Attachment 357314 Details for Bug 192074 – Patch

[patch] Patch

bug-192074-20181214174806.patch (text/plain), 9.73 KB, created by Claudio Saavedra on 2018-12-14 07:48:08 PST

(hide)

Description:

Filename:

MIME Type:

Creator: Claudio Saavedra

Created: 2018-12-14 07:48:08 PST

Size: 9.73 KB

patch

obsolete

>Subversion Revision: 239157
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index 78e724deb0205ea079e4cd5422e7620ca41c36c4..f7f1d52bd1054a53448762268c27f5ed16d5560c 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,24 @@
>+2018-11-27  Claudio Saavedra  <csaavedra@igalia.com>
>+
>+        [GTK][WPE] Implement HSTS for the soup network backend
>+        https://bugs.webkit.org/show_bug.cgi?id=192074
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        libsoup 2.65.x is introducing support for the HSTS specification
>+        in SoupSession through a SoupSessionFeature.  Add support to the
>+        soup network backend by adding the feature to SoupNetworkSession
>+        and handling HSTS protocol upgrades, by propagating the scheme
>+        change further to clients.
>+
>+        * loader/FrameLoader.cpp:
>+        (WebCore::FrameLoader::addExtraFieldsToRequest):
>+        * platform/network/ResourceRequestBase.cpp:
>+        (WebCore::ResourceRequestBase::setAsIsolatedCopy):
>+        * platform/network/soup/SoupNetworkSession.cpp:
>+        (WebCore::SoupNetworkSession::SoupNetworkSession):
>+        * platform/network/soup/SoupNetworkSession.h:
>+
> 2018-12-13  Carlos Garcia Campos  <cgarcia@igalia.com>
> 
>         [FreeType] Remove HarfBuzzFace
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index 6ac5353327631c56c86d32210a26c7c38a2ef368..7ff2131116d2daa8ac5e7b5161ce62ed8b99b435 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,22 @@
>+2018-11-27  Claudio Saavedra  <csaavedra@igalia.com>
>+
>+        [GTK][WPE] Implement HSTS for the soup network backend
>+        https://bugs.webkit.org/show_bug.cgi?id=192074
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        libsoup 2.65.x is introducing support for the HSTS specification
>+        in SoupSession through a SoupSessionFeature.  Add support to the
>+        soup network backend by adding the feature to SoupNetworkSession
>+        and handling HSTS protocol upgrades, by propagating the scheme
>+        change further to clients.
>+
>+        * NetworkProcess/soup/NetworkDataTaskSoup.cpp:
>+        (WebKit::NetworkDataTaskSoup::createRequest):
>+        (WebKit::NetworkDataTaskSoup::protocolUpgradedViaHSTS):
>+        (WebKit::NetworkDataTaskSoup::hstsEnforced):
>+        * NetworkProcess/soup/NetworkDataTaskSoup.h:
>+
> 2018-12-12  Chris Fleizach  <cfleizach@apple.com>
> 
>         [meta][WebKit] Remove using namespace WebCore and WebKit in the global scope for unified source builds
>diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp
>index 8336522a610628b84e3dd1794609bcf2ec12fb11..fce8a0fbda082ee4ef4caeb18630c554ccf56909 100644
>--- a/Source/WebCore/loader/FrameLoader.cpp
>+++ b/Source/WebCore/loader/FrameLoader.cpp
>@@ -2810,8 +2810,8 @@ void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request, FrameLoadTyp
>             ASSERT(ownerFrame || m_frame.isMainFrame());
>         }
>         addSameSiteInfoToRequestIfNeeded(request, initiator);
>-        request.setIsTopSite(isMainResource && m_frame.isMainFrame());
>     }
>+    request.setIsTopSite(isMainResource && m_frame.isMainFrame());
> 
>     Page* page = frame().page();
>     bool hasSpecificCachePolicy = request.cachePolicy() != ResourceRequestCachePolicy::UseProtocolCachePolicy;
>diff --git a/Source/WebCore/platform/network/ResourceRequestBase.cpp b/Source/WebCore/platform/network/ResourceRequestBase.cpp
>index 625ac51f7e39c19e32fbcb52d62a74ffecc1b273..d540f44c3bd2944408e67dc5227a47ec341c0527 100644
>--- a/Source/WebCore/platform/network/ResourceRequestBase.cpp
>+++ b/Source/WebCore/platform/network/ResourceRequestBase.cpp
>@@ -70,10 +70,9 @@ void ResourceRequestBase::setAsIsolatedCopy(const ResourceRequest& other)
>     if (auto inspectorInitiatorNodeIdentifier = other.inspectorInitiatorNodeIdentifier())
>         setInspectorInitiatorNodeIdentifier(*inspectorInitiatorNodeIdentifier);
> 
>-    if (!other.isSameSiteUnspecified()) {
>+    if (!other.isSameSiteUnspecified())
>         setIsSameSite(other.isSameSite());
>-        setIsTopSite(other.isTopSite());
>-    }
>+    setIsTopSite(other.isTopSite());
> 
>     updateResourceRequest();
>     m_httpHeaderFields = other.httpHeaderFields().isolatedCopy();
>diff --git a/Source/WebCore/platform/network/soup/SoupNetworkSession.cpp b/Source/WebCore/platform/network/soup/SoupNetworkSession.cpp
>index f24e265c96eafb5de4371a1d22638cc718e69516..43157060424c95d36a7f65086ae91c6ebcd4b196 100644
>--- a/Source/WebCore/platform/network/soup/SoupNetworkSession.cpp
>+++ b/Source/WebCore/platform/network/soup/SoupNetworkSession.cpp
>@@ -126,6 +126,9 @@ SoupNetworkSession::SoupNetworkSession(PAL::SessionID sessionID, SoupCookieJar*
>         SOUP_SESSION_TIMEOUT, 0,
>         SOUP_SESSION_IDLE_TIMEOUT, 0,
>         SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_CONTENT_SNIFFER,
>+#if SOUP_CHECK_VERSION(2, 65, 1)
>+        SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_HSTS_ENFORCER,
>+#endif
>         SOUP_SESSION_ADD_FEATURE, jar.get(),
>         nullptr);
> 
>diff --git a/Source/WebCore/platform/network/soup/SoupNetworkSession.h b/Source/WebCore/platform/network/soup/SoupNetworkSession.h
>index 5b5ff7977347151961a45c3497ea2f551344b1aa..08df5623e61f22191ee7f4d4c1d73f574409200c 100644
>--- a/Source/WebCore/platform/network/soup/SoupNetworkSession.h
>+++ b/Source/WebCore/platform/network/soup/SoupNetworkSession.h
>@@ -28,6 +28,7 @@
> 
> #include <gio/gio.h>
> #include <glib-object.h>
>+#include <libsoup/soup-version.h>
> #include <pal/SessionID.h>
> #include <wtf/Function.h>
> #include <wtf/Noncopyable.h>
>@@ -39,6 +40,10 @@ typedef struct _SoupCookieJar SoupCookieJar;
> typedef struct _SoupMessage SoupMessage;
> typedef struct _SoupRequest SoupRequest;
> typedef struct _SoupSession SoupSession;
>+#if SOUP_CHECK_VERSION(2, 65, 1)
>+typedef struct _SoupHSTSEnforcer SoupHSTSEnforcer;
>+typedef struct _SoupHSTSPolicy SoupHSTSPolicy;
>+#endif
> 
> namespace WebCore {
> 
>diff --git a/Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp b/Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp
>index 0b7b6350a26f46b9cde05d1d023311d4da816af3..584c57f578bf76252f4537b635ee72e1144d6c7d 100644
>--- a/Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp
>+++ b/Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp
>@@ -146,6 +146,15 @@ void NetworkDataTaskSoup::createRequest(ResourceRequest&& request)
> #endif
>     }
> 
>+#if SOUP_CHECK_VERSION(2, 65, 1)
>+    // Follow Apple's HSTS tracking mitigation. Disabling the HSTS enforcer for a HTTPS request that
>+    // is not a toplevel frame will prevent subresources from setting a STS value.
>+    if (m_currentRequest.url().protocolIs("https") && !m_currentRequest.isTopSite())
>+        soup_message_disable_feature(soupMessage.get(), SOUP_TYPE_HSTS_ENFORCER);
>+    else
>+        g_signal_connect(soup_session_get_feature(static_cast<NetworkSessionSoup&>(m_session.get()).soupSession(), SOUP_TYPE_HSTS_ENFORCER), "hsts-enforced", G_CALLBACK(hstsEnforced), this);
>+#endif
>+
>     // Make sure we have an Accept header for subresources; some sites want this to serve some of their subresources.
>     if (!soup_message_headers_get_one(soupMessage->request_headers, "Accept"))
>         soup_message_headers_append(soupMessage->request_headers, "Accept", "*/*");
>@@ -198,6 +207,10 @@ void NetworkDataTaskSoup::clearRequest()
>         m_soupMessage = nullptr;
>     }
>     g_signal_handlers_disconnect_matched(static_cast<NetworkSessionSoup&>(m_session.get()).soupSession(), G_SIGNAL_MATCH_DATA, 0, 0, nullptr, nullptr, this);
>+
>+#if SOUP_CHECK_VERSION(2, 65, 1)
>+    g_signal_handlers_disconnect_by_data(soup_session_get_feature(static_cast<NetworkSessionSoup&>(m_session.get()).soupSession(), SOUP_TYPE_HSTS_ENFORCER), this);
>+#endif
> }
> 
> void NetworkDataTaskSoup::resume()
>@@ -1117,6 +1130,34 @@ void NetworkDataTaskSoup::requestStartedCallback(SoupSession* session, SoupMessa
> }
> #endif
> 
>+#if SOUP_CHECK_VERSION(2, 65, 1)
>+void NetworkDataTaskSoup::protocolUpgradedViaHSTS(SoupMessage* soupMessage)
>+{
>+    auto response = ResourceResponse(m_response);
>+    ResourceRequest request = m_currentRequest;
>+    URL redirectedURL = soupURIToURL(soup_message_get_uri(soupMessage));
>+    request.setURL(redirectedURL);
>+    m_client->willPerformHTTPRedirection(WTFMove(response), WTFMove(request), [this, protectedThis = makeRef(*this)](const ResourceRequest& newRequest) {
>+        if (newRequest.isNull() || m_state == State::Canceling)
>+            return;
>+
>+        auto request = newRequest;
>+        applyAuthenticationToRequest(request);
>+        createRequest(WTFMove(request));
>+        if (m_soupRequest && m_state != State::Suspended) {
>+            m_state = State::Suspended;
>+            resume();
>+        }
>+    });
>+}
>+
>+void NetworkDataTaskSoup::hstsEnforced(SoupHSTSEnforcer*, SoupMessage* soupMessage, NetworkDataTaskSoup* task)
>+{
>+    if (soupMessage == task->m_soupMessage.get())
>+        task->protocolUpgradedViaHSTS(soupMessage);
>+}
>+#endif
>+
> void NetworkDataTaskSoup::didStartRequest()
> {
>     m_networkLoadMetrics.requestStart = MonotonicTime::now() - m_startTime;
>diff --git a/Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.h b/Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.h
>index d711c790c3743b2e0108b4313d1a8e1a0be88eb0..699280cc62a4f3ee9673eb00ef89f86550a06cee 100644
>--- a/Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.h
>+++ b/Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.h
>@@ -112,6 +112,10 @@ private:
>     static void startingCallback(SoupMessage*, NetworkDataTaskSoup*);
> #else
>     static void requestStartedCallback(SoupSession*, SoupMessage*, SoupSocket*, NetworkDataTaskSoup*);
>+#endif
>+#if SOUP_CHECK_VERSION(2, 65, 1)
>+    void protocolUpgradedViaHSTS(SoupMessage*);
>+    static void hstsEnforced(SoupHSTSEnforcer*, SoupMessage*, NetworkDataTaskSoup*);
> #endif
>     void didStartRequest();
>     static void restartedCallback(SoupMessage*, NetworkDataTaskSoup*);

Actions: View | Formatted Diff | Diff

Attachments on bug 192074: 355875 | 357314 | 375425 | 375615 | 375618 | 375799 | 376885 | 377436