Strip out Referer header when requesting subresources or following links for document...
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 12 Dec 2015 02:26:45 +0000 (02:26 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 12 Dec 2015 02:26:45 +0000 (02:26 +0000)
https://bugs.webkit.org/show_bug.cgi?id=152102
<rdar://problem/22124230>

Reviewed by Andy Estes.

Source/WebCore:

Keep the ReferrerPolicy for a document as ReferrerPolicyNever if the document is loaded with
"Content-Disposition: attachment".

Test: http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html

* dom/Document.cpp:
(WebCore::Document::processReferrerPolicy):
(WebCore::Document::applyContentDispositionAttachmentSandbox):

LayoutTests:

* http/tests/contentdispositionattachmentsandbox/resources/echo-http-referer.php: Added.
* http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php: Added.
* http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt: Added.
* http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@194001 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/echo-http-referer.php [new file with mode: 0644]
LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php [new file with mode: 0644]
LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp

index 6ebca0114725281fce5177b99c5140cada9f6960..af92d8f78d0b9fa2db31a32ec0c9f33752038a27 100644 (file)
@@ -1,3 +1,16 @@
+2015-12-11  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment"
+        https://bugs.webkit.org/show_bug.cgi?id=152102
+        <rdar://problem/22124230>
+
+        Reviewed by Andy Estes.
+
+        * http/tests/contentdispositionattachmentsandbox/resources/echo-http-referer.php: Added.
+        * http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php: Added.
+        * http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt: Added.
+        * http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html: Added.
+
 2015-12-11  Eric Carlson  <eric.carlson@apple.com>
 
         [MediaStream] Add a setting to allow the mock media capture devices to be enabled and disabled
diff --git a/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/echo-http-referer.php b/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/echo-http-referer.php
new file mode 100644 (file)
index 0000000..21e327d
--- /dev/null
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<script>
+if (window.parent.testRunner)
+    testRunner.notifyDone();
+</script>
+<?php
+echo $_SERVER['HTTP_REFERER'];
+?>
\ No newline at end of file
diff --git a/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php b/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php
new file mode 100644 (file)
index 0000000..4de5fee
--- /dev/null
@@ -0,0 +1,14 @@
+<?php
+header("Content-Disposition: attachment; filename=test.html");
+header("Content-Type: text/html");
+?>
+<!DOCTYPE html>
+<style>
+a {
+    display: block;
+    width: 100vw;
+    height: 100vh;
+}
+
+</style>
+<a href="echo-http-referer.php">Link to echo-http-referer.php</a>
\ No newline at end of file
diff --git a/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt b/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt
new file mode 100644 (file)
index 0000000..2638d01
--- /dev/null
@@ -0,0 +1,8 @@
+This test verifies that a subresource loaded by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
+
+
+
+--------
+Frame: 'iframe'
+--------
+
diff --git a/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html b/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html
new file mode 100644 (file)
index 0000000..a587ee6
--- /dev/null
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<script>
+if (window.internals)
+    internals.settings.setContentDispositionAttachmentSandboxEnabled(true);
+
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpChildFramesAsText();
+    testRunner.waitUntilDone();
+}
+
+function navigation() {
+    // Due to the sandbox, it's not possible to run script in the iframe or even access its contentDocument.
+    var element = document.getElementById('iframe');
+    var x = element.offsetLeft + 10;
+    var y = element.offsetTop + 10;
+
+    if (window.testRunner) {
+        if (window.eventSender) {
+            eventSender.mouseMoveTo(x, y);
+            eventSender.mouseDown();
+            eventSender.mouseUp();
+        }
+
+        if (testRunner.runUIScript)
+            testRunner.runUIScript("(function() { uiController.singleTapAtPoint(" + x + ", " + y + "); })()");
+    }
+}
+</script>
+<p>This test verifies that a subresource loaded by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
+<iframe id='iframe' src="resources/subresource-request-not-include-referer-header-frame.php" onload="navigation()"></iframe>
index bd7484f2aad1c8c25c37f8596b84f08de27e9f17..c8827ec9148243b08b397884b8052e2a24b60cea 100644 (file)
@@ -1,3 +1,20 @@
+2015-12-11  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment"
+        https://bugs.webkit.org/show_bug.cgi?id=152102
+        <rdar://problem/22124230>
+
+        Reviewed by Andy Estes.
+
+        Keep the ReferrerPolicy for a document as ReferrerPolicyNever if the document is loaded with
+        "Content-Disposition: attachment".
+
+        Test: http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::processReferrerPolicy):
+        (WebCore::Document::applyContentDispositionAttachmentSandbox):
+
 2015-12-11  Eric Carlson  <eric.carlson@apple.com>
 
         [MediaStream] Add a setting to allow the mock media capture devices to be enabled and disabled
index b824efbda8438079de37fe990da73904872862da..e06dbc8a20bb9a75e54a1aa55f8168090cbb1d4e 100644 (file)
@@ -3339,6 +3339,11 @@ void Document::processReferrerPolicy(const String& policy)
 {
     ASSERT(!policy.isNull());
 
+    // Documents in a Content-Disposition: attachment sandbox should never send a Referer header,
+    // even if the document has a meta tag saying otherwise.
+    if (shouldEnforceContentDispositionAttachmentSandbox())
+        return;
+
     // Note that we're supporting both the standard and legacy keywords for referrer
     // policies, as defined by http://www.w3.org/TR/referrer-policy/#referrer-policy-delivery-meta
     if (equalIgnoringCase(policy, "no-referrer") || equalIgnoringCase(policy, "never"))
@@ -6871,6 +6876,7 @@ void Document::applyContentDispositionAttachmentSandbox()
 {
     ASSERT(shouldEnforceContentDispositionAttachmentSandbox());
 
+    setReferrerPolicy(ReferrerPolicyNever);
     if (!isMediaDocument())
         enforceSandboxFlags(SandboxAll);
     else