Don't set document.domain to an IP address fragment
authorwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 5 Aug 2016 18:57:13 +0000 (18:57 +0000)
committerwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 5 Aug 2016 18:57:13 +0000 (18:57 +0000)
commit1111a852500b02ae138082189cf6d605f9a6ffd7
tree71c21de3f91112200217f815aaaf3b082cff3dce
parent73d32579e6cd8618d69dc2d78e4c5a0fa888d3a7
Don't set document.domain to an IP address fragment
https://bugs.webkit.org/show_bug.cgi?id=126045
<rdar://problem/27331794>

Reviewed by Daniel Bates.

Source/WebCore:

This patch matches the following Blink one:
https://chromium.googlesource.com/chromium/blink/+/b19a57fdb323d5a80d3a1cb0a6b343558c4237b0

IP address octets should not be treated as subdomains when setting
document.domain. The specs say:
'The domain attribute's setter must run these steps: ...
7. If host is not equal to effectiveDomain, then run these substeps:
    1. If host or effectiveDomain is not a domain, then throw a
    "SecurityError" DOMException.'
https://html.spec.whatwg.org/multipage/browsers.html#relaxing-the-same-origin-restriction
Last Updated 5 August 2016

'A host is a domain, an IPv4 address, or an IPv6 address.'
https://url.spec.whatwg.org/#concept-domain
Last Updated 28 July 2016

Test: http/tests/security/set-domain-remove-subdomain-for-ip-address.html

* dom/Document.cpp:
(WebCore::Document::setDomain):
    Now checks whether the security origin is allowed to remove
    subdomains. If not, it throws a security error.
* page/OriginAccessEntry.cpp:
(WebCore::OriginAccessEntry::OriginAccessEntry):
    Constructor now expects an IP address setting.
(WebCore::OriginAccessEntry::matchesOrigin):
    Now also checks whether the host in an IP address and returns
    false if IP addresses aren't configured to be treated as domains.
* page/OriginAccessEntry.h:
    Introduced new enum for IP address setting.
    Constructor now expects an IP address setting.
(WebCore::OriginAccessEntry::ipAddressSettings):
    New getter.
(WebCore::operator==):
    Now also requires IP address settings to match.
* page/SecurityPolicy.cpp:
(WebCore::SecurityPolicy::addOriginAccessWhitelistEntry):
    Changes to match OriginAccessEntry's new constructor.
(WebCore::SecurityPolicy::removeOriginAccessWhitelistEntry):
    Changes to match OriginAccessEntry's new constructor.
* page/Settings.in:
    Added a setting to allow IP address octets to be treated as
    subdomains. This way our existing tests setting document.domain
    still work.

LayoutTests:

IP address octets should not be treated as subdomains when
setting document.domain.

* http/tests/security/aboutBlank/security-context-alias.html:
    Now enables the new setting treatIPAddressesAsDomains.
* http/tests/security/aboutBlank/security-context-grandchildren-alias.html:
    Now enables the new setting treatIPAddressesAsDomains.
* http/tests/security/postMessage/origin-unaffected-by-document-domain.html:
    Now enables the new setting treatIPAddressesAsDomains.
* http/tests/security/set-domain-remove-subdomain-for-ip-address-expected.txt: Added.
* http/tests/security/set-domain-remove-subdomain-for-ip-address.html: Added.
* http/tests/workers/worker-document-domain-security.html:
    Now enables the new setting treatIPAddressesAsDomains.
* http/tests/xmlhttprequest/document-domain-set.html:
    Now enables the new setting treatIPAddressesAsDomains.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@204181 268f45cc-cd09-0410-ab3c-d52691b4dbfc
14 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/aboutBlank/security-context-alias.html
LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-alias.html
LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain.html
LayoutTests/http/tests/security/set-domain-remove-subdomain-for-ip-address-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/set-domain-remove-subdomain-for-ip-address.html [new file with mode: 0644]
LayoutTests/http/tests/workers/worker-document-domain-security.html
LayoutTests/http/tests/xmlhttprequest/document-domain-set.html
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Source/WebCore/page/OriginAccessEntry.cpp
Source/WebCore/page/OriginAccessEntry.h
Source/WebCore/page/SecurityPolicy.cpp
Source/WebCore/page/Settings.in