Use NetworkLoadChecker for navigation loads
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 2 May 2018 21:13:28 +0000 (21:13 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 2 May 2018 21:13:28 +0000 (21:13 +0000)
https://bugs.webkit.org/show_bug.cgi?id=184892
<rdar://problem/39652686>

Reviewed by Chris Dumez.

Source/WebCore:

Sanitize headers according response tainting.
If tainting is basic, it means same origin load in which case we only filter Cookie related headers.
If tainting is Opaque, we filter all uncommon headers.
If tainting is CORS, we filter all uncommon headers except the one explicitely allowed by CORS headers.
Covered by updated test.

* platform/network/ResourceResponseBase.cpp:
(WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
(WebCore::ResourceResponseBase::sanitizeHTTPHeaderFields):
* platform/network/ResourceResponseBase.h:

Source/WebKit:

Compute whether a response is same origin in no-cors case.
This allows providing more precise filtering.
In case of navigate loads, set the tainting to basic which will make filtering to the minimum.

Pass the sourceOrigin for navigation loads as well.
Enable to restrict HTTP response access for navigation load.

Content Blockers are disabled for now in NetworkLoadChecker for navigation loads.
They should be reenabled as a follow-up.

Add a specific case to allow any redirection to about:// URLs.
While this does not conform with the spec, this keeps the existing WebKit behavior.

* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::NetworkLoadChecker):
(WebKit::NetworkLoadChecker::validateResponse):
(WebKit::NetworkLoadChecker::continueCheckingRequest):
(WebKit::NetworkLoadChecker::doesNotNeedCORSCheck const):
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::sanitizeResponseIfPossible):
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
(WebKit::WebLoaderStrategy::isDoingLoadingSecurityChecks const):
We only do security checks if this runtime flag is on.
* WebProcess/Network/WebLoaderStrategy.h:

LayoutTests:

Updated header-filtering.https.html to expect full headers except cookie-related for same origin loads.
Updated expected.txt files accordingly.

* http/wpt/service-workers/header-filtering.https-expected.txt:
* http/wpt/service-workers/header-filtering.https.html:
* platform/mac/http/tests/webarchive/test-preload-resources-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@231263 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12 files changed:
LayoutTests/ChangeLog
LayoutTests/http/wpt/service-workers/header-filtering.https-expected.txt
LayoutTests/http/wpt/service-workers/header-filtering.https.html
LayoutTests/platform/mac/http/tests/webarchive/test-preload-resources-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/platform/network/ResourceResponseBase.cpp
Source/WebCore/platform/network/ResourceResponseBase.h
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
Source/WebKit/WebProcess/Network/WebLoaderStrategy.h

index 037a9afdf24f601c67fc13659ffe91d85c4136dd..4a2a9201b7171c82716647c7b84f94f88853a6ea 100644 (file)
@@ -1,3 +1,18 @@
+2018-05-02  Youenn Fablet  <youenn@apple.com>
+
+        Use NetworkLoadChecker for navigation loads
+        https://bugs.webkit.org/show_bug.cgi?id=184892
+        <rdar://problem/39652686>
+
+        Reviewed by Chris Dumez.
+
+        Updated header-filtering.https.html to expect full headers except cookie-related for same origin loads.
+        Updated expected.txt files accordingly.
+
+        * http/wpt/service-workers/header-filtering.https-expected.txt:
+        * http/wpt/service-workers/header-filtering.https.html:
+        * platform/mac/http/tests/webarchive/test-preload-resources-expected.txt:
+
 2018-05-02  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Collection fragment identifiers don't use PostScript names
index f3cea7922662db6d4ae68b47b44d0e3890fc010e..2f3108aee3de19be35e338c55ed4b21e23391573 100644 (file)
@@ -1,5 +1,4 @@
 
-
 PASS Prepare tests: setup worker and register the client 
 PASS Prepare tests: Add a frame controlled by service worker 
 PASS Test same-origin fetch 
@@ -8,6 +7,6 @@ PASS Test no-cors cross-origin fetch
 PASS Test same-origin script load 
 PASS Test no-cors script load 
 PASS Test cors script load 
-FAIL Test HTML load assert_array_equals: lengths differ, expected 13 got 17
+PASS Test HTML load 
 PASS After tests clean-up 
 
index e844f90db854027ef350ad789e549d214be73f1e..a978d9dde6643302ee1b61c358f842e7fa27900b 100644 (file)
@@ -100,7 +100,7 @@ promise_test(async (test) => {
     frame.contentWindow.fetch(url2 + "?fetch-no-cors", { mode : "no-cors" });
     assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
         "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
-        "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+        "SourceMap","Timing-Allow-Origin","X-SourceMap"]);
 }, "Test no-cors cross-origin fetch");
 
 promise_test(async (test) => {
@@ -112,7 +112,7 @@ promise_test(async (test) => {
     frame.contentWindow.loadScript(url1 + "?script");
     assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
         "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
-        "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+        "Server","SourceMap","Timing-Allow-Origin","X-SourceMap","x-header1","x-header2"]);
 }, "Test same-origin script load");
 
 promise_test(async (test) => {
@@ -124,7 +124,7 @@ promise_test(async (test) => {
     frame.contentWindow.loadScript(url2 + "?script-nocors");
     assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
         "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
-        "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+        "SourceMap","Timing-Allow-Origin","X-SourceMap"]);
 }, "Test no-cors script load");
 
 promise_test(async (test) => {
@@ -148,7 +148,7 @@ promise_test(async (test) => {
     let frame = await withFrame(url1 + "?html");
     assert_array_equals(await data, ["Access-Control-Allow-Credentials","Access-Control-Allow-Methods","Access-Control-Allow-Origin",
         "Access-Control-Expose-Headers","Cache-Control","Content-Length","Content-Type","Date","Referrer-Policy",
-        "SourceMap","Timing-Allow-Origin","X-SourceMap","x-Header1"]);
+        "Server", "SourceMap","Timing-Allow-Origin","X-SourceMap","x-header1", "x-header2"]);
     frame.remove();
 }, "Test HTML load");
 
index 43da624c663ceba39f9400d6feafe00056609359..6718fc6286d102afdf5de65301cf16ddf82cdb37 100644 (file)
@@ -65,6 +65,8 @@ REGRESSION (35867): Many resources missing when saving webarchive of webkit.org&
                                        <string>"301925-21-45c7d72d3e780"</string>
                                        <key>Last-Modified</key>
                                        <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+                                       <key>Server</key>
+                                       <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
                                </dict>
                                <key>expectedContentLength</key>
                                <integer>33</integer>
@@ -100,6 +102,8 @@ REGRESSION (35867): Many resources missing when saving webarchive of webkit.org&
                                        <string>"301925-21-45c7d72d3e780"</string>
                                        <key>Last-Modified</key>
                                        <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+                                       <key>Server</key>
+                                       <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
                                </dict>
                                <key>expectedContentLength</key>
                                <integer>33</integer>
@@ -135,6 +139,8 @@ REGRESSION (35867): Many resources missing when saving webarchive of webkit.org&
                                        <string>"301925-21-45c7d72d3e780"</string>
                                        <key>Last-Modified</key>
                                        <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+                                       <key>Server</key>
+                                       <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
                                </dict>
                                <key>expectedContentLength</key>
                                <integer>33</integer>
@@ -170,6 +176,8 @@ REGRESSION (35867): Many resources missing when saving webarchive of webkit.org&
                                        <string>"301925-21-45c7d72d3e780"</string>
                                        <key>Last-Modified</key>
                                        <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+                                       <key>Server</key>
+                                       <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
                                </dict>
                                <key>expectedContentLength</key>
                                <integer>33</integer>
@@ -205,6 +213,8 @@ REGRESSION (35867): Many resources missing when saving webarchive of webkit.org&
                                        <string>"301925-21-45c7d72d3e780"</string>
                                        <key>Last-Modified</key>
                                        <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+                                       <key>Server</key>
+                                       <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
                                </dict>
                                <key>expectedContentLength</key>
                                <integer>33</integer>
@@ -240,6 +250,8 @@ REGRESSION (35867): Many resources missing when saving webarchive of webkit.org&
                                        <string>"301925-21-45c7d72d3e780"</string>
                                        <key>Last-Modified</key>
                                        <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+                                       <key>Server</key>
+                                       <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
                                </dict>
                                <key>expectedContentLength</key>
                                <integer>33</integer>
@@ -275,6 +287,8 @@ REGRESSION (35867): Many resources missing when saving webarchive of webkit.org&
                                        <string>"301925-21-45c7d72d3e780"</string>
                                        <key>Last-Modified</key>
                                        <string>Sun, 16 Nov 2008 16:55:00 GMT</string>
+                                       <key>Server</key>
+                                       <string>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.6</string>
                                </dict>
                                <key>expectedContentLength</key>
                                <integer>33</integer>
index 213b185ecfdd6987dd7bfd3bd43d110d0fd6ac7c..c0072473c1e81470275b8c32981df03d5ddfaf3b 100644 (file)
@@ -1,3 +1,22 @@
+2018-05-02  Youenn Fablet  <youenn@apple.com>
+
+        Use NetworkLoadChecker for navigation loads
+        https://bugs.webkit.org/show_bug.cgi?id=184892
+        <rdar://problem/39652686>
+
+        Reviewed by Chris Dumez.
+
+        Sanitize headers according response tainting.
+        If tainting is basic, it means same origin load in which case we only filter Cookie related headers.
+        If tainting is Opaque, we filter all uncommon headers.
+        If tainting is CORS, we filter all uncommon headers except the one explicitely allowed by CORS headers.
+        Covered by updated test.
+
+        * platform/network/ResourceResponseBase.cpp:
+        (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
+        (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFields):
+        * platform/network/ResourceResponseBase.h:
+
 2018-05-02  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Collection fragment identifiers don't use PostScript names
index da83b610961f348f609bba05a945d4a490af651a..4d738dac153c4b571c20c8a133b564aedd69c529 100644 (file)
@@ -389,6 +389,46 @@ static bool isSafeCrossOriginResponseHeader(HTTPHeaderName name)
         || name == HTTPHeaderName::XXSSProtection;
 }
 
+void ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting()
+{
+    switch (m_tainting) {
+    case ResourceResponse::Tainting::Basic:
+        return;
+    case ResourceResponse::Tainting::Cors: {
+        HTTPHeaderMap filteredHeaders;
+        for (auto& header : m_httpHeaderFields.commonHeaders()) {
+            if (isSafeCrossOriginResponseHeader(header.key))
+                filteredHeaders.add(header.key, WTFMove(header.value));
+        }
+        if (auto corsSafeHeaderSet = parseAccessControlAllowList(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders))) {
+            for (auto& headerName : *corsSafeHeaderSet) {
+                if (!filteredHeaders.contains(headerName)) {
+                    auto value = m_httpHeaderFields.get(headerName);
+                    if (!value.isNull())
+                        filteredHeaders.add(headerName, value);
+                }
+            }
+        }
+        m_httpHeaderFields = WTFMove(filteredHeaders);
+        return;
+    }
+    case ResourceResponse::Tainting::Opaque: {
+        HTTPHeaderMap filteredHeaders;
+        for (auto& header : m_httpHeaderFields.commonHeaders()) {
+            if (isSafeCrossOriginResponseHeader(header.key))
+                filteredHeaders.add(header.key, WTFMove(header.value));
+        }
+        m_httpHeaderFields = WTFMove(filteredHeaders);
+        return;
+    }
+    case ResourceResponse::Tainting::Opaqueredirect: {
+        auto location = httpHeaderField(HTTPHeaderName::Location);
+        m_httpHeaderFields.clear();
+        m_httpHeaderFields.add(HTTPHeaderName::Location, WTFMove(location));
+    }
+    }
+}
+
 void ResourceResponseBase::sanitizeHTTPHeaderFields(SanitizationType type)
 {
     lazyInit(AllFields);
@@ -408,23 +448,8 @@ void ResourceResponseBase::sanitizeHTTPHeaderFields(SanitizationType type)
         m_httpHeaderFields.uncommonHeaders().clear();
         return;
     }
-    case SanitizationType::CrossOriginSafe: {
-        HTTPHeaderMap filteredHeaders;
-        for (auto& header : m_httpHeaderFields.commonHeaders()) {
-            if (isSafeCrossOriginResponseHeader(header.key))
-                filteredHeaders.add(header.key, WTFMove(header.value));
-        }
-        if (auto corsSafeHeaderSet = parseAccessControlAllowList(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders))) {
-            for (auto& headerName : *corsSafeHeaderSet) {
-                if (!filteredHeaders.contains(headerName)) {
-                    auto value = m_httpHeaderFields.get(headerName);
-                    if (!value.isNull())
-                        filteredHeaders.add(headerName, value);
-                }
-            }
-        }
-        m_httpHeaderFields = WTFMove(filteredHeaders);
-    }
+    case SanitizationType::CrossOriginSafe:
+        sanitizeHTTPHeaderFieldsAccordingToTainting();
     }
 }
 
index 858faa1b68cab839215b45c6d39f9a78083461e9..ebeb30b77f6b7f696ee54072af15d498c6925e23 100644 (file)
@@ -199,6 +199,7 @@ protected:
 private:
     void parseCacheControlDirectives() const;
     void updateHeaderParsedState(HTTPHeaderName);
+    void sanitizeHTTPHeaderFieldsAccordingToTainting();
 
 protected:
     bool m_isNull;
index 38d47a02fe21fb53bec5055d4b16cb7f2b48e72e..c291d111e85048f0501070296adfa64465a008b2 100644 (file)
@@ -1,3 +1,37 @@
+2018-05-02  Youenn Fablet  <youenn@apple.com>
+
+        Use NetworkLoadChecker for navigation loads
+        https://bugs.webkit.org/show_bug.cgi?id=184892
+        <rdar://problem/39652686>
+
+        Reviewed by Chris Dumez.
+
+        Compute whether a response is same origin in no-cors case.
+        This allows providing more precise filtering.
+        In case of navigate loads, set the tainting to basic which will make filtering to the minimum.
+
+        Pass the sourceOrigin for navigation loads as well.
+        Enable to restrict HTTP response access for navigation load.
+
+        Content Blockers are disabled for now in NetworkLoadChecker for navigation loads.
+        They should be reenabled as a follow-up.
+
+        Add a specific case to allow any redirection to about:// URLs.
+        While this does not conform with the spec, this keeps the existing WebKit behavior.
+
+        * NetworkProcess/NetworkLoadChecker.cpp:
+        (WebKit::NetworkLoadChecker::NetworkLoadChecker):
+        (WebKit::NetworkLoadChecker::validateResponse):
+        (WebKit::NetworkLoadChecker::continueCheckingRequest):
+        (WebKit::NetworkLoadChecker::doesNotNeedCORSCheck const):
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::sanitizeResponseIfPossible):
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
+        (WebKit::WebLoaderStrategy::isDoingLoadingSecurityChecks const):
+        We only do security checks if this runtime flag is on.
+        * WebProcess/Network/WebLoaderStrategy.h:
+
 2018-05-02  Jer Noble  <jer.noble@apple.com>
 
         Make EncryptedMediaAPIEnabled an experimental feature
index ec2461d0d239082a1cbc931e5c126b43fa0d7eb6..e93eb7b4af98488d0573bf1f88a4db367c4cd778 100644 (file)
@@ -43,6 +43,11 @@ namespace WebKit {
 
 using namespace WebCore;
 
+static inline bool isSameOrigin(const URL& url, const SecurityOrigin* origin)
+{
+    return url.protocolIsData() || url.protocolIsBlob() || !origin || origin->canRequest(url);
+}
+
 NetworkLoadChecker::NetworkLoadChecker(FetchOptions&& options, PAL::SessionID sessionID, HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin, PreflightPolicy preflightPolicy)
     : m_options(WTFMove(options))
     , m_sessionID(sessionID)
@@ -51,8 +56,7 @@ NetworkLoadChecker::NetworkLoadChecker(FetchOptions&& options, PAL::SessionID se
     , m_origin(WTFMove(sourceOrigin))
     , m_preflightPolicy(preflightPolicy)
 {
-    if (m_options.mode == FetchOptions::Mode::Cors || m_options.mode == FetchOptions::Mode::SameOrigin)
-        m_isSameOriginRequest = m_url.protocolIsData() || m_url.protocolIsBlob() || m_origin->canRequest(m_url);
+    m_isSameOriginRequest = isSameOrigin(m_url, m_origin.get());
     switch (options.credentials) {
     case FetchOptions::Credentials::Include:
         m_storedCredentialsPolicy = StoredCredentialsPolicy::Use;
@@ -128,7 +132,7 @@ ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response)
         return { };
     }
 
-    if (m_isSameOriginRequest) {
+    if (m_options.mode == FetchOptions::Mode::Navigate || m_isSameOriginRequest) {
         response.setTainting(ResourceResponse::Tainting::Basic);
         return { };
     }
@@ -188,6 +192,8 @@ void NetworkLoadChecker::continueCheckingRequest(ResourceRequest&& request, Vali
     if (m_options.credentials == FetchOptions::Credentials::SameOrigin)
         m_storedCredentialsPolicy = m_isSameOriginRequest && m_origin->canRequest(request.url()) ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
 
+    m_isSameOriginRequest = m_isSameOriginRequest && isSameOrigin(request.url(), m_origin.get());
+
     if (doesNotNeedCORSCheck(request.url())) {
         handler(WTFMove(request));
         return;
@@ -301,7 +307,7 @@ bool NetworkLoadChecker::doesNotNeedCORSCheck(const URL& url) const
     if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol().toStringWithoutCopying()))
         return true;
 
-    return m_isSameOriginRequest && m_origin->canRequest(url);
+    return m_isSameOriginRequest;
 }
 
 ContentSecurityPolicy* NetworkLoadChecker::contentSecurityPolicy() const
@@ -316,7 +322,8 @@ ContentSecurityPolicy* NetworkLoadChecker::contentSecurityPolicy() const
 #if ENABLE(CONTENT_EXTENSIONS)
 void NetworkLoadChecker::processContentExtensionRulesForLoad(ResourceRequest&& request, CompletionHandler<void(ResourceRequest&&, const ContentExtensions::BlockedStatus&)>&& callback)
 {
-    if (!m_userContentControllerIdentifier) {
+    // FIXME: Enable content blockers for navigation loads.
+    if (!m_userContentControllerIdentifier || m_options.mode == FetchOptions::Mode::Navigate) {
         ContentExtensions::BlockedStatus status;
         callback(WTFMove(request), status);
         return;
index 297055aaf3e447c3f772b1be3eea20b5cea5034c..6a5113344034497f620ab0ffe8af6c3dd79fa957 100644 (file)
@@ -604,24 +604,17 @@ void NetworkResourceLoader::continueWillSendRedirectedRequest(WebCore::ResourceR
 
 ResourceResponse NetworkResourceLoader::sanitizeResponseIfPossible(ResourceResponse&& response, ResourceResponse::SanitizationType type)
 {
-    if (m_parameters.shouldRestrictHTTPResponseAccess) {
-        if (type == ResourceResponse::SanitizationType::CrossOriginSafe) {
-            // We reduce filtering when it would otherwise be visible to scripts.
-            // FIXME: We should use response tainting once computed in Network Process.
-            bool isSameOrigin = m_parameters.sourceOrigin ? m_parameters.sourceOrigin->canRequest(response.url()) : protocolHostAndPortAreEqual(response.url(), m_parameters.request.url());
-            if (isSameOrigin && m_parameters.options.destination == FetchOptions::Destination::EmptyString)
-                type = ResourceResponse::SanitizationType::RemoveCookies;
-        }
+    if (m_parameters.shouldRestrictHTTPResponseAccess)
         response.sanitizeHTTPHeaderFields(type);
-    }
+
     return WTFMove(response);
 }
 
 void NetworkResourceLoader::continueWillSendRequest(ResourceRequest&& newRequest, bool isAllowedToAskUserForCredentials)
 {
     if (m_networkLoadChecker) {
-        // FIXME: We should be doing this check when receiving the redirection.
-        if (!newRequest.url().protocolIsInHTTPFamily() && m_redirectCount) {
+        // FIXME: We should be doing this check when receiving the redirection and not allow about protocol as per fetch spec.
+        if (!newRequest.url().protocolIsInHTTPFamily() && !newRequest.url().isBlankURL() && m_redirectCount) {
             didFailLoading(ResourceError { String { }, 0, newRequest.url(), ASCIILiteral("Redirection to URL with a scheme that is not HTTP(S)"), ResourceError::Type::AccessControl });
             return;
         }
index d853f58e44ceec907534dda8dd791cebe7170c02..50026ecd699bc2e0adbde09f1665cc8c5caa6429 100644 (file)
@@ -301,20 +301,20 @@ void WebLoaderStrategy::scheduleLoadFromNetworkProcess(ResourceLoader& resourceL
     }
 #endif
 
+    // FIXME: All loaders should provide their origin if navigation mode is cors/no-cors/same-origin.
+    // As a temporary approach, we use the document origin if available or the HTTP Origin header otherwise.
+    if (resourceLoader.isSubresourceLoader())
+        loadParameters.sourceOrigin = static_cast<SubresourceLoader&>(resourceLoader).origin();
+
+    if (!loadParameters.sourceOrigin && document)
+        loadParameters.sourceOrigin = &document->securityOrigin();
+    if (!loadParameters.sourceOrigin) {
+        auto origin = request.httpOrigin();
+        if (!origin.isNull())
+            loadParameters.sourceOrigin = SecurityOrigin::createFromString(origin);
+    }
+
     if (loadParameters.options.mode != FetchOptions::Mode::Navigate) {
-        // FIXME: All loaders should provide their origin if navigation mode is cors/no-cors/same-origin.
-        // As a temporary approach, we use the document origin if available or the HTTP Origin header otherwise.
-        if (resourceLoader.isSubresourceLoader())
-            loadParameters.sourceOrigin = static_cast<SubresourceLoader&>(resourceLoader).origin();
-
-        auto* document = resourceLoader.frame() ? resourceLoader.frame()->document() : nullptr;
-        if (!loadParameters.sourceOrigin && document)
-            loadParameters.sourceOrigin = &document->securityOrigin();
-        if (!loadParameters.sourceOrigin) {
-            auto origin = request.httpOrigin();
-            if (!origin.isNull())
-                loadParameters.sourceOrigin = SecurityOrigin::createFromString(origin);
-        }
         ASSERT(loadParameters.sourceOrigin);
         if (!loadParameters.sourceOrigin) {
             scheduleInternallyFailedLoad(resourceLoader);
@@ -322,8 +322,7 @@ void WebLoaderStrategy::scheduleLoadFromNetworkProcess(ResourceLoader& resourceL
         }
     }
 
-    // FIXME: We should also sanitize redirect response for navigations.
-    loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() && resourceLoader.options().mode != FetchOptions::Mode::Navigate;
+    loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
 
     loadParameters.isMainFrameNavigation = resourceLoader.frame() && resourceLoader.frame()->isMainFrame() && resourceLoader.options().mode == FetchOptions::Mode::Navigate;
 
@@ -663,4 +662,9 @@ NetworkLoadMetrics WebLoaderStrategy::networkMetricsFromResourceLoadIdentifier(u
     return networkMetrics;
 }
 
+bool WebLoaderStrategy::isDoingLoadingSecurityChecks() const
+{
+    return RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
+}
+
 } // namespace WebKit
index 65786330c2a8bcce174ae499488522df8e3e9524..14814a92e794fdbf7f88084073a62e45c2aadebb 100644 (file)
@@ -83,8 +83,6 @@ public:
     void addOnlineStateChangeListener(Function<void(bool)>&&) final;
     void setOnLineState(bool);
 
-    bool isDoingLoadingSecurityChecks() const final { return true; }
-
 private:
     void scheduleLoad(WebCore::ResourceLoader&, WebCore::CachedResource*, bool shouldClearReferrerOnHTTPSToHTTPRedirect);
     void scheduleInternallyFailedLoad(WebCore::ResourceLoader&);
@@ -95,6 +93,8 @@ private:
     WebCore::ResourceResponse responseFromResourceLoadIdentifier(uint64_t resourceLoadIdentifier) final;
     WebCore::NetworkLoadMetrics networkMetricsFromResourceLoadIdentifier(uint64_t resourceLoadIdentifier) final;
 
+    bool isDoingLoadingSecurityChecks() const final;
+
     HashSet<RefPtr<WebCore::ResourceLoader>> m_internallyFailedResourceLoaders;
     RunLoop::Timer<WebLoaderStrategy> m_internallyFailedLoadTimer;