Diff
Modified: trunk/LayoutTests/ChangeLog (216552 => 216553)
--- trunk/LayoutTests/ChangeLog 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/LayoutTests/ChangeLog 2017-05-09 22:53:13 UTC (rev 216553)
@@ -1,3 +1,24 @@
+2017-05-09 Sam Weinig <s...@webkit.org>
+
+ Implement Subresource Integrity (SRI)
+ https://bugs.webkit.org/show_bug.cgi?id=148363
+ <rdar://problem/18945879>
+
+ Reviewed by Youenn Fablet.
+
+ Add tests for Subresource Integrity for Fetch based off the ones from Web
+ Platform Tests. Additional tests for more CORS combinations have been added.
+
+ * http/tests/subresource-integrity/resources/crossorigin-anon-resource.txt: Added.
+ * http/tests/subresource-integrity/resources/crossorigin-creds-resource.txt: Added.
+ * http/tests/subresource-integrity/resources/crossorigin-ineligible-resource.txt: Added.
+ * http/tests/subresource-integrity/resources/resource.txt: Added.
+ * http/tests/subresource-integrity/sri-fetch-expected.txt: Added.
+ * http/tests/subresource-integrity/sri-fetch-worker-expected.txt: Added.
+ * http/tests/subresource-integrity/sri-fetch-worker.html: Added.
+ * http/tests/subresource-integrity/sri-fetch.html: Added.
+ * http/tests/subresource-integrity/sri-fetch.js: Added.
+
2017-05-09 Matt Lewis <jlew...@apple.com>
Marked webrtc/captureCanvas-webrtc.html as flaky.
Added: trunk/LayoutTests/http/tests/subresource-integrity/resources/crossorigin-anon-resource.txt (0 => 216553)
--- trunk/LayoutTests/http/tests/subresource-integrity/resources/crossorigin-anon-resource.txt (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/resources/crossorigin-anon-resource.txt 2017-05-09 22:53:13 UTC (rev 216553)
@@ -0,0 +1 @@
+top
\ No newline at end of file
Added: trunk/LayoutTests/http/tests/subresource-integrity/resources/crossorigin-creds-resource.txt (0 => 216553)
--- trunk/LayoutTests/http/tests/subresource-integrity/resources/crossorigin-creds-resource.txt (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/resources/crossorigin-creds-resource.txt 2017-05-09 22:53:13 UTC (rev 216553)
@@ -0,0 +1 @@
+top
\ No newline at end of file
Added: trunk/LayoutTests/http/tests/subresource-integrity/resources/crossorigin-ineligible-resource.txt (0 => 216553)
--- trunk/LayoutTests/http/tests/subresource-integrity/resources/crossorigin-ineligible-resource.txt (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/resources/crossorigin-ineligible-resource.txt 2017-05-09 22:53:13 UTC (rev 216553)
@@ -0,0 +1 @@
+top
\ No newline at end of file
Added: trunk/LayoutTests/http/tests/subresource-integrity/resources/resource.txt (0 => 216553)
--- trunk/LayoutTests/http/tests/subresource-integrity/resources/resource.txt (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/resources/resource.txt 2017-05-09 22:53:13 UTC (rev 216553)
@@ -0,0 +1 @@
+top
\ No newline at end of file
Added: trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt (0 => 216553)
--- trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt 2017-05-09 22:53:13 UTC (rev 216553)
@@ -0,0 +1,34 @@
+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/subresource-integrity/resources/resource.txt. Failed integrity metadata check.
+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/subresource-integrity/resources/resource.txt. Failed integrity metadata check.
+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/subresource-integrity/resources/resource.txt. Failed integrity metadata check.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-anon-resource.txt. Failed integrity metadata check.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-creds-resource.txt. Failed integrity metadata check.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-ineligible-resource.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-ineligible-resource.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-ineligible-resource.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+
+PASS Empty string integrity
+PASS SHA-256 integrity
+PASS SHA-384 integrity
+PASS SHA-512 integrity
+PASS Invalid integrity
+PASS Unknown integrity
+PASS Multiple integrities: valid stronger than invalid
+PASS Multiple integrities: invalid stronger than valid
+PASS Multiple integrities: invalid as strong as valid
+PASS Multiple integrities: both are valid
+PASS Multiple integrities: both are invalid
+PASS Anonymous CORS empty integrity
+PASS Anonymous CORS SHA-512 integrity
+PASS Anonymous CORS invalid integrity
+PASS Credential CORS empty integrity
+PASS Credential CORS SHA-512 integrity
+PASS Credential CORS invalid integrity
+PASS Ineligible CORS empty integrity
+PASS Ineligible CORS SHA-512 integrity
+PASS Ineligible CORS invalid integrity
+PASS SHA-256 integrity with 'no-cors' mode
+
Added: trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt (0 => 216553)
--- trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt 2017-05-09 22:53:13 UTC (rev 216553)
@@ -0,0 +1,26 @@
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+
+PASS Empty string integrity
+PASS SHA-256 integrity
+PASS SHA-384 integrity
+PASS SHA-512 integrity
+PASS Invalid integrity
+PASS Unknown integrity
+PASS Multiple integrities: valid stronger than invalid
+PASS Multiple integrities: invalid stronger than valid
+PASS Multiple integrities: invalid as strong as valid
+PASS Multiple integrities: both are valid
+PASS Multiple integrities: both are invalid
+PASS Anonymous CORS empty integrity
+PASS Anonymous CORS SHA-512 integrity
+PASS Anonymous CORS invalid integrity
+PASS Credential CORS empty integrity
+PASS Credential CORS SHA-512 integrity
+PASS Credential CORS invalid integrity
+PASS Ineligible CORS empty integrity
+PASS Ineligible CORS SHA-512 integrity
+PASS Ineligible CORS invalid integrity
+PASS SHA-256 integrity with 'no-cors' mode
+
Added: trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker.html (0 => 216553)
--- trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker.html (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker.html 2017-05-09 22:53:13 UTC (rev 216553)
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <script src=""
+ <script src=""
+</head>
+<body>
+ <script>
+ fetch_tests_from_worker(new Worker("sri-fetch.js"));
+ </script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch.html (0 => 216553)
--- trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch.html (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch.html 2017-05-09 22:53:13 UTC (rev 216553)
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <script src=""
+ <script src=""
+ <script src=""
+</head>
+<body>
+ <script src=""
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch.js (0 => 216553)
--- trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch.js (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch.js 2017-05-09 22:53:13 UTC (rev 216553)
@@ -0,0 +1,63 @@
+if (this.document === undefined) {
+ importScripts("/js-test-resources/testharness.js");
+ importScripts("resources/sri-utilities.js");
+}
+
+var main_host = '127.0.0.1';
+var remote_host = 'localhost';
+var port_string = "8000";
+var main_host_and_port = main_host + ':' + port_string;
+var remote_host_and_port = remote_host + ':' + port_string;
+
+var resource = "resources/resource.txt";
+var crossorigin_anon_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-anon-resource.txt';
+var crossorigin_creds_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-creds-resource.txt';
+var crossorigin_ineligible_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-ineligible-resource.txt';
+
+function integrity(desc, url, options, expectedError) {
+ if (expectedError === undefined) {
+ promise_test(function(test) {
+ return fetch(url, options).then(function(resp) {
+ assert_equals(resp.status, 200, "Response's status is 200");
+ });
+ }, desc);
+ } else {
+ promise_test(function(test) {
+ return promise_rejects(test, expectedError, fetch(url, options));
+ }, desc);
+ }
+}
+
+var topSha256 = "sha256-KHIDZcXnR2oBHk9DrAA+5fFiR6JjudYjqoXtMR1zvzk=";
+var topSha384 = "sha384-MgZYnnAzPM/MjhqfOIMfQK5qcFvGZsGLzx4Phd7/A8fHTqqLqXqKo8cNzY3xEPTL";
+var topSha512 = "sha512-D6yns0qxG0E7+TwkevZ4Jt5t7Iy3ugmAajG/dlf6Pado1JqTyneKXICDiqFIkLMRExgtvg8PlxbKTkYfRejSOg==";
+var invalidSha256 = "sha256-dKUcPOn/AlUjWIwcHeHNqYXPlvyGiq+2dWOdFcE+24I=";
+var invalidSha512 = "sha512-oUceBRNxPxnY60g/VtPCj2syT4wo4EZh2CgYdWy9veW8+OsReTXoh7dizMGZafvx9+QhMS39L/gIkxnPIn41Zg==";
+var unknownAlgorithm = "foo666-dKUcPOn/AlUjWIwcHeHNqYXPlvyGiq+2dWOdFcE+24I=";
+
+integrity("Empty string integrity", resource, { 'integrity': "" });
+integrity("SHA-256 integrity", resource, { 'integrity': topSha256 });
+integrity("SHA-384 integrity", resource, { 'integrity': topSha384 });
+integrity("SHA-512 integrity", resource, { 'integrity': topSha512 });
+integrity("Invalid integrity", resource, { 'integrity': invalidSha256 }, new TypeError());
+integrity("Unknown integrity", resource, { 'integrity': unknownAlgorithm });
+integrity("Multiple integrities: valid stronger than invalid", resource, { 'integrity': invalidSha256 + " " + topSha384 });
+integrity("Multiple integrities: invalid stronger than valid", resource, { 'integrity': invalidSha512 + " " + topSha384 }, new TypeError());
+integrity("Multiple integrities: invalid as strong as valid", resource, { 'integrity': invalidSha512 + " " + topSha512 });
+integrity("Multiple integrities: both are valid", resource, { 'integrity': topSha384 + " " + topSha512 });
+integrity("Multiple integrities: both are invalid", resource, { 'integrity': invalidSha256 + " " + invalidSha512 }, new TypeError());
+integrity("Anonymous CORS empty integrity", crossorigin_anon_resource, { 'integrity': "" });
+integrity("Anonymous CORS SHA-512 integrity", crossorigin_anon_resource, { 'integrity': topSha512 });
+integrity("Anonymous CORS invalid integrity", crossorigin_anon_resource, { 'integrity': invalidSha512 }, new TypeError());
+
+// FIXME: Upstream these additional tests to the official web-platform-tests repository.
+
+integrity("Credential CORS empty integrity", crossorigin_creds_resource, { 'integrity': "", 'credentials': 'include' });
+integrity("Credential CORS SHA-512 integrity", crossorigin_creds_resource, { 'integrity': topSha512, 'credentials': 'include' });
+integrity("Credential CORS invalid integrity", crossorigin_creds_resource, { 'integrity': invalidSha512, 'credentials': 'include' }, new TypeError());
+integrity("Ineligible CORS empty integrity", crossorigin_ineligible_resource, { 'integrity': "" }, new TypeError());
+integrity("Ineligible CORS SHA-512 integrity", crossorigin_ineligible_resource, { 'integrity': topSha512 }, new TypeError());
+integrity("Ineligible CORS invalid integrity", crossorigin_ineligible_resource, { 'integrity': invalidSha512 }, new TypeError());
+integrity("SHA-256 integrity with 'no-cors' mode", resource, { 'integrity': topSha256, 'mode': 'no-cors' }, new TypeError());
+
+done();
Modified: trunk/LayoutTests/http/tests/subresource-integrity/sri-script.html (216552 => 216553)
--- trunk/LayoutTests/http/tests/subresource-integrity/sri-script.html 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/LayoutTests/http/tests/subresource-integrity/sri-script.html 2017-05-09 22:53:13 UTC (rev 216553)
@@ -162,6 +162,7 @@
);
// WebKit additions to the web-platform-tests test cases.
+// FIXME: Upstream these additional tests to the official web-platform-tests repository.
new SRIScriptTest(
true,
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (216552 => 216553)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2017-05-09 22:53:13 UTC (rev 216553)
@@ -1,3 +1,15 @@
+2017-05-09 Sam Weinig <s...@webkit.org>
+
+ Implement Subresource Integrity (SRI)
+ https://bugs.webkit.org/show_bug.cgi?id=148363
+ <rdar://problem/18945879>
+
+ Reviewed by Youenn Fablet.
+
+ * web-platform-tests/fetch/api/basic/integrity-expected.txt:
+ * web-platform-tests/fetch/api/basic/integrity-worker-expected.txt:
+ Update results now that integrity is implemented.
+
2017-05-09 Youenn Fablet <you...@apple.com>
Refresh webrtc WPT tests
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/integrity-expected.txt (216552 => 216553)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/integrity-expected.txt 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/integrity-expected.txt 2017-05-09 22:53:13 UTC (rev 216553)
@@ -1,15 +1,19 @@
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/top.txt. Failed integrity metadata check.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/top.txt. Failed integrity metadata check.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/top.txt. Failed integrity metadata check.
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8801/fetch/api/resources/top.txt?pipe=header(Access-Control-Allow-Origin,*). Failed integrity metadata check.
PASS Empty string integrity
PASS SHA-256 integrity
PASS SHA-384 integrity
PASS SHA-512 integrity
-FAIL Invalid integrity assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Invalid integrity
PASS Multiple integrities: valid stronger than invalid
-FAIL Multiple integrities: invalid stronger than valid assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Multiple integrities: invalid stronger than valid
PASS Multiple integrities: invalid as strong as valid
PASS Multiple integrities: both are valid
-FAIL Multiple integrities: both are invalid assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Multiple integrities: both are invalid
PASS CORS empty integrity
PASS CORS SHA-512 integrity
-FAIL CORS invalid integrity assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS CORS invalid integrity
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/integrity-worker-expected.txt (216552 => 216553)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/integrity-worker-expected.txt 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/integrity-worker-expected.txt 2017-05-09 22:53:13 UTC (rev 216553)
@@ -3,13 +3,13 @@
PASS SHA-256 integrity
PASS SHA-384 integrity
PASS SHA-512 integrity
-FAIL Invalid integrity assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Invalid integrity
PASS Multiple integrities: valid stronger than invalid
-FAIL Multiple integrities: invalid stronger than valid assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Multiple integrities: invalid stronger than valid
PASS Multiple integrities: invalid as strong as valid
PASS Multiple integrities: both are valid
-FAIL Multiple integrities: both are invalid assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Multiple integrities: both are invalid
PASS CORS empty integrity
PASS CORS SHA-512 integrity
-FAIL CORS invalid integrity assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS CORS invalid integrity
Modified: trunk/Source/WebCore/ChangeLog (216552 => 216553)
--- trunk/Source/WebCore/ChangeLog 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/Source/WebCore/ChangeLog 2017-05-09 22:53:13 UTC (rev 216553)
@@ -1,3 +1,43 @@
+2017-05-09 Sam Weinig <s...@webkit.org>
+
+ Implement Subresource Integrity (SRI) [Part 2 - Fetch]
+ https://bugs.webkit.org/show_bug.cgi?id=148363
+ <rdar://problem/18945879>
+
+ Reviewed by Youenn Fablet.
+
+ Tests: http/tests/subresource-integrity/sri-fetch-worker.html
+ http/tests/subresource-integrity/sri-fetch.html
+
+ * loader/FetchOptions.h:
+ * loader/ThreadableLoader.cpp:
+ (WebCore::ThreadableLoaderOptions::isolatedCopy):
+ * loader/ThreadableLoader.h:
+ * loader/WorkerThreadableLoader.cpp:
+ (WebCore::LoaderTaskOptions::LoaderTaskOptions):
+ Add integrity metadata to the fetch options, and fix the implementation of
+ ThreadableLoaderOptions::isolatedCopy to work correctly (it was missing isolated
+ copy derivedCachedDataTypesToRetrieve).
+
+ * Modules/fetch/FetchRequest.cpp:
+ (WebCore::buildOptions):
+ (WebCore::FetchRequest::initializeOptions):
+ * Modules/fetch/FetchRequest.h:
+ Switch to using the integrity metadata on the fetchOptions, removing the need to
+ store them directly on the internal request.
+
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
+ (WebCore::DocumentThreadableLoader::didReceiveResponse):
+ (WebCore::DocumentThreadableLoader::didReceiveData):
+ (WebCore::DocumentThreadableLoader::didFinishLoading):
+ (WebCore::DocumentThreadableLoader::loadRequest):
+ (WebCore::DocumentThreadableLoader::reportIntegrityMetadataError):
+ * loader/DocumentThreadableLoader.h:
+ Add a new flag, m_delayCallbacksForIntegrityCheck, which is used when integrity metadata
+ is present, so we can implement the 'wait' concept from the fetch spec, and delay informing
+ the clients until we have validated the integrity metadata.
+
2017-05-09 Commit Queue <commit-qu...@webkit.org>
Unreviewed, rolling out r216545.
Modified: trunk/Source/WebCore/Modules/fetch/FetchRequest.cpp (216552 => 216553)
--- trunk/Source/WebCore/Modules/fetch/FetchRequest.cpp 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/Source/WebCore/Modules/fetch/FetchRequest.cpp 2017-05-09 22:53:13 UTC (rev 216553)
@@ -105,7 +105,7 @@
request.options.redirect = init.redirect.value();
if (!init.integrity.isNull())
- request.integrity = init.integrity;
+ request.options.integrity = init.integrity;
if (!init.method.isNull()) {
if (auto exception = setMethod(request.request, init.method))
@@ -132,7 +132,7 @@
const String& method = m_internalRequest.request.httpMethod();
if (method != "GET" && method != "POST" && method != "HEAD")
return Exception { TypeError, ASCIILiteral("Method must be GET, POST or HEAD in no-cors mode.") };
- if (!m_internalRequest.integrity.isEmpty())
+ if (!m_internalRequest.options.integrity.isEmpty())
return Exception { TypeError, ASCIILiteral("There cannot be an integrity in no-cors mode.") };
m_headers->setGuard(FetchHeaders::Guard::RequestNoCors);
}
Modified: trunk/Source/WebCore/Modules/fetch/FetchRequest.h (216552 => 216553)
--- trunk/Source/WebCore/Modules/fetch/FetchRequest.h 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/Source/WebCore/Modules/fetch/FetchRequest.h 2017-05-09 22:53:13 UTC (rev 216553)
@@ -83,7 +83,7 @@
Cache cache() const;
Redirect redirect() const;
- const String& integrity() const { return m_internalRequest.integrity; }
+ const String& integrity() const { return m_internalRequest.options.integrity; }
ExceptionOr<Ref<FetchRequest>> clone(ScriptExecutionContext&);
@@ -91,7 +91,6 @@
ResourceRequest request;
FetchOptions options;
String referrer;
- String integrity;
};
const FetchOptions& fetchOptions() const { return m_internalRequest.options; }
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (216552 => 216553)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2017-05-09 22:53:13 UTC (rev 216553)
@@ -52,6 +52,7 @@
#include "RuntimeEnabledFeatures.h"
#include "SchemeRegistry.h"
#include "SecurityOrigin.h"
+#include "SubresourceIntegrity.h"
#include "SubresourceLoader.h"
#include "ThreadableLoaderClient.h"
#include <wtf/Assertions.h>
@@ -95,6 +96,7 @@
, m_sameOriginRequest(securityOrigin().canRequest(request.url()))
, m_simpleRequest(true)
, m_async(blockingBehavior == LoadAsynchronously)
+ , m_delayCallbacksForIntegrityCheck(!m_options.integrity.isEmpty())
, m_contentSecurityPolicy(WTFMove(contentSecurityPolicy))
, m_shouldLogError(shouldLogError)
{
@@ -296,6 +298,9 @@
InspectorInstrumentation::didReceiveThreadableLoaderResponse(*this, identifier);
+ if (m_delayCallbacksForIntegrityCheck)
+ return;
+
if (options().filteringPolicy == ResponseFilteringPolicy::Disable) {
m_client->didReceiveResponse(identifier, response);
return;
@@ -324,6 +329,9 @@
{
ASSERT(m_client);
+ if (m_delayCallbacksForIntegrityCheck)
+ return;
+
m_client->didReceiveData(data, dataLength);
}
@@ -361,6 +369,27 @@
void DocumentThreadableLoader::didFinishLoading(unsigned long identifier)
{
ASSERT(m_client);
+
+ if (m_delayCallbacksForIntegrityCheck) {
+ if (!matchIntegrityMetadata(*m_resource, m_options.integrity)) {
+ reportIntegrityMetadataError(m_resource->url());
+ return;
+ }
+
+ auto response = m_resource->response();
+
+ if (options().filteringPolicy == ResponseFilteringPolicy::Disable) {
+ m_client->didReceiveResponse(identifier, response);
+ m_client->didReceiveData(m_resource->resourceBuffer()->data(), m_resource->resourceBuffer()->size());
+ } else {
+ ASSERT(response.type() == ResourceResponse::Type::Default);
+
+ auto tainting = m_resource->responseTainting();
+ m_client->didReceiveResponse(identifier, ResourceResponse::filterResponse(response, tainting));
+ m_client->didReceiveData(m_resource->resourceBuffer()->data(), m_resource->resourceBuffer()->size());
+ }
+ }
+
m_client->didFinishLoading(identifier);
}
@@ -407,6 +436,10 @@
ResourceLoaderOptions options = m_options;
options.clientCredentialPolicy = m_sameOriginRequest ? ClientCredentialPolicy::MayAskClientForCredentials : ClientCredentialPolicy::CannotAskClientForCredentials;
options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck;
+
+ // If there is integrity metadata to validate, we must buffer.
+ if (!m_options.integrity.isEmpty())
+ options.dataBufferingPolicy = BufferData;
request.setAllowCookies(m_options.allowCredentials == AllowStoredCredentials);
CachedResourceRequest newRequest(WTFMove(request), options);
@@ -574,6 +607,11 @@
logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Cross-Origin Resource Sharing policy.", ResourceError::Type::AccessControl));
}
+void DocumentThreadableLoader::reportIntegrityMetadataError(const URL& url)
+{
+ logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, url, "Failed integrity metadata check.", ResourceError::Type::General));
+}
+
void DocumentThreadableLoader::logErrorAndFail(const ResourceError& error)
{
if (m_shouldLogError == ShouldLogError::Yes)
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.h (216552 => 216553)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.h 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.h 2017-05-09 22:53:13 UTC (rev 216553)
@@ -118,6 +118,7 @@
void reportRedirectionWithBadScheme(const URL&);
void reportContentSecurityPolicyError(const URL&);
void reportCrossOriginResourceSharingError(const URL&);
+ void reportIntegrityMetadataError(const URL&);
void logErrorAndFail(const ResourceError&);
CachedResourceHandle<CachedRawResource> m_resource;
@@ -129,6 +130,7 @@
bool m_sameOriginRequest;
bool m_simpleRequest;
bool m_async;
+ bool m_delayCallbacksForIntegrityCheck;
std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
std::optional<CrossOriginPreflightChecker> m_preflightChecker;
std::optional<HTTPHeaderMap> m_originalHeaders;
Modified: trunk/Source/WebCore/loader/FetchOptions.h (216552 => 216553)
--- trunk/Source/WebCore/loader/FetchOptions.h 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/Source/WebCore/loader/FetchOptions.h 2017-05-09 22:53:13 UTC (rev 216553)
@@ -28,6 +28,8 @@
#pragma once
+#include <wtf/text/WTFString.h>
+
namespace WebCore {
struct FetchOptions {
@@ -51,6 +53,8 @@
enum class ReferrerPolicy { EmptyString, NoReferrer, NoReferrerWhenDowngrade, Origin, OriginWhenCrossOrigin, UnsafeUrl };
ReferrerPolicy referrerPolicy { ReferrerPolicy::EmptyString };
+
+ String integrity;
};
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/ThreadableLoader.cpp (216552 => 216553)
--- trunk/Source/WebCore/loader/ThreadableLoader.cpp 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/Source/WebCore/loader/ThreadableLoader.cpp 2017-05-09 22:53:13 UTC (rev 216553)
@@ -60,6 +60,48 @@
{
}
+ThreadableLoaderOptions ThreadableLoaderOptions::isolatedCopy() const
+{
+ ThreadableLoaderOptions copy;
+
+ // FetchOptions
+ copy.type = this->type;
+ copy.destination = this->destination;
+ copy.mode = this->mode;
+ copy.credentials = this->credentials;
+ copy.cache = this->cache;
+ copy.redirect = this->redirect;
+ copy.referrerPolicy = this->referrerPolicy;
+ copy.integrity = this->integrity.isolatedCopy();
+
+ // ResourceLoaderOptions
+ copy.sendLoadCallbacks = this->sendLoadCallbacks;
+ copy.sniffContent = this->sniffContent;
+ copy.dataBufferingPolicy = this->dataBufferingPolicy;
+ copy.allowCredentials = this->allowCredentials;
+ copy.securityCheck = this->securityCheck;
+ copy.certificateInfoPolicy = this->certificateInfoPolicy;
+ copy.contentSecurityPolicyImposition = this->contentSecurityPolicyImposition;
+ copy.defersLoadingPolicy = this->defersLoadingPolicy;
+ copy.cachingPolicy = this->cachingPolicy;
+ copy.sameOriginDataURLFlag = this->sameOriginDataURLFlag;
+ copy.initiatorContext = this->initiatorContext;
+ copy.clientCredentialPolicy = this->clientCredentialPolicy;
+ copy.maxRedirectCount = this->maxRedirectCount;
+ copy.derivedCachedDataTypesToRetrieve.reserveInitialCapacity(this->derivedCachedDataTypesToRetrieve.size());
+ for (auto& derivedCachedDataType : this->derivedCachedDataTypesToRetrieve)
+ copy.derivedCachedDataTypesToRetrieve.uncheckedAppend(derivedCachedDataType.isolatedCopy());
+
+ // ThreadableLoaderOptions
+ copy.preflightPolicy = this->preflightPolicy;
+ copy.contentSecurityPolicyEnforcement = this->contentSecurityPolicyEnforcement;
+ copy.initiator = this->initiator.isolatedCopy();
+ copy.filteringPolicy = this->filteringPolicy;
+
+ return copy;
+}
+
+
RefPtr<ThreadableLoader> ThreadableLoader::create(ScriptExecutionContext& context, ThreadableLoaderClient& client, ResourceRequest&& request, const ThreadableLoaderOptions& options, String&& referrer)
{
if (is<WorkerGlobalScope>(context))
Modified: trunk/Source/WebCore/loader/ThreadableLoader.h (216552 => 216553)
--- trunk/Source/WebCore/loader/ThreadableLoader.h 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/Source/WebCore/loader/ThreadableLoader.h 2017-05-09 22:53:13 UTC (rev 216553)
@@ -66,6 +66,8 @@
ThreadableLoaderOptions(const ResourceLoaderOptions&, PreflightPolicy, ContentSecurityPolicyEnforcement, String&& initiator, ResponseFilteringPolicy);
~ThreadableLoaderOptions();
+ ThreadableLoaderOptions isolatedCopy() const;
+
PreflightPolicy preflightPolicy { ConsiderPreflight };
ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement { ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective };
String initiator; // This cannot be an AtomicString, as isolatedCopy() wouldn't create an object that's safe for passing to another thread.
Modified: trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp (216552 => 216553)
--- trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp 2017-05-09 22:52:05 UTC (rev 216552)
+++ trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp 2017-05-09 22:53:13 UTC (rev 216553)
@@ -94,7 +94,7 @@
};
LoaderTaskOptions::LoaderTaskOptions(const ThreadableLoaderOptions& options, const String& referrer, Ref<SecurityOrigin>&& origin)
- : options(options, options.preflightPolicy, options.contentSecurityPolicyEnforcement, options.initiator.isolatedCopy(), options.filteringPolicy)
+ : options(options.isolatedCopy())
, referrer(referrer.isolatedCopy())
, origin(WTFMove(origin))
{