WebKit Bugzilla
Attachment 358386 Details for
Bug 188248
: service worker fetch handler results in bad referrer
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-188248-20190104153954.patch (text/plain), 7.40 KB, created by
youenn fablet
on 2019-01-04 15:39:55 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2019-01-04 15:39:55 PST
Size:
7.40 KB
patch
obsolete
>Subversion Revision: 239617 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 528289df65c0681c24fdaab6b985033357ee1e4b..2227d55a5045405d28bbd734adcb9be285bcd975 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,23 @@ >+2019-01-04 Youenn Fablet <youenn@apple.com> >+ >+ service worker fetch handler results in bad referrer >+ https://bugs.webkit.org/show_bug.cgi?id=188248 >+ <rdar://problem/47050478> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Response sanitization was removing the ReferrerPolicy header from opaque redirect responses. >+ Reduce sanitization of opaque redirect responses to opaque responses and allow Location header. >+ Make sure referrer policy is updated for all load redirections, not only CORS loads. >+ >+ Covered by updated test. >+ >+ * loader/SubresourceLoader.cpp: >+ (WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl): >+ * platform/network/ResourceResponseBase.cpp: >+ (WebCore::isSafeCrossOriginResponseHeader): >+ (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting): >+ > 2019-01-04 Youenn Fablet <youenn@apple.com> > > [Fetch API] Implement abortable fetch >diff --git a/Source/WebCore/loader/SubresourceLoader.cpp b/Source/WebCore/loader/SubresourceLoader.cpp >index b301bb9bf6f7ade6fcdb68219e804f32e0c76b8e..483ecd3c13d61e69a358eb81cca6e364cc452009 100644 >--- a/Source/WebCore/loader/SubresourceLoader.cpp >+++ b/Source/WebCore/loader/SubresourceLoader.cpp >@@ -567,19 +567,18 @@ bool SubresourceLoader::checkRedirectionCrossOriginAccessControl(const ResourceR > > ASSERT(options().mode != FetchOptions::Mode::SameOrigin || !m_resource->isCrossOrigin()); > >- if (options().mode != FetchOptions::Mode::Cors) >- return true; >+ // Implementing https://fetch.spec.whatwg.org/#concept-http-redirect-fetch step 7 & 8. >+ if (options().mode == FetchOptions::Mode::Cors) { >+ if (m_resource->isCrossOrigin() && !isValidCrossOriginRedirectionURL(newRequest.url())) { >+ errorMessage = "URL is either a non-HTTP URL or contains credentials."_s; >+ return false; >+ } > >- // Implementing https://fetch.spec.whatwg.org/#concept-http-redirect-fetch step 8 & 9. >- if (m_resource->isCrossOrigin() && !isValidCrossOriginRedirectionURL(newRequest.url())) { >- errorMessage = "URL is either a non-HTTP URL or contains credentials."_s; >- return false; >+ ASSERT(m_origin); >+ if (crossOriginFlag && !passesAccessControlCheck(redirectResponse, options().storedCredentialsPolicy, *m_origin, errorMessage)) >+ return false; > } > >- ASSERT(m_origin); >- if (crossOriginFlag && !passesAccessControlCheck(redirectResponse, options().storedCredentialsPolicy, *m_origin, errorMessage)) >- return false; >- > bool redirectingToNewOrigin = false; > if (m_resource->isCrossOrigin()) { > if (!crossOriginFlag && isNextRequestCrossOrigin) >@@ -592,9 +591,10 @@ bool SubresourceLoader::checkRedirectionCrossOriginAccessControl(const ResourceR > if (crossOriginFlag && redirectingToNewOrigin) > m_origin = SecurityOrigin::createUnique(); > >+ // Implementing https://fetch.spec.whatwg.org/#concept-http-redirect-fetch step 14. > updateReferrerPolicy(redirectResponse.httpHeaderField(HTTPHeaderName::ReferrerPolicy)); > >- if (redirectingToNewOrigin) { >+ if (options().mode == FetchOptions::Mode::Cors && redirectingToNewOrigin) { > cleanHTTPRequestHeadersForAccessControl(newRequest, options().httpHeadersToKeep); > updateRequestForAccessControl(newRequest, *m_origin, options().storedCredentialsPolicy); > } >diff --git a/Source/WebCore/platform/network/ResourceResponseBase.cpp b/Source/WebCore/platform/network/ResourceResponseBase.cpp >index c8909755e55ec48f11eed63c8a4e218fa2d01492..20ac64d57034c69ea92bc7a43536f16d795ffa29 100644 >--- a/Source/WebCore/platform/network/ResourceResponseBase.cpp >+++ b/Source/WebCore/platform/network/ResourceResponseBase.cpp >@@ -401,6 +401,7 @@ static bool isSafeCrossOriginResponseHeader(HTTPHeaderName name) > || name == HTTPHeaderName::LastEventID > || name == HTTPHeaderName::LastModified > || name == HTTPHeaderName::Link >+ || name == HTTPHeaderName::Location > || name == HTTPHeaderName::Pragma > || name == HTTPHeaderName::Range > || name == HTTPHeaderName::ReferrerPolicy >@@ -441,7 +442,8 @@ void ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting() > m_httpHeaderFields = WTFMove(filteredHeaders); > return; > } >- case ResourceResponse::Tainting::Opaque: { >+ case ResourceResponse::Tainting::Opaque: >+ case ResourceResponse::Tainting::Opaqueredirect: { > HTTPHeaderMap filteredHeaders; > for (auto& header : m_httpHeaderFields.commonHeaders()) { > if (isSafeCrossOriginResponseHeader(header.key)) >@@ -450,11 +452,6 @@ void ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting() > m_httpHeaderFields = WTFMove(filteredHeaders); > return; > } >- case ResourceResponse::Tainting::Opaqueredirect: { >- auto location = httpHeaderField(HTTPHeaderName::Location); >- m_httpHeaderFields.clear(); >- m_httpHeaderFields.add(HTTPHeaderName::Location, WTFMove(location)); >- } > } > } > >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index ce47ba8fcf13128e2c15b68bb509a55da53a28f8..4a57370caaa63ae0e3cf28209ee1fc1e7d9786c5 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,13 @@ >+2019-01-04 Youenn Fablet <youenn@apple.com> >+ >+ service worker fetch handler results in bad referrer >+ https://bugs.webkit.org/show_bug.cgi?id=188248 >+ <rdar://problem/47050478> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * web-platform-tests/service-workers/service-worker/referrer-policy-header.https-expected.txt: >+ > 2019-01-04 Youenn Fablet <youenn@apple.com> > > [Fetch API] Implement abortable fetch >diff --git a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/referrer-policy-header.https-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/referrer-policy-header.https-expected.txt >index 812b46fec9a906b10d091f4a5b1d06ef1c3ca7e2..6df85a6f9adefeeb72ef31cc75a1a010f90059b3 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/referrer-policy-header.https-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/referrer-policy-header.https-expected.txt >@@ -1,7 +1,6 @@ > >- > PASS Initialize global state (service worker registration) >-FAIL Referrer for a main resource redirected with referrer-policy (origin) should only have origin. assert_equals: expected "https://localhost:9443/" but got "https://localhost:9443/service-workers/service-worker/referrer-policy-header.https.html" >+PASS Referrer for a main resource redirected with referrer-policy (origin) should only have origin. > FAIL Referrer for fetch requests initiated from a service worker with referrer-policy (origin) should only have origin. assert_equals: expected "finish" but got "failure:Referer for request-headers.py?url=request-headers.py must be https://localhost:9443/ but got https://localhost:9443/service-workers/service-worker/resources/fetch-rewrite-worker-referrer-policy.js" > PASS Remove registration as a cleanup >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=358386">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
ews-watchlist
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 188248
:
358364
|
358386
|
358395
|
358402
|
358410
|
358416
|
358419
|
358424
|
358428
|
358429
|
358452
|
358454