Disallow loads using HTTP 0.9 at the ResourceHandle/NetworkDataTask level
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 15 Nov 2016 16:40:44 +0000 (16:40 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 15 Nov 2016 16:40:44 +0000 (16:40 +0000)
commit80357e8bb6e5ad1c04cea51711b553062b776b81
treee64d23afdcf928b9c318679c4cf142df64fd62b9
parent8f42b8e253c7623abcda1e67222e56c667667c9b
Disallow loads using HTTP 0.9 at the ResourceHandle/NetworkDataTask level
https://bugs.webkit.org/show_bug.cgi?id=164662
<rdar://problem/29268514>

Source/WebCore:

Reviewed by Reviewed by Alex Christensen and Brady Eidson.

Currently we disallow non-default HTTP 0.9 loads at the ResourceLoader level and disallow
subresource loads using HTTP 0.9 on a default port when the embedding page loads using a
different HTTP version. However loads can still be initiated from other loaders (e.g. FrameLoader)
with regards to the first issue. The latter issue does not afford much protection and
increases code complexity. Instead we should simplify our policy and move our code to the
lowest networking abstraction level, ResourceHandle/NetworkDataTask, so that we disallow
all non-default port loads using HTTP 0.9 regardless of the loader used.

Tests: http/tests/security/http-0.9/image-default-port-allowed.html
       http/tests/security/http-0.9/xhr-blocked.html

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived): Remove logic to cancel an HTTP 0.9 load from here.
We will cancel the HTTP 0.9 load at the ResourceHandle/NetworkDataTask level.
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didReceiveResponse): Ditto.
* platform/URL.h: Export stringCenterEllipsizedToLength() so that we can use it in WebKit2.
* platform/network/BlobResourceHandle.cpp:
(WebCore::BlobResourceHandle::notifyResponseOnSuccess): Modified to call ResourceHandle::didReceiveResponse().
(WebCore::BlobResourceHandle::notifyResponseOnError): Ditto.
* platform/network/ResourceHandle.cpp:
(WebCore::ResourceHandle::didReceiveResponse): Added. Fail the load if it is using HTTP 0.9.
Otherwise notify the client that we received a response.
(WebCore::ResourceHandle::platformContinueSynchronousDidReceiveResponse): Added. Perform any
additional platform-specific logic after notifying the resource handle client of the received
response. Only the libsoup backend overwrites this member function to do something meaningful.
* platform/network/ResourceHandle.h:
* platform/network/ResourceResponseBase.h:
* platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
(WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse): Modified to
call ResourceHandle::didReceiveResponse().
* platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
(-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]): Ditto.
* platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
(-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]): Ditto.
* platform/network/soup/ResourceHandleSoup.cpp:
(WebCore::nextMultipartResponsePartCallback): Ditto.
(WebCore::sendRequestCallback): Ditto.
(WebCore::ResourceHandle::platformContinueSynchronousDidReceiveResponse): Added. Turns around and
calls continueAfterDidReceiveResponse().

Source/WebKit2:

Reviewed by Alex Christensen and Brady Eidson.

Make changes to NetworkDataTask similar to the changes made to ResourceHandle so as to
disallow non-default port HTTP 0.9 loads when using the ENABLE(NETWORK_SESSION) networking
code path in WebKit2.

* NetworkProcess/NetworkDataTask.cpp:
(WebKit::NetworkDataTask::didReceiveResponse): Added. Fail the load if it is using HTTP 0.9.
Otherwise notify the client that we received a response.
* NetworkProcess/NetworkDataTask.h:
* NetworkProcess/NetworkDataTaskBlob.cpp:
(WebKit::NetworkDataTaskBlob::resume): Substitute dispatchDidReceiveResponse() for didReceiveResponse()
as the latter has been renamed to the former.
(WebKit::NetworkDataTaskBlob::getSizeForNext): Ditto.
(WebKit::NetworkDataTaskBlob::dispatchDidReceiveResponse): Renamed from didReceiveResponse().
* NetworkProcess/NetworkDataTaskBlob.h:
* NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::didReceiveResponse): Deleted.
* NetworkProcess/soup/NetworkDataTaskSoup.cpp:
(WebKit::NetworkDataTaskSoup::didSendRequest): Substitute dispatchDidReceiveResponse() for didReceiveResponse()
as the latter has been renamed to the former.
(WebKit::NetworkDataTaskSoup::dispatchDidReceiveResponse): Renamed from didReceiveResponse(). Also
remove the local variable response and inline its value into the call to ResourceHandle::didReceiveResponse()
as this variable is used exactly once in this function and its name does not describe its purpose any more
than its value.
(WebKit::NetworkDataTaskSoup::didRequestNextPart): Substitute dispatchDidReceiveResponse() for didReceiveResponse()
as the latter has been renamed to the former.
* NetworkProcess/soup/NetworkDataTaskSoup.h:

LayoutTests:

Reviewed by Reviewed by Alex Christensen and Brady Eidson.

Add a test to ensure that we block a synchronous XHR load using HTTP 0.9.
Renamed test image-default-port-blocked.html to image-default-port-allowed.html
as we now allow a subresource load using HTTP 0.9 on a default port regardless
of the HTTP version the embedding page used.

Update test expectations as DRT/WTR do not emit a localized description for the
error associated with a load failure. Note that a message is emitted to
Web Inspector console.

* http/tests/security/http-0.9/iframe-blocked-expected.txt:
* http/tests/security/http-0.9/iframe-blocked.html: Dump frame load callbacks
to see that load was cancelled as there is no other unique visible indication
of success.
* http/tests/security/http-0.9/image-blocked-expected.txt: Update expected result.
* http/tests/security/http-0.9/image-default-port-allowed-expected.txt: Renamed from LayoutTests/http/tests/security/http-0.9/image-default-port-blocked-expected.txt.
* http/tests/security/http-0.9/image-default-port-allowed.html: Renamed from LayoutTests/http/tests/security/http-0.9/image-default-port-blocked.html.
* http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt: Update expected result.
* http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html: Ditto.
* http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt: Ditto.
* http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt: Ditto.
* http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt: Ditto.
* http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt: Ditto.
* http/tests/security/http-0.9/xhr-blocked-expected.txt: Added.
* http/tests/security/http-0.9/xhr-blocked.html: Added.
* platform/wk2/TestExpectations: Skip the HTTP-0.9 tests in WebKit2 that use internals.registerDefaultPortForProtocol().
The function internals.registerDefaultPortForProtocol only updates the default-port-to-protocol map in the WebContent
process. However network loads in WebKit2 occur in the NetworkProcess. Further investigation is needed to determine
the best way to support testing with default ports. Ideally, we would run an HTTP server on port 80 for testing and
remove the need for internals.registerDefaultPortForProtocol().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@208732 268f45cc-cd09-0410-ab3c-d52691b4dbfc
37 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/http-0.9/iframe-blocked-expected.txt
LayoutTests/http/tests/security/http-0.9/iframe-blocked.html
LayoutTests/http/tests/security/http-0.9/image-blocked-expected.txt
LayoutTests/http/tests/security/http-0.9/image-default-port-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/http-0.9/image-default-port-allowed.html [moved from LayoutTests/http/tests/security/http-0.9/image-default-port-blocked.html with 73% similarity]
LayoutTests/http/tests/security/http-0.9/image-default-port-blocked-expected.txt [deleted file]
LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt
LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html
LayoutTests/http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt
LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt
LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt
LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt
LayoutTests/http/tests/security/http-0.9/xhr-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/http-0.9/xhr-blocked.html [new file with mode: 0644]
LayoutTests/platform/wk2/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/loader/DocumentLoader.cpp
Source/WebCore/loader/ResourceLoader.cpp
Source/WebCore/platform/URL.h
Source/WebCore/platform/network/BlobResourceHandle.cpp
Source/WebCore/platform/network/ResourceHandle.cpp
Source/WebCore/platform/network/ResourceHandle.h
Source/WebCore/platform/network/ResourceResponseBase.h
Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp
Source/WebCore/platform/network/mac/WebCoreResourceHandleAsDelegate.mm
Source/WebCore/platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm
Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
Source/WebKit2/ChangeLog
Source/WebKit2/NetworkProcess/NetworkDataTask.cpp
Source/WebKit2/NetworkProcess/NetworkDataTask.h
Source/WebKit2/NetworkProcess/NetworkDataTaskBlob.cpp
Source/WebKit2/NetworkProcess/NetworkDataTaskBlob.h
Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.h
Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
Source/WebKit2/NetworkProcess/soup/NetworkDataTaskSoup.cpp
Source/WebKit2/NetworkProcess/soup/NetworkDataTaskSoup.h