[SOUP] TLSErrors do not cause page load to fail when not ignored
authorcarlosgc@webkit.org <carlosgc@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 7 May 2014 10:11:30 +0000 (10:11 +0000)
committercarlosgc@webkit.org <carlosgc@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 7 May 2014 10:11:30 +0000 (10:11 +0000)
https://bugs.webkit.org/show_bug.cgi?id=121548

Reviewed by Sergio Villar Senin.

Source/WebCore:
This only happens in case of redirection, when the initial URL is
an HTTPS site with an invalid certificate, that redirects to
another location. We are starting the redirection without checking
the TLS errors.

* platform/network/soup/ResourceHandleSoup.cpp:
(WebCore::sendRequestCallback): Check TLS errors before starting a
possible redirection.

Tools:
Add unit tests to check that the load fails with TLS errors in
case of a redirection.

* TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:
(testTLSErrorsRedirect):
(httpsServerCallback):
(beforeAll):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@168417 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp

index 5df9527..3ffc4d3 100644 (file)
@@ -1,3 +1,19 @@
+2014-05-07  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [SOUP] TLSErrors do not cause page load to fail when not ignored
+        https://bugs.webkit.org/show_bug.cgi?id=121548
+
+        Reviewed by Sergio Villar Senin.
+
+        This only happens in case of redirection, when the initial URL is
+        an HTTPS site with an invalid certificate, that redirects to
+        another location. We are starting the redirection without checking
+        the TLS errors.
+
+        * platform/network/soup/ResourceHandleSoup.cpp:
+        (WebCore::sendRequestCallback): Check TLS errors before starting a
+        possible redirection.
+
 2014-05-07  Manuel Rego Casasnovas  <rego@igalia.com>
 
         [CSS Grid Layout] Remove runtime feature
index 32407e1..9141b72 100644 (file)
@@ -680,13 +680,6 @@ static void sendRequestCallback(GObject*, GAsyncResult* result, gpointer data)
     }
 
     if (soupMessage) {
-        if (SOUP_STATUS_IS_REDIRECTION(soupMessage->status_code) && shouldRedirect(handle.get())) {
-            d->m_inputStream = inputStream;
-            g_input_stream_skip_async(d->m_inputStream.get(), gDefaultReadBufferSize, G_PRIORITY_DEFAULT,
-                d->m_cancellable.get(), redirectSkipCallback, handle.get());
-            return;
-        }
-
         if (handle->shouldContentSniff() && soupMessage->status_code != SOUP_STATUS_NOT_MODIFIED) {
             const char* sniffedType = soup_request_get_content_type(d->m_soupRequest.get());
             d->m_response.setSniffedContentType(sniffedType);
@@ -698,6 +691,12 @@ static void sendRequestCallback(GObject*, GAsyncResult* result, gpointer data)
             return;
         }
 
+        if (SOUP_STATUS_IS_REDIRECTION(soupMessage->status_code) && shouldRedirect(handle.get())) {
+            d->m_inputStream = inputStream;
+            g_input_stream_skip_async(d->m_inputStream.get(), gDefaultReadBufferSize, G_PRIORITY_DEFAULT,
+                d->m_cancellable.get(), redirectSkipCallback, handle.get());
+            return;
+        }
     } else {
         d->m_response.setURL(handle->firstRequest().url());
         const gchar* contentType = soup_request_get_content_type(d->m_soupRequest.get());
index ff82d50..9ed1ef7 100644 (file)
@@ -1,3 +1,18 @@
+2014-05-07  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [SOUP] TLSErrors do not cause page load to fail when not ignored
+        https://bugs.webkit.org/show_bug.cgi?id=121548
+
+        Reviewed by Sergio Villar Senin.
+
+        Add unit tests to check that the load fails with TLS errors in
+        case of a redirection.
+
+        * TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:
+        (testTLSErrorsRedirect):
+        (httpsServerCallback):
+        (beforeAll):
+
 2014-05-07  Manuel Rego Casasnovas  <rego@igalia.com>
 
         [CSS Grid Layout] Remove runtime feature
index c7bbb75..8246f63 100644 (file)
@@ -134,6 +134,16 @@ static void testTLSErrorsPolicy(SSLTest* test, gconstpointer)
     g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
 }
 
+static void testTLSErrorsRedirect(SSLTest* test, gconstpointer)
+{
+    webkit_web_context_set_tls_errors_policy(webkit_web_view_get_context(test->m_webView), WEBKIT_TLS_ERRORS_POLICY_FAIL);
+    test->loadURI(kHttpsServer->getURIForPath("/redirect").data());
+    test->waitUntilLoadFinished();
+    g_assert(test->m_loadFailed);
+    g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
+    g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
+}
+
 class TLSErrorsTest: public SSLTest {
 public:
     MAKE_GLIB_TEST_FIXTURE(TLSErrorsTest);
@@ -233,6 +243,9 @@ static void httpsServerCallback(SoupServer* server, SoupMessage* message, const
         soup_message_set_status(message, SOUP_STATUS_OK);
         soup_message_body_append(message->response_body, SOUP_MEMORY_STATIC, TLSSuccessHTMLString, strlen(TLSSuccessHTMLString));
         soup_message_body_complete(message->response_body);
+    } else if (g_str_equal(path, "/redirect")) {
+        soup_message_set_status(message, SOUP_STATUS_MOVED_PERMANENTLY);
+        soup_message_headers_append(message->response_headers, "Location", kHttpServer->getURIForPath("/test-image").data());
     } else
         soup_message_set_status(message, SOUP_STATUS_NOT_FOUND);
 }
@@ -280,6 +293,7 @@ void beforeAll()
     // and expects that no exception will have been added for this certificate and host pair as is
     // done in the tls-permission-request test.
     SSLTest::add("WebKitWebView", "tls-errors-policy", testTLSErrorsPolicy);
+    SSLTest::add("WebKitWebView", "tls-errors-redirect-to-http", testTLSErrorsRedirect);
     TLSErrorsTest::add("WebKitWebView", "load-failed-with-tls-errors", testLoadFailedWithTLSErrors);
 }