Diff
Modified: branches/safari-612-branch/LayoutTests/ChangeLog (286400 => 286401)
--- branches/safari-612-branch/LayoutTests/ChangeLog 2021-12-02 00:18:19 UTC (rev 286400)
+++ branches/safari-612-branch/LayoutTests/ChangeLog 2021-12-02 00:18:23 UTC (rev 286401)
@@ -1,5 +1,54 @@
2021-12-01 Alan Coon <alanc...@apple.com>
+ Cherry-pick r285320. rdar://problem/85943167
+
+ Form action with a redirect should report correct blocked URI
+ https://bugs.webkit.org/show_bug.cgi?id=232660
+ <rdar://problem/84969024>
+
+ Reviewed by Brent Fulgham.
+
+ Source/WebCore:
+
+ We currently report the blocked URI as the target of a redirect, per
+ the spec it should actually be the initiating url.
+
+ Test: http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::willSendRequest):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::checkIfFormActionAllowedByCSP const):
+ * loader/FrameLoader.h:
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::allowResourceFromSource const):
+ (WebCore::ContentSecurityPolicy::allowFormAction const):
+ * page/csp/ContentSecurityPolicy.h:
+
+ LayoutTests:
+
+ * http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt:
+ Update console logging to report the correct URL.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@285320 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-11-04 Kate Cheney <katherine_che...@apple.com>
+
+ Form action with a redirect should report correct blocked URI
+ https://bugs.webkit.org/show_bug.cgi?id=232660
+ <rdar://problem/84969024>
+
+ Reviewed by Brent Fulgham.
+
+ * http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt:
+ Update console logging to report the correct URL.
+
+2021-12-01 Alan Coon <alanc...@apple.com>
+
Cherry-pick r285570. rdar://problem/83070565
Fix crash in GraphicsContextCG::endTransparencyLayer
Modified: branches/safari-612-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt (286400 => 286401)
--- branches/safari-612-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt 2021-12-02 00:18:19 UTC (rev 286400)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt 2021-12-02 00:18:23 UTC (rev 286401)
@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: Refused to load http://localhost:8000/navigation/resources/form-target.pl because it does not appear in the form-action directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/navigation/resources/redirection-response.py?host=localhost:8000&status=302&target=form-target.pl because it does not appear in the form-action directive of the Content Security Policy.
Tests that blocking form redirect works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.
Added: branches/safari-612-branch/LayoutTests/http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri-expected.txt (0 => 286401)
--- branches/safari-612-branch/LayoutTests/http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri-expected.txt (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri-expected.txt 2021-12-02 00:18:23 UTC (rev 286401)
@@ -0,0 +1,7 @@
+CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/navigation/resources/redirection-response.py?host=localhost:8000&status=302&target=form-target.pl because it does not appear in the form-action directive of the Content Security Policy.
+
+Tests that blocking form redirect reports the correct blockedURI.
+
+blockedURI = http://127.0.0.1:8000/navigation/resources/redirection-response.py?host=localhost:8000&status=302&target=form-target.pl
+
+
Added: branches/safari-612-branch/LayoutTests/http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html (0 => 286401)
--- branches/safari-612-branch/LayoutTests/http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html 2021-12-02 00:18:23 UTC (rev 286401)
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="form-action 127.0.0.1:8000">
+<script>
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ }
+ window.addEventListener('load', function() {
+ setTimeout(function() {
+ document.getElementById('submit').click();
+ }, 0);
+ });
+
+ window.addEventListener('securitypolicyviolation', e => {
+ document.body.innerHTML += `blockedURI = <b>${e.blockedURI}</b><br/><br/>`;
+ testRunner.notifyDone();
+ });
+
+</script>
+</head>
+<body>
+ <form id="form1" action="" method="post">
+ <input type='text' name='fieldname' value='fieldvalue'>
+ <input type='submit' id='submit' value='submit'>
+ </form>
+
+ <p>
+ Tests that blocking form redirect reports the correct blockedURI.
+ </p>
+</body>
+</html>
Modified: branches/safari-612-branch/Source/WebCore/ChangeLog (286400 => 286401)
--- branches/safari-612-branch/Source/WebCore/ChangeLog 2021-12-02 00:18:19 UTC (rev 286400)
+++ branches/safari-612-branch/Source/WebCore/ChangeLog 2021-12-02 00:18:23 UTC (rev 286401)
@@ -1,5 +1,64 @@
2021-12-01 Alan Coon <alanc...@apple.com>
+ Cherry-pick r285320. rdar://problem/85943167
+
+ Form action with a redirect should report correct blocked URI
+ https://bugs.webkit.org/show_bug.cgi?id=232660
+ <rdar://problem/84969024>
+
+ Reviewed by Brent Fulgham.
+
+ Source/WebCore:
+
+ We currently report the blocked URI as the target of a redirect, per
+ the spec it should actually be the initiating url.
+
+ Test: http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::willSendRequest):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::checkIfFormActionAllowedByCSP const):
+ * loader/FrameLoader.h:
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::allowResourceFromSource const):
+ (WebCore::ContentSecurityPolicy::allowFormAction const):
+ * page/csp/ContentSecurityPolicy.h:
+
+ LayoutTests:
+
+ * http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html: Added.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt:
+ Update console logging to report the correct URL.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@285320 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-11-04 Kate Cheney <katherine_che...@apple.com>
+
+ Form action with a redirect should report correct blocked URI
+ https://bugs.webkit.org/show_bug.cgi?id=232660
+ <rdar://problem/84969024>
+
+ Reviewed by Brent Fulgham.
+
+ We currently report the blocked URI as the target of a redirect, per
+ the spec it should actually be the initiating url.
+
+ Test: http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::willSendRequest):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::checkIfFormActionAllowedByCSP const):
+ * loader/FrameLoader.h:
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::allowResourceFromSource const):
+ (WebCore::ContentSecurityPolicy::allowFormAction const):
+ * page/csp/ContentSecurityPolicy.h:
+
+2021-12-01 Alan Coon <alanc...@apple.com>
+
Cherry-pick r286309. rdar://problem/84665699
Use scriptDisallowedScope in FrameSelection::updateAppearance
Modified: branches/safari-612-branch/Source/WebCore/loader/DocumentLoader.cpp (286400 => 286401)
--- branches/safari-612-branch/Source/WebCore/loader/DocumentLoader.cpp 2021-12-02 00:18:19 UTC (rev 286400)
+++ branches/safari-612-branch/Source/WebCore/loader/DocumentLoader.cpp 2021-12-02 00:18:23 UTC (rev 286401)
@@ -638,7 +638,7 @@
reportingEndpointsCache->addEndpointsFromResponse(redirectResponse);
}
- if (!frameLoader()->checkIfFormActionAllowedByCSP(newRequest.url(), didReceiveRedirectResponse)) {
+ if (!frameLoader()->checkIfFormActionAllowedByCSP(newRequest.url(), didReceiveRedirectResponse, redirectResponse.url())) {
DOCUMENTLOADER_RELEASE_LOG("willSendRequest: canceling - form action not allowed by CSP");
cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
return completionHandler(WTFMove(newRequest));
Modified: branches/safari-612-branch/Source/WebCore/loader/FrameLoader.cpp (286400 => 286401)
--- branches/safari-612-branch/Source/WebCore/loader/FrameLoader.cpp 2021-12-02 00:18:19 UTC (rev 286400)
+++ branches/safari-612-branch/Source/WebCore/loader/FrameLoader.cpp 2021-12-02 00:18:23 UTC (rev 286401)
@@ -1035,13 +1035,13 @@
return m_frame.document()->securityOrigin().toString();
}
-bool FrameLoader::checkIfFormActionAllowedByCSP(const URL& url, bool didReceiveRedirectResponse) const
+bool FrameLoader::checkIfFormActionAllowedByCSP(const URL& url, bool didReceiveRedirectResponse, const URL& preRedirectURL) const
{
if (m_submittedFormURL.isEmpty())
return true;
auto redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No;
- return m_frame.document()->contentSecurityPolicy()->allowFormAction(url, redirectResponseReceived);
+ return m_frame.document()->contentSecurityPolicy()->allowFormAction(url, redirectResponseReceived, preRedirectURL);
}
void FrameLoader::setOpener(Frame* opener)
Modified: branches/safari-612-branch/Source/WebCore/loader/FrameLoader.h (286400 => 286401)
--- branches/safari-612-branch/Source/WebCore/loader/FrameLoader.h 2021-12-02 00:18:19 UTC (rev 286400)
+++ branches/safari-612-branch/Source/WebCore/loader/FrameLoader.h 2021-12-02 00:18:23 UTC (rev 286401)
@@ -241,7 +241,7 @@
void forceSandboxFlags(SandboxFlags flags) { m_forcedSandboxFlags |= flags; }
WEBCORE_EXPORT SandboxFlags effectiveSandboxFlags() const;
- bool checkIfFormActionAllowedByCSP(const URL&, bool didReceiveRedirectResponse) const;
+ bool checkIfFormActionAllowedByCSP(const URL&, bool didReceiveRedirectResponse, const URL& preRedirectURL) const;
WEBCORE_EXPORT Frame* opener();
WEBCORE_EXPORT const Frame* opener() const;
Modified: branches/safari-612-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (286400 => 286401)
--- branches/safari-612-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2021-12-02 00:18:19 UTC (rev 286400)
+++ branches/safari-612-branch/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2021-12-02 00:18:23 UTC (rev 286401)
@@ -561,15 +561,16 @@
return allPoliciesAllow(WTFMove(handleViolatedDirective), &ContentSecurityPolicyDirectiveList::violatedDirectiveForFrame, url, redirectResponseReceived == RedirectResponseReceived::Yes);
}
-bool ContentSecurityPolicy::allowResourceFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived, const char* name, ResourcePredicate resourcePredicate) const
+bool ContentSecurityPolicy::allowResourceFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived, const char* name, ResourcePredicate resourcePredicate, const URL& preRedirectURL) const
{
if (LegacySchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol().toStringWithoutCopying()))
return true;
String sourceURL;
+ const auto& blockedURL = !preRedirectURL.isNull() ? preRedirectURL : url;
TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());
auto handleViolatedDirective = [&] (const ContentSecurityPolicyDirective& violatedDirective) {
- String consoleMessage = consoleMessageForViolation(name, violatedDirective, url, "Refused to load");
- reportViolation(name, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);
+ String consoleMessage = consoleMessageForViolation(name, violatedDirective, blockedURL, "Refused to load");
+ reportViolation(name, violatedDirective, blockedURL.string(), consoleMessage, sourceURL, sourcePosition);
};
return allPoliciesAllow(WTFMove(handleViolatedDirective), resourcePredicate, url, redirectResponseReceived == RedirectResponseReceived::Yes);
}
@@ -624,9 +625,9 @@
return allPoliciesAllow(WTFMove(handleViolatedDirective), &ContentSecurityPolicyDirectiveList::violatedDirectiveForConnectSource, url, redirectResponseReceived == RedirectResponseReceived::Yes);
}
-bool ContentSecurityPolicy::allowFormAction(const URL& url, RedirectResponseReceived redirectResponseReceived) const
+bool ContentSecurityPolicy::allowFormAction(const URL& url, RedirectResponseReceived redirectResponseReceived, const URL& preRedirectURL) const
{
- return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::formAction, &ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction);
+ return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::formAction, &ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction, preRedirectURL);
}
bool ContentSecurityPolicy::allowBaseURI(const URL& url, bool overrideContentSecurityPolicy) const
Modified: branches/safari-612-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h (286400 => 286401)
--- branches/safari-612-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h 2021-12-02 00:18:19 UTC (rev 286400)
+++ branches/safari-612-branch/Source/WebCore/page/csp/ContentSecurityPolicy.h 2021-12-02 00:18:23 UTC (rev 286401)
@@ -116,7 +116,7 @@
bool allowChildFrameFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const;
WEBCORE_EXPORT bool allowChildContextFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const;
WEBCORE_EXPORT bool allowConnectToSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No, const URL& requestedURL = URL()) const;
- bool allowFormAction(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const;
+ bool allowFormAction(const URL&, RedirectResponseReceived = RedirectResponseReceived::No, const URL& preRedirectURL = URL()) const;
bool allowObjectFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const;
bool allowBaseURI(const URL&, bool overrideContentSecurityPolicy = false) const;
@@ -206,7 +206,7 @@
bool allPoliciesAllow(ViolatedDirectiveCallback&&, Predicate&&, Args&&...) const WARN_UNUSED_RETURN;
using ResourcePredicate = const ContentSecurityPolicyDirective *(ContentSecurityPolicyDirectiveList::*)(const URL &, bool) const;
- bool allowResourceFromSource(const URL&, RedirectResponseReceived, const char*, ResourcePredicate) const;
+ bool allowResourceFromSource(const URL&, RedirectResponseReceived, const char*, ResourcePredicate, const URL& preRedirectURL = URL()) const;
using HashInEnforcedAndReportOnlyPoliciesPair = std::pair<bool, bool>;
template<typename Predicate> HashInEnforcedAndReportOnlyPoliciesPair findHashOfContentInPolicies(Predicate&&, StringView content, OptionSet<ContentSecurityPolicyHashAlgorithm>) const WARN_UNUSED_RETURN;