Unreviewed, rolling out r224353.

Breaks internal builds.

Reverted changeset:

"Ignore HSTS for partitioned, cross-origin subresource
requests"
https://bugs.webkit.org/show_bug.cgi?id=178993
https://trac.webkit.org/changeset/224353

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@224358 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog
index 354cd0b..7b82d79 100644 (file)
--- a/Source/WTF/ChangeLog
+++ b/Source/WTF/ChangeLog
@@ -1,3 +1,16 @@
+2017-11-02  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Unreviewed, rolling out r224353.
+
+        Breaks internal builds.
+
+        Reverted changeset:
+
+        "Ignore HSTS for partitioned, cross-origin subresource
+        requests"
+        https://bugs.webkit.org/show_bug.cgi?id=178993
+        https://trac.webkit.org/changeset/224353
+
 2017-11-02  John Wilander  <wilander@apple.com>
 
         Ignore HSTS for partitioned, cross-origin subresource requests

diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h
index 2e2fe48..abea4c3 100644 (file)
--- a/Source/WTF/wtf/Platform.h
+++ b/Source/WTF/wtf/Platform.h
@@ -678,10 +678,6 @@
 #define HAVE_CFNETWORK_STORAGE_PARTITIONING 1
 #endif
 
-#if ((PLATFORM(MAC) && __MAC_OS_X_VERSION_MAX_ALLOWED >= 101302 && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300) || (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 110200) || (PLATFORM(WATCHOS) && __WATCH_OS_VERSION_MIN_REQUIRED >= 40200) || (PLATFORM(TVOS) && __TV_OS_VERSION_MIN_REQUIRED >= 110200))
-#define HAVE_CFNETWORK_IGNORE_HSTS 1
-#endif
-
 #if OS(DARWIN) || ((OS(FREEBSD) || defined(__GLIBC__) || defined(__BIONIC__)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
 #define HAVE_MACHINE_CONTEXT 1
 #endif

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 542d2e3..72162a5 100644 (file)
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2017-11-02  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Unreviewed, rolling out r224353.
+
+        Breaks internal builds.
+
+        Reverted changeset:
+
+        "Ignore HSTS for partitioned, cross-origin subresource
+        requests"
+        https://bugs.webkit.org/show_bug.cgi?id=178993
+        https://trac.webkit.org/changeset/224353
+
 2017-11-02  Joseph Pecoraro  <pecoraro@apple.com>
 
         Inspector should display service worker served responses properly

diff --git a/Source/WebCore/PAL/ChangeLog b/Source/WebCore/PAL/ChangeLog
index d5c8c45..22ab5f9 100644 (file)
--- a/Source/WebCore/PAL/ChangeLog
+++ b/Source/WebCore/PAL/ChangeLog
@@ -1,3 +1,16 @@
+2017-11-02  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Unreviewed, rolling out r224353.
+
+        Breaks internal builds.
+
+        Reverted changeset:
+
+        "Ignore HSTS for partitioned, cross-origin subresource
+        requests"
+        https://bugs.webkit.org/show_bug.cgi?id=178993
+        https://trac.webkit.org/changeset/224353
+
 2017-11-02  John Wilander  <wilander@apple.com>
 
         Ignore HSTS for partitioned, cross-origin subresource requests

diff --git a/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h b/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h
index add537b..0acc89f 100644 (file)
--- a/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h
+++ b/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h
@@ -99,26 +99,11 @@ typedef void (^CFCachedURLResponseCallBackBlock)(CFCachedURLResponseRef);
 - (void)_setProperty:(id)value forKey:(NSString *)key;
 @end
 
-#if HAVE(CFNETWORK_IGNORE_HSTS)
-@interface NSURLRequest ()
-- (BOOL)_schemeWasUpgradedDueToDynamicHSTS;
-- (BOOL)_preventHSTSStorage;
-- (BOOL)_ignoreHSTS;
-@end
-#endif
-
 @interface NSMutableURLRequest ()
 - (void)setContentDispositionEncodingFallbackArray:(NSArray *)theEncodingFallbackArray;
 - (void)setBoundInterfaceIdentifier:(NSString *)identifier;
 @end
 
-#if HAVE(CFNETWORK_IGNORE_HSTS)
-@interface NSMutableURLRequest ()
-- (void)_setPreventHSTSStorage:(BOOL)preventHSTSStorage;
-- (void)_setIgnoreHSTS:(BOOL)ignoreHSTS;
-@end
-#endif
-
 @interface NSURLResponse ()
 + (NSURLResponse *)_responseWithCFURLResponse:(CFURLResponseRef)response;
 - (CFURLResponseRef)_CFURLResponse;

diff --git a/Source/WebCore/platform/network/mac/WebCoreURLResponse.mm b/Source/WebCore/platform/network/mac/WebCoreURLResponse.mm
index 2705259..4cc9e72 100644 (file)
--- a/Source/WebCore/platform/network/mac/WebCoreURLResponse.mm
+++ b/Source/WebCore/platform/network/mac/WebCoreURLResponse.mm
@@ -332,13 +332,8 @@ NSURLResponse *synthesizeRedirectResponseIfNecessary(NSURLRequest *currentReques
     if (redirectResponse)
         return redirectResponse;
 
-#if HAVE(CFNETWORK_IGNORE_HSTS)
-    if ([[[newRequest URL] scheme] isEqualToString:[[currentRequest URL] scheme]] && ![newRequest _schemeWasUpgradedDueToDynamicHSTS])
-        return nil;
-#else
     if ([[[newRequest URL] scheme] isEqualToString:[[currentRequest URL] scheme]])
         return nil;
-#endif
 
     // If the new request is a different protocol than the current request, synthesize a redirect response.
     // This is critical for HSTS (<rdar://problem/14241270>).

diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index 32db24e..2e7fa8e 100644 (file)
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog
@@ -1,3 +1,16 @@
+2017-11-02  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Unreviewed, rolling out r224353.
+
+        Breaks internal builds.
+
+        Reverted changeset:
+
+        "Ignore HSTS for partitioned, cross-origin subresource
+        requests"
+        https://bugs.webkit.org/show_bug.cgi?id=178993
+        https://trac.webkit.org/changeset/224353
+
 2017-11-02  John Wilander  <wilander@apple.com>
 
         Ignore HSTS for partitioned, cross-origin subresource requests

diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
index 2a8052d..05c8684 100644 (file)
--- a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
@@ -165,42 +165,6 @@ static WebCore::NetworkLoadPriority toNetworkLoadPriority(float priority)
     completionHandler(WebCore::createHTTPBodyNSInputStream(*body).get());
 }
 
-#if HAVE(CFNETWORK_IGNORE_HSTS)
-static NSURLRequest* downgradeRequest(NSURLRequest *request)
-{
-    NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
-    if ([nsMutableRequest.URL.scheme isEqualToString:@"https"]) {
-        NSURLComponents *components = [[NSURLComponents componentsWithURL:nsMutableRequest.URL resolvingAgainstBaseURL:NO] autorelease];
-        components.scheme = @"http";
-        [nsMutableRequest setURL:components.URL];
-        ASSERT([nsMutableRequest.URL.scheme isEqualToString:@"http"]);
-        return nsMutableRequest;
-    }
-
-    ASSERT_NOT_REACHED();
-    return request;
-}
-
-static NSURLRequest* updateIgnoreStrictTransportSecuritySettingIfNecessary(NSURLRequest *request, bool shouldIgnoreHSTS)
-{
-    if ([request.URL.scheme isEqualToString:@"https"] && shouldIgnoreHSTS && [request _ignoreHSTS]) {
-        // The request was upgraded for some other reason than HSTS.
-        // Don't ignore HSTS to avoid the risk of another downgrade.
-        NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
-        [nsMutableRequest _setIgnoreHSTS:NO];
-        return nsMutableRequest;
-    }
-    
-    if ([request.URL.scheme isEqualToString:@"http"] && [request _ignoreHSTS] != shouldIgnoreHSTS) {
-        NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
-        [nsMutableRequest _setIgnoreHSTS:shouldIgnoreHSTS];
-        return nsMutableRequest;
-    }
-    
-    return request;
-}
-#endif
-
 - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task willPerformHTTPRedirection:(NSHTTPURLResponse *)response newRequest:(NSURLRequest *)request completionHandler:(void (^)(NSURLRequest *))completionHandler
 {
     auto taskIdentifier = task.taskIdentifier;
@@ -208,30 +172,13 @@ static NSURLRequest* updateIgnoreStrictTransportSecuritySettingIfNecessary(NSURL
 
     if (auto* networkDataTask = [self existingTask:task]) {
         auto completionHandlerCopy = Block_copy(completionHandler);
-        
-        bool shouldIgnoreHSTS = false;
-#if HAVE(CFNETWORK_IGNORE_HSTS)
-        shouldIgnoreHSTS = [request _schemeWasUpgradedDueToDynamicHSTS] && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request)).isEmpty();
-        if (shouldIgnoreHSTS) {
-            request = downgradeRequest(request);
-            ASSERT([request.URL.scheme isEqualToString:@"http"]);
-            LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
-        }
-#endif
-
-        networkDataTask->willPerformHTTPRedirection(response, request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto& request) {
+        networkDataTask->willPerformHTTPRedirection(response, request, [completionHandlerCopy, taskIdentifier](auto& request) {
 #if !LOG_DISABLED
             LOG(NetworkSession, "%llu willPerformHTTPRedirection completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
 #else
             UNUSED_PARAM(taskIdentifier);
 #endif
-            auto nsRequest = request.nsURLRequest(WebCore::UpdateHTTPBody);
-#if HAVE(CFNETWORK_IGNORE_HSTS)
-            nsRequest = updateIgnoreStrictTransportSecuritySettingIfNecessary(nsRequest, shouldIgnoreHSTS);
-#else
-            UNUSED_PARAM(shouldIgnoreHSTS);
-#endif
-            completionHandlerCopy(nsRequest);
+            completionHandlerCopy(request.nsURLRequest(WebCore::UpdateHTTPBody));
             Block_release(completionHandlerCopy);
         });
     } else {
@@ -244,32 +191,16 @@ static NSURLRequest* updateIgnoreStrictTransportSecuritySettingIfNecessary(NSURL
 {
     auto taskIdentifier = task.taskIdentifier;
     LOG(NetworkSession, "%llu _schemeUpgraded %s", taskIdentifier, request.URL.absoluteString.UTF8String);
-
-    bool shouldIgnoreHSTS = false;
-#if HAVE(CFNETWORK_IGNORE_HSTS)
-    shouldIgnoreHSTS = [request _schemeWasUpgradedDueToDynamicHSTS] && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request)).isEmpty();
-    if (shouldIgnoreHSTS) {
-        request = downgradeRequest(request);
-        ASSERT([request.URL.scheme isEqualToString:@"http"]);
-        LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
-    }
-#endif
-
+    
     if (auto* networkDataTask = [self existingTask:task]) {
         auto completionHandlerCopy = Block_copy(completionHandler);
-        networkDataTask->willPerformHTTPRedirection(WebCore::synthesizeRedirectResponseIfNecessary([task currentRequest], request, nil), request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto& request) {
+        networkDataTask->willPerformHTTPRedirection(WebCore::synthesizeRedirectResponseIfNecessary([task currentRequest], request, nil), request, [completionHandlerCopy, taskIdentifier](auto& request) {
 #if !LOG_DISABLED
             LOG(NetworkSession, "%llu _schemeUpgraded completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
 #else
             UNUSED_PARAM(taskIdentifier);
 #endif
-            auto nsRequest = request.nsURLRequest(WebCore::UpdateHTTPBody);
-#if HAVE(CFNETWORK_IGNORE_HSTS)
-            nsRequest = updateIgnoreStrictTransportSecuritySettingIfNecessary(nsRequest, shouldIgnoreHSTS);
-#else
-            UNUSED_PARAM(shouldIgnoreHSTS);
-#endif
-            completionHandlerCopy(nsRequest);
+            completionHandlerCopy(request.nsURLRequest(WebCore::UpdateHTTPBody));
             Block_release(completionHandlerCopy);
         });
     } else {