Make FrameLoader::open() set outgoing referrer properly
authorHironori.Fujii@sony.com <Hironori.Fujii@sony.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 28 Aug 2019 01:40:42 +0000 (01:40 +0000)
committerHironori.Fujii@sony.com <Hironori.Fujii@sony.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 28 Aug 2019 01:40:42 +0000 (01:40 +0000)
https://bugs.webkit.org/show_bug.cgi?id=167050
Source/WebCore:

<rdar://problem/27972404>

Reviewed by Youenn Fablet.

In debug builds, an assertion failed in WebCore::SecurityPolicy::generateReferrerHeader:
ASSERTION FAILED: referrer == URL(URL(), referrer).strippedForUseAsReferrer()

In release builds, cached pages with a URL fragment sent its URL fragment in the referrer.

m_outgoingReferrer mistakenly had a URL fragment.

Test: http/tests/navigation/page-cache-fragment-referrer.html

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::open): Set m_outgoingReferrer by using
FrameLoader::setOutgoingReferrer to remove URL fragments.

LayoutTests:

Reviewed by Youenn Fablet.

* http/tests/navigation/page-cache-fragment-referrer-expected.html: Added.
* http/tests/navigation/page-cache-fragment-referrer.html: Added.
* http/tests/navigation/resources/referrer.php: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249188 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/navigation/page-cache-fragment-referrer-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/navigation/page-cache-fragment-referrer.html [new file with mode: 0644]
LayoutTests/http/tests/navigation/resources/referrer.php [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/FrameLoader.cpp

index d010507..7e6823f 100644 (file)
@@ -1,3 +1,14 @@
+2019-08-27  Fujii Hironori  <Hironori.Fujii@sony.com>
+
+        Make FrameLoader::open() set outgoing referrer properly
+        https://bugs.webkit.org/show_bug.cgi?id=167050
+
+        Reviewed by Youenn Fablet.
+
+        * http/tests/navigation/page-cache-fragment-referrer-expected.html: Added.
+        * http/tests/navigation/page-cache-fragment-referrer.html: Added.
+        * http/tests/navigation/resources/referrer.php: Added.
+
 2019-08-27  Devin Rousso  <drousso@apple.com>
 
         Web Inspector: replace uses of added utility `Array.prototype.keySet` with an actual `Set`
diff --git a/LayoutTests/http/tests/navigation/page-cache-fragment-referrer-expected.txt b/LayoutTests/http/tests/navigation/page-cache-fragment-referrer-expected.txt
new file mode 100644 (file)
index 0000000..c63f4fc
--- /dev/null
@@ -0,0 +1,11 @@
+A cached page with a URL fragment shouldn't send the fragment in the referrer
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+PASS xhr.responseText is "http://127.0.0.1:8000/navigation/page-cache-fragment-referrer.html"
+PASS xhr.responseText is "http://127.0.0.1:8000/navigation/page-cache-fragment-referrer.html"
+
diff --git a/LayoutTests/http/tests/navigation/page-cache-fragment-referrer.html b/LayoutTests/http/tests/navigation/page-cache-fragment-referrer.html
new file mode 100644 (file)
index 0000000..fa0176f
--- /dev/null
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../resources/js-test-pre.js"></script>
+<script>
+description("A cached page with a URL fragment shouldn't send the fragment in the referrer");
+
+if (window.testRunner) {
+    testRunner.clearBackForwardList();
+    testRunner.overridePreference('WebKitUsesPageCachePreferenceKey', 1);
+    testRunner.dumpAsText();
+
+    testRunner.queueLoad('resources/success.html');
+    testRunner.queueBackNavigation(1);
+}
+
+const locationWithoutHash = document.location.href;
+
+document.location = '#fragment';
+
+window.addEventListener('pageshow', () => {
+    xhr = new XMLHttpRequest();
+    xhr.open('GET', 'resources/referrer.php', false);
+    xhr.send(null);
+    shouldBeEqualToString('xhr.responseText', locationWithoutHash);
+});
+</script>
+</head>
+<body>
+</body>
+<script src="../resources/js-test-post.js"></script>
+</head>
+</html>
diff --git a/LayoutTests/http/tests/navigation/resources/referrer.php b/LayoutTests/http/tests/navigation/resources/referrer.php
new file mode 100644 (file)
index 0000000..226afda
--- /dev/null
@@ -0,0 +1,6 @@
+<?php
+    // Prevent from being cached.
+    header("Cache-Control: no-store, private, max-age=0");
+    header("Content-Type: text/plain");
+?>
+<?php echo $_SERVER['HTTP_REFERER']; ?>
index a1b7fad..b03aff0 100644 (file)
@@ -1,3 +1,24 @@
+2019-08-27  John Wilander  <wilander@apple.com>  and  Fujii Hironori  <Hironori.Fujii@sony.com>
+
+        Make FrameLoader::open() set outgoing referrer properly
+        https://bugs.webkit.org/show_bug.cgi?id=167050
+        <rdar://problem/27972404>
+
+        Reviewed by Youenn Fablet.
+
+        In debug builds, an assertion failed in WebCore::SecurityPolicy::generateReferrerHeader:
+        ASSERTION FAILED: referrer == URL(URL(), referrer).strippedForUseAsReferrer()
+
+        In release builds, cached pages with a URL fragment sent its URL fragment in the referrer.
+
+        m_outgoingReferrer mistakenly had a URL fragment.
+
+        Test: http/tests/navigation/page-cache-fragment-referrer.html
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::open): Set m_outgoingReferrer by using
+        FrameLoader::setOutgoingReferrer to remove URL fragments.
+
 2019-08-27  Said Abou-Hallawa  <sabouhallawa@apple.com>
 
         Unreviewed. Build fix after r249175.
index 83beb27..f50b115 100644 (file)
@@ -2309,7 +2309,7 @@ void FrameLoader::open(CachedFrameBase& cachedFrame)
     m_needsClear = true;
     m_isComplete = false;
     m_didCallImplicitClose = false;
-    m_outgoingReferrer = url.string();
+    setOutgoingReferrer(url);
 
     FrameView* view = cachedFrame.view();