Have smaller default quotas for third party frames
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Mar 2019 22:15:03 +0000 (22:15 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Mar 2019 22:15:03 +0000 (22:15 +0000)
https://bugs.webkit.org/show_bug.cgi?id=195841

Reviewed by Geoffrey Garen.

Source/WebCore:

Test: http/wpt/cache-storage/quota-third-party.https.html

* storage/StorageQuotaManager.h:
(WebCore::StorageQuotaManager::defaultQuota):
Change default quota to 1GB.

Source/WebKit:

* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::storageQuotaManager):
For third party iframes, use the default quota divided by 10.

LayoutTests:

* http/wpt/cache-storage/quota-third-party.https-expected.txt: Added.
* http/wpt/cache-storage/quota-third-party.https.html: Added.
* http/wpt/cache-storage/resources/quota-third-party-iframe.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243247 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/wpt/cache-storage/quota-third-party.https-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/cache-storage/quota-third-party.https.html [new file with mode: 0644]
LayoutTests/http/wpt/cache-storage/resources/quota-third-party-iframe.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/storage/StorageQuotaManager.h
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkProcess.cpp
Source/WebKit/NetworkProcess/NetworkProcess.h

index 5cf48e7..2dd15a5 100644 (file)
@@ -1,3 +1,14 @@
+2019-03-20  Youenn Fablet  <youenn@apple.com>
+
+        Have smaller default quotas for third party frames
+        https://bugs.webkit.org/show_bug.cgi?id=195841
+
+        Reviewed by Geoffrey Garen.
+
+        * http/wpt/cache-storage/quota-third-party.https-expected.txt: Added.
+        * http/wpt/cache-storage/quota-third-party.https.html: Added.
+        * http/wpt/cache-storage/resources/quota-third-party-iframe.html: Added.
+
 2019-03-20  Devin Rousso  <drousso@apple.com>
 
         Web Inspector: DOM: include window as part of any event listener chain
diff --git a/LayoutTests/http/wpt/cache-storage/quota-third-party.https-expected.txt b/LayoutTests/http/wpt/cache-storage/quota-third-party.https-expected.txt
new file mode 100644 (file)
index 0000000..3ebb08d
--- /dev/null
@@ -0,0 +1,6 @@
+CONSOLE MESSAGE: Cache API operation failed: Quota exceeded
+  
+
+PASS same origin iframe has regular quota 
+PASS cross origin iframe has reduced quota 
+
diff --git a/LayoutTests/http/wpt/cache-storage/quota-third-party.https.html b/LayoutTests/http/wpt/cache-storage/quota-third-party.https.html
new file mode 100644 (file)
index 0000000..85dd5c9
--- /dev/null
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Cache Storage: third party iframes</title>
+        <script src="/resources/testharness.js"></script>
+        <script src="/resources/testharnessreport.js"></script>
+    </head>
+<body>
+    <script>
+function load_iframe(url) {
+    return new Promise(function(resolve) {
+        var frame = document.createElement('iframe');
+        frame.src = url;
+        window.onmessage = (event) => resolve(event.data);
+        document.body.appendChild(frame);
+    });
+}
+
+promise_test(async () => {
+    assert_equals(await load_iframe("resources/quota-third-party-iframe.html"), "PASS");
+}, "same origin iframe has regular quota");
+
+promise_test(async () => {
+    assert_equals(await load_iframe("https://127.0.0.1:9443/WebKit/cache-storage/resources/quota-third-party-iframe.html"), "FAIL");
+}, "cross origin iframe has reduced quota");
+
+    </script>
+</body>
+</html>
+
diff --git a/LayoutTests/http/wpt/cache-storage/resources/quota-third-party-iframe.html b/LayoutTests/http/wpt/cache-storage/resources/quota-third-party-iframe.html
new file mode 100644 (file)
index 0000000..4e5f17c
--- /dev/null
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <script>
+if (window.testRunner)
+    testRunner.setAllowStorageQuotaIncrease(false);
+
+async function doTest() {
+    const cache = await self.caches.open("test");
+    const response30ko = new Response(new ArrayBuffer(30 * 1024));
+    try {
+        await cache.put("30ko", response30ko.clone());
+    } catch (e) {
+        window.parent.postMessage("UNEXPECTED", "*");
+    }
+    cache.put("30ko2", response30ko.clone()).then(() => {
+        window.parent.postMessage("PASS", "*");
+    }, () => {
+        window.parent.postMessage("FAIL", "*");
+    })
+}
+doTest();
+    </script>
+</body>
+</html>
+
index 4a70d5f..7a3cb57 100644 (file)
@@ -1,3 +1,16 @@
+2019-03-20  Youenn Fablet  <youenn@apple.com>
+
+        Have smaller default quotas for third party frames
+        https://bugs.webkit.org/show_bug.cgi?id=195841
+
+        Reviewed by Geoffrey Garen.
+
+        Test: http/wpt/cache-storage/quota-third-party.https.html
+
+        * storage/StorageQuotaManager.h:
+        (WebCore::StorageQuotaManager::defaultQuota):
+        Change default quota to 1GB.
+
 2019-03-20  Devin Rousso  <drousso@apple.com>
 
         Web Inspector: DOM: include window as part of any event listener chain
index 1b6fd8f..f0968d1 100644 (file)
@@ -46,7 +46,8 @@ public:
     }
     WEBCORE_EXPORT ~StorageQuotaManager();
 
-    static constexpr uint64_t defaultQuota() { return 500 * MB; }
+    static constexpr uint64_t defaultQuota() { return 1000 * MB; }
+    static constexpr uint64_t defaultThirdPartyQuota() { return 100 * MB; }
 
     WEBCORE_EXPORT void addUser(StorageQuotaUser&);
     void removeUser(StorageQuotaUser& user)
index cb23660..e3cf95e 100644 (file)
@@ -1,3 +1,14 @@
+2019-03-20  Youenn Fablet  <youenn@apple.com>
+
+        Have smaller default quotas for third party frames
+        https://bugs.webkit.org/show_bug.cgi?id=195841
+
+        Reviewed by Geoffrey Garen.
+
+        * NetworkProcess/NetworkProcess.cpp:
+        (WebKit::NetworkProcess::storageQuotaManager):
+        For third party iframes, use the default quota divided by 10.
+
 2019-03-20  Dean Jackson  <dino@apple.com>
 
         [iOS] Enable fast clicking everywhere
index 9ab1ea3..58b34a0 100644 (file)
@@ -2029,9 +2029,12 @@ void NetworkProcess::cacheStorageRootPath(PAL::SessionID sessionID, CacheStorage
 
 void NetworkProcess::setCacheStorageParameters(PAL::SessionID sessionID, uint64_t quota, String&& cacheStorageDirectory, SandboxExtension::Handle&& handle)
 {
-    m_storageQuotaManagers.ensure(sessionID, [] {
+    auto& managers =  m_storageQuotaManagers.ensure(sessionID, [] {
         return StorageQuotaManagers { };
-    }).iterator->value.defaultQuota = quota;
+    }).iterator->value;
+    managers.defaultQuota = quota;
+    // FIXME: Pass default third party quota as a parameter.
+    managers.defaultThirdPartyQuota = quota / 10;
 
     auto iterator = m_cacheStorageParametersCallbacks.find(sessionID);
     if (iterator == m_cacheStorageParametersCallbacks.end())
@@ -2390,7 +2393,8 @@ StorageQuotaManager& NetworkProcess::storageQuotaManager(PAL::SessionID sessionI
         return StorageQuotaManagers { };
     }).iterator->value;
     return *storageQuotaManagers.managersPerOrigin.ensure(origin, [this, &storageQuotaManagers, sessionID, &origin] {
-        return std::make_unique<StorageQuotaManager>(storageQuotaManagers.defaultQuota, [this, sessionID, origin](uint64_t quota, uint64_t currentSpace, uint64_t spaceIncrease, auto callback) {
+        auto quota = origin.topOrigin == origin.clientOrigin ? storageQuotaManagers.defaultQuota : storageQuotaManagers.defaultThirdPartyQuota;
+        return std::make_unique<StorageQuotaManager>(quota, [this, sessionID, origin](uint64_t quota, uint64_t currentSpace, uint64_t spaceIncrease, auto callback) {
             this->requestStorageSpace(sessionID, origin, quota, currentSpace, spaceIncrease, WTFMove(callback));
         });
     }).iterator->value;
index 14e92a4..44f8197 100644 (file)
@@ -534,6 +534,7 @@ private:
 
     struct StorageQuotaManagers {
         uint64_t defaultQuota { WebCore::StorageQuotaManager::defaultQuota() };
+        uint64_t defaultThirdPartyQuota { WebCore::StorageQuotaManager::defaultThirdPartyQuota() };
         HashMap<WebCore::ClientOrigin, std::unique_ptr<WebCore::StorageQuotaManager>> managersPerOrigin;
     };
     HashMap<PAL::SessionID, StorageQuotaManagers> m_storageQuotaManagers;