Disable access to secure cookies if an HTTPS site loads mixed content
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Aug 2017 16:22:22 +0000 (16:22 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Aug 2017 16:22:22 +0000 (16:22 +0000)
https://bugs.webkit.org/show_bug.cgi?id=157053
<rdar://problem/11290808>

Patch by Brent Fulgham  <bfulgham@apple.com> and Pranjal Jumde <pjumde@apple.com> on 2017-08-22
Reviewed by Dan Bates.

Source/WebCore:

Tests: http/tests/security/mixedContent/insecure-css-with-secure-cookies.html
       http/tests/security/mixedContent/insecure-image-with-securecookie-block.html
       http/tests/security/mixedContent/insecure-image-with-securecookie.html
       http/tests/security/mixedContent/insecure-script-with-secure-cookies.html
       http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block.html
       http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies.html

* dom/SecurityContext.h:
(WebCore::SecurityContext::secureCookiesAccessed): Added.
(WebCore::SecurityContext::setSecureCookiesAccessed): Added.
* loader/CookieJar.cpp:
(WebCore::cookies): Pass Document as non-const so we can call 'setSecureCookiesAccessed' if necessary.
* loader/CookieJar.h:
* loader/MixedContentChecker.cpp:
(WebCore::MixedContentChecker::canRunInsecureContent): Updated checks to avoid running insecure content
if secure cookies were accessed.
* platform/CookiesStrategy.h:
(WebCore::CookiesStrategy::cookiesForDOM): Pass new argument indicating whether secure cookies should be included in the response.
* platform/network/PlatformCookieJar.h:
* platform/network/cf/CookieJarCFNet.cpp:
(copyCookiesForURLWithFirstPartyURL): Revise to accept new 'IncludeSecureCookiesOrNot' argument.
(WebCore::cookiesForSession): Updated to accept new 'IncludeSecureCookiesOrNot' argument. Also determine if secure cookies were
included in the response, and return this to the caller.
(WebCore::cookieRequestHeaderFieldValue): Revise for new 'copyCookiesForURLWithFirstPartyURL' signature.
(WebCore::getRawCookies): Ditto.
* platform/network/mac/CookieJarMac.mm:
(WebCore::cookiesForSession): Updated checks to keep track of secure cookies and filter out secure cookies if insecure content
was accessed.
(WebCore::cookiesForDOM): Update for new arguments and to return a pair.
(WebCore::cookieRequestHeaderFieldValue): Ditto.

Source/WebKit:

* NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::cookiesForDOM): Pass new arguments needed by WebCore.
* NetworkProcess/NetworkConnectionToWebProcess.h:
* NetworkProcess/NetworkConnectionToWebProcess.messages.in: Updated the CookiesForDOM message with the new foundMixedContent
argument and the new didAccessSecureCookies reply.
* Shared/mac/CookieStorageShim.mm:
(WebKit::webKitCookieStorageCopyRequestHeaderFieldsForURL): Drive-by fix to use the right message.
* WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
(WebKit::WebPlatformStrategies::cookiesForDOM): Check and return whether secure cookies were accessed. Accept a new argument
indicating whether secure cookies should be included in the response.
* WebProcess/WebCoreSupport/WebPlatformStrategies.h:

Source/WebKitLegacy/mac:

* WebCoreSupport/WebPlatformStrategies.h:
* WebCoreSupport/WebPlatformStrategies.mm:
(WebPlatformStrategies::cookiesForDOM): Check and return whether secure cookies were accessed. Accept a new argument
indicating whether secure cookies should be included in the response.

LayoutTests:

* http/tests/security/mixedContent/insecure-css-with-secure-cookies-expected.txt: Added.
* http/tests/security/mixedContent/insecure-css-with-secure-cookies.html: Added.
* http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies.html: Added.
* http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-expected.txt: Added.
* http/tests/security/mixedContent/insecure-image-with-securecookie-block-expected.txt: Added.
* http/tests/security/mixedContent/insecure-image-with-securecookie-block.html: Added.
* http/tests/security/mixedContent/insecure-image-with-securecookie-expected.txt: Added.
* http/tests/security/mixedContent/insecure-image-with-securecookie.html: Added.
* http/tests/security/mixedContent/insecure-script-with-secure-cookies-expected.txt: Added.
* http/tests/security/mixedContent/insecure-script-with-secure-cookies.html: Added.
* http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-expected.txt: Added.
* http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block.html: Added.
* http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt: Added.
* http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies.html: Added.
* http/tests/security/mixedContent/resources/frame-with-insecure-css-secure-cookies.html: Added.
* http/tests/security/mixedContent/resources/frame-with-insecure-executable-css-with-secure-cookies.html: Added.
* http/tests/security/mixedContent/resources/frame-with-insecure-image-secure-cookie-block.html: Added.
* http/tests/security/mixedContent/resources/frame-with-insecure-image-secure-cookie.html: Added.
* http/tests/security/mixedContent/resources/frame-with-insecure-script-secure-cookies.html: Added.
* http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie-block.html: Added.
* http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie.html: Added.
* http/tests/security/mixedContent/resources/insecure-executable.css: Added.
* http/tests/security/mixedContent/resources/insecure.css: Added.
* http/tests/security/resources/greenbox-hotspot5-4.cur: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@221017 268f45cc-cd09-0410-ab3c-d52691b4dbfc

44 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-block-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-block.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-css-secure-cookies.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-executable-css-with-secure-cookies.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-image-secure-cookie-block.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-image-secure-cookie.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-script-secure-cookies.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie-block.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/insecure-executable.css [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/insecure.css [new file with mode: 0644]
LayoutTests/http/tests/security/resources/greenbox-hotspot5-4.cur [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/SecurityContext.h
Source/WebCore/loader/CookieJar.cpp
Source/WebCore/loader/CookieJar.h
Source/WebCore/loader/MixedContentChecker.cpp
Source/WebCore/platform/CookiesStrategy.h
Source/WebCore/platform/network/PlatformCookieJar.h
Source/WebCore/platform/network/cf/CookieJarCFNet.cpp
Source/WebCore/platform/network/mac/CookieJarMac.mm
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
Source/WebKit/Scripts/webkit/messages.py
Source/WebKit/Shared/mac/CookieStorageShim.mm
Source/WebKit/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp
Source/WebKit/WebProcess/WebCoreSupport/WebPlatformStrategies.h
Source/WebKitLegacy/mac/ChangeLog
Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.h
Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.mm

index 13257e1..93da5ad 100644 (file)
@@ -1,3 +1,36 @@
+2017-08-22  Brent Fulgham  <bfulgham@apple.com> and Pranjal Jumde  <pjumde@apple.com>
+
+        Disable access to secure cookies if an HTTPS site loads mixed content
+        https://bugs.webkit.org/show_bug.cgi?id=157053
+        <rdar://problem/11290808>
+
+        Reviewed by Dan Bates.
+
+        * http/tests/security/mixedContent/insecure-css-with-secure-cookies-expected.txt: Added.
+        * http/tests/security/mixedContent/insecure-css-with-secure-cookies.html: Added.
+        * http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies.html: Added.
+        * http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies-expected.txt: Added.
+        * http/tests/security/mixedContent/insecure-image-with-securecookie-block-expected.txt: Added.
+        * http/tests/security/mixedContent/insecure-image-with-securecookie-block.html: Added.
+        * http/tests/security/mixedContent/insecure-image-with-securecookie-expected.txt: Added.
+        * http/tests/security/mixedContent/insecure-image-with-securecookie.html: Added.
+        * http/tests/security/mixedContent/insecure-script-with-secure-cookies-expected.txt: Added.
+        * http/tests/security/mixedContent/insecure-script-with-secure-cookies.html: Added.
+        * http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-expected.txt: Added.
+        * http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block.html: Added.
+        * http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt: Added.
+        * http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies.html: Added.
+        * http/tests/security/mixedContent/resources/frame-with-insecure-css-secure-cookies.html: Added.
+        * http/tests/security/mixedContent/resources/frame-with-insecure-executable-css-with-secure-cookies.html: Added.
+        * http/tests/security/mixedContent/resources/frame-with-insecure-image-secure-cookie-block.html: Added.
+        * http/tests/security/mixedContent/resources/frame-with-insecure-image-secure-cookie.html: Added.
+        * http/tests/security/mixedContent/resources/frame-with-insecure-script-secure-cookies.html: Added.
+        * http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie-block.html: Added.
+        * http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie.html: Added.
+        * http/tests/security/mixedContent/resources/insecure-executable.css: Added.
+        * http/tests/security/mixedContent/resources/insecure.css: Added.
+        * http/tests/security/resources/greenbox-hotspot5-4.cur: Added.
+
 2017-08-22  Jer Noble  <jer.noble@apple.com>
 
         Autoplay Muted Videos Don't Play When Outside Viewport
diff --git a/LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies-expected.txt b/LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies-expected.txt
new file mode 100644 (file)
index 0000000..6a9f38f
--- /dev/null
@@ -0,0 +1,11 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: line 6: secureCookie=yes
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-css-secure-cookies.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/greenbox-hotspot5-4.cur.
+
+didDisplayInsecureContent
+main frame - didFinishDocumentLoadForFrame
+This test opens a window that loads a secure style sheet with insecure cursor content after reading secure cookies. This should be allowed because loading of the insecure cursor does not pose a security risk since it can only affect the display.
diff --git a/LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies.html b/LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies.html
new file mode 100644 (file)
index 0000000..944b7c5
--- /dev/null
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.setCanOpenWindows();
+    testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+
+window.addEventListener("message", function (e) {
+  if (window.testRunner)
+      testRunner.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that loads a secure style sheet with insecure cursor content after reading secure cookies. This should be allowed because loading of the insecure cursor does not pose a security risk since it can only affect the display.</p>
+<script>
+onload = function() {
+    window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-css-secure-cookies.html");
+}
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies.html b/LayoutTests/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies.html
new file mode 100644 (file)
index 0000000..4113d23
--- /dev/null
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.setCanOpenWindows();
+    testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+
+window.addEventListener("message", function (e) {
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that loads a secure style sheet with insecure content after reading secure cookies. This should block loading of the insecure content since secure cookie was read.</p>
+<script>
+onload = function() {
+    window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-executable-css-with-secure-cookies.html");
+}
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-block-expected.txt b/LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-block-expected.txt
new file mode 100644 (file)
index 0000000..77838c7
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 4: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image-secure-cookie-block.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+CONSOLE MESSAGE: line 6: 
+This test opens a window that tries to read a secure cookie after an insecure image has been loaded. This should block reading of the secure cookie since insecure content was loaded on this page.
diff --git a/LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-block.html b/LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-block.html
new file mode 100644 (file)
index 0000000..f59850a
--- /dev/null
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.setCanOpenWindows();
+    testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+
+window.addEventListener("message", function (e) {
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that tries to read a secure cookie after an insecure image has been loaded. This should block reading of the secure cookie since insecure content was loaded on this page.</p>
+<script>
+onload = function() {
+    window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image-secure-cookie-block.html");
+}
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-expected.txt b/LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-expected.txt
new file mode 100644 (file)
index 0000000..36da86c
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 3: secureCookie=yes
+CONSOLE MESSAGE: line 5: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image-secure-cookie.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+This test opens a window that tries to read a secure cookie and then load an insecure image. This should not block loading of the insecure image, even though a secure cookie was accessed on this page, because insecure images can only affect pixels on the screen, not expose private data.
diff --git a/LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie.html b/LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie.html
new file mode 100644 (file)
index 0000000..00db27d
--- /dev/null
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.setCanOpenWindows();
+    testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+
+window.addEventListener("message", function (e) {
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, false);
+</script>
+<p>This test opens a window that tries to read a secure cookie and then load an insecure image. This should not block loading of the insecure image, even though a secure cookie was accessed on this page, because insecure images can only affect pixels on the screen, not expose private data.</p>
+<script>
+onload = function() {
+    window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image-secure-cookie.html");
+}
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies-expected.txt b/LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies-expected.txt
new file mode 100644 (file)
index 0000000..3e3a313
--- /dev/null
@@ -0,0 +1,6 @@
+CONSOLE MESSAGE: line 3: secureCookie=yes
+CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-script-secure-cookies.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
+
+This test loads a secure iframe that reads secure cookies and then tries to load an insecure script. This should block the insecure script since secure cookies were read.
+
+
diff --git a/LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies.html b/LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies.html
new file mode 100644 (file)
index 0000000..911df4a
--- /dev/null
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+<p>This test loads a secure iframe that reads secure cookies and then tries to load an insecure script.  This should block the insecure script since secure cookies were read.</p>
+<iframe src="https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-script-secure-cookies.html"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-expected.txt b/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block-expected.txt
new file mode 100644 (file)
index 0000000..3b8adb9
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie-block.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+didDisplayInsecureContent
+CONSOLE MESSAGE: line 8: 
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure image (via a tricky redirect) and then tries to read a secure cookie. This should block the secure cookie from being read because insecure content was loaded while loading a main frame.
diff --git a/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block.html b/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block.html
new file mode 100644 (file)
index 0000000..814f68b
--- /dev/null
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.setCanOpenWindows();
+    testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+    if (window.testRunner)
+        testRunner.notifyDone()
+}, false);
+</script>
+<p>This test opens a window that loads an insecure image (via a tricky redirect) and then tries to read a secure cookie. This should block the secure cookie from being read because insecure content was loaded while loading a main frame.</p>
+<script>
+onload = function() {
+    window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie-block.html");
+}
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt b/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-expected.txt
new file mode 100644 (file)
index 0000000..2f30144
--- /dev/null
@@ -0,0 +1,13 @@
+main frame - didFinishDocumentLoadForFrame
+main frame - didStartProvisionalLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: line 4: secureCookie=yes
+main frame - didFinishDocumentLoadForFrame
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+didDisplayInsecureContent
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that reads a secure cookie and then loads an insecure image (via a tricky redirect). This should not block the insecure image from loading even though a secure cookie was accessed, because an insecure image can only affect pixels on screen, not expose private data.
diff --git a/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies.html b/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies.html
new file mode 100644 (file)
index 0000000..cda802d
--- /dev/null
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.setCanOpenWindows();
+    testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+       if (e.data != "done")
+           alert("should have loaded the insecure content");
+       if (window.testRunner)
+               testRunner.notifyDone()
+}, false);
+</script>
+<p>This test opens a window that reads a secure cookie and then loads an insecure image (via a tricky redirect). This should not block the insecure image from loading even though a secure cookie was accessed, because an insecure image can only affect pixels on screen, not expose private data.</p>
+<script>
+onload = function() {
+    window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie.html");
+}
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-css-secure-cookies.html b/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-css-secure-cookies.html
new file mode 100644 (file)
index 0000000..3efbead
--- /dev/null
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+    document.cookie = "secureCookie=yes;secure";
+    console.log(document.cookie);
+</script>
+<link rel="stylesheet" href="https://127.0.0.1:8443/security/mixedContent/resources/insecure.css">
+</head>
+<body>
+Loading css cursor from insecure source.
+<script>
+if (window.opener)
+  window.opener.postMessage('done', '*');
+</script>
+</body>
+</html>
+
diff --git a/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-executable-css-with-secure-cookies.html b/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-executable-css-with-secure-cookies.html
new file mode 100644 (file)
index 0000000..e1a19c4
--- /dev/null
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+    document.cookie = "secureCookie=yes;secure";
+    console.log(document.cookie);
+</script>
+<link rel="stylesheet" href="https://127.0.0.1:8443/security/mixedContent/resources/insecure-executable.css">
+</head>
+<body id="test">
+Loading css document from insecure source.
+<script>
+if (window.opener)
+    window.opener.postMessage('done', '*');
+</script>
+</body>
+</html>
+
diff --git a/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-image-secure-cookie-block.html b/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-image-secure-cookie-block.html
new file mode 100644 (file)
index 0000000..d6f76e8
--- /dev/null
@@ -0,0 +1,11 @@
+<script>
+    document.cookie = "secureCookie=yes;secure";
+</script>
+<img src="http://127.0.0.1:8080/security/resources/compass.jpg">
+<script>
+console.log(document.cookie);
+window.onload = function() {
+    if (window.opener)
+        window.opener.postMessage('done', '*');
+};
+</script>
diff --git a/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-image-secure-cookie.html b/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-image-secure-cookie.html
new file mode 100644 (file)
index 0000000..acf34dd
--- /dev/null
@@ -0,0 +1,11 @@
+<script>
+    document.cookie = "secureCookie=yes;secure";
+    console.log(document.cookie);
+</script>
+<img src="http://127.0.0.1:8080/security/resources/compass.jpg">
+<script>
+window.onload = function() {
+    if (window.opener)
+        window.opener.postMessage('done', '*');
+};
+</script>
diff --git a/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-script-secure-cookies.html b/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-script-secure-cookies.html
new file mode 100644 (file)
index 0000000..d80b34b
--- /dev/null
@@ -0,0 +1,11 @@
+<script>
+document.cookie = "secureCookie=yes;secure";
+console.log(document.cookie);
+</script>
+<script src="http://127.0.0.1:8080/security/mixedContent/resources/script.js"></script>
+<script>
+window.onload = function() {
+    if (window.opener)
+        window.opener.postMessage('done', '*');
+};
+</script>
diff --git a/LayoutTests/http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie-block.html b/LayoutTests/http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie-block.html
new file mode 100644 (file)
index 0000000..ea47c7b
--- /dev/null
@@ -0,0 +1,13 @@
+<script>
+var frameDidLoad = false;
+document.cookie = "secureCookie=yes;secure";
+if (window.testRunner)
+    internals.settings.setAllowRunningOfInsecureContent(true);
+onload = function()
+{
+    console.log(document.cookie);
+    if (window.opener)
+        window.opener.postMessage(frameDidLoad ? 'done' : 'blocked', '*');
+}
+</script>
+<img onload="window.frameDidLoad = true" src="https://127.0.0.1:8443/resources/redirect.php?url=http://127.0.0.1:8080/security/resources/compass.jpg">
diff --git a/LayoutTests/http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie.html b/LayoutTests/http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-image-secure-cookie.html
new file mode 100644 (file)
index 0000000..5e9e487
--- /dev/null
@@ -0,0 +1,11 @@
+<script>
+var frameDidLoad = false;
+document.cookie = "secureCookie=yes;secure";
+console.log(document.cookie);
+onload = function()
+{
+    if (window.opener)
+        window.opener.postMessage(frameDidLoad ? 'done' : 'blocked', '*');
+}
+</script>
+<img onload="window.frameDidLoad = true" src="https://127.0.0.1:8443/resources/redirect.php?url=http://127.0.0.1:8080/security/resources/compass.jpg">
diff --git a/LayoutTests/http/tests/security/mixedContent/resources/insecure-executable.css b/LayoutTests/http/tests/security/mixedContent/resources/insecure-executable.css
new file mode 100644 (file)
index 0000000..cb4888e
--- /dev/null
@@ -0,0 +1,4 @@
+@import url(http://127.0.0.1:8080/security/resources/insecure.css);
+body {
+    background-color: yellow, default;
+}
diff --git a/LayoutTests/http/tests/security/mixedContent/resources/insecure.css b/LayoutTests/http/tests/security/mixedContent/resources/insecure.css
new file mode 100644 (file)
index 0000000..837483e
--- /dev/null
@@ -0,0 +1,3 @@
+html {
+    cursor: url(http://127.0.0.1:8080/security/resources/greenbox-hotspot5-4.cur), default;
+}
diff --git a/LayoutTests/http/tests/security/resources/greenbox-hotspot5-4.cur b/LayoutTests/http/tests/security/resources/greenbox-hotspot5-4.cur
new file mode 100644 (file)
index 0000000..5ae7c9c
Binary files /dev/null and b/LayoutTests/http/tests/security/resources/greenbox-hotspot5-4.cur differ
index 736d53c..11bc0b0 100644 (file)
@@ -1,3 +1,42 @@
+2017-08-22  Brent Fulgham  <bfulgham@apple.com> and Pranjal Jumde  <pjumde@apple.com>
+
+        Disable access to secure cookies if an HTTPS site loads mixed content
+        https://bugs.webkit.org/show_bug.cgi?id=157053
+        <rdar://problem/11290808>
+
+        Reviewed by Dan Bates.
+
+        Tests: http/tests/security/mixedContent/insecure-css-with-secure-cookies.html
+               http/tests/security/mixedContent/insecure-image-with-securecookie-block.html
+               http/tests/security/mixedContent/insecure-image-with-securecookie.html
+               http/tests/security/mixedContent/insecure-script-with-secure-cookies.html
+               http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block.html
+               http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies.html
+
+        * dom/SecurityContext.h: 
+        (WebCore::SecurityContext::secureCookiesAccessed): Added.
+        (WebCore::SecurityContext::setSecureCookiesAccessed): Added.
+        * loader/CookieJar.cpp:
+        (WebCore::cookies): Pass Document as non-const so we can call 'setSecureCookiesAccessed' if necessary.
+        * loader/CookieJar.h:
+        * loader/MixedContentChecker.cpp:
+        (WebCore::MixedContentChecker::canRunInsecureContent): Updated checks to avoid running insecure content
+        if secure cookies were accessed. 
+        * platform/CookiesStrategy.h:
+        (WebCore::CookiesStrategy::cookiesForDOM): Pass new argument indicating whether secure cookies should be included in the response.
+        * platform/network/PlatformCookieJar.h:
+        * platform/network/cf/CookieJarCFNet.cpp:
+        (copyCookiesForURLWithFirstPartyURL): Revise to accept new 'IncludeSecureCookiesOrNot' argument.
+        (WebCore::cookiesForSession): Updated to accept new 'IncludeSecureCookiesOrNot' argument. Also determine if secure cookies were
+        included in the response, and return this to the caller.
+        (WebCore::cookieRequestHeaderFieldValue): Revise for new 'copyCookiesForURLWithFirstPartyURL' signature.
+        (WebCore::getRawCookies): Ditto.
+        * platform/network/mac/CookieJarMac.mm:
+        (WebCore::cookiesForSession): Updated checks to keep track of secure cookies and filter out secure cookies if insecure content
+        was accessed.
+        (WebCore::cookiesForDOM): Update for new arguments and to return a pair.
+        (WebCore::cookieRequestHeaderFieldValue): Ditto.
+
 2017-08-22  Jer Noble  <jer.noble@apple.com>
 
         Autoplay Muted Videos Don't Play When Outside Viewport
index 06ebd42..430cd6b 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2011 Google Inc. All Rights Reserved.
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -83,6 +84,8 @@ public:
     void setFoundMixedContent() { m_foundMixedContent = true; }
     bool geolocationAccessed() const { return m_geolocationAccessed; }
     void setGeolocationAccessed() { m_geolocationAccessed = true; }
+    bool secureCookiesAccessed() const { return m_secureCookiesAccessed; }
+    void setSecureCookiesAccessed() { m_secureCookiesAccessed = true; }
 
     bool isStrictMixedContentMode() const { return m_isStrictMixedContentMode; }
     void setStrictMixedContentMode(bool strictMixedContentMode) { m_isStrictMixedContentMode = strictMixedContentMode; }
@@ -111,6 +114,7 @@ private:
     bool m_haveInitializedSecurityOrigin { false };
     bool m_foundMixedContent { false };
     bool m_geolocationAccessed { false };
+    bool m_secureCookiesAccessed { false };
     bool m_isStrictMixedContentMode { false };
 };
 
index 6b06168..effec44 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -54,11 +54,16 @@ inline NetworkStorageSession& storageSession(const Document& document)
     return context ? context->storageSession() : NetworkStorageSession::defaultStorageSession();
 }
 
-String cookies(const Document& document, const URL& url)
+String cookies(Document& document, const URL& url)
 {
     TraceScope scope(FetchCookiesStart, FetchCookiesEnd);
 
-    return platformStrategies()->cookiesStrategy()->cookiesForDOM(storageSession(document), document.firstPartyForCookies(), url);
+    auto includeSecureCookiesOrNot = (url.protocolIs("https") && !document.foundMixedContent()) ? IncludeSecureCookies::Yes : IncludeSecureCookies::No;
+    auto result = platformStrategies()->cookiesStrategy()->cookiesForDOM(storageSession(document), document.firstPartyForCookies(), url, includeSecureCookiesOrNot);
+    if (result.second)
+        document.setSecureCookiesAccessed();
+
+    return result.first;
 }
 
 void setCookies(Document& document, const URL& url, const String& cookieString)
index 220a9b9..a9ec14a 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2003, 2006, 2008, 2012, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -38,7 +38,7 @@ struct Cookie;
 // Functions in this file take a Document pointer to determine which cookie storage to use. We should merge that into call sites, and use PlatformCookieJar directly.
 
 // These two functions implement document.cookie API, with special rules for HttpOnly cookies.
-WEBCORE_EXPORT String cookies(const Document&, const URL&);
+WEBCORE_EXPORT String cookies(Document&, const URL&);
 WEBCORE_EXPORT void setCookies(Document&, const URL&, const String& cookieString);
 
 WEBCORE_EXPORT bool cookiesEnabled(const Document&);
index 46081a7..679d675 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2012 Google Inc. All rights reserved.
+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -92,7 +93,7 @@ bool MixedContentChecker::canRunInsecureContent(SecurityOrigin& securityOrigin,
     if (!m_frame.document()->contentSecurityPolicy()->allowRunningOrDisplayingInsecureContent(url))
         return false;
 
-    bool allowed = !m_frame.document()->isStrictMixedContentMode() && m_frame.settings().allowRunningOfInsecureContent() && !m_frame.document()->geolocationAccessed();
+    bool allowed = !m_frame.document()->isStrictMixedContentMode() && m_frame.settings().allowRunningOfInsecureContent() && !m_frame.document()->geolocationAccessed() && !m_frame.document()->secureCookiesAccessed();
     logWarning(allowed, "run", url);
 
     if (allowed) {
index 5d75df4..9c2e44c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef CookiesStrategy_h
-#define CookiesStrategy_h
+#pragma once
 
 #include <pal/SessionID.h>
+#include <wtf/EnumTraits.h>
 #include <wtf/Vector.h>
 #include <wtf/text/WTFString.h>
 
 namespace WebCore {
 
-class URL;
 class NetworkStorageSession;
+class URL;
+
 struct Cookie;
 
+enum class IncludeSecureCookies { No, Yes };
+
 class CookiesStrategy {
 public:
-    virtual String cookiesForDOM(const NetworkStorageSession&, const URL& firstParty, const URL&) = 0;
+    virtual std::pair<String, bool> cookiesForDOM(const NetworkStorageSession&, const URL& firstParty, const URL&, IncludeSecureCookies) = 0;
     virtual void setCookiesFromDOM(const NetworkStorageSession&, const URL& firstParty, const URL&, const String& cookieString) = 0;
     virtual bool cookiesEnabled(const NetworkStorageSession&, const URL& firstParty, const URL&) = 0;
     virtual String cookieRequestHeaderFieldValue(const NetworkStorageSession&, const URL& firstParty, const URL&) = 0;
@@ -52,4 +55,15 @@ protected:
 
 } // namespace WebCore
 
-#endif // CookiesStrategy_h
+namespace WTF {
+
+template<> struct EnumTraits<WebCore::IncludeSecureCookies> {
+    using values = EnumValues<
+        WebCore::IncludeSecureCookies,
+        WebCore::IncludeSecureCookies::No,
+        WebCore::IncludeSecureCookies::Yes
+    >;
+};
+
+} // namespace WTF
+
index 02d9831..d9da61f 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2003, 2006, 2008, 2012, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -35,11 +35,14 @@ namespace WebCore {
 
 class URL;
 class NetworkStorageSession;
+
 struct Cookie;
 
+enum class IncludeSecureCookies;
+
 // FIXME: These should probably be NetworkStorageSession member functions.
 
-WEBCORE_EXPORT String cookiesForDOM(const NetworkStorageSession&, const URL& firstParty, const URL&);
+WEBCORE_EXPORT std::pair<String, bool> cookiesForDOM(const NetworkStorageSession&, const URL& firstParty, const URL&, IncludeSecureCookies);
 WEBCORE_EXPORT void setCookiesFromDOM(const NetworkStorageSession&, const URL& firstParty, const URL&, const String&);
 WEBCORE_EXPORT bool cookiesEnabled(const NetworkStorageSession&, const URL& firstParty, const URL&);
 WEBCORE_EXPORT String cookieRequestHeaderFieldValue(const NetworkStorageSession&, const URL& firstParty, const URL&);
index bf9b665..cafe2e6 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006, 2007, 2008, 2012, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -36,6 +36,7 @@
 #include <CoreFoundation/CoreFoundation.h>
 #include <pal/spi/cf/CFNetworkSPI.h>
 #include <wtf/SoftLinking.h>
+#include <wtf/TypeCastsCF.h>
 #include <wtf/text/WTFString.h>
 
 #if PLATFORM(WIN)
@@ -49,6 +50,19 @@ enum {
 };
 #endif
 
+namespace WTF {
+
+#define DECLARE_CF_TYPE_TRAIT(ClassName) \
+template <> \
+struct CFTypeTrait<ClassName##Ref> { \
+static inline CFTypeID typeID() { return ClassName##GetTypeID(); } \
+};
+
+DECLARE_CF_TYPE_TRAIT(CFHTTPCookieRef);
+
+#undef DECLARE_CF_TYPE_TRAIT
+} // namespace WTF
+
 namespace WebCore {
 
 static const CFStringRef s_setCookieKeyCF = CFSTR("Set-Cookie");
@@ -102,9 +116,11 @@ static RetainPtr<CFArrayRef> filterCookies(CFArrayRef unfilteredCookies)
     return filteredCookies;
 }
 
-static RetainPtr<CFArrayRef> copyCookiesForURLWithFirstPartyURL(const NetworkStorageSession& session, const URL& firstParty, const URL& url)
+static RetainPtr<CFArrayRef> copyCookiesForURLWithFirstPartyURL(const NetworkStorageSession& session, const URL& firstParty, const URL& url, IncludeSecureCookies includeSecureCookies)
 {
-    bool secure = url.protocolIs("https");
+    bool secure = includeSecureCookies == IncludeSecureCookies::Yes;
+
+    ASSERT(!secure || (secure && url.protocolIs("https")));
 
 #if PLATFORM(COCOA)
     return adoptCF(_CFHTTPCookieStorageCopyCookiesForURLWithMainDocumentURL(session.cookieStorage().get(), url.createCFURL().get(), firstParty.createCFURL().get(), secure));
@@ -151,18 +167,34 @@ void setCookiesFromDOM(const NetworkStorageSession& session, const URL& firstPar
     CFHTTPCookieStorageSetCookies(session.cookieStorage().get(), filterCookies(unfilteredCookies.get()).get(), urlCF.get(), firstPartyForCookiesCF.get());
 }
 
-String cookiesForDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url)
+std::pair<String, bool> cookiesForDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url, IncludeSecureCookies includeSecureCookies)
 {
-    RetainPtr<CFArrayRef> cookiesCF = copyCookiesForURLWithFirstPartyURL(session, firstParty, url);
-    RetainPtr<CFDictionaryRef> headerCF = adoptCF(CFHTTPCookieCopyRequestHeaderFields(kCFAllocatorDefault, filterCookies(cookiesCF.get()).get()));
-    return (CFStringRef)CFDictionaryGetValue(headerCF.get(), s_cookieCF);
+    RetainPtr<CFArrayRef> cookiesCF = copyCookiesForURLWithFirstPartyURL(session, firstParty, url, includeSecureCookies);
+
+    auto filteredCookies = filterCookies(cookiesCF.get());
+
+    bool didAccessSecureCookies = false;
+
+    CFIndex cookieCount = CFArrayGetCount(filteredCookies.get());
+    while (cookieCount--) {
+        if (CFHTTPCookieIsSecure(checked_cf_cast<CFHTTPCookieRef>(CFArrayGetValueAtIndex(filteredCookies.get(), cookieCount)))) {
+            didAccessSecureCookies = true;
+            break;
+        }
+    }
+
+    RetainPtr<CFDictionaryRef> headerCF = adoptCF(CFHTTPCookieCopyRequestHeaderFields(kCFAllocatorDefault, filteredCookies.get()));
+    String cookieString = checked_cf_cast<CFStringRef>(CFDictionaryGetValue(headerCF.get(), s_cookieCF));
+    return { cookieString, didAccessSecureCookies };
 }
 
 String cookieRequestHeaderFieldValue(const NetworkStorageSession& session, const URL& firstParty, const URL& url)
 {
-    RetainPtr<CFArrayRef> cookiesCF = copyCookiesForURLWithFirstPartyURL(session, firstParty, url);
+    auto includeSecureCookies = url.protocolIs("https") ? IncludeSecureCookies::Yes : IncludeSecureCookies::No;
+
+    RetainPtr<CFArrayRef> cookiesCF = copyCookiesForURLWithFirstPartyURL(session, firstParty, url, includeSecureCookies);
     RetainPtr<CFDictionaryRef> headerCF = adoptCF(CFHTTPCookieCopyRequestHeaderFields(kCFAllocatorDefault, cookiesCF.get()));
-    return (CFStringRef)CFDictionaryGetValue(headerCF.get(), s_cookieCF);
+    return checked_cf_cast<CFStringRef>(CFDictionaryGetValue(headerCF.get(), s_cookieCF));
 }
 
 bool cookiesEnabled(const NetworkStorageSession& session, const URL& /*firstParty*/, const URL& /*url*/)
@@ -175,13 +207,15 @@ bool getRawCookies(const NetworkStorageSession& session, const URL& firstParty,
 {
     rawCookies.clear();
 
-    RetainPtr<CFArrayRef> cookiesCF = copyCookiesForURLWithFirstPartyURL(session, firstParty, url);
+    auto includeSecureCookies = url.protocolIs("https") ? IncludeSecureCookies::Yes : IncludeSecureCookies::No;
+
+    RetainPtr<CFArrayRef> cookiesCF = copyCookiesForURLWithFirstPartyURL(session, firstParty, url, includeSecureCookies);
 
     CFIndex count = CFArrayGetCount(cookiesCF.get());
     rawCookies.reserveCapacity(count);
 
     for (CFIndex i = 0; i < count; i++) {
-        CFHTTPCookieRef cookie = (CFHTTPCookieRef)CFArrayGetValueAtIndex(cookiesCF.get(), i);
+        CFHTTPCookieRef cookie = checked_cf_cast<CFHTTPCookieRef>(CFArrayGetValueAtIndex(cookiesCF.get(), i));
         String name = cookieName(cookie).get();
         String value = cookieValue(cookie).get();
         String domain = cookieDomain(cookie).get();
@@ -214,7 +248,7 @@ void deleteCookie(const NetworkStorageSession& session, const URL& url, const St
 
     CFIndex count = CFArrayGetCount(cookiesCF.get());
     for (CFIndex i = 0; i < count; i++) {
-        CFHTTPCookieRef cookie = (CFHTTPCookieRef)CFArrayGetValueAtIndex(cookiesCF.get(), i);
+        CFHTTPCookieRef cookie = checked_cf_cast<CFHTTPCookieRef>(CFArrayGetValueAtIndex(cookiesCF.get(), i));
         if (String(cookieName(cookie).get()) == name) {
             CFHTTPCookieStorageDeleteCookie(cookieStorage.get(), cookie);
             break;
@@ -230,7 +264,7 @@ void getHostnamesWithCookies(const NetworkStorageSession& session, HashSet<Strin
 
     CFIndex count = CFArrayGetCount(cookiesCF.get());
     for (CFIndex i = 0; i < count; ++i) {
-        CFHTTPCookieRef cookie = static_cast<CFHTTPCookieRef>(const_cast<void *>(CFArrayGetValueAtIndex(cookiesCF.get(), i)));
+        CFHTTPCookieRef cookie = checked_cf_cast<CFHTTPCookieRef>(CFArrayGetValueAtIndex(cookiesCF.get(), i));
         RetainPtr<CFStringRef> domain = cookieDomain(cookie);
         hostnames.add(domain.get());
     }
index 6f5ec24..6d13b2f 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2003, 2006, 2008, 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -26,6 +26,7 @@
 #import "config.h"
 #import "PlatformCookieJar.h"
 
+#import "CookiesStrategy.h"
 #import "NetworkStorageSession.h"
 #import "WebCoreSystemInterface.h"
 #import <pal/spi/cf/CFNetworkSPI.h>
@@ -132,7 +133,7 @@ static NSArray *cookiesForURL(const NetworkStorageSession& session, const URL& f
 }
 
 enum IncludeHTTPOnlyOrNot { DoNotIncludeHTTPOnly, IncludeHTTPOnly };
-static String cookiesForSession(const NetworkStorageSession& session, const URL& firstParty, const URL& url, IncludeHTTPOnlyOrNot includeHTTPOnly)
+static String cookiesForSession(const NetworkStorageSession& session, const URL& firstParty, const URL& url, IncludeHTTPOnlyOrNot includeHTTPOnly, IncludeSecureCookies includeSecureCookies, bool& didAccessSecureCookies)
 {
     BEGIN_BLOCK_OBJC_EXCEPTIONS;
 
@@ -148,6 +149,12 @@ static String cookiesForSession(const NetworkStorageSession& session, const URL&
         if (!includeHTTPOnly && [cookie isHTTPOnly])
             continue;
 
+        if ([cookie isSecure]) {
+            didAccessSecureCookies = true;
+            if (includeSecureCookies == IncludeSecureCookies::No)
+                continue;
+        }
+
         if (!cookiesBuilder.isEmpty())
             cookiesBuilder.appendLiteral("; ");
 
@@ -161,14 +168,17 @@ static String cookiesForSession(const NetworkStorageSession& session, const URL&
     return String();
 }
 
-String cookiesForDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url)
+std::pair<String, bool> cookiesForDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url, IncludeSecureCookies includeSecureCookies)
 {
-    return cookiesForSession(session, firstParty, url, DoNotIncludeHTTPOnly);
+    bool didAccessSecureCookies = false;
+    auto cookieString = cookiesForSession(session, firstParty, url, DoNotIncludeHTTPOnly, includeSecureCookies, didAccessSecureCookies);
+    return { cookieString, didAccessSecureCookies };
 }
 
 String cookieRequestHeaderFieldValue(const NetworkStorageSession& session, const URL& firstParty, const URL& url)
 {
-    return cookiesForSession(session, firstParty, url, IncludeHTTPOnly);
+    bool ignore = false;
+    return cookiesForSession(session, firstParty, url, IncludeHTTPOnly, IncludeSecureCookies::No, ignore);
 }
 
 void setCookiesFromDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url, const String& cookieStr)
index 924de26..860eb39 100644 (file)
@@ -1,3 +1,23 @@
+2017-08-22  Brent Fulgham  <bfulgham@apple.com> and Pranjal Jumde  <pjumde@apple.com>
+
+        Disable access to secure cookies if an HTTPS site loads mixed content
+        https://bugs.webkit.org/show_bug.cgi?id=157053
+        <rdar://problem/11290808>
+
+        Reviewed by Dan Bates.
+
+        * NetworkProcess/NetworkConnectionToWebProcess.cpp:
+        (WebKit::NetworkConnectionToWebProcess::cookiesForDOM): Pass new arguments needed by WebCore.
+        * NetworkProcess/NetworkConnectionToWebProcess.h:
+        * NetworkProcess/NetworkConnectionToWebProcess.messages.in: Updated the CookiesForDOM message with the new foundMixedContent
+        argument and the new didAccessSecureCookies reply.
+        * Shared/mac/CookieStorageShim.mm:
+        (WebKit::webKitCookieStorageCopyRequestHeaderFieldsForURL): Drive-by fix to use the right message.
+        * WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
+        (WebKit::WebPlatformStrategies::cookiesForDOM): Check and return whether secure cookies were accessed. Accept a new argument
+        indicating whether secure cookies should be included in the response.
+        * WebProcess/WebCoreSupport/WebPlatformStrategies.h:
+
 2017-08-22  Zan Dobersek  <zdobersek@igalia.com>
 
         [GTK][WPE] Rename StorageProcessMainGtk.cpp to StorageProcessMainGLib.cpp
index 0e77f7a..b2a7420 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -323,9 +323,9 @@ void NetworkConnectionToWebProcess::convertMainResourceLoadToDownload(PAL::Sessi
     loader->convertToDownload(downloadID, request, response);
 }
 
-void NetworkConnectionToWebProcess::cookiesForDOM(PAL::SessionID sessionID, const URL& firstParty, const URL& url, String& result)
+void NetworkConnectionToWebProcess::cookiesForDOM(PAL::SessionID sessionID, const URL& firstParty, const URL& url, IncludeSecureCookies includeSecureCookies, String& result, bool& secureCookiesAccessed)
 {
-    result = WebCore::cookiesForDOM(storageSession(sessionID), firstParty, url);
+    std::tie(result, secureCookiesAccessed) = WebCore::cookiesForDOM(storageSession(sessionID), firstParty, url, includeSecureCookies);
 }
 
 void NetworkConnectionToWebProcess::setCookiesFromDOM(PAL::SessionID sessionID, const URL& firstParty, const URL& url, const String& cookieString)
index 07e3cc3..d671b90 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -40,6 +40,8 @@ class BlobDataFileReference;
 class HTTPHeaderMap;
 class ResourceError;
 class ResourceRequest;
+
+enum class IncludeSecureCookies;
 }
 
 namespace WebKit {
@@ -95,7 +97,7 @@ private:
     void startDownload(PAL::SessionID, DownloadID, const WebCore::ResourceRequest&, const String& suggestedName = { });
     void convertMainResourceLoadToDownload(PAL::SessionID, uint64_t mainResourceLoadIdentifier, DownloadID, const WebCore::ResourceRequest&, const WebCore::ResourceResponse&);
 
-    void cookiesForDOM(PAL::SessionID, const WebCore::URL& firstParty, const WebCore::URL&, String& result);
+    void cookiesForDOM(PAL::SessionID, const WebCore::URL& firstParty, const WebCore::URL&, WebCore::IncludeSecureCookies, String& result, bool& secureCookiesAccessed);
     void setCookiesFromDOM(PAL::SessionID, const WebCore::URL& firstParty, const WebCore::URL&, const String&);
     void cookiesEnabled(PAL::SessionID, const WebCore::URL& firstParty, const WebCore::URL&, bool& result);
     void cookieRequestHeaderFieldValue(PAL::SessionID, const WebCore::URL& firstParty, const WebCore::URL&, String& result);
index 2185ca4..02c4735 100644 (file)
@@ -1,4 +1,4 @@
-# Copyright (C) 2012 Apple Inc. All rights reserved.
+# Copyright (C) 2012-2017 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -32,7 +32,7 @@ messages -> NetworkConnectionToWebProcess LegacyReceiver {
     StartDownload(PAL::SessionID sessionID, WebKit::DownloadID downloadID, WebCore::ResourceRequest request, String suggestedName)
     ConvertMainResourceLoadToDownload(PAL::SessionID sessionID, uint64_t mainResourceLoadIdentifier, WebKit::DownloadID downloadID, WebCore::ResourceRequest request, WebCore::ResourceResponse response)
 
-    CookiesForDOM(PAL::SessionID sessionID, WebCore::URL firstParty, WebCore::URL url) -> (String result)
+    CookiesForDOM(PAL::SessionID sessionID, WebCore::URL firstParty, WebCore::URL url, enum WebCore::IncludeSecureCookies includeSecureCookies) -> (String result, bool didAccessSecureCookies)
     SetCookiesFromDOM(PAL::SessionID sessionID, WebCore::URL firstParty, WebCore::URL url, String cookieString)
     CookiesEnabled(PAL::SessionID sessionID, WebCore::URL firstParty, WebCore::URL url) -> (bool enabled)
     CookieRequestHeaderFieldValue(PAL::SessionID sessionID, WebCore::URL firstParty, WebCore::URL url) -> (String result)
index 2be2868..64c80a8 100644 (file)
@@ -359,6 +359,7 @@ def headers_for_type(type):
         'WebCore::GrammarDetail': ['<WebCore/TextCheckerClient.h>'],
         'WebCore::HasInsecureContent': ['<WebCore/FrameLoaderTypes.h>'],
         'WebCore::Highlight': ['<WebCore/InspectorOverlay.h>'],
+        'WebCore::IncludeSecureCookies': ['<WebCore/CookiesStrategy.h>'],
         'WebCore::KeyframeValueList': ['<WebCore/GraphicsLayer.h>'],
         'WebCore::KeypressCommand': ['<WebCore/KeyboardEvent.h>'],
         'WebCore::MediaConstraints': ['<WebCore/MediaConstraints.h>'],
@@ -390,7 +391,6 @@ def headers_for_type(type):
         'struct WebKit::WebUserStyleSheetData': ['"WebUserContentControllerDataTypes.h"'],
         'struct WebKit::WebScriptMessageHandlerData': ['"WebUserContentControllerDataTypes.h"'],
         'std::chrono::system_clock::time_point': ['<chrono>'],
-        'WebKit::LayerHostingMode': ['"LayerTreeContext.h"'],
     }
 
     headers = []
index 3a45427..e2ea876 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -57,7 +57,7 @@ static CFDictionaryRef webKitCookieStorageCopyRequestHeaderFieldsForURL(CFHTTPCo
 {
     String cookies;
     URL firstPartyForCookiesURL;
-    if (!WebProcess::singleton().networkConnection().connection().sendSync(Messages::NetworkConnectionToWebProcess::CookieRequestHeaderFieldValue(PAL::SessionID::defaultSessionID(), firstPartyForCookiesURL, inRequestURL), Messages::NetworkConnectionToWebProcess::CookiesForDOM::Reply(cookies), 0))
+    if (!WebProcess::singleton().networkConnection().connection().sendSync(Messages::NetworkConnectionToWebProcess::CookieRequestHeaderFieldValue(PAL::SessionID::defaultSessionID(), firstPartyForCookiesURL, inRequestURL), Messages::NetworkConnectionToWebProcess::CookieRequestHeaderFieldValue::Reply(cookies), 0))
         return 0;
 
     if (cookies.isNull())
index b646620..81bc4b3 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010, 2011, 2012, 2015, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -109,12 +109,14 @@ BlobRegistry* WebPlatformStrategies::createBlobRegistry()
 
 // CookiesStrategy
 
-String WebPlatformStrategies::cookiesForDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url)
+std::pair<String, bool> WebPlatformStrategies::cookiesForDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url, IncludeSecureCookies includeSecureCookies)
 {
-    String result;
-    if (!WebProcess::singleton().networkConnection().connection().sendSync(Messages::NetworkConnectionToWebProcess::CookiesForDOM(session.sessionID(), firstParty, url), Messages::NetworkConnectionToWebProcess::CookiesForDOM::Reply(result), 0))
-        return String();
-    return result;
+    String cookieString;
+    bool secureCookiesAccessed = false;
+    if (!WebProcess::singleton().networkConnection().connection().sendSync(Messages::NetworkConnectionToWebProcess::CookiesForDOM(session.sessionID(), firstParty, url, includeSecureCookies), Messages::NetworkConnectionToWebProcess::CookiesForDOM::Reply(cookieString, secureCookiesAccessed), 0))
+        return { String(), false };
+
+    return { cookieString, secureCookiesAccessed };
 }
 
 void WebPlatformStrategies::setCookiesFromDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url, const String& cookieString)
index e16bea4..69aaaf9 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010, 2012, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -47,7 +47,7 @@ private:
     WebCore::BlobRegistry* createBlobRegistry() override;
 
     // WebCore::CookiesStrategy
-    String cookiesForDOM(const WebCore::NetworkStorageSession&, const WebCore::URL& firstParty, const WebCore::URL&) override;
+    std::pair<String, bool> cookiesForDOM(const WebCore::NetworkStorageSession&, const WebCore::URL& firstParty, const WebCore::URL&, WebCore::IncludeSecureCookies) override;
     void setCookiesFromDOM(const WebCore::NetworkStorageSession&, const WebCore::URL& firstParty, const WebCore::URL&, const String&) override;
     bool cookiesEnabled(const WebCore::NetworkStorageSession&, const WebCore::URL& firstParty, const WebCore::URL&) override;
     String cookieRequestHeaderFieldValue(const WebCore::NetworkStorageSession&, const WebCore::URL& firstParty, const WebCore::URL&) override;
index d601e81..087d1dd 100644 (file)
@@ -1,3 +1,16 @@
+2017-08-22  Brent Fulgham  <bfulgham@apple.com> and Pranjal Jumde  <pjumde@apple.com>
+
+        Disable access to secure cookies if an HTTPS site loads mixed content
+        https://bugs.webkit.org/show_bug.cgi?id=157053
+        <rdar://problem/11290808>
+
+        Reviewed by Dan Bates.
+
+        * WebCoreSupport/WebPlatformStrategies.h:
+        * WebCoreSupport/WebPlatformStrategies.mm:
+        (WebPlatformStrategies::cookiesForDOM): Check and return whether secure cookies were accessed. Accept a new argument
+        indicating whether secure cookies should be included in the response.
+
 2017-08-21  Yoshiaki Jitsukawa  <Yoshiaki.Jitsukawa@sony.com>
 
         [PAL] Move spi/mac directory into PAL
index f90fcf0..6d3767a 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,8 +23,7 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef WebPlatformStrategies_h
-#define WebPlatformStrategies_h
+#pragma once
 
 #include <WebCore/CookiesStrategy.h>
 #include <WebCore/LoaderStrategy.h>
@@ -48,7 +47,7 @@ private:
     WebCore::BlobRegistry* createBlobRegistry() override;
 
     // WebCore::CookiesStrategy
-    String cookiesForDOM(const WebCore::NetworkStorageSession&, const WebCore::URL& firstParty, const WebCore::URL&) override;
+    std::pair<String, bool> cookiesForDOM(const WebCore::NetworkStorageSession&, const WebCore::URL& firstParty, const WebCore::URL&, WebCore::IncludeSecureCookies) override;
     void setCookiesFromDOM(const WebCore::NetworkStorageSession&, const WebCore::URL& firstParty, const WebCore::URL&, const String&) override;
     bool cookiesEnabled(const WebCore::NetworkStorageSession&, const WebCore::URL& firstParty, const WebCore::URL&) override;
     String cookieRequestHeaderFieldValue(const WebCore::NetworkStorageSession&, const WebCore::URL& firstParty, const WebCore::URL&) override;
@@ -88,4 +87,3 @@ private:
     long setStringForType(const String&, const String& pasteboardType, const String& pasteboardName) override;
 };
 
-#endif // WebPlatformStrategies_h
index 1ac2e1e..b148b9f 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -73,9 +73,9 @@ BlobRegistry* WebPlatformStrategies::createBlobRegistry()
     return new WebCore::BlobRegistryImpl;
 }
 
-String WebPlatformStrategies::cookiesForDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url)
+std::pair<String, bool> WebPlatformStrategies::cookiesForDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url, IncludeSecureCookies includeSecureCookies)
 {
-    return WebCore::cookiesForDOM(session, firstParty, url);
+    return WebCore::cookiesForDOM(session, firstParty, url, includeSecureCookies);
 }
 
 void WebPlatformStrategies::setCookiesFromDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url, const String& cookieString)