Consider top-level context whose origin is unique as insecure
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 Dec 2019 18:29:25 +0000 (18:29 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 Dec 2019 18:29:25 +0000 (18:29 +0000)
https://bugs.webkit.org/show_bug.cgi?id=205111
Source/WebCore:

Reviewed by Brent Fulgham.

Tests: http/tests/security/top-level-unique-origin.https.html
       http/tests/security/top-level-unique-origin2.https.html

* dom/Document.cpp:
(WebCore::Document::isSecureContext const):
There is no guarantee that top level unique origin contexts like data URL are SecureContext.
This patch makes them no longer SecureContext.
This helps getting closer to https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy
which identifies all unique origins as "Not Trustworthy".
Child unique origin contexts will stay SecureContext if their parents are.

Tools:

<rdar://problem/57834967>

Reviewed by Brent Fulgham.

* TestWebKitAPI/Tests/WebKitCocoa/DeviceOrientation.mm:
(TEST):
Disable secure context checks so that loading directly about:blank from the API test
can call DeviceOrientationEvent.requestPermission() successfully.

LayoutTests:

Reviewed by Brent Fulgham.

* http/tests/security/top-level-unique-origin.https-expected.txt: Added.
* http/tests/security/top-level-unique-origin.https.html: Added.
* http/tests/security/top-level-unique-origin2.https-expected.txt: Added.
* http/tests/security/top-level-unique-origin2.https.html: Added.
* platform/win/TestExpectations: Skipping second test as timing out in windows.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@253563 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/security/top-level-unique-origin.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/top-level-unique-origin.https.html [new file with mode: 0644]
LayoutTests/http/tests/security/top-level-unique-origin2.https-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/top-level-unique-origin2.https.html [new file with mode: 0644]
LayoutTests/platform/win/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKitCocoa/DeviceOrientation.mm

index 21e035e..5df6e1e 100644 (file)
@@ -1,5 +1,18 @@
 2019-12-16  youenn fablet  <youenn@apple.com>
 
+        Consider top-level context whose origin is unique as insecure
+        https://bugs.webkit.org/show_bug.cgi?id=205111
+
+        Reviewed by Brent Fulgham.
+
+        * http/tests/security/top-level-unique-origin.https-expected.txt: Added.
+        * http/tests/security/top-level-unique-origin.https.html: Added.
+        * http/tests/security/top-level-unique-origin2.https-expected.txt: Added.
+        * http/tests/security/top-level-unique-origin2.https.html: Added.
+        * platform/win/TestExpectations: Skipping second test as timing out in windows.
+
+2019-12-16  youenn fablet  <youenn@apple.com>
+
         fast/mediastream/change-tracks-media-stream-being-played.html is flaky
         https://bugs.webkit.org/show_bug.cgi?id=205277
 
diff --git a/LayoutTests/http/tests/security/top-level-unique-origin.https-expected.txt b/LayoutTests/http/tests/security/top-level-unique-origin.https-expected.txt
new file mode 100644 (file)
index 0000000..7ef22e9
--- /dev/null
@@ -0,0 +1 @@
+PASS
diff --git a/LayoutTests/http/tests/security/top-level-unique-origin.https.html b/LayoutTests/http/tests/security/top-level-unique-origin.https.html
new file mode 100644 (file)
index 0000000..ba39ad4
--- /dev/null
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<script>
+    if (window.testRunner) {
+        testRunner.waitUntilDone();
+        testRunner.dumpAsText();
+    }
+
+    function doTest()
+    {
+        if (window.location.hash === "") {
+            window.location = "data:text/html,<"+ "script>window.location = '" + window.location.href + "#' + window.isSecureContext;<" + "/script>"
+            return;
+        }
+        onload = () => {
+            document.body.innerHTML = window.location.hash === "#false" ? "PASS" : ("FAIL: got " + window.location.hash);
+            if (window.testRunner)
+                testRunner.notifyDone();
+        };
+    }
+    doTest();
+</script>
diff --git a/LayoutTests/http/tests/security/top-level-unique-origin2.https-expected.txt b/LayoutTests/http/tests/security/top-level-unique-origin2.https-expected.txt
new file mode 100644 (file)
index 0000000..0ad9348
--- /dev/null
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: line 1: data URL frame loaded
+CONSOLE MESSAGE: line 1: blob popup opened
+CONSOLE MESSAGE: line 1: blob popup loaded
+CONSOLE MESSAGE: line 1: blob popup message posted
+PASS
diff --git a/LayoutTests/http/tests/security/top-level-unique-origin2.https.html b/LayoutTests/http/tests/security/top-level-unique-origin2.https.html
new file mode 100644 (file)
index 0000000..eb43ca4
--- /dev/null
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<body>
+<script>
+    if (window.testRunner) {
+        testRunner.waitUntilDone();
+        testRunner.dumpAsText();
+        testRunner.setCanOpenWindows();
+    }
+    onmessage = (event) => {
+        document.body.innerHTML = !event.data ? "PASS": "FAIL";
+        if (window.testRunner)
+            testRunner.notifyDone();
+    };
+    setTimeout(() => {
+        document.body.innerHTML = "TIMEOUT";
+        if (window.testRunner)
+            testRunner.notifyDone();
+    }, 10000);
+</script>
+<iframe src="data:text/html,<script>console.log('data URL frame loaded'); const blob = new Blob(['<'+ 'script>console.log(\'blob popup loaded\'); window.opener.postMessage(window.isSecureContext, \'*\'); console.log(\'blob popup message posted\'); <' + '/script>'], {type: 'text/html'}); const popup = window.open(URL.createObjectURL(blob)); onmessage = (event) => { parent.postMessage(event.data, '*'); popup.close(); }; console.log('blob popup opened'); </script>"></iframe>
+</body>
index d392680..4eabd08 100644 (file)
@@ -800,6 +800,8 @@ webkit.org/b/46975 http/tests/xmlhttprequest/xmlhttprequest-sync-vs-async-assert
 # Times out in Release builds
 webkit.org/b/47091 http/tests/misc/copy-resolves-urls.html [ Skip ]
 
+http/tests/security/top-level-unique-origin2.https.html [ Skip ]
+
 # Sometimes fail or timeout
 webkit.org/b/48455 transitions/cancel-transition.html [ Pass Failure ]
 webkit.org/b/48455 legacy-animation-engine/transitions/cancel-transition.html [ Pass Failure ]
index 5965447..e0da59a 100644 (file)
@@ -1,3 +1,21 @@
+2019-12-16  youenn fablet  <youenn@apple.com>
+
+        Consider top-level context whose origin is unique as insecure
+        https://bugs.webkit.org/show_bug.cgi?id=205111
+
+        Reviewed by Brent Fulgham.
+
+        Tests: http/tests/security/top-level-unique-origin.https.html
+               http/tests/security/top-level-unique-origin2.https.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::isSecureContext const):
+        There is no guarantee that top level unique origin contexts like data URL are SecureContext.
+        This patch makes them no longer SecureContext.
+        This helps getting closer to https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy
+        which identifies all unique origins as "Not Trustworthy".
+        Child unique origin contexts will stay SecureContext if their parents are.
+
 2019-12-16  Daniel Bates  <dabates@apple.com>
 
         -requestDocumentContext always returns 1 text unit more granularity than requested
index 17edc8b..669145b 100644 (file)
@@ -6056,10 +6056,12 @@ bool Document::isSecureContext() const
         return true;
     if (!securityOrigin().isPotentiallyTrustworthy())
         return false;
-    for (Frame* frame = m_frame->tree().parent(); frame; frame = frame->tree().parent()) {
+    for (auto* frame = m_frame->tree().parent(); frame; frame = frame->tree().parent()) {
         if (!frame->document()->securityOrigin().isPotentiallyTrustworthy())
             return false;
     }
+    if (topOrigin().isUnique())
+        return false;
     return true;
 }
 
index c5594bd..f0d478d 100644 (file)
@@ -1,3 +1,16 @@
+2019-12-16  youenn fablet  <youenn@apple.com>
+
+        Consider top-level context whose origin is unique as insecure
+        https://bugs.webkit.org/show_bug.cgi?id=205111
+        <rdar://problem/57834967>
+
+        Reviewed by Brent Fulgham.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/DeviceOrientation.mm:
+        (TEST):
+        Disable secure context checks so that loading directly about:blank from the API test
+        can call DeviceOrientationEvent.requestPermission() successfully.
+
 2019-12-16  Daniel Bates  <dabates@apple.com>
 
         -requestDocumentContext always returns 1 text unit more granularity than requested
index db9198d..be9cfb9 100644 (file)
@@ -217,6 +217,9 @@ TEST(DeviceOrientation, RememberPermissionForSession)
     configuration.get().websiteDataStore = [WKWebsiteDataStore nonPersistentDataStore];
     [[configuration userContentController] addScriptMessageHandler:messageHandler.get() name:@"testHandler"];
 
+    auto preferences = [configuration preferences];
+    [preferences _setSecureContextChecksEnabled: NO];
+
     webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
     [webView setUIDelegate:uiDelegate.get()];