Was: Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment"
https://bugs.webkit.org/show_bug.cgi?id=152102
<rdar://problem/
22124230>
Source/WebCore:
* dom/Document.cpp:
(WebCore::Document::processReferrerPolicy):
(WebCore::Document::applyContentDispositionAttachmentSandbox):
LayoutTests:
* http/tests/contentdispositionattachmentsandbox/resources/echo-http-referer.php: Removed.
* http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php: Removed.
* http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt: Removed.
* http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html: Removed.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@193995
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2015-12-11 Alexey Proskuryakov <ap@apple.com>
+
+ Roll out http://trac.webkit.org/r193984, because the new test is timing out.
+
+ Was: Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment"
+ https://bugs.webkit.org/show_bug.cgi?id=152102
+ <rdar://problem/22124230>
+
+ * http/tests/contentdispositionattachmentsandbox/resources/echo-http-referer.php: Removed.
+ * http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php: Removed.
+ * http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt: Removed.
+ * http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html: Removed.
+
2015-12-11 Brady Eidson <beidson@apple.com>
Modern IDB: storage/indexeddb/optional-arguments.html fails.
+++ /dev/null
-<!DOCTYPE html>
-<script>
-if (window.parent.testRunner)
- testRunner.notifyDone();
-</script>
-<?php
-echo $_SERVER['HTTP_REFERER'];
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-header("Content-Disposition: attachment; filename=test.html");
-header("Content-Type: text/html");
-?>
-<!DOCTYPE html>
-<style>
-a {
- display: block;
- width: 100vw;
- height: 100vh;
-}
-
-</style>
-<a href="second-wo-referer.php">Link to second-wo-referer.php</a>
\ No newline at end of file
+++ /dev/null
-This test verifies that a subresource loaded by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
-
-
-
---------
-Frame: 'iframe'
---------
-
+++ /dev/null
-<!DOCTYPE html>
-<script>
-if (window.internals)
- internals.settings.setContentDispositionAttachmentSandboxEnabled(true);
-
-if (window.testRunner) {
- testRunner.dumpAsText();
- testRunner.dumpChildFramesAsText();
- testRunner.waitUntilDone();
-}
-
-function navigation() {
- // Due to the sandbox, it's not possible to run script in the iframe or even access its contentDocument.
- var element = document.getElementById('iframe');
- var x = element.offsetLeft + 10;
- var y = element.offsetTop + 10;
-
- if (window.testRunner) {
- if (window.eventSender) {
- eventSender.mouseMoveTo(x, y);
- eventSender.mouseDown();
- eventSender.mouseUp();
- }
-
- if (testRunner.runUIScript)
- testRunner.runUIScript("(function() { uiController.singleTapAtPoint(" + x + ", " + y + "); })()");
- }
-}
-</script>
-<p>This test verifies that a subresource loaded by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
-<iframe id='iframe' src="resources/first-w-content-diposition-attachment.php" onload="navigation()"></iframe>
+2015-12-11 Alexey Proskuryakov <ap@apple.com>
+
+ Roll out http://trac.webkit.org/r193984, because the new test is timing out.
+
+ Was: Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment"
+ https://bugs.webkit.org/show_bug.cgi?id=152102
+ <rdar://problem/22124230>
+
+ * dom/Document.cpp:
+ (WebCore::Document::processReferrerPolicy):
+ (WebCore::Document::applyContentDispositionAttachmentSandbox):
+
2015-12-11 Brady Eidson <beidson@apple.com>
Modern IDB: storage/indexeddb/optional-arguments.html fails.
{
ASSERT(!policy.isNull());
- // Documents in a Content-Disposition: attachment sandbox should never send a Referer header,
- // even if the document has a meta tag saying otherwise.
- if (shouldEnforceContentDispositionAttachmentSandbox())
- return;
-
// Note that we're supporting both the standard and legacy keywords for referrer
// policies, as defined by http://www.w3.org/TR/referrer-policy/#referrer-policy-delivery-meta
if (equalIgnoringCase(policy, "no-referrer") || equalIgnoringCase(policy, "never"))
{
ASSERT(shouldEnforceContentDispositionAttachmentSandbox());
- setReferrerPolicy(ReferrerPolicyNever);
if (!isMediaDocument())
enforceSandboxFlags(SandboxAll);
else