Title: [200686] trunk
Revision
200686
Author
bfulg...@apple.com
Date
2016-05-11 08:52:09 -0700 (Wed, 11 May 2016)

Log Message

Sites served over insecure connections should not be allowed to use geolocation.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

Patch by Pranjal Jumde <pju...@apple.com> on 2016-05-11
Reviewed by Brent Fulgham.

Source/WebCore:

Tests: http/tests/security/insecure-geolocation.html
       http/tests/security/mixedcontent-geolocation-block-insecure-content.html
       http/tests/security/mixedcontent-geolocation.html

* Modules/geolocation/Geolocation.cpp:
(WebCore::Geolocation::logError):
(WebCore::Geolocation::startRequest):
Access to Geolocation will be blocked if site is not secure. An error will be logged when access to Geolocation is blocked.
(WebCore::Geolocation::shouldBlockGeolocationRequests)
Returns true if the access to the geolocation should be blocked.
* Modules/geolocation/Geolocation.h:
* dom/SecurityContext.h:
(WebCore::SecurityContext::foundMixedContent):
Returns true if insecure content was accessed over secure connection.
(WebCore::SecurityContext::setFoundMixedContent):
Sets m_foundMixedContent to true if insecure content is accessed over secure connection.
(WebCore::SecurityContext::geolocationAccessed):
Returns true if geolocation was accessed
(WebCore::SecurityContext::setGeolocationAccessed):
Sets m_geolocationAccessed to true if geolocation was accessed.
* loader/MixedContentChecker.cpp:
(WebCore::MixedContentChecker::canDisplayInsecureContent):
Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
(WebCore::MixedContentChecker::canRunInsecureContent):
Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.

LayoutTests:

* http/tests/security/geolocation-over-insecure-content.html: Added.
* http/tests/security/geolocation-over-mixed-content-block.html: Added.
* http/tests/security/geolocation-over-mixed-content.html: Added.
* http/tests/security/insecure-geolocation-expected.txt: Added.
* http/tests/security/insecure-geolocation.html: Added.
* http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt: Added.
* http/tests/security/mixedcontent-geolocation-block-insecure-content.html: Added.
* http/tests/security/mixedcontent-geolocation-expected.txt: Added.
* http/tests/security/mixedcontent-geolocation.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (200685 => 200686)


--- trunk/LayoutTests/ChangeLog	2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/LayoutTests/ChangeLog	2016-05-11 15:52:09 UTC (rev 200686)
@@ -1,3 +1,21 @@
+2016-05-11  Pranjal Jumde  <pju...@apple.com>
+
+        Sites served over insecure connections should not be allowed to use geolocation.
+        https://bugs.webkit.org/show_bug.cgi?id=157423
+        <rdar://problem/23751632>
+
+        Reviewed by Brent Fulgham.
+
+        * http/tests/security/geolocation-over-insecure-content.html: Added.
+        * http/tests/security/geolocation-over-mixed-content-block.html: Added.
+        * http/tests/security/geolocation-over-mixed-content.html: Added.
+        * http/tests/security/insecure-geolocation-expected.txt: Added.
+        * http/tests/security/insecure-geolocation.html: Added.
+        * http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt: Added.
+        * http/tests/security/mixedcontent-geolocation-block-insecure-content.html: Added.
+        * http/tests/security/mixedcontent-geolocation-expected.txt: Added.
+        * http/tests/security/mixedcontent-geolocation.html: Added.
+
 2016-05-11  Youenn Fablet  <youenn.fab...@crf.canon.fr>
 
         Ensure DOM iterators remain done

Added: trunk/LayoutTests/http/tests/security/geolocation-over-insecure-content.html (0 => 200686)


--- trunk/LayoutTests/http/tests/security/geolocation-over-insecure-content.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/geolocation-over-insecure-content.html	2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,14 @@
+<body _onload_="loaded()">
+<script>
+if (navigator.geolocation) {
+    navigator.geolocation.getCurrentPosition(showPosition);
+} 
+function showPosition(position) {
+    console.log("Latitude: " + position.coords.latitude + "Longitude: " + position.coords.longitude);	
+}
+function loaded() {
+    if (window.opener)
+        window.opener.postMessage('done', '*');
+}
+</script>
+</body>

Added: trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content-block.html (0 => 200686)


--- trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content-block.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content-block.html	2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,15 @@
+<body _onload_="loaded()">
+<script>
+if (navigator.geolocation) {
+    navigator.geolocation.getCurrentPosition(showPosition);
+}
+function showPosition(position) {
+    console.log("Latitude: " + position.coords.latitude + "Longitude: " + position.coords.longitude);
+}
+function loaded() {
+    if (window.opener)
+        window.opener.postMessage('done', '*');
+}
+</script>
+<img src=""
+</body>

Added: trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content.html (0 => 200686)


--- trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content.html	2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,15 @@
+<body _onload_="loaded()">
+<img src=""
+<script>
+if (navigator.geolocation) {
+    navigator.geolocation.getCurrentPosition(showPosition);
+}
+function showPosition(position) {
+    console.log("Latitude: " + position.coords.latitude + "Longitude: " + position.coords.longitude);
+}
+function loaded() {
+    if (window.opener)
+        window.opener.postMessage('done', '*');
+}
+</script>
+</body>

Added: trunk/LayoutTests/http/tests/security/insecure-geolocation-expected.txt (0 => 200686)


--- trunk/LayoutTests/http/tests/security/insecure-geolocation-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/insecure-geolocation-expected.txt	2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 4: [blocked] Access to geolocation was blocked over insecure connection to http://127.0.0.1:8080.
+
+This test loads an insecure frame that tries to access geolocation. Access to geolocation is blocked over insecure connections.

Added: trunk/LayoutTests/http/tests/security/insecure-geolocation.html (0 => 200686)


--- trunk/LayoutTests/http/tests/security/insecure-geolocation.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/insecure-geolocation.html	2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,22 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.setCanOpenWindows();
+    testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, false);
+</script>
+<p>This test loads an insecure frame that tries to access geolocation.  Access to geolocation is blocked over insecure connections.</p>
+<script>
+_onload_ = function() {
+    window.open("http://127.0.0.1:8080/security/geolocation-over-insecure-content.html");
+}
+</script>
+</body>
+</html>

Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt (0 => 200686)


--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt	2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 14: [blocked] The page at https://127.0.0.1:8443/security/geolocation-over-mixed-content-block.html was not allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+This test loads a secure frame with insecure content that tries to access geolocation before loading insecure content. Access to insecure content is blocked over secure connections when geolocation is accessed.

Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html (0 => 200686)


--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html	2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,22 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.setCanOpenWindows();
+    testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, false);
+</script>
+<p>This test loads a secure frame with insecure content that tries to access geolocation before loading insecure content.  Access to insecure content is blocked over secure connections when geolocation is accessed.</p>
+<script>
+_onload_ = function() {
+    window.open("https://127.0.0.1:8443/security/geolocation-over-mixed-content-block.html");
+}
+</script>
+</body>
+</html>

Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt (0 => 200686)


--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt	2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: line 2: The page at https://127.0.0.1:8443/security/geolocation-over-mixed-content.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+CONSOLE MESSAGE: line 5: [blocked] Access to geolocation was blocked over secure connection with mixed content to https://127.0.0.1:8443.
+
+This test loads a secure frame with mixed content that tries to access geolocation. Access to geolocation is blocked over secure connections with mixed content.

Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation.html (0 => 200686)


--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation.html	2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,22 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+    testRunner.setCanOpenWindows();
+    testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, false);
+</script>
+<p>This test loads a secure frame with mixed content that tries to access geolocation.  Access to geolocation is blocked over secure connections with mixed content.</p>
+<script>
+_onload_ = function() {
+    window.open("https://127.0.0.1:8443/security/geolocation-over-mixed-content.html");
+}
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (200685 => 200686)


--- trunk/Source/WebCore/ChangeLog	2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/Source/WebCore/ChangeLog	2016-05-11 15:52:09 UTC (rev 200686)
@@ -1,3 +1,37 @@
+2016-05-11  Pranjal Jumde  <pju...@apple.com>
+
+        Sites served over insecure connections should not be allowed to use geolocation.
+        https://bugs.webkit.org/show_bug.cgi?id=157423
+        <rdar://problem/23751632>
+
+        Reviewed by Brent Fulgham.
+
+        Tests: http/tests/security/insecure-geolocation.html
+               http/tests/security/mixedcontent-geolocation-block-insecure-content.html
+               http/tests/security/mixedcontent-geolocation.html
+
+        * Modules/geolocation/Geolocation.cpp:
+        (WebCore::Geolocation::logError):
+        (WebCore::Geolocation::startRequest):
+        Access to Geolocation will be blocked if site is not secure. An error will be logged when access to Geolocation is blocked.
+        (WebCore::Geolocation::shouldBlockGeolocationRequests)
+        Returns true if the access to the geolocation should be blocked.
+        * Modules/geolocation/Geolocation.h:
+        * dom/SecurityContext.h:
+        (WebCore::SecurityContext::foundMixedContent):
+        Returns true if insecure content was accessed over secure connection.
+        (WebCore::SecurityContext::setFoundMixedContent):
+        Sets m_foundMixedContent to true if insecure content is accessed over secure connection.
+        (WebCore::SecurityContext::geolocationAccessed):
+        Returns true if geolocation was accessed
+        (WebCore::SecurityContext::setGeolocationAccessed):
+        Sets m_geolocationAccessed to true if geolocation was accessed.
+        * loader/MixedContentChecker.cpp:
+        (WebCore::MixedContentChecker::canDisplayInsecureContent):
+        Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
+        (WebCore::MixedContentChecker::canRunInsecureContent):
+        Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
+
 2016-05-11  Youenn Fablet  <youenn.fab...@crf.canon.fr>
 
         Ensure DOM iterators remain done

Modified: trunk/Source/WebCore/Modules/geolocation/Geolocation.cpp (200685 => 200686)


--- trunk/Source/WebCore/Modules/geolocation/Geolocation.cpp	2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/Source/WebCore/Modules/geolocation/Geolocation.cpp	2016-05-11 15:52:09 UTC (rev 200686)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008, 2009, 2010, 2011 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2016 Apple Inc. All Rights Reserved.
  * Copyright (C) 2009 Torch Mobile, Inc.
  * Copyright 2010, The Android Open Source Project
  *
@@ -43,6 +43,7 @@
 #include "SecurityOrigin.h"
 #include <wtf/CurrentTime.h>
 #include <wtf/Ref.h>
+#include <wtf/text/StringBuilder.h>
 
 namespace WebCore {
 
@@ -172,6 +173,23 @@
 {
     return true;
 }
+    
+static void logError(const String& target, const bool isSecure, const bool isMixedContent, Document* document)
+{
+    StringBuilder message;
+    message.append("[blocked] Access to geolocation was blocked over");
+    
+    if (!isSecure)
+        message.append(" insecure connection to ");
+    else if (isMixedContent)
+        message.append(" secure connection with mixed content to ");
+    else
+        return;
+    
+    message.append(target);
+    message.append(".\n");
+    document->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message.toString());
+}
 
 void Geolocation::suspend(ReasonForSuspension reason)
 {
@@ -337,12 +355,24 @@
     return watchID;
 }
 
+bool Geolocation::shouldBlockGeolocationRequests()
+{
+    bool isSecure = SecurityOrigin::isSecure(document()->url());
+    bool hasMixedContent = document()->foundMixedContent();
+    if (securityOrigin()->canRequestGeolocation() && isSecure && !hasMixedContent)
+        return false;
+    
+    logError(securityOrigin()->toString(), isSecure, hasMixedContent, document());
+    return true;
+}
+
 void Geolocation::startRequest(GeoNotifier* notifier)
 {
-    if (!securityOrigin()->canRequestGeolocation()) {
+    if (shouldBlockGeolocationRequests()) {
         notifier->setFatalError(PositionError::create(PositionError::POSITION_UNAVAILABLE, ASCIILiteral(originCannotRequestGeolocationErrorMessage)));
         return;
     }
+    document()->setGeolocationAccessed();
 
     // Check whether permissions have already been denied. Note that if this is the case,
     // the permission state can not change again in the lifetime of this page.

Modified: trunk/Source/WebCore/Modules/geolocation/Geolocation.h (200685 => 200686)


--- trunk/Source/WebCore/Modules/geolocation/Geolocation.h	2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/Source/WebCore/Modules/geolocation/Geolocation.h	2016-05-11 15:52:09 UTC (rev 200686)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008, 2009, 2010, 2011 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2016 Apple Inc. All Rights Reserved.
  * Copyright 2010, The Android Open Source Project
  *
  * Redistribution and use in source and binary forms, with or without
@@ -72,6 +72,7 @@
 
     void positionChanged();
     void setError(GeolocationError*);
+    bool shouldBlockGeolocationRequests();
 
 private:
     explicit Geolocation(ScriptExecutionContext*);

Modified: trunk/Source/WebCore/dom/SecurityContext.h (200685 => 200686)


--- trunk/Source/WebCore/dom/SecurityContext.h	2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/Source/WebCore/dom/SecurityContext.h	2016-05-11 15:52:09 UTC (rev 200686)
@@ -75,6 +75,10 @@
     WEBCORE_EXPORT SecurityOrigin* securityOrigin() const;
 
     static SandboxFlags parseSandboxPolicy(const String& policy, String& invalidTokensErrorMessage);
+    bool foundMixedContent() const { return m_foundMixedContent; }
+    void setFoundMixedContent() { m_foundMixedContent = true; }
+    bool geolocationAccessed() const { return m_geolocationAccessed; }
+    void setGeolocationAccessed() { m_geolocationAccessed = true; }
 
 protected:
     SecurityContext();
@@ -90,6 +94,8 @@
     SandboxFlags m_sandboxFlags;
     RefPtr<SecurityOriginPolicy> m_securityOriginPolicy;
     std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
+    bool m_foundMixedContent { false };
+    bool m_geolocationAccessed { false };
 };
 
 } // namespace WebCore

Modified: trunk/Source/WebCore/loader/MixedContentChecker.cpp (200685 => 200686)


--- trunk/Source/WebCore/loader/MixedContentChecker.cpp	2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/Source/WebCore/loader/MixedContentChecker.cpp	2016-05-11 15:52:09 UTC (rev 200686)
@@ -65,11 +65,13 @@
     if (!isMixedContent(securityOrigin, url))
         return true;
 
-    bool allowed = m_frame.settings().allowDisplayOfInsecureContent() || type == ContentType::ActiveCanWarn;
+    bool allowed = (m_frame.settings().allowDisplayOfInsecureContent() || type == ContentType::ActiveCanWarn) && !m_frame.document()->geolocationAccessed();
     logWarning(allowed, "display", url);
 
-    if (allowed)
+    if (allowed) {
+        m_frame.document()->setFoundMixedContent();
         client().didDisplayInsecureContent();
+    }
 
     return allowed;
 }
@@ -79,11 +81,13 @@
     if (!isMixedContent(securityOrigin, url))
         return true;
 
-    bool allowed = m_frame.settings().allowRunningOfInsecureContent();
+    bool allowed = m_frame.settings().allowRunningOfInsecureContent() && !m_frame.document()->geolocationAccessed();
     logWarning(allowed, "run", url);
 
-    if (allowed)
+    if (allowed) {
+        m_frame.document()->setFoundMixedContent();
         client().didRunInsecureContent(securityOrigin, url);
+    }
 
     return allowed;
 }
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to