Diff
Modified: trunk/LayoutTests/ChangeLog (237638 => 237639)
--- trunk/LayoutTests/ChangeLog 2018-10-31 16:09:07 UTC (rev 237638)
+++ trunk/LayoutTests/ChangeLog 2018-10-31 16:23:27 UTC (rev 237639)
@@ -1,3 +1,16 @@
+2018-10-31 Chris Dumez <cdu...@apple.com>
+
+ [PSON] When process-swapping for a POST request the HTTP body gets dropped
+ https://bugs.webkit.org/show_bug.cgi?id=191046
+ <rdar://problem/45229732>
+
+ Reviewed by Alex Christensen.
+
+ Add layout test coverage.
+
+ * http/tests/misc/form-post-textplain-cross-site-expected.txt: Added.
+ * http/tests/misc/form-post-textplain-cross-site.html: Added.
+
2018-10-30 David Kilzer <ddkil...@apple.com>
XSLTProcessor should limit max transform depth
Added: trunk/LayoutTests/http/tests/misc/form-post-textplain-cross-site-expected.txt (0 => 237639)
--- trunk/LayoutTests/http/tests/misc/form-post-textplain-cross-site-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/misc/form-post-textplain-cross-site-expected.txt 2018-10-31 16:23:27 UTC (rev 237639)
@@ -0,0 +1,5 @@
+This test makes sure that forms POSTed with a content-type of text/plain actually send data in text/plain
+
+SUCCESS: Content-type is text/plain.
+
+SUCCESS
Added: trunk/LayoutTests/http/tests/misc/form-post-textplain-cross-site.html (0 => 237639)
--- trunk/LayoutTests/http/tests/misc/form-post-textplain-cross-site.html (rev 0)
+++ trunk/LayoutTests/http/tests/misc/form-post-textplain-cross-site.html 2018-10-31 16:23:27 UTC (rev 237639)
@@ -0,0 +1,25 @@
+<html>
+<head>
+<title>Regression test for bug 20795 and 100445</title>
+</head>
+<body>
+<p>
+This is a test for https://bugs.webkit.org/show_bug.cgi?id=191046, it makes sure that
+forms POSTed with a content-type of text/plain actually send data in text/plain when cross-site.
+</p>
+
+<form enctype="text/plain" method="post" action="" name="f">
+ <input type="hidden" name="f1" value="This is field #1 &!@$% ='<>">
+ <input type="hidden" name="f2" value='This is field #2 ""'>
+ <input type="submit" value="press me">
+</form>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+document.f.submit();
+</script>
+</body>
+</html>
Modified: trunk/LayoutTests/http/tests/misc/form-post-textplain-expected.txt (237638 => 237639)
--- trunk/LayoutTests/http/tests/misc/form-post-textplain-expected.txt 2018-10-31 16:09:07 UTC (rev 237638)
+++ trunk/LayoutTests/http/tests/misc/form-post-textplain-expected.txt 2018-10-31 16:23:27 UTC (rev 237639)
@@ -1,4 +1,4 @@
-This is a test for 20795 and 100445, it makes sure that forms POSTed with a content-type of text/plain actually send data in text/plain
+This test makes sure that forms POSTed with a content-type of text/plain actually send data in text/plain
SUCCESS: Content-type is text/plain.
Modified: trunk/LayoutTests/http/tests/misc/resources/form-post-textplain.php (237638 => 237639)
--- trunk/LayoutTests/http/tests/misc/resources/form-post-textplain.php 2018-10-31 16:09:07 UTC (rev 237638)
+++ trunk/LayoutTests/http/tests/misc/resources/form-post-textplain.php 2018-10-31 16:23:27 UTC (rev 237639)
@@ -2,12 +2,9 @@
header("Content-type: text/html; charset=UTF-8");
?>
<html>
-<head>
-<title>Regression test for bug 20795 and 100445</title>
-</head>
<body>
<p>
-This is a test for 20795 and 100445, it makes sure that forms POSTed with a content-type of text/plain actually send data in text/plain
+This test makes sure that forms POSTed with a content-type of text/plain actually send data in text/plain
</p>
<?php
Modified: trunk/Source/WebKit/ChangeLog (237638 => 237639)
--- trunk/Source/WebKit/ChangeLog 2018-10-31 16:09:07 UTC (rev 237638)
+++ trunk/Source/WebKit/ChangeLog 2018-10-31 16:23:27 UTC (rev 237639)
@@ -1,3 +1,28 @@
+2018-10-31 Chris Dumez <cdu...@apple.com>
+
+ [PSON] When process-swapping for a POST request the HTTP body gets dropped
+ https://bugs.webkit.org/show_bug.cgi?id=191046
+ <rdar://problem/45229732>
+
+ Reviewed by Alex Christensen.
+
+ For performance reasons, the ResourceRequest IPC encoder does not encode the request's HTTP body (aka form data).
+ When we decide to process-swap for a POST request in WebPageProxy::decidePolicyForNavigationAction(), the request
+ we pass the new WebProcess thus no longer has a HTTP body and the load will likely fail in the new process.
+
+ To address the issue, we now pass the request body along with the request when sending the DecidePolicyForNavigationActionAsync
+ / DecidePolicyForNavigationActionSync IPC from the WebProcess to the UIProcess. No action is needed for the
+ LoadRequest IPC to the new WebProcess since the LoadParameters' IPC encoder takes care of encoding the request's
+ body already.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::decidePolicyForNavigationActionAsync):
+ (WebKit::WebPageProxy::decidePolicyForNavigationActionSync):
+ * UIProcess/WebPageProxy.h:
+ * UIProcess/WebPageProxy.messages.in:
+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+ (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
+
2018-10-31 Antti Koivisto <an...@apple.com>
Stop using LayerFlushScheduler in WK2
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (237638 => 237639)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2018-10-31 16:09:07 UTC (rev 237638)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2018-10-31 16:23:27 UTC (rev 237639)
@@ -59,6 +59,7 @@
#include "DrawingAreaMessages.h"
#include "DrawingAreaProxy.h"
#include "EventDispatcherMessages.h"
+#include "FormDataReference.h"
#include "FrameInfoData.h"
#include "LoadParameters.h"
#include "Logging.h"
@@ -4061,22 +4062,25 @@
}
#endif
-void WebPageProxy::decidePolicyForNavigationActionAsync(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&& navigationActionData, const FrameInfoData& frameInfoData, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&& request, WebCore::ResourceResponse&& redirectResponse, const UserData& userData, WebCore::ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck, uint64_t listenerID)
+void WebPageProxy::decidePolicyForNavigationActionAsync(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&& navigationActionData, const FrameInfoData& frameInfoData, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&& request, IPC::FormDataReference&& requestBody, WebCore::ResourceResponse&& redirectResponse, const UserData& userData, WebCore::ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck, uint64_t listenerID)
{
auto* frame = m_process->webFrame(frameID);
MESSAGE_CHECK(frame);
- decidePolicyForNavigationAction(*frame, frameSecurityOrigin, navigationID, WTFMove(navigationActionData), frameInfoData, originatingPageID, originalRequest, WTFMove(request), WTFMove(redirectResponse), userData, shouldSkipSafeBrowsingCheck, PolicyDecisionSender::create([this, protectedThis = makeRef(*this), frameID, listenerID] (auto... args) {
+ decidePolicyForNavigationAction(*frame, frameSecurityOrigin, navigationID, WTFMove(navigationActionData), frameInfoData, originatingPageID, originalRequest, WTFMove(request), WTFMove(requestBody), WTFMove(redirectResponse), userData, shouldSkipSafeBrowsingCheck, PolicyDecisionSender::create([this, protectedThis = makeRef(*this), frameID, listenerID] (auto... args) {
m_process->send(Messages::WebPage::DidReceivePolicyDecision(frameID, listenerID, args...), m_pageID);
}));
}
-void WebPageProxy::decidePolicyForNavigationAction(WebFrameProxy& frame, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&& navigationActionData, const FrameInfoData& originatingFrameInfoData, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&& request, WebCore::ResourceResponse&& redirectResponse, const UserData& userData, WebCore::ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck, Ref<PolicyDecisionSender>&& sender)
+void WebPageProxy::decidePolicyForNavigationAction(WebFrameProxy& frame, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&& navigationActionData, const FrameInfoData& originatingFrameInfoData, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&& request, IPC::FormDataReference&& requestBody, WebCore::ResourceResponse&& redirectResponse, const UserData& userData, WebCore::ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck, Ref<PolicyDecisionSender>&& sender)
{
LOG(Loading, "WebPageProxy::decidePolicyForNavigationAction - Original URL %s, current target URL %s", originalRequest.url().string().utf8().data(), request.url().string().utf8().data());
PageClientProtector protector(pageClient());
+ // Make the request whole again as we do not normally encode the request's body when sending it over IPC, for performance reasons.
+ request.setHTTPBody(requestBody.takeData());
+
auto transaction = m_pageLoadState.transaction();
bool fromAPI = request.url() == m_pageLoadState.pendingAPIRequestURL();
@@ -4165,7 +4169,7 @@
m_shouldSuppressAppLinksInNextNavigationPolicyDecision = false;
}
-void WebPageProxy::decidePolicyForNavigationActionSync(uint64_t frameID, bool isMainFrame, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&& navigationActionData, const FrameInfoData& frameInfoData, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&& request, WebCore::ResourceResponse&& redirectResponse, const UserData& userData, WebCore::ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck, Messages::WebPageProxy::DecidePolicyForNavigationActionSync::DelayedReply&& reply)
+void WebPageProxy::decidePolicyForNavigationActionSync(uint64_t frameID, bool isMainFrame, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&& navigationActionData, const FrameInfoData& frameInfoData, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&& request, IPC::FormDataReference&& requestBody, WebCore::ResourceResponse&& redirectResponse, const UserData& userData, WebCore::ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck, Messages::WebPageProxy::DecidePolicyForNavigationActionSync::DelayedReply&& reply)
{
auto sender = PolicyDecisionSender::create(WTFMove(reply));
@@ -4180,9 +4184,9 @@
frame = m_process->webFrame(frameID);
RELEASE_ASSERT(frame);
}
-
- decidePolicyForNavigationAction(*frame, frameSecurityOrigin, navigationID, WTFMove(navigationActionData), frameInfoData, originatingPageID, originalRequest, WTFMove(request), WTFMove(redirectResponse), userData, shouldSkipSafeBrowsingCheck, sender.copyRef());
+ decidePolicyForNavigationAction(*frame, frameSecurityOrigin, navigationID, WTFMove(navigationActionData), frameInfoData, originatingPageID, originalRequest, WTFMove(request), WTFMove(requestBody), WTFMove(redirectResponse), userData, shouldSkipSafeBrowsingCheck, sender.copyRef());
+
// If the client did not respond synchronously, proceed with the load.
sender->send(PolicyAction::Use, navigationID, DownloadID(), std::nullopt);
}
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.h (237638 => 237639)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.h 2018-10-31 16:09:07 UTC (rev 237638)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.h 2018-10-31 16:23:27 UTC (rev 237639)
@@ -1450,9 +1450,9 @@
void didDestroyNavigation(uint64_t navigationID);
- void decidePolicyForNavigationAction(WebFrameProxy&, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&&, const FrameInfoData&, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&&, WebCore::ResourceResponse&& redirectResponse, const UserData&, WebCore::ShouldSkipSafeBrowsingCheck, Ref<PolicyDecisionSender>&&);
- void decidePolicyForNavigationActionAsync(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&&, const FrameInfoData&, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&&, WebCore::ResourceResponse&& redirectResponse, const UserData&, WebCore::ShouldSkipSafeBrowsingCheck, uint64_t listenerID);
- void decidePolicyForNavigationActionSync(uint64_t frameID, bool isMainFrame, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&&, const FrameInfoData&, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&&, WebCore::ResourceResponse&& redirectResponse, const UserData&, WebCore::ShouldSkipSafeBrowsingCheck, Messages::WebPageProxy::DecidePolicyForNavigationActionSync::DelayedReply&&);
+ void decidePolicyForNavigationAction(WebFrameProxy&, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&&, const FrameInfoData&, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&&, IPC::FormDataReference&& requestBody, WebCore::ResourceResponse&& redirectResponse, const UserData&, WebCore::ShouldSkipSafeBrowsingCheck, Ref<PolicyDecisionSender>&&);
+ void decidePolicyForNavigationActionAsync(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&&, const FrameInfoData&, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&&, IPC::FormDataReference&& requestBody, WebCore::ResourceResponse&& redirectResponse, const UserData&, WebCore::ShouldSkipSafeBrowsingCheck, uint64_t listenerID);
+ void decidePolicyForNavigationActionSync(uint64_t frameID, bool isMainFrame, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, NavigationActionData&&, const FrameInfoData&, uint64_t originatingPageID, const WebCore::ResourceRequest& originalRequest, WebCore::ResourceRequest&&, IPC::FormDataReference&& requestBody, WebCore::ResourceResponse&& redirectResponse, const UserData&, WebCore::ShouldSkipSafeBrowsingCheck, Messages::WebPageProxy::DecidePolicyForNavigationActionSync::DelayedReply&&);
void decidePolicyForNewWindowAction(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, NavigationActionData&&, WebCore::ResourceRequest&&, const String& frameName, uint64_t listenerID, const UserData&);
void decidePolicyForResponse(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, const WebCore::ResourceResponse&, const WebCore::ResourceRequest&, bool canShowMIMEType, uint64_t listenerID, const UserData&);
void unableToImplementPolicy(uint64_t frameID, const WebCore::ResourceError&, const UserData&);
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in (237638 => 237639)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in 2018-10-31 16:09:07 UTC (rev 237638)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in 2018-10-31 16:23:27 UTC (rev 237639)
@@ -107,8 +107,8 @@
# Policy messages
DecidePolicyForResponse(uint64_t frameID, struct WebCore::SecurityOriginData frameSecurityOrigin, uint64_t navigationID, WebCore::ResourceResponse response, WebCore::ResourceRequest request, bool canShowMIMEType, uint64_t listenerID, WebKit::UserData userData)
- DecidePolicyForNavigationActionAsync(uint64_t frameID, struct WebCore::SecurityOriginData frameSecurityOrigin, uint64_t navigationID, struct WebKit::NavigationActionData navigationActionData, struct WebKit::FrameInfoData originatingFrameInfoData, uint64_t originatingPageID, WebCore::ResourceRequest originalRequest, WebCore::ResourceRequest request, WebCore::ResourceResponse redirectResponse, WebKit::UserData userData, enum:bool WebCore::ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck, uint64_t listenerID)
- DecidePolicyForNavigationActionSync(uint64_t frameID, bool isMainFrame, struct WebCore::SecurityOriginData frameSecurityOrigin, uint64_t navigationID, struct WebKit::NavigationActionData navigationActionData, struct WebKit::FrameInfoData originatingFrameInfoData, uint64_t originatingPageID, WebCore::ResourceRequest originalRequest, WebCore::ResourceRequest request, WebCore::ResourceResponse redirectResponse, WebKit::UserData userData, enum:bool WebCore::ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck) -> (enum:uint8_t WebCore::PolicyAction policyAction, uint64_t newNavigationID, WebKit::DownloadID downloadID, std::optional<WebKit::WebsitePoliciesData> websitePolicies) Delayed
+ DecidePolicyForNavigationActionAsync(uint64_t frameID, struct WebCore::SecurityOriginData frameSecurityOrigin, uint64_t navigationID, struct WebKit::NavigationActionData navigationActionData, struct WebKit::FrameInfoData originatingFrameInfoData, uint64_t originatingPageID, WebCore::ResourceRequest originalRequest, WebCore::ResourceRequest request, IPC::FormDataReference requestBody, WebCore::ResourceResponse redirectResponse, WebKit::UserData userData, enum:bool WebCore::ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck, uint64_t listenerID)
+ DecidePolicyForNavigationActionSync(uint64_t frameID, bool isMainFrame, struct WebCore::SecurityOriginData frameSecurityOrigin, uint64_t navigationID, struct WebKit::NavigationActionData navigationActionData, struct WebKit::FrameInfoData originatingFrameInfoData, uint64_t originatingPageID, WebCore::ResourceRequest originalRequest, WebCore::ResourceRequest request, IPC::FormDataReference requestBody, WebCore::ResourceResponse redirectResponse, WebKit::UserData userData, enum:bool WebCore::ShouldSkipSafeBrowsingCheck shouldSkipSafeBrowsingCheck) -> (enum:uint8_t WebCore::PolicyAction policyAction, uint64_t newNavigationID, WebKit::DownloadID downloadID, std::optional<WebKit::WebsitePoliciesData> websitePolicies) Delayed
DecidePolicyForNewWindowAction(uint64_t frameID, struct WebCore::SecurityOriginData frameSecurityOrigin, struct WebKit::NavigationActionData navigationActionData, WebCore::ResourceRequest request, String frameName, uint64_t listenerID, WebKit::UserData userData)
UnableToImplementPolicy(uint64_t frameID, WebCore::ResourceError error, WebKit::UserData userData)
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (237638 => 237639)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2018-10-31 16:09:07 UTC (rev 237638)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2018-10-31 16:23:27 UTC (rev 237639)
@@ -30,6 +30,7 @@
#include "DataReference.h"
#include "DrawingArea.h"
#include "FindController.h"
+#include "FormDataReference.h"
#include "FrameInfoData.h"
#include "InjectedBundle.h"
#include "InjectedBundleDOMWindowExtension.h"
@@ -897,7 +898,7 @@
DownloadID downloadID;
std::optional<WebsitePoliciesData> websitePolicies;
- if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForNavigationActionSync(m_frame->frameID(), m_frame->isMainFrame(), SecurityOriginData::fromFrame(coreFrame), documentLoader->navigationID(), navigationActionData, originatingFrameInfoData, originatingPageID, navigationAction.resourceRequest(), request, redirectResponse, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()), shouldSkipSafeBrowsingCheck), Messages::WebPageProxy::DecidePolicyForNavigationActionSync::Reply(policyAction, newNavigationID, downloadID, websitePolicies))) {
+ if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForNavigationActionSync(m_frame->frameID(), m_frame->isMainFrame(), SecurityOriginData::fromFrame(coreFrame), documentLoader->navigationID(), navigationActionData, originatingFrameInfoData, originatingPageID, navigationAction.resourceRequest(), request, IPC::FormDataReference { request.httpBody() }, redirectResponse, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()), shouldSkipSafeBrowsingCheck), Messages::WebPageProxy::DecidePolicyForNavigationActionSync::Reply(policyAction, newNavigationID, downloadID, websitePolicies))) {
m_frame->didReceivePolicyDecision(listenerID, PolicyAction::Ignore, 0, { }, { });
return;
}
@@ -907,7 +908,7 @@
}
ASSERT(policyDecisionMode == PolicyDecisionMode::Asynchronous);
- if (!webPage->send(Messages::WebPageProxy::DecidePolicyForNavigationActionAsync(m_frame->frameID(), SecurityOriginData::fromFrame(coreFrame), documentLoader->navigationID(), navigationActionData, originatingFrameInfoData, originatingPageID, navigationAction.resourceRequest(), request, redirectResponse, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()), shouldSkipSafeBrowsingCheck, listenerID)))
+ if (!webPage->send(Messages::WebPageProxy::DecidePolicyForNavigationActionAsync(m_frame->frameID(), SecurityOriginData::fromFrame(coreFrame), documentLoader->navigationID(), navigationActionData, originatingFrameInfoData, originatingPageID, navigationAction.resourceRequest(), request, IPC::FormDataReference { request.httpBody() }, redirectResponse, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()), shouldSkipSafeBrowsingCheck, listenerID)))
m_frame->didReceivePolicyDecision(listenerID, PolicyAction::Ignore, 0, { }, { });
}