Changeset 92142 in webkit

Timestamp:

Aug 1, 2011 2:18:49 PM (13 years ago)

Author:

jochen@chromium.org

Message:

Source/WebCore: Never override the policy URL on form submissions.
​https://bugs.webkit.org/show_bug.cgi?id=61809

Reviewed by Adam Barth.

Tests: http/tests/security/cookies/third-party-cookie-blocking-main-frame.html

http/tests/security/cookies/third-party-cookie-blocking-user-action.html
http/tests/security/cookies/third-party-cookie-blocking.html

• loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadURL):
(WebCore::FrameLoader::addExtraFieldsToSubresourceRequest):
(WebCore::FrameLoader::addExtraFieldsToMainResourceRequest):
(WebCore::FrameLoader::addExtraFieldsToRequest):
(WebCore::FrameLoader::loadPostRequest):
(WebCore::FrameLoader::loadDifferentDocumentItem):

• loader/FrameLoader.h:

LayoutTests: Require explicit user action to override the policy URL on form submissions.
​https://bugs.webkit.org/show_bug.cgi?id=61809

Reviewed by Adam Barth.

• http/tests/loading/redirect-methods-expected.txt:
• http/tests/security/cookies/resources/set-a-cookie.php: Added.
• http/tests/security/cookies/third-party-cookie-blocking-expected.txt: Added.
• http/tests/security/cookies/third-party-cookie-blocking-main-frame-expected.txt: Added.
• http/tests/security/cookies/third-party-cookie-blocking-main-frame.html: Added.
• http/tests/security/cookies/third-party-cookie-blocking-user-action-expected.txt: Added.
• http/tests/security/cookies/third-party-cookie-blocking-user-action.html: Added.
• http/tests/security/cookies/third-party-cookie-blocking.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/loading/redirect-methods-expected.txt (modified) (4 diffs)
• LayoutTests/http/tests/security/cookies/resources/set-a-cookie.php (added)
• LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-expected.txt (added)
• LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-main-frame-expected.txt (added)
• LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-main-frame.html (added)
• LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-user-action-expected.txt (added)
• LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-user-action.html (added)
• LayoutTests/http/tests/security/cookies/third-party-cookie-blocking.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/FrameLoader.cpp (modified) (5 diffs)
• Source/WebCore/loader/FrameLoader.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-08-01  Jochen Eisinger  <jochen@chromium.org>
+
+        Require explicit user action to override the policy URL on form submissions.
+        https://bugs.webkit.org/show_bug.cgi?id=61809
+
+        Reviewed by Adam Barth.
+
+        * http/tests/loading/redirect-methods-expected.txt:
+        * http/tests/security/cookies/resources/set-a-cookie.php: Added.
+        * http/tests/security/cookies/third-party-cookie-blocking-expected.txt: Added.
+        * http/tests/security/cookies/third-party-cookie-blocking-main-frame-expected.txt: Added.
+        * http/tests/security/cookies/third-party-cookie-blocking-main-frame.html: Added.
+        * http/tests/security/cookies/third-party-cookie-blocking-user-action-expected.txt: Added.
+        * http/tests/security/cookies/third-party-cookie-blocking-user-action.html: Added.
+        * http/tests/security/cookies/third-party-cookie-blocking.html: Added.
+
 2011-08-01  Anna Cavender  <annacc@chromium.org>
 

trunk/LayoutTests/http/tests/loading/redirect-methods-expected.txt

@@ -25 +25 @@
 http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading
 frame "0" - didStartProvisionalLoadForFrame
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method POST> redirectResponse (null)
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 301>
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null)
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 301>
 frame "0" - didReceiveServerRedirectForProvisionalLoadForFrame
 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200>
@@ -55 +55 @@
 http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading
 frame "1" - didStartProvisionalLoadForFrame
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method POST> redirectResponse (null)
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 302>
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null)
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 302>
 frame "1" - didReceiveServerRedirectForProvisionalLoadForFrame
 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200>
@@ -85 +85 @@
 http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading
 frame "2" - didStartProvisionalLoadForFrame
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method POST> redirectResponse (null)
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 303>
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null)
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 303>
 frame "2" - didReceiveServerRedirectForProvisionalLoadForFrame
 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200>
@@ -115 +115 @@
 http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading
 frame "3" - didStartProvisionalLoadForFrame
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method POST> redirectResponse (null)
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method POST> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 307>
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null)
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 307>
 frame "3" - didReceiveServerRedirectForProvisionalLoadForFrame
 http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200>

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-08-01  Jochen Eisinger  <jochen@chromium.org>
+
+        Never override the policy URL on form submissions.
+        https://bugs.webkit.org/show_bug.cgi?id=61809
+
+        Reviewed by Adam Barth.
+
+        Tests: http/tests/security/cookies/third-party-cookie-blocking-main-frame.html
+               http/tests/security/cookies/third-party-cookie-blocking-user-action.html
+               http/tests/security/cookies/third-party-cookie-blocking.html
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadURL):
+        (WebCore::FrameLoader::addExtraFieldsToSubresourceRequest):
+        (WebCore::FrameLoader::addExtraFieldsToMainResourceRequest):
+        (WebCore::FrameLoader::addExtraFieldsToRequest):
+        (WebCore::FrameLoader::loadPostRequest):
+        (WebCore::FrameLoader::loadDifferentDocumentItem):
+        * loader/FrameLoader.h:
+
+
 2011-08-01  Ryosuke Niwa  <rniwa@webkit.org>
 

trunk/Source/WebCore/loader/FrameLoader.cpp

@@ -1176 +1176 @@
         addHTTPOriginIfNeeded(request, referrerOrigin->toString());
     }
-    addExtraFieldsToRequest(request, newLoadType, true, event || isFormSubmission);
+    addExtraFieldsToRequest(request, newLoadType, true);
     if (newLoadType == FrameLoadTypeReload || newLoadType == FrameLoadTypeReloadFromOrigin)
         request.setCachePolicy(ReloadIgnoringCacheData);
@@ -2438 +2438 @@
 void FrameLoader::addExtraFieldsToSubresourceRequest(ResourceRequest& request)
 {
-    addExtraFieldsToRequest(request, m_loadType, false, false);
+    addExtraFieldsToRequest(request, m_loadType, false);
 }
 
 void FrameLoader::addExtraFieldsToMainResourceRequest(ResourceRequest& request)
 {
-    addExtraFieldsToRequest(request, m_loadType, true, false);
-}
-
-void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request, FrameLoadType loadType, bool mainResource, bool cookiePolicyURLFromRequest)
+    addExtraFieldsToRequest(request, m_loadType, true);
+}
+
+void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request, FrameLoadType loadType, bool mainResource)
 {
     // Don't set the cookie policy URL if it's already been set.
     // But make sure to set it on all requests, as it has significance beyond the cookie policy for all protocols (<rdar://problem/6616664>).
     if (request.firstPartyForCookies().isEmpty()) {
-        if (mainResource && (isLoadingMainFrame() || cookiePolicyURLFromRequest))
+        if (mainResource && isLoadingMainFrame())
             request.setFirstPartyForCookies(request.url());
         else if (Document* document = m_frame->document())
@@ -2551 +2551 @@
     workingResourceRequest.setHTTPBody(formData);
     workingResourceRequest.setHTTPContentType(contentType);
-    addExtraFieldsToRequest(workingResourceRequest, loadType, true, true);
+    addExtraFieldsToRequest(workingResourceRequest, loadType, true);
 
     NavigationAction action(url, loadType, true, event);
@@ -3025 +3025 @@
         // Make sure to add extra fields to the request after the Origin header is added for the FormData case.
         // See https://bugs.webkit.org/show_bug.cgi?id=22194 for more discussion.
-        addExtraFieldsToRequest(request, m_loadType, true, formData);
+        addExtraFieldsToRequest(request, m_loadType, true);
         addedExtraFields = true;
         
@@ -3068 +3068 @@
     
     if (!addedExtraFields)
-        addExtraFieldsToRequest(request, m_loadType, true, formData);
+        addExtraFieldsToRequest(request, m_loadType, true);
 
     loadWithNavigationAction(request, action, false, loadType, 0);

trunk/Source/WebCore/loader/FrameLoader.h

@@ -302 +302 @@
     void setFirstPartyForCookies(const KURL&);
     
-    void addExtraFieldsToRequest(ResourceRequest&, FrameLoadType loadType, bool isMainResource, bool cookiePolicyURLFromRequest);
+    void addExtraFieldsToRequest(ResourceRequest&, FrameLoadType, bool isMainResource);
 
     void clearProvisionalLoad();