource *)dataSource
+{
+    if (!done && gLayoutTestController->dumpResourceLoadCallbacks()) {
+        NSString *string = [NSString stringWithFormat:@"%@ - willSendRequest %@ redirectResponse %@", identifier, [request _drt_descriptionSuitableForTestResult],
             [redirectResponse _drt_descriptionSuitableForTestResult]];
         printf("%s\n", [string UTF8String]);
@@ -138 +140 @@
     }
 
-    NSURL *url = [newRequest URL];
+    NSURL *url = [request URL];
     NSString *host = [url host];
     if (host
@@ -152 +154 @@
         return nil;
 
-    return newRequest;
+    NSMutableURLRequest *newRequest = [request mutableCopy];
+    const set<string>& clearHeaders = gLayoutTestController->willSendRequestClearHeaders();
+    for (set<string>::const_iterator header = clearHeaders.begin(); header != clearHeaders.end(); ++header) {
+        NSString *nsHeader = [[NSString alloc] initWithUTF8String:header->c_str()];
+        [newRequest setValue:nil forHTTPHeaderField:nsHeader];
+        [nsHeader release];
+    }
+
+    return [newRequest autorelease];
 }
 

trunk/WebKitTools/DumpRenderTree/win/ResourceLoadDelegate.cpp

@@ -32 +32 @@
 #include "DumpRenderTree.h"
 #include "LayoutTestController.h"
+#include <WebKit/WebKitCOMAPI.h>
 #include <comutil.h>
-#include <WebKit/WebKitCOMAPI.h>
+#include <sstream>
+#include <tchar.h>
 #include <wtf/HashMap.h>
 #include <wtf/Vector.h>
-#include <sstream>
-
-
-using std::wstring;
-using std::wiostream;
+
+using namespace std;
 
 static inline wstring wstringFromBSTR(BSTR str)
@@ -47 +46 @@
 }
 
-wstring wstringFromInt(int i)
-{
-    std::wostringstream ss;
+static inline wstring wstringFromInt(int i)
+{
+    wostringstream ss;
     ss << i;
     return ss.str();
+}
+
+static inline BSTR BSTRFromString(const string& str)
+{
+    int length = ::MultiByteToWideChar(CP_UTF8, 0, str.c_str(), str.length(), 0, 0);
+    BSTR result = ::SysAllocStringLen(0, length);
+    ::MultiByteToWideChar(CP_UTF8, 0, str.c_str(), str.length(), result, length);
+    return result;
 }
 
@@ -255 +262 @@
     }
 
-    request->AddRef();
-    *newRequest = request;
+    IWebMutableURLRequest* requestCopy = 0;
+    request->mutableCopy(&requestCopy);
+    const set<string>& clearHeaders = gLayoutTestController->willSendRequestClearHeaders();
+    for (set<string>::const_iterator header = clearHeaders.begin(); header != clearHeaders.end(); ++header) {
+      BSTR bstrHeader = BSTRFromString(*header);
+      requestCopy->setValue(0, bstrHeader);
+      SysFreeString(bstrHeader);
+    }
+
+    *newRequest = requestCopy;
     return S_OK;
 }