- Revision
- 224661
- Author
- bfulg...@apple.com
- Date
- 2017-11-09 19:21:23 -0800 (Thu, 09 Nov 2017)
Log Message
Ignore HSTS for partitioned, cross-origin subresource requests
https://bugs.webkit.org/show_bug.cgi?id=178993
<rdar://problem/34962462>
Patch by John Wilander <wilan...@apple.com> on 2017-11-09
Reviewed by Brent Fulgham.
Source/WebCore:
No new tests. HSTS is not supported in layout tests.
Tested manually.
* platform/network/mac/WebCoreURLResponse.mm:
(WebCore::synthesizeRedirectResponseIfNecessary):
Source/WebCore/PAL:
* pal/spi/cf/CFNetworkSPI.h:
Added
- (BOOL)_schemeWasUpgradedDueToDynamicHSTS
- (BOOL)_preventHSTSStorage
- (BOOL)_ignoreHSTS
- (void)_setPreventHSTSStorage:(BOOL)preventHSTSStorage
- (void)_setIgnoreHSTS:(BOOL)ignoreHSTS
Source/WebKit:
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(downgradeRequest):
Convenience function to downgrade a request if
CFNetwork as already upgraded it during
canonicalization. This allows the rest of
WebKit's processing to function, such as UIR
and mixed content blocking.
(updateIgnoreStrictTransportSecuritySettingIfNecessary):
Adds and removed the ignore request accordingly.
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
Now asks CFNetwork to ignore HSTS on resource loads we
partition cookies for.
(-[WKNetworkSessionDelegate URLSession:task:_schemeUpgraded:completionHandler:]):
Now asks CFNetwork to ignore HSTS on resource loads we
partition cookies for.
Source/WTF:
* wtf/Platform.h:
Added HAVE_CFNETWORK_IGNORE_HSTS.
Modified Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (224660 => 224661)
--- trunk/Source/WTF/ChangeLog 2017-11-10 01:56:10 UTC (rev 224660)
+++ trunk/Source/WTF/ChangeLog 2017-11-10 03:21:23 UTC (rev 224661)
@@ -1,3 +1,14 @@
+2017-11-09 John Wilander <wilan...@apple.com>
+
+ Ignore HSTS for partitioned, cross-origin subresource requests
+ https://bugs.webkit.org/show_bug.cgi?id=178993
+ <rdar://problem/34962462>
+
+ Reviewed by Brent Fulgham.
+
+ * wtf/Platform.h:
+ Added HAVE_CFNETWORK_IGNORE_HSTS.
+
2017-11-08 Tim Horton <timothy_hor...@apple.com>
[ios-simulator] API test WebKit.BundleParameters is a flaky failure
Modified: trunk/Source/WTF/wtf/Platform.h (224660 => 224661)
--- trunk/Source/WTF/wtf/Platform.h 2017-11-10 01:56:10 UTC (rev 224660)
+++ trunk/Source/WTF/wtf/Platform.h 2017-11-10 03:21:23 UTC (rev 224661)
@@ -677,6 +677,16 @@
#define HAVE_CFNETWORK_STORAGE_PARTITIONING 1
#endif
+#if ((PLATFORM(MAC) && __MAC_OS_X_VERSION_MAX_ALLOWED >= 101302 && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300) || (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 110200) || (PLATFORM(WATCHOS) && __WATCH_OS_VERSION_MIN_REQUIRED >= 40200) || (PLATFORM(TVOS) && __TV_OS_VERSION_MIN_REQUIRED >= 110200))
+#define HAVE_CFNETWORK_IGNORE_HSTS 1
+
+/* FIXME: Remove after rdar 35390452 is fixed: */
+#if PLATFORM(MAC) && __MAC_OS_X_VERSION_MAX_ALLOWED >= 101400
+#define HAVE_CFNETWORK_IGNORE_HSTS 0
+#endif
+
+#endif
+
#if OS(DARWIN) || ((OS(FREEBSD) || defined(__GLIBC__) || defined(__BIONIC__)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
#define HAVE_MACHINE_CONTEXT 1
#endif
Modified: trunk/Source/WebCore/ChangeLog (224660 => 224661)
--- trunk/Source/WebCore/ChangeLog 2017-11-10 01:56:10 UTC (rev 224660)
+++ trunk/Source/WebCore/ChangeLog 2017-11-10 03:21:23 UTC (rev 224661)
@@ -1,3 +1,17 @@
+2017-11-09 John Wilander <wilan...@apple.com>
+
+ Ignore HSTS for partitioned, cross-origin subresource requests
+ https://bugs.webkit.org/show_bug.cgi?id=178993
+ <rdar://problem/34962462>
+
+ Reviewed by Brent Fulgham.
+
+ No new tests. HSTS is not supported in layout tests.
+ Tested manually.
+
+ * platform/network/mac/WebCoreURLResponse.mm:
+ (WebCore::synthesizeRedirectResponseIfNecessary):
+
2017-11-09 Zalan Bujtas <za...@apple.com>
[LayoutState cleanup] Remove explicit pop from LayoutState
Modified: trunk/Source/WebCore/PAL/ChangeLog (224660 => 224661)
--- trunk/Source/WebCore/PAL/ChangeLog 2017-11-10 01:56:10 UTC (rev 224660)
+++ trunk/Source/WebCore/PAL/ChangeLog 2017-11-10 03:21:23 UTC (rev 224661)
@@ -1,3 +1,20 @@
+2017-11-09 John Wilander <wilan...@apple.com>
+
+ Ignore HSTS for partitioned, cross-origin subresource requests
+ https://bugs.webkit.org/show_bug.cgi?id=178993
+ <rdar://problem/34962462>
+
+ Reviewed by Brent Fulgham.
+
+ * pal/spi/cf/CFNetworkSPI.h:
+ Added
+ - (BOOL)_schemeWasUpgradedDueToDynamicHSTS
+ - (BOOL)_preventHSTSStorage
+ - (BOOL)_ignoreHSTS
+ - (void)_setPreventHSTSStorage:(BOOL)preventHSTSStorage
+ - (void)_setIgnoreHSTS:(BOOL)ignoreHSTS
+
+
2017-11-08 Jeremy Jones <jere...@apple.com>
HTMLMediaElement should not use element fullscreen on iOS
Modified: trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h (224660 => 224661)
--- trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h 2017-11-10 01:56:10 UTC (rev 224660)
+++ trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h 2017-11-10 03:21:23 UTC (rev 224661)
@@ -97,11 +97,20 @@
- (id)_initWithCFURLRequest:(CFURLRequestRef)request;
- (id)_propertyForKey:(NSString *)key;
- (void)_setProperty:(id)value forKey:(NSString *)key;
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+- (BOOL)_schemeWasUpgradedDueToDynamicHSTS;
+- (BOOL)_preventHSTSStorage;
+- (BOOL)_ignoreHSTS;
+#endif
@end
@interface NSMutableURLRequest ()
- (void)setContentDispositionEncodingFallbackArray:(NSArray *)theEncodingFallbackArray;
- (void)setBoundInterfaceIdentifier:(NSString *)identifier;
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+- (void)_setPreventHSTSStorage:(BOOL)preventHSTSStorage;
+- (void)_setIgnoreHSTS:(BOOL)ignoreHSTS;
+#endif
@end
@interface NSURLResponse ()
Modified: trunk/Source/WebCore/platform/network/mac/WebCoreURLResponse.mm (224660 => 224661)
--- trunk/Source/WebCore/platform/network/mac/WebCoreURLResponse.mm 2017-11-10 01:56:10 UTC (rev 224660)
+++ trunk/Source/WebCore/platform/network/mac/WebCoreURLResponse.mm 2017-11-10 03:21:23 UTC (rev 224661)
@@ -31,6 +31,7 @@
#import "MIMETypeRegistry.h"
#import "UTIUtilities.h"
+#import <pal/spi/cf/CFNetworkSPI.h>
#import <wtf/Assertions.h>
#import <wtf/RetainPtr.h>
@@ -332,8 +333,13 @@
if (redirectResponse)
return redirectResponse;
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+ if ([[[newRequest URL] scheme] isEqualToString:[[currentRequest URL] scheme]] && ![newRequest _schemeWasUpgradedDueToDynamicHSTS])
+ return nil;
+#else
if ([[[newRequest URL] scheme] isEqualToString:[[currentRequest URL] scheme]])
return nil;
+#endif
// If the new request is a different protocol than the current request, synthesize a redirect response.
// This is critical for HSTS (<rdar://problem/14241270>).
Modified: trunk/Source/WebKit/ChangeLog (224660 => 224661)
--- trunk/Source/WebKit/ChangeLog 2017-11-10 01:56:10 UTC (rev 224660)
+++ trunk/Source/WebKit/ChangeLog 2017-11-10 03:21:23 UTC (rev 224661)
@@ -1,3 +1,27 @@
+2017-11-09 John Wilander <wilan...@apple.com>
+
+ Ignore HSTS for partitioned, cross-origin subresource requests
+ https://bugs.webkit.org/show_bug.cgi?id=178993
+ <rdar://problem/34962462>
+
+ Reviewed by Brent Fulgham.
+
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (downgradeRequest):
+ Convenience function to downgrade a request if
+ CFNetwork as already upgraded it during
+ canonicalization. This allows the rest of
+ WebKit's processing to function, such as UIR
+ and mixed content blocking.
+ (updateIgnoreStrictTransportSecuritySettingIfNecessary):
+ Adds and removed the ignore request accordingly.
+ (-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
+ Now asks CFNetwork to ignore HSTS on resource loads we
+ partition cookies for.
+ (-[WKNetworkSessionDelegate URLSession:task:_schemeUpgraded:completionHandler:]):
+ Now asks CFNetwork to ignore HSTS on resource loads we
+ partition cookies for.
+
2017-11-09 Chris Dumez <cdu...@apple.com>
Implement real post 'install' event steps of the Install algorithm (steps 14+)
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (224660 => 224661)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2017-11-10 01:56:10 UTC (rev 224660)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2017-11-10 03:21:23 UTC (rev 224661)
@@ -165,6 +165,42 @@
completionHandler(WebCore::createHTTPBodyNSInputStream(*body).get());
}
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+static NSURLRequest* downgradeRequest(NSURLRequest *request)
+{
+ NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
+ if ([nsMutableRequest.URL.scheme isEqualToString:@"https"]) {
+ NSURLComponents *components = [[NSURLComponents componentsWithURL:nsMutableRequest.URL resolvingAgainstBaseURL:NO] autorelease];
+ components.scheme = @"http";
+ [nsMutableRequest setURL:components.URL];
+ ASSERT([nsMutableRequest.URL.scheme isEqualToString:@"http"]);
+ return nsMutableRequest;
+ }
+
+ ASSERT_NOT_REACHED();
+ return request;
+}
+
+static NSURLRequest* updateIgnoreStrictTransportSecuritySettingIfNecessary(NSURLRequest *request, bool shouldIgnoreHSTS)
+{
+ if ([request.URL.scheme isEqualToString:@"https"] && shouldIgnoreHSTS && [request _ignoreHSTS]) {
+ // The request was upgraded for some other reason than HSTS.
+ // Don't ignore HSTS to avoid the risk of another downgrade.
+ NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
+ [nsMutableRequest _setIgnoreHSTS:NO];
+ return nsMutableRequest;
+ }
+
+ if ([request.URL.scheme isEqualToString:@"http"] && [request _ignoreHSTS] != shouldIgnoreHSTS) {
+ NSMutableURLRequest *nsMutableRequest = [[request mutableCopy] autorelease];
+ [nsMutableRequest _setIgnoreHSTS:shouldIgnoreHSTS];
+ return nsMutableRequest;
+ }
+
+ return request;
+}
+#endif
+
- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task willPerformHTTPRedirection:(NSHTTPURLResponse *)response newRequest:(NSURLRequest *)request completionHandler:(void (^)(NSURLRequest *))completionHandler
{
auto taskIdentifier = task.taskIdentifier;
@@ -172,13 +208,30 @@
if (auto* networkDataTask = [self existingTask:task]) {
auto completionHandlerCopy = Block_copy(completionHandler);
- networkDataTask->willPerformHTTPRedirection(response, request, [completionHandlerCopy, taskIdentifier](auto&& request) {
+
+ bool shouldIgnoreHSTS = false;
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+ shouldIgnoreHSTS = [request _schemeWasUpgradedDueToDynamicHSTS] && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request)).isEmpty();
+ if (shouldIgnoreHSTS) {
+ request = downgradeRequest(request);
+ ASSERT([request.URL.scheme isEqualToString:@"http"]);
+ LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
+ }
+#endif
+
+ networkDataTask->willPerformHTTPRedirection(response, request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto&& request) {
#if !LOG_DISABLED
LOG(NetworkSession, "%llu willPerformHTTPRedirection completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
#else
UNUSED_PARAM(taskIdentifier);
#endif
- completionHandlerCopy(request.nsURLRequest(WebCore::UpdateHTTPBody));
+ auto nsRequest = request.nsURLRequest(WebCore::UpdateHTTPBody);
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+ nsRequest = updateIgnoreStrictTransportSecuritySettingIfNecessary(nsRequest, shouldIgnoreHSTS);
+#else
+ UNUSED_PARAM(shouldIgnoreHSTS);
+#endif
+ completionHandlerCopy(nsRequest);
Block_release(completionHandlerCopy);
});
} else {
@@ -191,16 +244,32 @@
{
auto taskIdentifier = task.taskIdentifier;
LOG(NetworkSession, "%llu _schemeUpgraded %s", taskIdentifier, request.URL.absoluteString.UTF8String);
-
+
+ bool shouldIgnoreHSTS = false;
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+ shouldIgnoreHSTS = [request _schemeWasUpgradedDueToDynamicHSTS] && !(WebCore::NetworkStorageSession::storageSession(_session->sessionID())->cookieStoragePartition(request)).isEmpty();
+ if (shouldIgnoreHSTS) {
+ request = downgradeRequest(request);
+ ASSERT([request.URL.scheme isEqualToString:@"http"]);
+ LOG(NetworkSession, "%llu Downgraded %s from https to http", taskIdentifier, request.URL.absoluteString.UTF8String);
+ }
+#endif
+
if (auto* networkDataTask = [self existingTask:task]) {
auto completionHandlerCopy = Block_copy(completionHandler);
- networkDataTask->willPerformHTTPRedirection(WebCore::synthesizeRedirectResponseIfNecessary([task currentRequest], request, nil), request, [completionHandlerCopy, taskIdentifier](auto&& request) {
+ networkDataTask->willPerformHTTPRedirection(WebCore::synthesizeRedirectResponseIfNecessary([task currentRequest], request, nil), request, [completionHandlerCopy, taskIdentifier, shouldIgnoreHSTS](auto&& request) {
#if !LOG_DISABLED
LOG(NetworkSession, "%llu _schemeUpgraded completionHandler (%s)", taskIdentifier, request.url().string().utf8().data());
#else
UNUSED_PARAM(taskIdentifier);
#endif
- completionHandlerCopy(request.nsURLRequest(WebCore::UpdateHTTPBody));
+ auto nsRequest = request.nsURLRequest(WebCore::UpdateHTTPBody);
+#if HAVE(CFNETWORK_IGNORE_HSTS)
+ nsRequest = updateIgnoreStrictTransportSecuritySettingIfNecessary(nsRequest, shouldIgnoreHSTS);
+#else
+ UNUSED_PARAM(shouldIgnoreHSTS);
+#endif
+ completionHandlerCopy(nsRequest);
Block_release(completionHandlerCopy);
});
} else {