[CSS Shapes] CORS-enabled fetch for shape image values
authorhmuller@adobe.com <hmuller@adobe.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 25 Oct 2013 20:36:21 +0000 (20:36 +0000)
committerhmuller@adobe.com <hmuller@adobe.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 25 Oct 2013 20:36:21 +0000 (20:36 +0000)
commit10e10b53ff54da3b758adf2a9f556484c68a1967
tree12dbf70f5b3cee2a74f2630a0f5a5e3e7f724267
parent9463c1ded816869e32b2043b500b3a6aaf0bf7c3
[CSS Shapes] CORS-enabled fetch for shape image values
https://bugs.webkit.org/show_bug.cgi?id=123114

Reviewed by Andreas Kling.

Source/WebCore:

Access to shape images is now controlled by CORS CSS shape per
http://dev.w3.org/csswg/css-shapes/#shape-outside-property.
Previously shape images had to be same-origin.

Shape image URL access is defined by the same logic that defines
canvas tainting: same-origin and data URLs are allowed and images
with a "Access-Control-Allow-Origin:" header that's either "*" or
that matches the document's origin.

A PotentiallyCrossOriginEnabled RequestOriginPolicy was added to
ResourceLoaderOptions, to indicate that a "potentially CORS-enabled fetch"
was to be undertaken. The CSSImageValue::cachedImage() method handles this
option by effectively setting the "Origin:" request header (see
updateRequestForAccessControl() in CrossOriginAccessControl.cpp).
StyleResolver::loadPendingShapeImage() uses the new ResourceLoaderOption.

The static ShapeInsideInfo and ShapeOutsideInfo isEnabledFor() method
now performs the CORS check for image valued shapes. The private
isOriginClean() method from CanvasRenderingContext2D has been moved to
the CachedImage class so that it can be shared by the Canvas and Shape
implementations. It checks the response headers per the CORS spec.

Test: http/tests/security/shape-image-cors.html

* css/CSSImageValue.cpp:
(WebCore::CSSImageValue::cachedImage): Handle the new ResourceLoaderOption.
* css/StyleResolver.cpp:
(WebCore::StyleResolver::loadPendingShapeImage): Set the new ResourceLoaderOption.
* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::createPattern): Use the CachedImage::isOriginClean().
* loader/ResourceLoaderOptions.h: Added PotentiallyCrossOriginEnabled to RequestOriginPolicy.
* loader/cache/CachedImage.cpp:
(WebCore::CachedImage::isOriginClean): Migrated from CanvasRenderingContext2D.
* loader/cache/CachedImage.h:
* rendering/shapes/ShapeInfo.cpp:
(WebCore::::checkImageOrigin): Do the CORS check and log an error message if neccessary.
* rendering/shapes/ShapeInfo.h:
* rendering/shapes/ShapeInsideInfo.cpp:
(WebCore::ShapeInsideInfo::isEnabledFor): Call checkImageOrigin() for images.
* rendering/shapes/ShapeOutsideInfo.cpp:
(WebCore::ShapeOutsideInfo::isEnabledFor): Ditto.

LayoutTests:

Verify that images not allowed by CORS don't affect the layout
and that same-origin images, data URLs, and images with a
"Access-Control-Allow-Origin: *" header do define the layout.
Added a simple PHP script that optionally adds the allow origin header.

Replaced and renamed the original shape same-origin-only test.

* http/tests/security/resources/image-access-control.php: Added.
* http/tests/security/shape-image-cors-expected.html: Added.
* http/tests/security/shape-image-cors.html: Added.
* http/tests/security/shape-inside-image-origin-expected.txt: Removed.
* http/tests/security/shape-inside-image-origin.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@158044 268f45cc-cd09-0410-ab3c-d52691b4dbfc
17 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/resources/image-access-control.php [new file with mode: 0644]
LayoutTests/http/tests/security/shape-image-cors-expected.html [new file with mode: 0644]
LayoutTests/http/tests/security/shape-image-cors.html [new file with mode: 0644]
LayoutTests/http/tests/security/shape-inside-image-origin-expected.txt [deleted file]
LayoutTests/http/tests/security/shape-inside-image-origin.html [deleted file]
Source/WebCore/ChangeLog
Source/WebCore/css/CSSImageValue.cpp
Source/WebCore/css/StyleResolver.cpp
Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp
Source/WebCore/loader/ResourceLoaderOptions.h
Source/WebCore/loader/cache/CachedImage.cpp
Source/WebCore/loader/cache/CachedImage.h
Source/WebCore/rendering/shapes/ShapeInfo.cpp
Source/WebCore/rendering/shapes/ShapeInfo.h
Source/WebCore/rendering/shapes/ShapeInsideInfo.cpp
Source/WebCore/rendering/shapes/ShapeOutsideInfo.cpp