Diff
Modified: trunk/LayoutTests/ChangeLog (92141 => 92142)
--- trunk/LayoutTests/ChangeLog 2011-08-01 21:16:33 UTC (rev 92141)
+++ trunk/LayoutTests/ChangeLog 2011-08-01 21:18:49 UTC (rev 92142)
@@ -1,3 +1,19 @@
+2011-08-01 Jochen Eisinger <joc...@chromium.org>
+
+ Require explicit user action to override the policy URL on form submissions.
+ https://bugs.webkit.org/show_bug.cgi?id=61809
+
+ Reviewed by Adam Barth.
+
+ * http/tests/loading/redirect-methods-expected.txt:
+ * http/tests/security/cookies/resources/set-a-cookie.php: Added.
+ * http/tests/security/cookies/third-party-cookie-blocking-expected.txt: Added.
+ * http/tests/security/cookies/third-party-cookie-blocking-main-frame-expected.txt: Added.
+ * http/tests/security/cookies/third-party-cookie-blocking-main-frame.html: Added.
+ * http/tests/security/cookies/third-party-cookie-blocking-user-action-expected.txt: Added.
+ * http/tests/security/cookies/third-party-cookie-blocking-user-action.html: Added.
+ * http/tests/security/cookies/third-party-cookie-blocking.html: Added.
+
2011-08-01 Anna Cavender <ann...@chromium.org>
media/track tests should be skipped on all platforms until feature is fully implemented.
Modified: trunk/LayoutTests/http/tests/loading/redirect-methods-expected.txt (92141 => 92142)
--- trunk/LayoutTests/http/tests/loading/redirect-methods-expected.txt 2011-08-01 21:16:33 UTC (rev 92141)
+++ trunk/LayoutTests/http/tests/loading/redirect-methods-expected.txt 2011-08-01 21:18:49 UTC (rev 92142)
@@ -24,8 +24,8 @@
frame "0" - didFinishLoadForFrame
http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading
frame "0" - didStartProvisionalLoadForFrame
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method POST> redirectResponse (null)
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 301>
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null)
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 301>
frame "0" - didReceiveServerRedirectForProvisionalLoadForFrame
http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200>
frame "0" - didCancelClientRedirectForFrame
@@ -54,8 +54,8 @@
frame "1" - didFinishLoadForFrame
http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading
frame "1" - didStartProvisionalLoadForFrame
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method POST> redirectResponse (null)
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 302>
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null)
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 302>
frame "1" - didReceiveServerRedirectForProvisionalLoadForFrame
http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200>
frame "1" - didCancelClientRedirectForFrame
@@ -84,8 +84,8 @@
frame "2" - didFinishLoadForFrame
http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading
frame "2" - didStartProvisionalLoadForFrame
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method POST> redirectResponse (null)
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 303>
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null)
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method GET> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 303>
frame "2" - didReceiveServerRedirectForProvisionalLoadForFrame
http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200>
frame "2" - didCancelClientRedirectForFrame
@@ -114,8 +114,8 @@
frame "3" - didFinishLoadForFrame
http://127.0.0.1:8000/loading/resources/redirect-methods-form.html - didFinishLoading
frame "3" - didStartProvisionalLoadForFrame
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method POST> redirectResponse (null)
-http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http method POST> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 307>
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse (null)
+http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, main document URL http://127.0.0.1:8000/loading/redirect-methods.html, http method POST> redirectResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php, http status code 307>
frame "3" - didReceiveServerRedirectForProvisionalLoadForFrame
http://127.0.0.1:8000/loading/resources/redirect-methods-result.php - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/loading/resources/redirect-methods-result.php?redirected=true, http status code 200>
frame "3" - didCancelClientRedirectForFrame
Added: trunk/LayoutTests/http/tests/security/cookies/resources/set-a-cookie.php (0 => 92142)
--- trunk/LayoutTests/http/tests/security/cookies/resources/set-a-cookie.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/cookies/resources/set-a-cookie.php 2011-08-01 21:18:49 UTC (rev 92142)
@@ -0,0 +1,22 @@
+<?php
+ setcookie("test_cookie", "1", 0, "/");
+?>
+<!DOCTYPE html>
+<html>
+<script>
+function checkCookie()
+{
+ if (document.cookie.indexOf("test_cookie=1") < 0)
+ document.getElementById("log").innerHTML += "Cookie is NOT set";
+ else
+ document.getElementById("log").innerHTML += "Cookie is set";
+ document.cookie = "test_cookie=0; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT";
+
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+<body _onload_="checkCookie()">
+<div id="log"></div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-expected.txt (0 => 92142)
--- trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-expected.txt 2011-08-01 21:18:49 UTC (rev 92142)
@@ -0,0 +1,7 @@
+
+
+
+--------
+Frame: 'iframe'
+--------
+Cookie is NOT set
Added: trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-main-frame-expected.txt (0 => 92142)
--- trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-main-frame-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-main-frame-expected.txt 2011-08-01 21:18:49 UTC (rev 92142)
@@ -0,0 +1 @@
+Cookie is set
Added: trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-main-frame.html (0 => 92142)
--- trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-main-frame.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-main-frame.html 2011-08-01 21:18:49 UTC (rev 92142)
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<title>Checks that a POST resulting in a main frame navigation is not affected by third-party cookie rules</title>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+ layoutTestController.setAlwaysAcceptCookies(false);
+}
+
+function runTest()
+{
+ document.getElementById('form').submit();
+}
+</script>
+<body _onload_="runTest()">
+ <div>
+ <form id="form" action="" method="POST">
+ <input type="submit" />
+ </form>
+ <iframe src="" name="iframe"></iframe>
+ </div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-user-action-expected.txt (0 => 92142)
--- trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-user-action-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-user-action-expected.txt 2011-08-01 21:18:49 UTC (rev 92142)
@@ -0,0 +1,7 @@
+
+
+
+--------
+Frame: 'iframe'
+--------
+Cookie is NOT set
Added: trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-user-action.html (0 => 92142)
--- trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-user-action.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-user-action.html 2011-08-01 21:18:49 UTC (rev 92142)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<title>Checks that a user generated POST request does not circumvent third-party cookie rules</title>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+ layoutTestController.setAlwaysAcceptCookies(false);
+}
+
+function runTest()
+{
+ if (window.eventSender) {
+ // Click somewhere on the button!
+ var form = document.getElementById("form");
+ eventSender.mouseMoveTo(form.offsetLeft + 5, form.offsetTop + 5);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+ }
+}
+</script>
+<body _onload_="runTest()">
+ <div>
+ <form id="form" action="" method="POST" target="iframe">
+ <input type="submit" />
+ </form>
+ <iframe src="" name="iframe"></iframe>
+ </div>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking.html (0 => 92142)
--- trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cookies/third-party-cookie-blocking.html 2011-08-01 21:18:49 UTC (rev 92142)
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<title>Checks that a script generated POST request does not circumvent third-party cookie rules</title>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+ layoutTestController.setAlwaysAcceptCookies(false);
+}
+
+function runTest()
+{
+ document.getElementById('form').submit();
+}
+</script>
+<body _onload_="runTest()">
+ <div>
+ <form id="form" action="" method="POST" target="iframe">
+ <input type="submit" />
+ </form>
+ <iframe src="" name="iframe"></iframe>
+ </div>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (92141 => 92142)
--- trunk/Source/WebCore/ChangeLog 2011-08-01 21:16:33 UTC (rev 92141)
+++ trunk/Source/WebCore/ChangeLog 2011-08-01 21:18:49 UTC (rev 92142)
@@ -1,3 +1,24 @@
+2011-08-01 Jochen Eisinger <joc...@chromium.org>
+
+ Never override the policy URL on form submissions.
+ https://bugs.webkit.org/show_bug.cgi?id=61809
+
+ Reviewed by Adam Barth.
+
+ Tests: http/tests/security/cookies/third-party-cookie-blocking-main-frame.html
+ http/tests/security/cookies/third-party-cookie-blocking-user-action.html
+ http/tests/security/cookies/third-party-cookie-blocking.html
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::loadURL):
+ (WebCore::FrameLoader::addExtraFieldsToSubresourceRequest):
+ (WebCore::FrameLoader::addExtraFieldsToMainResourceRequest):
+ (WebCore::FrameLoader::addExtraFieldsToRequest):
+ (WebCore::FrameLoader::loadPostRequest):
+ (WebCore::FrameLoader::loadDifferentDocumentItem):
+ * loader/FrameLoader.h:
+
+
2011-08-01 Ryosuke Niwa <rn...@webkit.org>
Update comment added in r92139 per Darin's suggestion.
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (92141 => 92142)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2011-08-01 21:16:33 UTC (rev 92141)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2011-08-01 21:18:49 UTC (rev 92142)
@@ -1175,7 +1175,7 @@
RefPtr<SecurityOrigin> referrerOrigin = SecurityOrigin::createFromString(referrer);
addHTTPOriginIfNeeded(request, referrerOrigin->toString());
}
- addExtraFieldsToRequest(request, newLoadType, true, event || isFormSubmission);
+ addExtraFieldsToRequest(request, newLoadType, true);
if (newLoadType == FrameLoadTypeReload || newLoadType == FrameLoadTypeReloadFromOrigin)
request.setCachePolicy(ReloadIgnoringCacheData);
@@ -2437,20 +2437,20 @@
void FrameLoader::addExtraFieldsToSubresourceRequest(ResourceRequest& request)
{
- addExtraFieldsToRequest(request, m_loadType, false, false);
+ addExtraFieldsToRequest(request, m_loadType, false);
}
void FrameLoader::addExtraFieldsToMainResourceRequest(ResourceRequest& request)
{
- addExtraFieldsToRequest(request, m_loadType, true, false);
+ addExtraFieldsToRequest(request, m_loadType, true);
}
-void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request, FrameLoadType loadType, bool mainResource, bool cookiePolicyURLFromRequest)
+void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request, FrameLoadType loadType, bool mainResource)
{
// Don't set the cookie policy URL if it's already been set.
// But make sure to set it on all requests, as it has significance beyond the cookie policy for all protocols (<rdar://problem/6616664>).
if (request.firstPartyForCookies().isEmpty()) {
- if (mainResource && (isLoadingMainFrame() || cookiePolicyURLFromRequest))
+ if (mainResource && isLoadingMainFrame())
request.setFirstPartyForCookies(request.url());
else if (Document* document = m_frame->document())
request.setFirstPartyForCookies(document->firstPartyForCookies());
@@ -2550,7 +2550,7 @@
workingResourceRequest.setHTTPMethod("POST");
workingResourceRequest.setHTTPBody(formData);
workingResourceRequest.setHTTPContentType(contentType);
- addExtraFieldsToRequest(workingResourceRequest, loadType, true, true);
+ addExtraFieldsToRequest(workingResourceRequest, loadType, true);
NavigationAction action(url, loadType, true, event);
@@ -3024,7 +3024,7 @@
// Make sure to add extra fields to the request after the Origin header is added for the FormData case.
// See https://bugs.webkit.org/show_bug.cgi?id=22194 for more discussion.
- addExtraFieldsToRequest(request, m_loadType, true, formData);
+ addExtraFieldsToRequest(request, m_loadType, true);
addedExtraFields = true;
// FIXME: Slight hack to test if the NSURL cache contains the page we're going to.
@@ -3067,7 +3067,7 @@
}
if (!addedExtraFields)
- addExtraFieldsToRequest(request, m_loadType, true, formData);
+ addExtraFieldsToRequest(request, m_loadType, true);
loadWithNavigationAction(request, action, false, loadType, 0);
}
Modified: trunk/Source/WebCore/loader/FrameLoader.h (92141 => 92142)
--- trunk/Source/WebCore/loader/FrameLoader.h 2011-08-01 21:16:33 UTC (rev 92141)
+++ trunk/Source/WebCore/loader/FrameLoader.h 2011-08-01 21:18:49 UTC (rev 92142)
@@ -301,7 +301,7 @@
void updateFirstPartyForCookies();
void setFirstPartyForCookies(const KURL&);
- void addExtraFieldsToRequest(ResourceRequest&, FrameLoadType loadType, bool isMainResource, bool cookiePolicyURLFromRequest);
+ void addExtraFieldsToRequest(ResourceRequest&, FrameLoadType, bool isMainResource);
void clearProvisionalLoad();
void transitionToCommitted(PassRefPtr<CachedPage>);
