Title: [168417] trunk
- Revision
- 168417
- Author
- carlo...@webkit.org
- Date
- 2014-05-07 03:11:30 -0700 (Wed, 07 May 2014)
Log Message
[SOUP] TLSErrors do not cause page load to fail when not ignored
https://bugs.webkit.org/show_bug.cgi?id=121548
Reviewed by Sergio Villar Senin.
Source/WebCore:
This only happens in case of redirection, when the initial URL is
an HTTPS site with an invalid certificate, that redirects to
another location. We are starting the redirection without checking
the TLS errors.
* platform/network/soup/ResourceHandleSoup.cpp:
(WebCore::sendRequestCallback): Check TLS errors before starting a
possible redirection.
Tools:
Add unit tests to check that the load fails with TLS errors in
case of a redirection.
* TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:
(testTLSErrorsRedirect):
(httpsServerCallback):
(beforeAll):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (168416 => 168417)
--- trunk/Source/WebCore/ChangeLog 2014-05-07 09:56:14 UTC (rev 168416)
+++ trunk/Source/WebCore/ChangeLog 2014-05-07 10:11:30 UTC (rev 168417)
@@ -1,3 +1,19 @@
+2014-05-07 Carlos Garcia Campos <cgar...@igalia.com>
+
+ [SOUP] TLSErrors do not cause page load to fail when not ignored
+ https://bugs.webkit.org/show_bug.cgi?id=121548
+
+ Reviewed by Sergio Villar Senin.
+
+ This only happens in case of redirection, when the initial URL is
+ an HTTPS site with an invalid certificate, that redirects to
+ another location. We are starting the redirection without checking
+ the TLS errors.
+
+ * platform/network/soup/ResourceHandleSoup.cpp:
+ (WebCore::sendRequestCallback): Check TLS errors before starting a
+ possible redirection.
+
2014-05-07 Manuel Rego Casasnovas <r...@igalia.com>
[CSS Grid Layout] Remove runtime feature
Modified: trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp (168416 => 168417)
--- trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp 2014-05-07 09:56:14 UTC (rev 168416)
+++ trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp 2014-05-07 10:11:30 UTC (rev 168417)
@@ -680,13 +680,6 @@
}
if (soupMessage) {
- if (SOUP_STATUS_IS_REDIRECTION(soupMessage->status_code) && shouldRedirect(handle.get())) {
- d->m_inputStream = inputStream;
- g_input_stream_skip_async(d->m_inputStream.get(), gDefaultReadBufferSize, G_PRIORITY_DEFAULT,
- d->m_cancellable.get(), redirectSkipCallback, handle.get());
- return;
- }
-
if (handle->shouldContentSniff() && soupMessage->status_code != SOUP_STATUS_NOT_MODIFIED) {
const char* sniffedType = soup_request_get_content_type(d->m_soupRequest.get());
d->m_response.setSniffedContentType(sniffedType);
@@ -698,6 +691,12 @@
return;
}
+ if (SOUP_STATUS_IS_REDIRECTION(soupMessage->status_code) && shouldRedirect(handle.get())) {
+ d->m_inputStream = inputStream;
+ g_input_stream_skip_async(d->m_inputStream.get(), gDefaultReadBufferSize, G_PRIORITY_DEFAULT,
+ d->m_cancellable.get(), redirectSkipCallback, handle.get());
+ return;
+ }
} else {
d->m_response.setURL(handle->firstRequest().url());
const gchar* contentType = soup_request_get_content_type(d->m_soupRequest.get());
Modified: trunk/Tools/ChangeLog (168416 => 168417)
--- trunk/Tools/ChangeLog 2014-05-07 09:56:14 UTC (rev 168416)
+++ trunk/Tools/ChangeLog 2014-05-07 10:11:30 UTC (rev 168417)
@@ -1,3 +1,18 @@
+2014-05-07 Carlos Garcia Campos <cgar...@igalia.com>
+
+ [SOUP] TLSErrors do not cause page load to fail when not ignored
+ https://bugs.webkit.org/show_bug.cgi?id=121548
+
+ Reviewed by Sergio Villar Senin.
+
+ Add unit tests to check that the load fails with TLS errors in
+ case of a redirection.
+
+ * TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:
+ (testTLSErrorsRedirect):
+ (httpsServerCallback):
+ (beforeAll):
+
2014-05-07 Manuel Rego Casasnovas <r...@igalia.com>
[CSS Grid Layout] Remove runtime feature
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp (168416 => 168417)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp 2014-05-07 09:56:14 UTC (rev 168416)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp 2014-05-07 10:11:30 UTC (rev 168417)
@@ -134,6 +134,16 @@
g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
}
+static void testTLSErrorsRedirect(SSLTest* test, gconstpointer)
+{
+ webkit_web_context_set_tls_errors_policy(webkit_web_view_get_context(test->m_webView), WEBKIT_TLS_ERRORS_POLICY_FAIL);
+ test->loadURI(kHttpsServer->getURIForPath("/redirect").data());
+ test->waitUntilLoadFinished();
+ g_assert(test->m_loadFailed);
+ g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
+ g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
+}
+
class TLSErrorsTest: public SSLTest {
public:
MAKE_GLIB_TEST_FIXTURE(TLSErrorsTest);
@@ -233,6 +243,9 @@
soup_message_set_status(message, SOUP_STATUS_OK);
soup_message_body_append(message->response_body, SOUP_MEMORY_STATIC, TLSSuccessHTMLString, strlen(TLSSuccessHTMLString));
soup_message_body_complete(message->response_body);
+ } else if (g_str_equal(path, "/redirect")) {
+ soup_message_set_status(message, SOUP_STATUS_MOVED_PERMANENTLY);
+ soup_message_headers_append(message->response_headers, "Location", kHttpServer->getURIForPath("/test-image").data());
} else
soup_message_set_status(message, SOUP_STATUS_NOT_FOUND);
}
@@ -280,6 +293,7 @@
// and expects that no exception will have been added for this certificate and host pair as is
// done in the tls-permission-request test.
SSLTest::add("WebKitWebView", "tls-errors-policy", testTLSErrorsPolicy);
+ SSLTest::add("WebKitWebView", "tls-errors-redirect-to-http", testTLSErrorsRedirect);
TLSErrorsTest::add("WebKitWebView", "load-failed-with-tls-errors", testLoadFailedWithTLSErrors);
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
