Ignore HSTS for partitioned, cross-origin subresource requests
[WebKit-https.git] / Source / WebKit / NetworkProcess / cocoa / NetworkSessionCocoa.mm
index 05c8684..2a8052d 100644 (file)
@@ -165,6 +165,42 @@ static WebCore::NetworkLoadPriority toNetworkLoadPriority(float priority)
     completionHandler(WebCore::createHTTPBodyNSInputStream(*body).get());
 }
 
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+static NSURLRequest* downgradeRequest(NSURLRequest *request)
+{
+    NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
+    if ([nsMutableRequest.URL.scheme isEqualToString:@"https"]) {
+        NSURLComponents *components = [[NSURLComponents componentsWithURL:nsMutableRequest.URL resolvingAgainstBaseURL:NO] autorelease];
+        components.scheme = @"http";
+        [nsMutableRequest setURL:components.URL];
+        ASSERT([nsMutableRequest.URL.scheme isEqualToString:@"http"]);
+        return nsMutableRequest;
+    }
+
+    ASSERT_NOT_REACHED();
+    return request;
+}
+
+static NSURLRequest* updateIgnoreStrictTransportSecuritySettingIfNecessary(NSURLRequest *request, bool shouldIgnoreHSTS)
+{
+    if ([request.URL.scheme isEqualToString:@"https"] && shouldIgnoreHSTS && [request _ignoreHSTS]) {
+        // The request was upgraded for some other reason than HSTS.
+        // Don't ignore HSTS to avoid the risk of another downgrade.
+        NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
+        [nsMutableRequest _setIgnoreHSTS:NO];
+        return nsMutableRequest;
+    }
+    
+    if ([request.URL.scheme isEqualToString:@"http"] && [request _ignoreHSTS] != shouldIgnoreHSTS) {
+        NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
+        [nsMutableRequest _setIgnoreHSTS:shouldIgnoreHSTS];
+        return nsMutableRequest;
+    }
+    
+    return request;
+}
+#endif
+
 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task willPerformHTTPRedirection:(NSHTTPURLResponse *)response newRequest:(NSURLRequest *)request completionHandler:(void (^)(NSURLRequest *))completionHandler
 {
     auto taskIdentifier = task.taskIdentifier;
@@ -172,13 +208,30 @@ static WebCore::NetworkLoadPriority toNetworkLoadPriority(float priority)
 
     if (auto* networkDataTask = [self existingTask:task]) {
         auto completionHandlerCopy = Block_copy(completionHandler);
-        networkDataTask->willPerformHTTPRedirection(response, request, [completionHandlerCopy, taskIdentifier](auto& request) {
+        
+        bool shouldIgnoreHSTS = false;
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+        shouldIgnoreHSTS = [request _schemeWasUpgradedDueToDynamicHSTS] && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request)).isEmpty();
+        if (shouldIgnoreHSTS) {
+            request = downgradeRequest(request);
+            ASSERT([request.URL.scheme isEqualToString:@"http"]);
+            LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
+        }
+#endif
+
+        networkDataTask->willPerformHTTPRedirection(response, request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto& request) {
 #if !LOG_DISABLED
             LOG(NetworkSession, "%llu willPerformHTTPRedirection completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
 #else
             UNUSED_PARAM(taskIdentifier);
 #endif
-            completionHandlerCopy(request.nsURLRequest(WebCore::UpdateHTTPBody));
+            auto nsRequest = request.nsURLRequest(WebCore::UpdateHTTPBody);
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+            nsRequest = updateIgnoreStrictTransportSecuritySettingIfNecessary(nsRequest, shouldIgnoreHSTS);
+#else
+            UNUSED_PARAM(shouldIgnoreHSTS);
+#endif
+            completionHandlerCopy(nsRequest);
             Block_release(completionHandlerCopy);
         });
     } else {
@@ -191,16 +244,32 @@ static WebCore::NetworkLoadPriority toNetworkLoadPriority(float priority)
 {
     auto taskIdentifier = task.taskIdentifier;
     LOG(NetworkSession, "%llu _schemeUpgraded %s", taskIdentifier, request.URL.absoluteString.UTF8String);
-    
+
+    bool shouldIgnoreHSTS = false;
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+    shouldIgnoreHSTS = [request _schemeWasUpgradedDueToDynamicHSTS] && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request)).isEmpty();
+    if (shouldIgnoreHSTS) {
+        request = downgradeRequest(request);
+        ASSERT([request.URL.scheme isEqualToString:@"http"]);
+        LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
+    }
+#endif
+
     if (auto* networkDataTask = [self existingTask:task]) {
         auto completionHandlerCopy = Block_copy(completionHandler);
-        networkDataTask->willPerformHTTPRedirection(WebCore::synthesizeRedirectResponseIfNecessary([task currentRequest], request, nil), request, [completionHandlerCopy, taskIdentifier](auto& request) {
+        networkDataTask->willPerformHTTPRedirection(WebCore::synthesizeRedirectResponseIfNecessary([task currentRequest], request, nil), request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto& request) {
 #if !LOG_DISABLED
             LOG(NetworkSession, "%llu _schemeUpgraded completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
 #else
             UNUSED_PARAM(taskIdentifier);
 #endif
-            completionHandlerCopy(request.nsURLRequest(WebCore::UpdateHTTPBody));
+            auto nsRequest = request.nsURLRequest(WebCore::UpdateHTTPBody);
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+            nsRequest = updateIgnoreStrictTransportSecuritySettingIfNecessary(nsRequest, shouldIgnoreHSTS);
+#else
+            UNUSED_PARAM(shouldIgnoreHSTS);
+#endif
+            completionHandlerCopy(nsRequest);
             Block_release(completionHandlerCopy);
         });
     } else {