Implement the form-action Content Security Policy directive.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 16 Aug 2012 12:42:09 +0000 (12:42 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 16 Aug 2012 12:42:09 +0000 (12:42 +0000)
commite12187862473f083d08edb2378a4a8af8caca3e5
tree2bfc18b512aa24e296882236e9331879114b1fd8
parent1a0c2bf0676ca1f317e744378f5d67f9c79dd647
Implement the form-action Content Security Policy directive.
https://bugs.webkit.org/show_bug.cgi?id=93777

Patch by Mike West <mkwst@chromium.org> on 2012-08-16
Reviewed by Jochen Eisinger.

Source/WebCore:

The CSP 1.1 editor's draft defines the 'form-action' directive as a
mechanism for whitelisting valid targets for form submission from a
protected resource. A web author might desire to restrict form
submissions to the same origin as the protected resource itself via
a Content Security Policy of "form-action 'self'", or ensure that all
submissions were sent over an SSL connection via "form-action https:".

Specification details available at: https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#form-action--experimental

This experimental directive is gated on the ENABLE_CSP_NEXT flag, which
is currently only enabled in Chromium.

Tests: http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed.html
       http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html
       http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html
       http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html
       http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html
       http/tests/security/contentSecurityPolicy/1.1/form-action-src-javascript-blocked.html
       http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkIfFormActionAllowedByCSP):
    Adding a callback to FrameLoader in order to allow the
    MainResourceLoader to check the relevant CSP status without knowing
    anything about CSP.
(WebCore):
* loader/FrameLoader.h:
(FrameLoader):
* loader/MainResourceLoader.cpp:
(WebCore::MainResourceLoader::willSendRequest):
    Check against the protected resource's Content Security Policy when
    presented with a request that is itself a form submission, or is the
    result of a redirect in response to a form submission. If CSP would
    block the target, cancel the request.
* page/ContentSecurityPolicy.cpp:
(CSPDirectiveList):
(WebCore::CSPDirectiveList::checkSourceAndReportViolation):
    Added explanatory text to the source violation console warning that
    specifically calls out sending form data (as opposed to "connect to"
    or "load the").
(WebCore::CSPDirectiveList::allowFormAction):
    Check a URL against a directive list's the 'form-action' source list.
(WebCore):
(WebCore::CSPDirectiveList::addDirective):
    Recognize the 'form-action' CSP directive.
(WebCore::ContentSecurityPolicy::allowFormAction):
    Public interface to check a form action.
* page/ContentSecurityPolicy.h:

LayoutTests:

* http/tests/navigation/resources/redirection-response.php:
    Allow for the specification of alternate hosts for the redirect. We
    need this capability in order to check that an initial submission
    followed by a blocked redirect results in the correct behavior.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-javascript-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-javascript-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@125772 268f45cc-cd09-0410-ab3c-d52691b4dbfc
27 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/navigation/resources/redirection-response.php
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-javascript-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-javascript-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-malformed-meta-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/worker-connect-src-blocked-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/loader/FrameLoader.cpp
Source/WebCore/loader/FrameLoader.h
Source/WebCore/loader/MainResourceLoader.cpp
Source/WebCore/page/ContentSecurityPolicy.cpp
Source/WebCore/page/ContentSecurityPolicy.h