Changeset 92142 in webkit
- Timestamp:
- Aug 1, 2011 2:18:49 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 7 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r92141 r92142 1 2011-08-01 Jochen Eisinger <jochen@chromium.org> 2 3 Require explicit user action to override the policy URL on form submissions. 4 https://bugs.webkit.org/show_bug.cgi?id=61809 5 6 Reviewed by Adam Barth. 7 8 * http/tests/loading/redirect-methods-expected.txt: 9 * http/tests/security/cookies/resources/set-a-cookie.php: Added. 10 * http/tests/security/cookies/third-party-cookie-blocking-expected.txt: Added. 11 * http/tests/security/cookies/third-party-cookie-blocking-main-frame-expected.txt: Added. 12 * http/tests/security/cookies/third-party-cookie-blocking-main-frame.html: Added. 13 * http/tests/security/cookies/third-party-cookie-blocking-user-action-expected.txt: Added. 14 * http/tests/security/cookies/third-party-cookie-blocking-user-action.html: Added. 15 * http/tests/security/cookies/third-party-cookie-blocking.html: Added. 16 1 17 2011-08-01 Anna Cavender <annacc@chromium.org> 2 18 -
trunk/LayoutTests/http/tests/loading/redirect-methods-expected.txt
r65340 r92142 25 25 http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading 26 26 frame "0" - didStartProvisionalLoadForFrame 27 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/re sources/redirect-methods-result.php, http method POST> redirectResponse (null)28 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/re sources/redirect-methods-result.php, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 301>27 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null) 28 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 301> 29 29 frame "0" - didReceiveServerRedirectForProvisionalLoadForFrame 30 30 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200> … … 55 55 http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading 56 56 frame "1" - didStartProvisionalLoadForFrame 57 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/re sources/redirect-methods-result.php, http method POST> redirectResponse (null)58 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/re sources/redirect-methods-result.php, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 302>57 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null) 58 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 302> 59 59 frame "1" - didReceiveServerRedirectForProvisionalLoadForFrame 60 60 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200> … … 85 85 http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading 86 86 frame "2" - didStartProvisionalLoadForFrame 87 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/re sources/redirect-methods-result.php, http method POST> redirectResponse (null)88 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/re sources/redirect-methods-result.php, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 303>87 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null) 88 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 303> 89 89 frame "2" - didReceiveServerRedirectForProvisionalLoadForFrame 90 90 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200> … … 115 115 http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading 116 116 frame "3" - didStartProvisionalLoadForFrame 117 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/re sources/redirect-methods-result.php, http method POST> redirectResponse (null)118 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/re sources/redirect-methods-result.php, http method POST> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 307>117 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null) 118 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 307> 119 119 frame "3" - didReceiveServerRedirectForProvisionalLoadForFrame 120 120 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200> -
trunk/Source/WebCore/ChangeLog
r92140 r92142 1 2011-08-01 Jochen Eisinger <jochen@chromium.org> 2 3 Never override the policy URL on form submissions. 4 https://bugs.webkit.org/show_bug.cgi?id=61809 5 6 Reviewed by Adam Barth. 7 8 Tests: http/tests/security/cookies/third-party-cookie-blocking-main-frame.html 9 http/tests/security/cookies/third-party-cookie-blocking-user-action.html 10 http/tests/security/cookies/third-party-cookie-blocking.html 11 12 * loader/FrameLoader.cpp: 13 (WebCore::FrameLoader::loadURL): 14 (WebCore::FrameLoader::addExtraFieldsToSubresourceRequest): 15 (WebCore::FrameLoader::addExtraFieldsToMainResourceRequest): 16 (WebCore::FrameLoader::addExtraFieldsToRequest): 17 (WebCore::FrameLoader::loadPostRequest): 18 (WebCore::FrameLoader::loadDifferentDocumentItem): 19 * loader/FrameLoader.h: 20 21 1 22 2011-08-01 Ryosuke Niwa <rniwa@webkit.org> 2 23 -
trunk/Source/WebCore/loader/FrameLoader.cpp
r91583 r92142 1176 1176 addHTTPOriginIfNeeded(request, referrerOrigin->toString()); 1177 1177 } 1178 addExtraFieldsToRequest(request, newLoadType, true , event || isFormSubmission);1178 addExtraFieldsToRequest(request, newLoadType, true); 1179 1179 if (newLoadType == FrameLoadTypeReload || newLoadType == FrameLoadTypeReloadFromOrigin) 1180 1180 request.setCachePolicy(ReloadIgnoringCacheData); … … 2438 2438 void FrameLoader::addExtraFieldsToSubresourceRequest(ResourceRequest& request) 2439 2439 { 2440 addExtraFieldsToRequest(request, m_loadType, false , false);2440 addExtraFieldsToRequest(request, m_loadType, false); 2441 2441 } 2442 2442 2443 2443 void FrameLoader::addExtraFieldsToMainResourceRequest(ResourceRequest& request) 2444 2444 { 2445 addExtraFieldsToRequest(request, m_loadType, true , false);2446 } 2447 2448 void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request, FrameLoadType loadType, bool mainResource , bool cookiePolicyURLFromRequest)2445 addExtraFieldsToRequest(request, m_loadType, true); 2446 } 2447 2448 void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request, FrameLoadType loadType, bool mainResource) 2449 2449 { 2450 2450 // Don't set the cookie policy URL if it's already been set. 2451 2451 // But make sure to set it on all requests, as it has significance beyond the cookie policy for all protocols (<rdar://problem/6616664>). 2452 2452 if (request.firstPartyForCookies().isEmpty()) { 2453 if (mainResource && (isLoadingMainFrame() || cookiePolicyURLFromRequest))2453 if (mainResource && isLoadingMainFrame()) 2454 2454 request.setFirstPartyForCookies(request.url()); 2455 2455 else if (Document* document = m_frame->document()) … … 2551 2551 workingResourceRequest.setHTTPBody(formData); 2552 2552 workingResourceRequest.setHTTPContentType(contentType); 2553 addExtraFieldsToRequest(workingResourceRequest, loadType, true , true);2553 addExtraFieldsToRequest(workingResourceRequest, loadType, true); 2554 2554 2555 2555 NavigationAction action(url, loadType, true, event); … … 3025 3025 // Make sure to add extra fields to the request after the Origin header is added for the FormData case. 3026 3026 // See https://bugs.webkit.org/show_bug.cgi?id=22194 for more discussion. 3027 addExtraFieldsToRequest(request, m_loadType, true , formData);3027 addExtraFieldsToRequest(request, m_loadType, true); 3028 3028 addedExtraFields = true; 3029 3029 … … 3068 3068 3069 3069 if (!addedExtraFields) 3070 addExtraFieldsToRequest(request, m_loadType, true , formData);3070 addExtraFieldsToRequest(request, m_loadType, true); 3071 3071 3072 3072 loadWithNavigationAction(request, action, false, loadType, 0); -
trunk/Source/WebCore/loader/FrameLoader.h
r91006 r92142 302 302 void setFirstPartyForCookies(const KURL&); 303 303 304 void addExtraFieldsToRequest(ResourceRequest&, FrameLoadType loadType, bool isMainResource, bool cookiePolicyURLFromRequest);304 void addExtraFieldsToRequest(ResourceRequest&, FrameLoadType, bool isMainResource); 305 305 306 306 void clearProvisionalLoad();
Note: See TracChangeset
for help on using the changeset viewer.