Diff
Modified: trunk/LayoutTests/ChangeLog (200685 => 200686)
--- trunk/LayoutTests/ChangeLog 2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/LayoutTests/ChangeLog 2016-05-11 15:52:09 UTC (rev 200686)
@@ -1,3 +1,21 @@
+2016-05-11 Pranjal Jumde <pju...@apple.com>
+
+ Sites served over insecure connections should not be allowed to use geolocation.
+ https://bugs.webkit.org/show_bug.cgi?id=157423
+ <rdar://problem/23751632>
+
+ Reviewed by Brent Fulgham.
+
+ * http/tests/security/geolocation-over-insecure-content.html: Added.
+ * http/tests/security/geolocation-over-mixed-content-block.html: Added.
+ * http/tests/security/geolocation-over-mixed-content.html: Added.
+ * http/tests/security/insecure-geolocation-expected.txt: Added.
+ * http/tests/security/insecure-geolocation.html: Added.
+ * http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt: Added.
+ * http/tests/security/mixedcontent-geolocation-block-insecure-content.html: Added.
+ * http/tests/security/mixedcontent-geolocation-expected.txt: Added.
+ * http/tests/security/mixedcontent-geolocation.html: Added.
+
2016-05-11 Youenn Fablet <youenn.fab...@crf.canon.fr>
Ensure DOM iterators remain done
Added: trunk/LayoutTests/http/tests/security/geolocation-over-insecure-content.html (0 => 200686)
--- trunk/LayoutTests/http/tests/security/geolocation-over-insecure-content.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/geolocation-over-insecure-content.html 2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,14 @@
+<body _onload_="loaded()">
+<script>
+if (navigator.geolocation) {
+ navigator.geolocation.getCurrentPosition(showPosition);
+}
+function showPosition(position) {
+ console.log("Latitude: " + position.coords.latitude + "Longitude: " + position.coords.longitude);
+}
+function loaded() {
+ if (window.opener)
+ window.opener.postMessage('done', '*');
+}
+</script>
+</body>
Added: trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content-block.html (0 => 200686)
--- trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content-block.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content-block.html 2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,15 @@
+<body _onload_="loaded()">
+<script>
+if (navigator.geolocation) {
+ navigator.geolocation.getCurrentPosition(showPosition);
+}
+function showPosition(position) {
+ console.log("Latitude: " + position.coords.latitude + "Longitude: " + position.coords.longitude);
+}
+function loaded() {
+ if (window.opener)
+ window.opener.postMessage('done', '*');
+}
+</script>
+<img src=""
+</body>
Added: trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content.html (0 => 200686)
--- trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/geolocation-over-mixed-content.html 2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,15 @@
+<body _onload_="loaded()">
+<img src=""
+<script>
+if (navigator.geolocation) {
+ navigator.geolocation.getCurrentPosition(showPosition);
+}
+function showPosition(position) {
+ console.log("Latitude: " + position.coords.latitude + "Longitude: " + position.coords.longitude);
+}
+function loaded() {
+ if (window.opener)
+ window.opener.postMessage('done', '*');
+}
+</script>
+</body>
Added: trunk/LayoutTests/http/tests/security/insecure-geolocation-expected.txt (0 => 200686)
--- trunk/LayoutTests/http/tests/security/insecure-geolocation-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/insecure-geolocation-expected.txt 2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 4: [blocked] Access to geolocation was blocked over insecure connection to http://127.0.0.1:8080.
+
+This test loads an insecure frame that tries to access geolocation. Access to geolocation is blocked over insecure connections.
Added: trunk/LayoutTests/http/tests/security/insecure-geolocation.html (0 => 200686)
--- trunk/LayoutTests/http/tests/security/insecure-geolocation.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/insecure-geolocation.html 2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,22 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+</script>
+<p>This test loads an insecure frame that tries to access geolocation. Access to geolocation is blocked over insecure connections.</p>
+<script>
+_onload_ = function() {
+ window.open("http://127.0.0.1:8080/security/geolocation-over-insecure-content.html");
+}
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt (0 => 200686)
--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt 2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 14: [blocked] The page at https://127.0.0.1:8443/security/geolocation-over-mixed-content-block.html was not allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+This test loads a secure frame with insecure content that tries to access geolocation before loading insecure content. Access to insecure content is blocked over secure connections when geolocation is accessed.
Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html (0 => 200686)
--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html 2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,22 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+</script>
+<p>This test loads a secure frame with insecure content that tries to access geolocation before loading insecure content. Access to insecure content is blocked over secure connections when geolocation is accessed.</p>
+<script>
+_onload_ = function() {
+ window.open("https://127.0.0.1:8443/security/geolocation-over-mixed-content-block.html");
+}
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt (0 => 200686)
--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt 2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: line 2: The page at https://127.0.0.1:8443/security/geolocation-over-mixed-content.html was allowed to display insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+CONSOLE MESSAGE: line 5: [blocked] Access to geolocation was blocked over secure connection with mixed content to https://127.0.0.1:8443.
+
+This test loads a secure frame with mixed content that tries to access geolocation. Access to geolocation is blocked over secure connections with mixed content.
Added: trunk/LayoutTests/http/tests/security/mixedcontent-geolocation.html (0 => 200686)
--- trunk/LayoutTests/http/tests/security/mixedcontent-geolocation.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedcontent-geolocation.html 2016-05-11 15:52:09 UTC (rev 200686)
@@ -0,0 +1,22 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+window.addEventListener("message", function (e) {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+</script>
+<p>This test loads a secure frame with mixed content that tries to access geolocation. Access to geolocation is blocked over secure connections with mixed content.</p>
+<script>
+_onload_ = function() {
+ window.open("https://127.0.0.1:8443/security/geolocation-over-mixed-content.html");
+}
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (200685 => 200686)
--- trunk/Source/WebCore/ChangeLog 2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/Source/WebCore/ChangeLog 2016-05-11 15:52:09 UTC (rev 200686)
@@ -1,3 +1,37 @@
+2016-05-11 Pranjal Jumde <pju...@apple.com>
+
+ Sites served over insecure connections should not be allowed to use geolocation.
+ https://bugs.webkit.org/show_bug.cgi?id=157423
+ <rdar://problem/23751632>
+
+ Reviewed by Brent Fulgham.
+
+ Tests: http/tests/security/insecure-geolocation.html
+ http/tests/security/mixedcontent-geolocation-block-insecure-content.html
+ http/tests/security/mixedcontent-geolocation.html
+
+ * Modules/geolocation/Geolocation.cpp:
+ (WebCore::Geolocation::logError):
+ (WebCore::Geolocation::startRequest):
+ Access to Geolocation will be blocked if site is not secure. An error will be logged when access to Geolocation is blocked.
+ (WebCore::Geolocation::shouldBlockGeolocationRequests)
+ Returns true if the access to the geolocation should be blocked.
+ * Modules/geolocation/Geolocation.h:
+ * dom/SecurityContext.h:
+ (WebCore::SecurityContext::foundMixedContent):
+ Returns true if insecure content was accessed over secure connection.
+ (WebCore::SecurityContext::setFoundMixedContent):
+ Sets m_foundMixedContent to true if insecure content is accessed over secure connection.
+ (WebCore::SecurityContext::geolocationAccessed):
+ Returns true if geolocation was accessed
+ (WebCore::SecurityContext::setGeolocationAccessed):
+ Sets m_geolocationAccessed to true if geolocation was accessed.
+ * loader/MixedContentChecker.cpp:
+ (WebCore::MixedContentChecker::canDisplayInsecureContent):
+ Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
+ (WebCore::MixedContentChecker::canRunInsecureContent):
+ Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
+
2016-05-11 Youenn Fablet <youenn.fab...@crf.canon.fr>
Ensure DOM iterators remain done
Modified: trunk/Source/WebCore/Modules/geolocation/Geolocation.cpp (200685 => 200686)
--- trunk/Source/WebCore/Modules/geolocation/Geolocation.cpp 2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/Source/WebCore/Modules/geolocation/Geolocation.cpp 2016-05-11 15:52:09 UTC (rev 200686)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008, 2009, 2010, 2011 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2016 Apple Inc. All Rights Reserved.
* Copyright (C) 2009 Torch Mobile, Inc.
* Copyright 2010, The Android Open Source Project
*
@@ -43,6 +43,7 @@
#include "SecurityOrigin.h"
#include <wtf/CurrentTime.h>
#include <wtf/Ref.h>
+#include <wtf/text/StringBuilder.h>
namespace WebCore {
@@ -172,6 +173,23 @@
{
return true;
}
+
+static void logError(const String& target, const bool isSecure, const bool isMixedContent, Document* document)
+{
+ StringBuilder message;
+ message.append("[blocked] Access to geolocation was blocked over");
+
+ if (!isSecure)
+ message.append(" insecure connection to ");
+ else if (isMixedContent)
+ message.append(" secure connection with mixed content to ");
+ else
+ return;
+
+ message.append(target);
+ message.append(".\n");
+ document->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message.toString());
+}
void Geolocation::suspend(ReasonForSuspension reason)
{
@@ -337,12 +355,24 @@
return watchID;
}
+bool Geolocation::shouldBlockGeolocationRequests()
+{
+ bool isSecure = SecurityOrigin::isSecure(document()->url());
+ bool hasMixedContent = document()->foundMixedContent();
+ if (securityOrigin()->canRequestGeolocation() && isSecure && !hasMixedContent)
+ return false;
+
+ logError(securityOrigin()->toString(), isSecure, hasMixedContent, document());
+ return true;
+}
+
void Geolocation::startRequest(GeoNotifier* notifier)
{
- if (!securityOrigin()->canRequestGeolocation()) {
+ if (shouldBlockGeolocationRequests()) {
notifier->setFatalError(PositionError::create(PositionError::POSITION_UNAVAILABLE, ASCIILiteral(originCannotRequestGeolocationErrorMessage)));
return;
}
+ document()->setGeolocationAccessed();
// Check whether permissions have already been denied. Note that if this is the case,
// the permission state can not change again in the lifetime of this page.
Modified: trunk/Source/WebCore/Modules/geolocation/Geolocation.h (200685 => 200686)
--- trunk/Source/WebCore/Modules/geolocation/Geolocation.h 2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/Source/WebCore/Modules/geolocation/Geolocation.h 2016-05-11 15:52:09 UTC (rev 200686)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008, 2009, 2010, 2011 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2016 Apple Inc. All Rights Reserved.
* Copyright 2010, The Android Open Source Project
*
* Redistribution and use in source and binary forms, with or without
@@ -72,6 +72,7 @@
void positionChanged();
void setError(GeolocationError*);
+ bool shouldBlockGeolocationRequests();
private:
explicit Geolocation(ScriptExecutionContext*);
Modified: trunk/Source/WebCore/dom/SecurityContext.h (200685 => 200686)
--- trunk/Source/WebCore/dom/SecurityContext.h 2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/Source/WebCore/dom/SecurityContext.h 2016-05-11 15:52:09 UTC (rev 200686)
@@ -75,6 +75,10 @@
WEBCORE_EXPORT SecurityOrigin* securityOrigin() const;
static SandboxFlags parseSandboxPolicy(const String& policy, String& invalidTokensErrorMessage);
+ bool foundMixedContent() const { return m_foundMixedContent; }
+ void setFoundMixedContent() { m_foundMixedContent = true; }
+ bool geolocationAccessed() const { return m_geolocationAccessed; }
+ void setGeolocationAccessed() { m_geolocationAccessed = true; }
protected:
SecurityContext();
@@ -90,6 +94,8 @@
SandboxFlags m_sandboxFlags;
RefPtr<SecurityOriginPolicy> m_securityOriginPolicy;
std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
+ bool m_foundMixedContent { false };
+ bool m_geolocationAccessed { false };
};
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/MixedContentChecker.cpp (200685 => 200686)
--- trunk/Source/WebCore/loader/MixedContentChecker.cpp 2016-05-11 08:20:27 UTC (rev 200685)
+++ trunk/Source/WebCore/loader/MixedContentChecker.cpp 2016-05-11 15:52:09 UTC (rev 200686)
@@ -65,11 +65,13 @@
if (!isMixedContent(securityOrigin, url))
return true;
- bool allowed = m_frame.settings().allowDisplayOfInsecureContent() || type == ContentType::ActiveCanWarn;
+ bool allowed = (m_frame.settings().allowDisplayOfInsecureContent() || type == ContentType::ActiveCanWarn) && !m_frame.document()->geolocationAccessed();
logWarning(allowed, "display", url);
- if (allowed)
+ if (allowed) {
+ m_frame.document()->setFoundMixedContent();
client().didDisplayInsecureContent();
+ }
return allowed;
}
@@ -79,11 +81,13 @@
if (!isMixedContent(securityOrigin, url))
return true;
- bool allowed = m_frame.settings().allowRunningOfInsecureContent();
+ bool allowed = m_frame.settings().allowRunningOfInsecureContent() && !m_frame.document()->geolocationAccessed();
logWarning(allowed, "run", url);
- if (allowed)
+ if (allowed) {
+ m_frame.document()->setFoundMixedContent();
client().didRunInsecureContent(securityOrigin, url);
+ }
return allowed;
}