Ignore HSTS for partitioned, cross-origin subresource requests
authorwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 2 Nov 2017 20:43:22 +0000 (20:43 +0000)
committerwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 2 Nov 2017 20:43:22 +0000 (20:43 +0000)
https://bugs.webkit.org/show_bug.cgi?id=178993
<rdar://problem/34962462>

Reviewed by Brent Fulgham and Alex Christensen.

Source/WebCore:

No new tests. HSTS is not supported in layout tests.
Tested manually.

* platform/network/mac/WebCoreURLResponse.mm:
(WebCore::synthesizeRedirectResponseIfNecessary):
    Now also synthesizes a response if
    _schemeWasUpgradedDueToDynamicHSTS is set on the
    request. Because in such cases the scheme might
    have been downgraded and there the two schemes
    match.

Source/WebCore/PAL:

* pal/spi/cf/CFNetworkSPI.h:
    Added
    - (BOOL)_schemeWasUpgradedDueToDynamicHSTS
    - (BOOL)_preventHSTSStorage
    - (BOOL)_ignoreHSTS
    - (void)_setPreventHSTSStorage:(BOOL)preventHSTSStorage
    - (void)_setIgnoreHSTS:(BOOL)ignoreHSTS

Source/WebKit:

* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(downgradeRequest):
    Convenience function to downgrade a request if
    CFNetwork as already upgraded it during
    canonicalization. This allows the rest of
    WebKit's processing to function, such as UIR
    and mixed content blocking.
(updateIgnoreStrictTransportSecuritySettingIfNecessary):
    Adds and removed the ignore request accordingly.
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
    Now asks CFNetwork to ignore HSTS on resource loads we
    partition cookies for.
(-[WKNetworkSessionDelegate URLSession:task:_schemeUpgraded:completionHandler:]):
    Now asks CFNetwork to ignore HSTS on resource loads we
    partition cookies for.

Source/WTF:

* wtf/Platform.h:
    Added HAVE_CFNETWORK_IGNORE_HSTS.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@224353 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WTF/ChangeLog
Source/WTF/wtf/Platform.h
Source/WebCore/ChangeLog
Source/WebCore/PAL/ChangeLog
Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h
Source/WebCore/platform/network/mac/WebCoreURLResponse.mm
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

index e614b77..354cd0b 100644 (file)
@@ -1,3 +1,14 @@
+2017-11-02  John Wilander  <wilander@apple.com>
+
+        Ignore HSTS for partitioned, cross-origin subresource requests
+        https://bugs.webkit.org/show_bug.cgi?id=178993
+        <rdar://problem/34962462>
+
+        Reviewed by Brent Fulgham and Alex Christensen.
+
+        * wtf/Platform.h:
+            Added HAVE_CFNETWORK_IGNORE_HSTS.
+
 2017-11-02  Frederic Wang  <fwang@igalia.com>
 
         Add references to bug 179167 in FIXME comments
index abea4c3..2e2fe48 100644 (file)
 #define HAVE_CFNETWORK_STORAGE_PARTITIONING 1
 #endif
 
+#if ((PLATFORM(MAC) && __MAC_OS_X_VERSION_MAX_ALLOWED >= 101302 && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300) || (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 110200) || (PLATFORM(WATCHOS) && __WATCH_OS_VERSION_MIN_REQUIRED >= 40200) || (PLATFORM(TVOS) && __TV_OS_VERSION_MIN_REQUIRED >= 110200))
+#define HAVE_CFNETWORK_IGNORE_HSTS 1
+#endif
+
 #if OS(DARWIN) || ((OS(FREEBSD) || defined(__GLIBC__) || defined(__BIONIC__)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
 #define HAVE_MACHINE_CONTEXT 1
 #endif
index cfd6e02..683283f 100644 (file)
@@ -1,3 +1,22 @@
+2017-11-02  John Wilander  <wilander@apple.com>
+
+        Ignore HSTS for partitioned, cross-origin subresource requests
+        https://bugs.webkit.org/show_bug.cgi?id=178993
+        <rdar://problem/34962462>
+
+        Reviewed by Brent Fulgham and Alex Christensen.
+
+        No new tests. HSTS is not supported in layout tests.
+        Tested manually.
+
+        * platform/network/mac/WebCoreURLResponse.mm:
+        (WebCore::synthesizeRedirectResponseIfNecessary):
+            Now also synthesizes a response if
+            _schemeWasUpgradedDueToDynamicHSTS is set on the
+            request. Because in such cases the scheme might
+            have been downgraded and there the two schemes
+            match.
+
 2017-11-02  Zalan Bujtas  <zalan@apple.com>
 
         LayoutState::m_next is really the ancestor state.
index 33bbb2a..d5c8c45 100644 (file)
@@ -1,3 +1,19 @@
+2017-11-02  John Wilander  <wilander@apple.com>
+
+        Ignore HSTS for partitioned, cross-origin subresource requests
+        https://bugs.webkit.org/show_bug.cgi?id=178993
+        <rdar://problem/34962462>
+
+        Reviewed by Brent Fulgham and Alex Christensen.
+
+        * pal/spi/cf/CFNetworkSPI.h:
+            Added
+            - (BOOL)_schemeWasUpgradedDueToDynamicHSTS
+            - (BOOL)_preventHSTSStorage
+            - (BOOL)_ignoreHSTS
+            - (void)_setPreventHSTSStorage:(BOOL)preventHSTSStorage
+            - (void)_setIgnoreHSTS:(BOOL)ignoreHSTS
+
 2017-11-02  Frederic Wang  <fwang@igalia.com>
 
         Add references to bug 179167 in FIXME comments
index 0acc89f..add537b 100644 (file)
@@ -99,11 +99,26 @@ typedef void (^CFCachedURLResponseCallBackBlock)(CFCachedURLResponseRef);
 - (void)_setProperty:(id)value forKey:(NSString *)key;
 @end
 
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+@interface NSURLRequest ()
+- (BOOL)_schemeWasUpgradedDueToDynamicHSTS;
+- (BOOL)_preventHSTSStorage;
+- (BOOL)_ignoreHSTS;
+@end
+#endif
+
 @interface NSMutableURLRequest ()
 - (void)setContentDispositionEncodingFallbackArray:(NSArray *)theEncodingFallbackArray;
 - (void)setBoundInterfaceIdentifier:(NSString *)identifier;
 @end
 
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+@interface NSMutableURLRequest ()
+- (void)_setPreventHSTSStorage:(BOOL)preventHSTSStorage;
+- (void)_setIgnoreHSTS:(BOOL)ignoreHSTS;
+@end
+#endif
+
 @interface NSURLResponse ()
 + (NSURLResponse *)_responseWithCFURLResponse:(CFURLResponseRef)response;
 - (CFURLResponseRef)_CFURLResponse;
index 4cc9e72..2705259 100644 (file)
@@ -332,8 +332,13 @@ NSURLResponse *synthesizeRedirectResponseIfNecessary(NSURLRequest *currentReques
     if (redirectResponse)
         return redirectResponse;
 
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+    if ([[[newRequest URL] scheme] isEqualToString:[[currentRequest URL] scheme]] && ![newRequest _schemeWasUpgradedDueToDynamicHSTS])
+        return nil;
+#else
     if ([[[newRequest URL] scheme] isEqualToString:[[currentRequest URL] scheme]])
         return nil;
+#endif
 
     // If the new request is a different protocol than the current request, synthesize a redirect response.
     // This is critical for HSTS (<rdar://problem/14241270>).
index 2354c1c..32db24e 100644 (file)
@@ -1,3 +1,27 @@
+2017-11-02  John Wilander  <wilander@apple.com>
+
+        Ignore HSTS for partitioned, cross-origin subresource requests
+        https://bugs.webkit.org/show_bug.cgi?id=178993
+        <rdar://problem/34962462>
+
+        Reviewed by Brent Fulgham and Alex Christensen.
+
+        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+        (downgradeRequest):
+            Convenience function to downgrade a request if
+            CFNetwork as already upgraded it during
+            canonicalization. This allows the rest of 
+            WebKit's processing to function, such as UIR
+            and mixed content blocking.
+        (updateIgnoreStrictTransportSecuritySettingIfNecessary):
+            Adds and removed the ignore request accordingly.
+        (-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
+            Now asks CFNetwork to ignore HSTS on resource loads we
+            partition cookies for.
+        (-[WKNetworkSessionDelegate URLSession:task:_schemeUpgraded:completionHandler:]):
+            Now asks CFNetwork to ignore HSTS on resource loads we
+            partition cookies for.
+
 2017-11-02  Yousuke Kimoto  <yousuke.kimoto@sony.com>
 
         [WinCairo] Add IPC files for wincairo webkit
index 05c8684..2a8052d 100644 (file)
@@ -165,6 +165,42 @@ static WebCore::NetworkLoadPriority toNetworkLoadPriority(float priority)
     completionHandler(WebCore::createHTTPBodyNSInputStream(*body).get());
 }
 
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+static NSURLRequest* downgradeRequest(NSURLRequest *request)
+{
+    NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
+    if ([nsMutableRequest.URL.scheme isEqualToString:@"https"]) {
+        NSURLComponents *components = [[NSURLComponents componentsWithURL:nsMutableRequest.URL resolvingAgainstBaseURL:NO] autorelease];
+        components.scheme = @"http";
+        [nsMutableRequest setURL:components.URL];
+        ASSERT([nsMutableRequest.URL.scheme isEqualToString:@"http"]);
+        return nsMutableRequest;
+    }
+
+    ASSERT_NOT_REACHED();
+    return request;
+}
+
+static NSURLRequest* updateIgnoreStrictTransportSecuritySettingIfNecessary(NSURLRequest *request, bool shouldIgnoreHSTS)
+{
+    if ([request.URL.scheme isEqualToString:@"https"] && shouldIgnoreHSTS && [request _ignoreHSTS]) {
+        // The request was upgraded for some other reason than HSTS.
+        // Don't ignore HSTS to avoid the risk of another downgrade.
+        NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
+        [nsMutableRequest _setIgnoreHSTS:NO];
+        return nsMutableRequest;
+    }
+    
+    if ([request.URL.scheme isEqualToString:@"http"] && [request _ignoreHSTS] != shouldIgnoreHSTS) {
+        NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
+        [nsMutableRequest _setIgnoreHSTS:shouldIgnoreHSTS];
+        return nsMutableRequest;
+    }
+    
+    return request;
+}
+#endif
+
 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task willPerformHTTPRedirection:(NSHTTPURLResponse *)response newRequest:(NSURLRequest *)request completionHandler:(void (^)(NSURLRequest *))completionHandler
 {
     auto taskIdentifier = task.taskIdentifier;
@@ -172,13 +208,30 @@ static WebCore::NetworkLoadPriority toNetworkLoadPriority(float priority)
 
     if (auto* networkDataTask = [self existingTask:task]) {
         auto completionHandlerCopy = Block_copy(completionHandler);
-        networkDataTask->willPerformHTTPRedirection(response, request, [completionHandlerCopy, taskIdentifier](auto& request) {
+        
+        bool shouldIgnoreHSTS = false;
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+        shouldIgnoreHSTS = [request _schemeWasUpgradedDueToDynamicHSTS] && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request)).isEmpty();
+        if (shouldIgnoreHSTS) {
+            request = downgradeRequest(request);
+            ASSERT([request.URL.scheme isEqualToString:@"http"]);
+            LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
+        }
+#endif
+
+        networkDataTask->willPerformHTTPRedirection(response, request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto& request) {
 #if !LOG_DISABLED
             LOG(NetworkSession, "%llu willPerformHTTPRedirection completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
 #else
             UNUSED_PARAM(taskIdentifier);
 #endif
-            completionHandlerCopy(request.nsURLRequest(WebCore::UpdateHTTPBody));
+            auto nsRequest = request.nsURLRequest(WebCore::UpdateHTTPBody);
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+            nsRequest = updateIgnoreStrictTransportSecuritySettingIfNecessary(nsRequest, shouldIgnoreHSTS);
+#else
+            UNUSED_PARAM(shouldIgnoreHSTS);
+#endif
+            completionHandlerCopy(nsRequest);
             Block_release(completionHandlerCopy);
         });
     } else {
@@ -191,16 +244,32 @@ static WebCore::NetworkLoadPriority toNetworkLoadPriority(float priority)
 {
     auto taskIdentifier = task.taskIdentifier;
     LOG(NetworkSession, "%llu _schemeUpgraded %s", taskIdentifier, request.URL.absoluteString.UTF8String);
-    
+
+    bool shouldIgnoreHSTS = false;
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+    shouldIgnoreHSTS = [request _schemeWasUpgradedDueToDynamicHSTS] && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request)).isEmpty();
+    if (shouldIgnoreHSTS) {
+        request = downgradeRequest(request);
+        ASSERT([request.URL.scheme isEqualToString:@"http"]);
+        LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
+    }
+#endif
+
     if (auto* networkDataTask = [self existingTask:task]) {
         auto completionHandlerCopy = Block_copy(completionHandler);
-        networkDataTask->willPerformHTTPRedirection(WebCore::synthesizeRedirectResponseIfNecessary([task currentRequest], request, nil), request, [completionHandlerCopy, taskIdentifier](auto& request) {
+        networkDataTask->willPerformHTTPRedirection(WebCore::synthesizeRedirectResponseIfNecessary([task currentRequest], request, nil), request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto& request) {
 #if !LOG_DISABLED
             LOG(NetworkSession, "%llu _schemeUpgraded completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
 #else
             UNUSED_PARAM(taskIdentifier);
 #endif
-            completionHandlerCopy(request.nsURLRequest(WebCore::UpdateHTTPBody));
+            auto nsRequest = request.nsURLRequest(WebCore::UpdateHTTPBody);
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+            nsRequest = updateIgnoreStrictTransportSecuritySettingIfNecessary(nsRequest, shouldIgnoreHSTS);
+#else
+            UNUSED_PARAM(shouldIgnoreHSTS);
+#endif
+            completionHandlerCopy(nsRequest);
             Block_release(completionHandlerCopy);
         });
     } else {