Chromium Code Reviews Chromium Code Reviews
Issue 1454003003:
[CSP] Don't check the path component of the URL when the response was fetched via ServiceWorker. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 325 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 336 else if (url.isLocalFile() || m_document->url().isLocalFile()) | 336 else if (url.isLocalFile() || m_document->url().isLocalFile()) |
| 337 message = "Unsafe attempt to load URL " + url.elidedString() + " from fr ame with URL " + m_document->url().elidedString() + ". 'file:' URLs are treated as unique security origins.\n"; | 337 message = "Unsafe attempt to load URL " + url.elidedString() + " from fr ame with URL " + m_document->url().elidedString() + ". 'file:' URLs are treated as unique security origins.\n"; |
| 338 else | 338 else |
| 339 message = "Unsafe attempt to load URL " + url.elidedString() + " from fr ame with URL " + m_document->url().elidedString() + ". Domains, protocols and po rts must match.\n"; | 339 message = "Unsafe attempt to load URL " + url.elidedString() + " from fr ame with URL " + m_document->url().elidedString() + ". Domains, protocols and po rts must match.\n"; |
| 340 | 340 |
| 341 frame()->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessag eSource, ErrorMessageLevel, message)); | 341 frame()->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessag eSource, ErrorMessageLevel, message)); |
| 342 } | 342 } |
| 343 | 343 |
| 344 bool FrameFetchContext::canRequest(Resource::Type type, const ResourceRequest& r esourceRequest, const KURL& url, const ResourceLoaderOptions& options, bool forP reload, FetchRequest::OriginRestriction originRestriction) const | 344 bool FrameFetchContext::canRequest(Resource::Type type, const ResourceRequest& r esourceRequest, const KURL& url, const ResourceLoaderOptions& options, bool forP reload, FetchRequest::OriginRestriction originRestriction) const |
| 345 { | 345 { |
| 346 ResourceRequestBlockedReason reason = canRequestInternal(type, resourceReque st, url, options, forPreload, originRestriction); | 346 // As of CSP2, for requests that are the results of redirects, the match |
| 347 // algorithm should ignore the path component of the URL. | |
| 348 ContentSecurityPolicy::RedirectStatus redirectStatus = resourceRequest.follo wedRedirect() ? ContentSecurityPolicy::DidRedirect : ContentSecurityPolicy::DidN otRedirect; | |
|
Mike West
2015/11/19 09:46:25
Is `followedRedirect` true for any response that's
horo
2015/11/20 02:17:07
Yes.
If the SW returns a redirect response (ex:"Re
| |
| 349 | |
| 350 ResourceRequestBlockedReason reason = canRequestInternal(type, resourceReque st, url, options, forPreload, originRestriction, redirectStatus); | |
| 347 if (reason != ResourceRequestBlockedReasonNone) { | 351 if (reason != ResourceRequestBlockedReasonNone) { |
| 348 if (!forPreload) | 352 if (!forPreload) |
| 349 InspectorInstrumentation::didBlockRequest(frame(), resourceRequest, ensureLoaderForNotifications(), options.initiatorInfo, reason); | 353 InspectorInstrumentation::didBlockRequest(frame(), resourceRequest, ensureLoaderForNotifications(), options.initiatorInfo, reason); |
| 350 return false; | 354 return false; |
| 351 } | 355 } |
| 352 return true; | 356 return true; |
| 353 } | 357 } |
| 354 | 358 |
| 355 ResourceRequestBlockedReason FrameFetchContext::canRequestInternal(Resource::Typ e type, const ResourceRequest& resourceRequest, const KURL& url, const ResourceL oaderOptions& options, bool forPreload, FetchRequest::OriginRestriction originRe striction) const | 359 bool FrameFetchContext::allowResponse(Resource::Type type, const ResourceRequest & resourceRequest, const KURL& url, const ResourceLoaderOptions& options) const |
| 360 { | |
| 361 ResourceRequestBlockedReason reason = canRequestInternal(type, resourceReque st, url, options, false, FetchRequest::UseDefaultOriginRestrictionForType, Conte ntSecurityPolicy::DidRedirect); | |
| 362 if (reason != ResourceRequestBlockedReasonNone) { | |
| 363 InspectorInstrumentation::didBlockRequest(frame(), resourceRequest, ensu reLoaderForNotifications(), options.initiatorInfo, reason); | |
| 364 return false; | |
| 365 } | |
| 366 return true; | |
| 367 } | |
| 368 | |
| 369 ResourceRequestBlockedReason FrameFetchContext::canRequestInternal(Resource::Typ e type, const ResourceRequest& resourceRequest, const KURL& url, const ResourceL oaderOptions& options, bool forPreload, FetchRequest::OriginRestriction originRe striction, ContentSecurityPolicy::RedirectStatus redirectStatus) const | |
| 356 { | 370 { |
| 357 InstrumentingAgents* agents = InspectorInstrumentation::instrumentingAgentsF or(frame()); | 371 InstrumentingAgents* agents = InspectorInstrumentation::instrumentingAgentsF or(frame()); |
| 358 if (agents && agents->inspectorResourceAgent()) { | 372 if (agents && agents->inspectorResourceAgent()) { |
| 359 if (agents->inspectorResourceAgent()->shouldBlockRequest(resourceRequest )) | 373 if (agents->inspectorResourceAgent()->shouldBlockRequest(resourceRequest )) |
| 360 return ResourceRequestBlockedReasonInspector; | 374 return ResourceRequestBlockedReasonInspector; |
| 361 } | 375 } |
| 362 | 376 |
| 363 SecurityOrigin* securityOrigin = options.securityOrigin.get(); | 377 SecurityOrigin* securityOrigin = options.securityOrigin.get(); |
| 364 if (!securityOrigin && m_document) | 378 if (!securityOrigin && m_document) |
| 365 securityOrigin = m_document->securityOrigin(); | 379 securityOrigin = m_document->securityOrigin(); |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 404 break; | 418 break; |
| 405 } | 419 } |
| 406 | 420 |
| 407 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. | 421 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. |
| 408 bool shouldBypassMainWorldCSP = frame()->script().shouldBypassMainWorldCSP() || options.contentSecurityPolicyOption == DoNotCheckContentSecurityPolicy; | 422 bool shouldBypassMainWorldCSP = frame()->script().shouldBypassMainWorldCSP() || options.contentSecurityPolicyOption == DoNotCheckContentSecurityPolicy; |
| 409 | 423 |
| 410 // Don't send CSP messages for preloads, we might never actually display tho se items. | 424 // Don't send CSP messages for preloads, we might never actually display tho se items. |
| 411 ContentSecurityPolicy::ReportingStatus cspReporting = forPreload ? | 425 ContentSecurityPolicy::ReportingStatus cspReporting = forPreload ? |
| 412 ContentSecurityPolicy::SuppressReport : ContentSecurityPolicy::SendRepor t; | 426 ContentSecurityPolicy::SuppressReport : ContentSecurityPolicy::SendRepor t; |
| 413 | 427 |
| 414 // As of CSP2, for requests that are the results of redirects, the match | |
| 415 // algorithm should ignore the path component of the URL. | |
| 416 ContentSecurityPolicy::RedirectStatus redirectStatus = resourceRequest.follo wedRedirect() ? ContentSecurityPolicy::DidRedirect : ContentSecurityPolicy::DidN otRedirect; | |
| 417 | |
| 418 // m_document can be null, but not in any of the cases where csp is actually used below. | 428 // m_document can be null, but not in any of the cases where csp is actually used below. |
| 419 // ImageResourceTest.MultipartImage crashes w/o the m_document null check. | 429 // ImageResourceTest.MultipartImage crashes w/o the m_document null check. |
| 420 // I believe it's the Resource::Raw case. | 430 // I believe it's the Resource::Raw case. |
| 421 const ContentSecurityPolicy* csp = m_document ? m_document->contentSecurityP olicy() : nullptr; | 431 const ContentSecurityPolicy* csp = m_document ? m_document->contentSecurityP olicy() : nullptr; |
| 422 | 432 |
| 423 // FIXME: This would be cleaner if moved this switch into an allowFromSource () | 433 // FIXME: This would be cleaner if moved this switch into an allowFromSource () |
| 424 // helper on this object which took a Resource::Type, then this block would | 434 // helper on this object which took a Resource::Type, then this block would |
| 425 // collapse to about 10 lines for handling Raw and Script special cases. | 435 // collapse to about 10 lines for handling Raw and Script special cases. |
| 426 switch (type) { | 436 switch (type) { |
| 427 case Resource::XSLStyleSheet: | 437 case Resource::XSLStyleSheet: |
| (...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 734 } | 744 } |
| 735 | 745 |
| 736 DEFINE_TRACE(FrameFetchContext) | 746 DEFINE_TRACE(FrameFetchContext) |
| 737 { | 747 { |
| 738 visitor->trace(m_document); | 748 visitor->trace(m_document); |
| 739 visitor->trace(m_documentLoader); | 749 visitor->trace(m_documentLoader); |
| 740 FetchContext::trace(visitor); | 750 FetchContext::trace(visitor); |
| 741 } | 751 } |
| 742 | 752 |
| 743 } // namespace blink | 753 } // namespace blink |
| OLD | NEW |
