Check X-Frame-Options and CSP frame-ancestors in network process
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 May 2018 05:02:52 +0000 (05:02 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 May 2018 05:02:52 +0000 (05:02 +0000)
commitecad200f1191c9d1df3a5788394baf29394ac126
tree759c9a39cc7e69d66005db936057c8262e8aac79
parent3509c7e295b1d1c064f82ef4344c67f2fb38b1f8
Check X-Frame-Options and CSP frame-ancestors in network process
https://bugs.webkit.org/show_bug.cgi?id=185410
<rdar://problem/37733934>

Reviewed by Ryosuke Niwa.

Source/JavaScriptCore:

Add enum traits for MessageSource and MessageLevel so that we can encode and decode them for IPC.

* runtime/ConsoleTypes.h:

Source/WebCore:

* WebCore.xcodeproj/project.pbxproj: Make PingLoader.h a private header so that we can include it in WebKit.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived): Only check CSP frame-ancestors and X-Frame-Options here if
we are not checking them in the NetworkProcess and HTTP response access is restricted. I code is otherwise kept
unchanged. There may be opportunities to clean this code up more and share more of it. We should look into this
in subsequent bugs.
* loader/DocumentLoader.h: Change visibility of stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() from
private to public and export it so that we can call it from the WebKit.
* loader/PingLoader.h:
* page/Settings.yaml: Add a new setting called networkProcessCSPFrameAncestorsCheckingEnabled (defaults: false)
and is hardcoded in WebPage.cpp to be enabled. This setting is used to determine if we will be using the NetworkProcess.
Ideally we wouldn't have this setting and just key off RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess().
However RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() is always enabled in WebKit Legacy
at the time of writing (why?). And, strangely, RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
is conditionally enabled in WebKit. For now, we add a new setting, networkProcessCSPFrameAncestorsCheckingEnabled,
to determine if CSP checking should be performed in NetworkProcess. For checking to actually happen in NetworkProcess
and not in DocumentLoader::responseReceived() RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
will also need to be enabled.
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowFrameAncestors const): Added a variant that takes a vector of ancestor origins.
* page/csp/ContentSecurityPolicy.h:
* page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::checkFrameAncestors): Ditto.
(WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFrameAncestorOrigins const): Ditto.
* page/csp/ContentSecurityPolicyDirectiveList.h: Export constructor so that we can invoke it from NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions().
* page/csp/ContentSecurityPolicyResponseHeaders.h:
* platform/network/HTTPParsers.h: Export XFrameOptionsDisposition() so that we can use in WebKit.

Source/WebKit:

* NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::encode const): Always encode the frame ancestor origins.
(WebKit::NetworkResourceLoadParameters::decode): Always decode the frame ancestor origins.
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::shouldInterruptLoadForXFrameOptions): Added.
(WebKit::NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions): Added.
(WebKit::NetworkResourceLoader::didReceiveResponse): Check if the load needs to be interrupted due
to a violation of the CSP frame-ancestors directive or X-Frame-Options. If there is a violation
then stop the load.
(WebKit::NetworkResourceLoader::didRetrieveCacheEntry): Ditto.
(NetworkResourceLoader::addConsoleMessage): Added.
(NetworkResourceLoader::sendCSPViolationReport): Added.
* NetworkProcess/NetworkResourceLoader.h:
* Scripts/webkit/messages.py: Teach the generator about data types MessageLevel and MessageSource
as they are both defined in file JavaScriptCore/ConsoleTypes.h as opposed to independent headers.
Also tell the generator that these types should not be forward declared so that we can use these
types without their JSC:: prefix in WebPage.messages.in.
* WebProcess/Network/NetworkProcessConnection.cpp:
(WebKit::NetworkProcessConnection::didReceiveMessage): Route WebPage messages to the appropriate
web page.
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess): Added message StopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied.
* WebProcess/Network/WebResourceLoader.cpp:
(WebKit::WebResourceLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied): Added.
* WebProcess/Network/WebResourceLoader.h:
* WebProcess/Network/WebResourceLoader.messages.in:
* WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::addConsoleMessage):
* WebProcess/WebPage/WebFrame.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::addConsoleMessage): Added.
(WebKit::WebPage::sendCSPViolationReport): Added.
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in: Add messages AddConsoleMessage and SendCSPViolationReport
for adding a console message to Web Inspector and sending a CSP report, respectively.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@231479 268f45cc-cd09-0410-ab3c-d52691b4dbfc
29 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/ConsoleTypes.h
Source/WebCore/ChangeLog
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/loader/DocumentLoader.cpp
Source/WebCore/loader/DocumentLoader.h
Source/WebCore/loader/PingLoader.h
Source/WebCore/page/Settings.yaml
Source/WebCore/page/csp/ContentSecurityPolicy.cpp
Source/WebCore/page/csp/ContentSecurityPolicy.h
Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h
Source/WebCore/page/csp/ContentSecurityPolicyResponseHeaders.h
Source/WebCore/platform/network/HTTPParsers.h
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp
Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
Source/WebKit/NetworkProcess/NetworkResourceLoader.h
Source/WebKit/Scripts/webkit/messages.py
Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp
Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
Source/WebKit/WebProcess/Network/WebResourceLoader.cpp
Source/WebKit/WebProcess/Network/WebResourceLoader.h
Source/WebKit/WebProcess/Network/WebResourceLoader.messages.in
Source/WebKit/WebProcess/WebPage/WebFrame.cpp
Source/WebKit/WebProcess/WebPage/WebFrame.h
Source/WebKit/WebProcess/WebPage/WebPage.cpp
Source/WebKit/WebProcess/WebPage/WebPage.h
Source/WebKit/WebProcess/WebPage/WebPage.messages.in