https://bugs.webkit.org/show_bug.cgi?id=162580
<rdar://problem/
28631274>
Reviewed by Alex Christensen.
Source/WebKit2:
Implement support for following redirects, if applicable, of a ping request when using the
Network Session (ENABLE(NETWORK_SESSION)) code path in WebKit2. For ping requests that are
in response to hyperlink auditing (e.g. <a ping>) we should follow redirect responses.
For Content Security Policy and XSS Auditor violation reports we should not follow redirect
responses.
Currently we always ignore redirects for ping requests that are sent using the Network Session
code path in WebKit2. This behavior disagrees with the behavior described in section
"Hyperlink auditing" of the HTML standard, <https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing> (27 September 2016),
as well as the behavior in Legacy WebKit and WebKit2 with Network Session disabled. We should
follow redirects for ping requests initiated as part of hyperlink auditing to more closely
conform to the HTML standard and match the behavior in Legacy WebKit and WebKit2 with Network
Session disabled.
* NetworkProcess/PingLoad.h:
LayoutTests:
Add tests to ensure that we follow redirects for ping requests that are initiated as part
of hyperlink auditing.
Modified http/tests/navigation/resources/save-Ping.php to include the host and request URI
information in the saved report and updated expected results for existing tests as a result
of this change.
* http/tests/contentextensions/block-cookies-in-csp-report-expected.txt:
* http/tests/contentextensions/block-cookies-in-image-load-in-onunload-expected.txt:
* http/tests/contentextensions/block-cookies-in-ping-expected.txt:
* http/tests/contentextensions/hide-on-csp-report-expected.txt:
* http/tests/contentextensions/hide-on-ping-expected.txt:
* http/tests/contentextensions/hide-on-ping-with-ping-that-redirects-expected.txt: Added.
* http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html: Added.
* http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html.json: Added.
* http/tests/contentextensions/resources/save-ping-and-redirect-to-save-ping.php: Added.
* http/tests/contentextensions/resources/save-ping.php:
* http/tests/navigation/image-load-in-pagehide-handler-expected.txt:
* http/tests/navigation/image-load-in-unload-handler-expected.txt:
* http/tests/navigation/ping-attribute/anchor-cookie-expected.txt:
* http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt:
* http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt:
* http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping-expected.txt: Added.
* http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping.html: Added.
* http/tests/navigation/ping-attribute/anchor-same-origin-expected.txt:
* http/tests/navigation/ping-attribute/area-cookie-expected.txt:
* http/tests/navigation/ping-attribute/area-cross-origin-expected.txt:
* http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt:
* http/tests/navigation/ping-attribute/area-same-origin-expected.txt:
* http/tests/navigation/resources/save-Ping.php:
* http/tests/navigation/resources/save-ping-and-redirect-to-save-ping.php: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@206810
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
2016-10-05 Daniel Bates <dabates@apple.com>
+ [WK2][NetworkSession] Ping requests should follow redirects if applicable
+ https://bugs.webkit.org/show_bug.cgi?id=162580
+ <rdar://problem/28631274>
+
+ Reviewed by Alex Christensen.
+
+ Add tests to ensure that we follow redirects for ping requests that are initiated as part
+ of hyperlink auditing.
+
+ Modified http/tests/navigation/resources/save-Ping.php to include the host and request URI
+ information in the saved report and updated expected results for existing tests as a result
+ of this change.
+
+ * http/tests/contentextensions/block-cookies-in-csp-report-expected.txt:
+ * http/tests/contentextensions/block-cookies-in-image-load-in-onunload-expected.txt:
+ * http/tests/contentextensions/block-cookies-in-ping-expected.txt:
+ * http/tests/contentextensions/hide-on-csp-report-expected.txt:
+ * http/tests/contentextensions/hide-on-ping-expected.txt:
+ * http/tests/contentextensions/hide-on-ping-with-ping-that-redirects-expected.txt: Added.
+ * http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html: Added.
+ * http/tests/contentextensions/hide-on-ping-with-ping-that-redirects.html.json: Added.
+ * http/tests/contentextensions/resources/save-ping-and-redirect-to-save-ping.php: Added.
+ * http/tests/contentextensions/resources/save-ping.php:
+ * http/tests/navigation/image-load-in-pagehide-handler-expected.txt:
+ * http/tests/navigation/image-load-in-unload-handler-expected.txt:
+ * http/tests/navigation/ping-attribute/anchor-cookie-expected.txt:
+ * http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt:
+ * http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt:
+ * http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping-expected.txt: Added.
+ * http/tests/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping.html: Added.
+ * http/tests/navigation/ping-attribute/anchor-same-origin-expected.txt:
+ * http/tests/navigation/ping-attribute/area-cookie-expected.txt:
+ * http/tests/navigation/ping-attribute/area-cross-origin-expected.txt:
+ * http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt:
+ * http/tests/navigation/ping-attribute/area-same-origin-expected.txt:
+ * http/tests/navigation/resources/save-Ping.php:
+ * http/tests/navigation/resources/save-ping-and-redirect-to-save-ping.php: Added.
+
+2016-10-05 Daniel Bates <dabates@apple.com>
+
Do not follow redirects when sending violation report
https://bugs.webkit.org/show_bug.cgi?id=162520
<rdar://problem/27957639>
Frame: 'result_frame'
--------
Ping received.
+HTTP_HOST: 127.0.0.1:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-block-cookies-in-csp-report
No cookies in ping.
main frame - has 1 onunload handler(s)
Ping received.
+HTTP_HOST: 127.0.0.1:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-block-cookies-in-image-load-in-onunload
No cookies in ping.
Frame: 'result_frame'
--------
Ping received.
+HTTP_HOST: 127.0.0.1:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-block-cookies-in-ping
No cookies in ping.
Frame: 'result_frame'
--------
Ping received.
+HTTP_HOST: localhost:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-hide-on-csp-report
No cookies in ping.
Frame: 'result_frame'
--------
Ping received.
+HTTP_HOST: 127.0.0.1:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-hide-on-ping
No cookies in ping.
--- /dev/null
+This test follows a link with a ping attribute where the redirected ping URL matches a 'css-display-none' rule.
+This text should remain visible.
+ Link with ping
+
+
+--------
+Frame: 'result_frame'
+--------
+Ping received.
+HTTP_HOST: 127.0.0.1:8000
+REQUEST_URI: /contentextensions/resources/save-ping.php?test=contentextensions-hide-on-ping-with-ping-that-redirects
+No cookies in ping.
--- /dev/null
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ testRunner.overridePreference("WebKitHyperlinkAuditingEnabled", 1);
+ testRunner.waitUntilDone();
+}
+
+function clickOnLinkWithPing() {
+ if (window.eventSender) {
+ var a = document.getElementById("a");
+ var x = a.offsetLeft + 2;
+ var y = a.offsetTop + 2;
+ eventSender.mouseMoveTo(x, y);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+ }
+}
+
+function showPingResult() {
+ function actualShowPingResult() {
+ var iframe = document.getElementById("result_frame");
+ iframe.onload = function() {
+ if (window.testRunner) { testRunner.notifyDone(); }
+ }
+ iframe.src = "resources/get-ping-data.php?test=contentextensions-hide-on-ping-with-ping-that-redirects";
+ }
+ // We assume that if redirects were followed when saving a ping that they will complete within one second.
+ // FIXME: Is there are better way to test that a redirect occurred?
+ window.setTimeout(actualShowPingResult, 1000);
+}
+</script>
+</head>
+
+<body>
+This test follows a link with a ping attribute where the redirected ping URL matches a 'css-display-none' rule.
+<div class="foo">This text should be hidden once the ping is sent.</div>
+<div class="bar">This text should remain visible.</div>
+<div>
+<img src="resources/delete-ping.php?test=contentextensions-hide-on-ping" onerror="clickOnLinkWithPing();">
+<a id="a" href="#a" ping="resources/save-ping-and-redirect-to-save-ping.php?test=contentextensions-hide-on-ping-with-ping-that-redirects" onclick="showPingResult();">Link with ping</a>
+</div>
+<iframe id="result_frame" name="result_frame"><!-- Will contain ping data received by server --></iframe>
+</body>
+
--- /dev/null
+[
+ {
+ "trigger": {
+ "url-filter": "save-ping.php"
+ },
+ "action": {
+ "type": "css-display-none",
+ "selector": ".foo"
+ }
+ }
+]
--- /dev/null
+<?php
+require_once 'ping-file-path.php';
+
+$DO_NOT_CLEAR_COOKIES = true;
+require_once 'save-ping.php';
+
+header('HTTP/1.1 307');
+header('Location: save-ping.php' . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''));
+?>
$httpHeaders = $_SERVER;
$cookiesFound = false;
foreach ($httpHeaders as $name => $value) {
- if ($name === "HTTP_COOKIE") {
+ if ($name === "HTTP_HOST" || $name === "REQUEST_URI")
+ fwrite($pingFile, "$name: $value\n");
+ else if ($name === "HTTP_COOKIE") {
fwrite($pingFile, "Cookies in ping: $value\n");
$cookiesFound = true;
}
}
fclose($pingFile);
rename($pingFilePath . ".tmp", $pingFilePath);
-foreach ($_COOKIE as $name => $value)
- setcookie($name, "deleted", time() - 60, "/");
+
+if (!isset($DO_NOT_CLEAR_COOKIES) || !$DO_NOT_CLEAR_COOKIES) {
+ foreach ($_COOKIE as $name => $value)
+ setcookie($name, "deleted", time() - 60, "/");
+}
?>
Ping sent successfully
+HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/navigation/image-load-in-pagehide-handler.html
REQUEST_METHOD: GET
+REQUEST_URI: /navigation/resources/save-Ping.php
main frame - has 1 onunload handler(s)
Ping sent successfully
+HTTP_HOST: 127.0.0.1:8000
HTTP_REFERER: http://127.0.0.1:8000/navigation/image-load-in-unload-handler.html
REQUEST_METHOD: GET
+REQUEST_URI: /navigation/resources/save-Ping.php
Ping sent successfully
CONTENT_TYPE: text/ping
HTTP_COOKIE: hello=world
+HTTP_HOST: 127.0.0.1:8000
HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/anchor-cookie.html
HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
Ping sent successfully
CONTENT_TYPE: text/ping
+HTTP_HOST: localhost:8000
HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/anchor-cross-origin.html
HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
HTTP_REFERER: http://127.0.0.1:8000/navigation/ping-attribute/anchor-cross-origin.html
REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
Ping sent successfully
CONTENT_TYPE: text/ping
+HTTP_HOST: localhost:8000
HTTP_PING_TO: https://127.0.0.1:8443/navigation/resources/check-ping.php
REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php?test=/navigation/ping-attribute/anchor-cross-origin-from-https.html
--- /dev/null
+Ping sent successfully
+CONTENT_TYPE: text/ping
+HTTP_HOST: 127.0.0.1:8000
+HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/anchor-ping-and-do-not-follow-redirect-when-sending-ping.html
+HTTP_PING_TO: javascript:checkPing()
+REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
--- /dev/null
+<!DOCTYPE html>
+<html>
+<head>
+<script src="resources/utilities.js"></script>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.overridePreference("WebKitHyperlinkAuditingEnabled", 1);
+ testRunner.waitUntilDone();
+}
+
+function test()
+{
+ clickElement(document.getElementById("a"));
+}
+
+function checkPing()
+{
+ function actualCheckPing()
+ {
+ window.location = "../resources/check-ping.php";
+ }
+ // We assume that if redirects were followed when saving a ping that they will complete within one second.
+ // FIXME: Is there are better way to test that a redirect occurred?
+ window.setTimeout(actualCheckPing, 1000);
+}
+
+window.onload = function ()
+{
+ clearLastPingResultAndRunTest(test);
+}
+</script>
+</head>
+<body>
+<p>This test PASSED if the filename of the REQUEST_URI in the dumped report is save-Ping.php. Otherwise, it FAIL.</p>
+<a id="a" href="javascript:checkPing()" ping="../resources/save-ping-and-redirect-to-save-ping.php">Navigate and send ping</a>
+</body>
+</html>
Ping sent successfully
CONTENT_TYPE: text/ping
+HTTP_HOST: 127.0.0.1:8000
HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/anchor-same-origin.html
HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
Ping sent successfully
CONTENT_TYPE: text/ping
HTTP_COOKIE: hello=world
+HTTP_HOST: 127.0.0.1:8000
HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/area-cookie.html
HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
Ping sent successfully
CONTENT_TYPE: text/ping
+HTTP_HOST: localhost:8000
HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/area-cross-origin.html
HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
HTTP_REFERER: http://127.0.0.1:8000/navigation/ping-attribute/area-cross-origin.html
REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
Ping sent successfully
CONTENT_TYPE: text/ping
+HTTP_HOST: localhost:8000
HTTP_PING_TO: https://127.0.0.1:8443/navigation/resources/check-ping.php
REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php?test=/navigation/ping-attribute/area-cross-origin-from-https.html
Ping sent successfully
CONTENT_TYPE: text/ping
+HTTP_HOST: 127.0.0.1:8000
HTTP_PING_FROM: http://127.0.0.1:8000/navigation/ping-attribute/area-same-origin.html
HTTP_PING_TO: http://127.0.0.1:8000/navigation/resources/check-ping.php
REQUEST_METHOD: POST
+REQUEST_URI: /navigation/resources/save-Ping.php
$httpHeaders = $_SERVER;
ksort($httpHeaders, SORT_STRING);
foreach ($httpHeaders as $name => $value) {
- if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "HTTP_PING_TO" || $name === "HTTP_PING_FROM" || $name === "REQUEST_METHOD" || $name === "HTTP_COOKIE")
+ if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "HTTP_PING_TO" || $name === "HTTP_PING_FROM"
+ || $name === "REQUEST_METHOD" || $name === "REQUEST_URI" || $name === "HTTP_HOST" || $name === "HTTP_COOKIE")
fwrite($pingFile, "$name: $value\n");
}
fclose($pingFile);
rename($pingFilePath . ".tmp", $pingFilePath);
-foreach ($_COOKIE as $name => $value)
- setcookie($name, "deleted", time() - 60, "/");
+
+if (!isset($DO_NOT_CLEAR_COOKIES) || !$DO_NOT_CLEAR_COOKIES) {
+ foreach ($_COOKIE as $name => $value)
+ setcookie($name, "deleted", time() - 60, "/");
+}
?>
--- /dev/null
+<?php
+require_once 'ping-file-path.php';
+
+$DO_NOT_CLEAR_COOKIES = true; // Used by save-Ping.php
+require_once 'save-Ping.php';
+
+header('HTTP/1.1 307');
+header('Location: save-Ping.php' . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''));
+?>
2016-10-05 Daniel Bates <dabates@apple.com>
+ [WK2][NetworkSession] Ping requests should follow redirects if applicable
+ https://bugs.webkit.org/show_bug.cgi?id=162580
+ <rdar://problem/28631274>
+
+ Reviewed by Alex Christensen.
+
+ Implement support for following redirects, if applicable, of a ping request when using the
+ Network Session (ENABLE(NETWORK_SESSION)) code path in WebKit2. For ping requests that are
+ in response to hyperlink auditing (e.g. <a ping>) we should follow redirect responses.
+ For Content Security Policy and XSS Auditor violation reports we should not follow redirect
+ responses.
+
+ Currently we always ignore redirects for ping requests that are sent using the Network Session
+ code path in WebKit2. This behavior disagrees with the behavior described in section
+ "Hyperlink auditing" of the HTML standard, <https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing> (27 September 2016),
+ as well as the behavior in Legacy WebKit and WebKit2 with Network Session disabled. We should
+ follow redirects for ping requests initiated as part of hyperlink auditing to more closely
+ conform to the HTML standard and match the behavior in Legacy WebKit and WebKit2 with Network
+ Session disabled.
+
+ * NetworkProcess/PingLoad.h:
+
+2016-10-05 Daniel Bates <dabates@apple.com>
+
Do not follow redirects when sending violation report
https://bugs.webkit.org/show_bug.cgi?id=162520
<rdar://problem/27957639>
public:
PingLoad(const NetworkResourceLoadParameters& parameters)
: m_timeoutTimer(*this, &PingLoad::timeoutTimerFired)
+ , m_shouldFollowRedirects(parameters.shouldFollowRedirects)
{
if (auto* networkSession = SessionTracker::networkSession(parameters.sessionID)) {
m_task = NetworkDataTask::create(*networkSession, *this, parameters.request, parameters.allowStoredCredentials, parameters.contentSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect);
}
private:
- void willPerformHTTPRedirection(WebCore::ResourceResponse&&, WebCore::ResourceRequest&&, RedirectCompletionHandler&& completionHandler) final
+ void willPerformHTTPRedirection(WebCore::ResourceResponse&&, WebCore::ResourceRequest&& request, RedirectCompletionHandler&& completionHandler) final
{
- // FIXME: Follow redirects for hyperlink auditing. See <https://bugs.webkit.org/show_bug.cgi?id=162580>.
- completionHandler({ });
- delete this;
+ completionHandler(m_shouldFollowRedirects ? request : WebCore::ResourceRequest());
}
void didReceiveChallenge(const WebCore::AuthenticationChallenge&, ChallengeCompletionHandler&& completionHandler) final
{
RefPtr<NetworkDataTask> m_task;
WebCore::Timer m_timeoutTimer;
+ bool m_shouldFollowRedirects;
};
}
git://git.webkit.org / WebKit.git / commitdiff