- Revision
- 213126
- Author
- achristen...@apple.com
- Date
- 2017-02-28 00:30:44 -0800 (Tue, 28 Feb 2017)
Log Message
Main resource requests need cachePartition
https://bugs.webkit.org/show_bug.cgi?id=168806
Source/WebCore:
<rdar://30639764>
Reviewed by Brady Eidson.
Test: http/tests/security/credentials-main-resource.html
r211751 caused an unintended regression on pages whose main resource is protected
by basic authentication. We were not setting the cache partition for main resource
requests, and we use the cache partition now for credentials, so the credentials for
the main resource were not being put into a partition in the CredentialStorage that
would not be used for subresources of the page, whose requests had the correct partition
for the domain of the page. This caused users to have to enter their credentials twice,
once for the main resource and once for any subresources. This is fixed by using the
domain from the main resource request as the cache partition. Elsewhere the Document is
used to get the cache partition, but there is no Document yet when requesting the main resource.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::startLoadingMainResource):
Set the cache partition for the main resource loads based on the SecurityOrigin of the
initial request if we are loading the main resource for a new top document. If the main resource
request is redirected, then we will still use the partition of the initial request because that is
what the user requested and that is where the user entered the credentials.
* loader/cache/CachedResourceLoader.h:
* loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::setDomainForCachePartition):
* loader/cache/CachedResourceRequest.h:
Source/WebKit2:
Reviewed by Brady Eidson.
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::continueWillSendRequest):
LayoutTests:
Reviewed by Brady Eidson.
* http/tests/security/credentials-main-resource-expected.txt: Added.
* http/tests/security/credentials-main-resource.html: Added.
* http/tests/security/resources/credentials-main-resource.php: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (213125 => 213126)
--- trunk/LayoutTests/ChangeLog 2017-02-28 08:28:33 UTC (rev 213125)
+++ trunk/LayoutTests/ChangeLog 2017-02-28 08:30:44 UTC (rev 213126)
@@ -1,5 +1,16 @@
2017-02-28 Alex Christensen <achristen...@webkit.org>
+ Main resource requests need cachePartition
+ https://bugs.webkit.org/show_bug.cgi?id=168806
+
+ Reviewed by Brady Eidson.
+
+ * http/tests/security/credentials-main-resource-expected.txt: Added.
+ * http/tests/security/credentials-main-resource.html: Added.
+ * http/tests/security/resources/credentials-main-resource.php: Added.
+
+2017-02-28 Alex Christensen <achristen...@webkit.org>
+
REGRESSION: LayoutTest http/tests/security/credentials-iframes.html is failing on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=167967
Added: trunk/LayoutTests/http/tests/security/credentials-main-resource-expected.txt (0 => 213126)
--- trunk/LayoutTests/http/tests/security/credentials-main-resource-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/credentials-main-resource-expected.txt 2017-02-28 08:30:44 UTC (rev 213126)
@@ -0,0 +1,3 @@
+ALERT: Authenticated as user: testuser password: testpass
+Main Resource Credentials: testuser, testpass
+
Added: trunk/LayoutTests/http/tests/security/credentials-main-resource.html (0 => 213126)
--- trunk/LayoutTests/http/tests/security/credentials-main-resource.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/credentials-main-resource.html 2017-02-28 08:30:44 UTC (rev 213126)
@@ -0,0 +1,8 @@
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ internals.settings.setStorageBlockingPolicy('BlockThirdParty');
+}
+window.location = "http://testuser:testpass@127.0.0.1:8000/security/resources/credentials-main-resource.php";
+</script>
Added: trunk/LayoutTests/http/tests/security/resources/credentials-main-resource.php (0 => 213126)
--- trunk/LayoutTests/http/tests/security/resources/credentials-main-resource.php (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/credentials-main-resource.php 2017-02-28 08:30:44 UTC (rev 213126)
@@ -0,0 +1,24 @@
+<?php
+ if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ header('WWW-Authenticate: Basic realm="WebKit test - credentials-in-main-resource"');
+ header('HTTP/1.0 401 Unauthorized');
+ exit;
+ }
+ echo "Main Resource Credentials: " . $_SERVER['PHP_AUTH_USER'] . ", " . $_SERVER['PHP_AUTH_PW'] . "<br/>";
+?>
+<script>
+
+if (window.internals)
+ internals.settings.setStorageBlockingPolicy('BlockThirdParty');
+
+var request = new XMLHttpRequest();
+request._onreadystatechange_ = function () {
+ if (this.readyState == 4) {
+ alert(this.responseText);
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+};
+request.open('GET', 'http://127.0.0.1:8000/security/resources/basic-auth.php?username=testuser&password=testpass', true);
+request.send(null);
+</script>
Modified: trunk/Source/WebCore/ChangeLog (213125 => 213126)
--- trunk/Source/WebCore/ChangeLog 2017-02-28 08:28:33 UTC (rev 213125)
+++ trunk/Source/WebCore/ChangeLog 2017-02-28 08:30:44 UTC (rev 213126)
@@ -1,5 +1,36 @@
2017-02-28 Alex Christensen <achristen...@webkit.org>
+ Main resource requests need cachePartition
+ https://bugs.webkit.org/show_bug.cgi?id=168806
+ <rdar://30639764>
+
+ Reviewed by Brady Eidson.
+
+ Test: http/tests/security/credentials-main-resource.html
+
+ r211751 caused an unintended regression on pages whose main resource is protected
+ by basic authentication. We were not setting the cache partition for main resource
+ requests, and we use the cache partition now for credentials, so the credentials for
+ the main resource were not being put into a partition in the CredentialStorage that
+ would not be used for subresources of the page, whose requests had the correct partition
+ for the domain of the page. This caused users to have to enter their credentials twice,
+ once for the main resource and once for any subresources. This is fixed by using the
+ domain from the main resource request as the cache partition. Elsewhere the Document is
+ used to get the cache partition, but there is no Document yet when requesting the main resource.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::startLoadingMainResource):
+ Set the cache partition for the main resource loads based on the SecurityOrigin of the
+ initial request if we are loading the main resource for a new top document. If the main resource
+ request is redirected, then we will still use the partition of the initial request because that is
+ what the user requested and that is where the user entered the credentials.
+ * loader/cache/CachedResourceLoader.h:
+ * loader/cache/CachedResourceRequest.cpp:
+ (WebCore::CachedResourceRequest::setDomainForCachePartition):
+ * loader/cache/CachedResourceRequest.h:
+
+2017-02-28 Alex Christensen <achristen...@webkit.org>
+
REGRESSION: LayoutTest http/tests/security/credentials-iframes.html is failing on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=167967
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (213125 => 213126)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2017-02-28 08:28:33 UTC (rev 213125)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2017-02-28 08:30:44 UTC (rev 213126)
@@ -1479,7 +1479,16 @@
RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Starting load (frame = %p, main = %d)", m_frame, m_frame->isMainFrame());
static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, IncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
- m_mainResource = m_cachedResourceLoader->requestMainResource(CachedResourceRequest(ResourceRequest(request), mainResourceLoadOptions));
+ CachedResourceRequest mainResourceRequest(ResourceRequest(request), mainResourceLoadOptions);
+ if (!m_frame->isMainFrame() && m_frame->document()) {
+ // If we are loading the main resource of a subframe, use the cache partition of the main document.
+ mainResourceRequest.setDomainForCachePartition(*m_frame->document());
+ } else {
+ auto origin = SecurityOrigin::create(request.url());
+ origin->setStorageBlockingPolicy(frameLoader()->frame().settings().storageBlockingPolicy());
+ mainResourceRequest.setDomainForCachePartition(origin->domainForCachePartition());
+ }
+ m_mainResource = m_cachedResourceLoader->requestMainResource(WTFMove(mainResourceRequest));
#if ENABLE(CONTENT_EXTENSIONS)
if (m_mainResource && m_mainResource->errorOccurred() && m_frame->page() && m_mainResource->resourceError().domain() == ContentExtensions::WebKitContentBlockerDomain) {
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.h (213125 => 213126)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2017-02-28 08:28:33 UTC (rev 213125)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2017-02-28 08:30:44 UTC (rev 213126)
@@ -53,6 +53,7 @@
class DocumentLoader;
class Frame;
class ImageLoader;
+class Settings;
class URL;
// The CachedResourceLoader provides a per-context interface to the MemoryCache
Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp (213125 => 213126)
--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2017-02-28 08:28:33 UTC (rev 213125)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2017-02-28 08:30:44 UTC (rev 213126)
@@ -134,6 +134,11 @@
m_resourceRequest.setDomainForCachePartition(document.topOrigin().domainForCachePartition());
}
+void CachedResourceRequest::setDomainForCachePartition(const String& domain)
+{
+ m_resourceRequest.setDomainForCachePartition(domain);
+}
+
static inline String acceptHeaderValueFromType(CachedResource::Type type)
{
switch (type) {
Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.h (213125 => 213126)
--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.h 2017-02-28 08:28:33 UTC (rev 213125)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.h 2017-02-28 08:30:44 UTC (rev 213126)
@@ -76,6 +76,7 @@
void applyBlockedStatus(const ContentExtensions::BlockedStatus&);
#endif
void setDomainForCachePartition(Document&);
+ void setDomainForCachePartition(const String&);
bool isLinkPreload() const { return m_isLinkPreload; }
void setIsLinkPreload() { m_isLinkPreload = true; }
Modified: trunk/Source/WebKit2/ChangeLog (213125 => 213126)
--- trunk/Source/WebKit2/ChangeLog 2017-02-28 08:28:33 UTC (rev 213125)
+++ trunk/Source/WebKit2/ChangeLog 2017-02-28 08:30:44 UTC (rev 213126)
@@ -1,3 +1,13 @@
+2017-02-28 Alex Christensen <achristen...@webkit.org>
+
+ Main resource requests need cachePartition
+ https://bugs.webkit.org/show_bug.cgi?id=168806
+
+ Reviewed by Brady Eidson.
+
+ * NetworkProcess/NetworkResourceLoader.cpp:
+ (WebKit::NetworkResourceLoader::continueWillSendRequest):
+
2017-02-27 Alex Christensen <achristen...@webkit.org>
Begin enabling WebRTC on 64-bit
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp (213125 => 213126)
--- trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp 2017-02-28 08:28:33 UTC (rev 213125)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp 2017-02-28 08:30:44 UTC (rev 213126)
@@ -472,8 +472,9 @@
{
RELEASE_LOG_IF_ALLOWED("continueWillSendRequest: (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ")", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier);
- // If there is a match in the network cache, we need to reuse the original cache policy.
+ // If there is a match in the network cache, we need to reuse the original cache policy and partition.
newRequest.setCachePolicy(originalRequest().cachePolicy());
+ newRequest.setCachePartition(originalRequest().cachePartition());
#if ENABLE(NETWORK_CACHE)
if (m_isWaitingContinueWillSendRequestForCachedRedirect) {