[webkit-changes] [WebKit/WebKit] 273d78: SecurityPolicy::isAccessAllowed shouldn't use glob...
Alex Christensen
noreply at github.com
Wed May 3 15:16:32 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 273d78edc0aec695b593b815edf1527eed076d42
https://github.com/WebKit/WebKit/commit/273d78edc0aec695b593b815edf1527eed076d42
Author: Alex Christensen <achristensen at apple.com>
Date: 2023-05-03 (Wed, 03 May 2023)
Changed paths:
M Source/WebCore/Headers.cmake
M Source/WebCore/Modules/fetch/FetchRequest.cpp
M Source/WebCore/Modules/webaudio/BaseAudioContext.cpp
M Source/WebCore/Sources.txt
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
M Source/WebCore/css/CSSStyleSheet.cpp
M Source/WebCore/css/StyleSheetContents.cpp
M Source/WebCore/css/parser/CSSParserContext.cpp
M Source/WebCore/dom/ScriptExecutionContext.cpp
M Source/WebCore/html/HTMLAnchorElement.cpp
M Source/WebCore/html/HTMLMediaElement.cpp
M Source/WebCore/html/canvas/CanvasRenderingContext.cpp
M Source/WebCore/loader/CrossOriginAccessControl.cpp
M Source/WebCore/loader/CrossOriginAccessControl.h
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/DocumentThreadableLoader.cpp
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/NavigationAction.cpp
M Source/WebCore/loader/PingLoader.cpp
M Source/WebCore/loader/ResourceLoader.cpp
M Source/WebCore/loader/ResourceTiming.cpp
M Source/WebCore/loader/SubframeLoader.cpp
M Source/WebCore/loader/SubresourceLoader.cpp
M Source/WebCore/loader/cache/CachedResourceLoader.cpp
M Source/WebCore/loader/cache/CachedResourceRequest.cpp
M Source/WebCore/page/DragController.cpp
M Source/WebCore/page/History.cpp
M Source/WebCore/page/LocalDOMWindow.cpp
A Source/WebCore/page/OriginAccessPatterns.cpp
A Source/WebCore/page/OriginAccessPatterns.h
M Source/WebCore/page/SecurityOrigin.cpp
M Source/WebCore/page/SecurityOrigin.h
M Source/WebCore/page/SecurityPolicy.cpp
M Source/WebCore/page/SecurityPolicy.h
M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
M Source/WebCore/platform/graphics/MediaPlayer.cpp
M Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
M Source/WebCore/platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm
M Source/WebCore/workers/AbstractWorker.cpp
M Source/WebCore/workers/shared/SharedWorker.cpp
M Source/WebCore/xml/XSLTProcessorLibxslt.cpp
M Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
M Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp
M Source/WebKit/NetworkProcess/NetworkLoadChecker.h
A Source/WebKit/NetworkProcess/NetworkOriginAccessPatterns.cpp
A Source/WebKit/NetworkProcess/NetworkOriginAccessPatterns.h
M Source/WebKit/NetworkProcess/NetworkProcess.cpp
M Source/WebKit/NetworkProcess/NetworkProcess.h
M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp
M Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp
M Source/WebKit/NetworkProcess/cache/CacheStorageEngineCache.cpp
M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
M Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp
M Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp
M Source/WebKit/NetworkProcess/storage/CacheStorageCache.cpp
M Source/WebKit/Sources.txt
M Source/WebKit/WebKit.xcodeproj/project.pbxproj
M Source/WebKit/WebProcess/Plugins/PluginView.cpp
M Source/WebKit/WebProcess/WebPage/WebFrame.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKitLegacy/mac/Plugins/WebPluginContainerCheck.mm
M Source/WebKitLegacy/mac/WebView/WebFrame.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm
Log Message:
-----------
SecurityPolicy::isAccessAllowed shouldn't use global UserContentURLPattern collection in network process
https://bugs.webkit.org/show_bug.cgi?id=256232
rdar://108273770
Reviewed by Tim Hatcher.
259976 at main introduced a call to SecurityPolicy::allowAccessTo in the network process which allows CORS
access to URLs matching a pattern. The problem was it allows CORS access for requests from all web content
processes, not just the one from which the pattern came. This made users of WKWebViewConfiguration._corsDisablingPatterns
have effects for all WKWebViews in the network process, even ones without CORS disabling patterns.
This caused some HTTP Origin header fields to be missing, which caused subtle loading issues.
To fix the problem, I introduce an abstraction called OriginAccessPatterns. To keep the change minimal
and straightforward, I introduce OriginAccessPatternsForWebProcess for use in the web process, which keeps
the status quo for now. In the network process, however, I introduce NetworkOriginAccessPatterns which has
the same scope as OriginAccessPatternsForWebProcess by being owned by the NetworkConnectionToWebProcess, but
importantly it no longer has global scope in the network process. For a few uses of SecurityPolicy::isAccessAllowed
outside of the web content process that don't have a clear mapping to a Page, I introduce EmptyOriginAccessPatterns
which maintain the behavior we had before 259976 at main.
Covered by a new unit test and the unit test added by 259976 at main.
* Source/WebCore/Headers.cmake:
* Source/WebCore/Modules/fetch/FetchRequest.cpp:
(WebCore::computeReferrer):
* Source/WebCore/Modules/webaudio/BaseAudioContext.cpp:
(WebCore::BaseAudioContext::wouldTaintOrigin const):
* Source/WebCore/Sources.txt:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/css/CSSStyleSheet.cpp:
(WebCore::CSSStyleSheet::canAccessRules const):
* Source/WebCore/css/StyleSheetContents.cpp:
(WebCore::StyleSheetContents::parseAuthorStyleSheet):
* Source/WebCore/css/parser/CSSParserContext.cpp:
* Source/WebCore/dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::canIncludeErrorDetails):
* Source/WebCore/html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::handleClick):
* Source/WebCore/html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::isSafeToLoadURL):
(WebCore::HTMLMediaElement::mediaPlayerReferrer const):
* Source/WebCore/html/canvas/CanvasRenderingContext.cpp:
(WebCore::CanvasRenderingContext::taintsOrigin):
* Source/WebCore/loader/CrossOriginAccessControl.cpp:
(WebCore::updateRequestReferrer):
(WebCore::createPotentialAccessControlRequest):
(WebCore::shouldCrossOriginResourcePolicyCancelLoad):
(WebCore::validateCrossOriginResourcePolicy):
* Source/WebCore/loader/CrossOriginAccessControl.h:
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* Source/WebCore/loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
(WebCore::DocumentThreadableLoader::redirectReceived):
(WebCore::DocumentThreadableLoader::isAllowedRedirect):
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::submitForm):
(WebCore::FrameLoader::loadFrameRequest):
(WebCore::FrameLoader::commitProvisionalLoad):
(WebCore::FrameLoader::loadResourceSynchronously):
(WebCore::createWindow):
* Source/WebCore/loader/NavigationAction.cpp:
(WebCore::shouldTreatAsSameOriginNavigation):
* Source/WebCore/loader/PingLoader.cpp:
(WebCore::PingLoader::loadImage):
(WebCore::PingLoader::sendPing):
(WebCore::PingLoader::sendViolationReport):
* Source/WebCore/loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::init):
(WebCore::ResourceLoader::shouldAllowResourceToAskForCredentials const):
(WebCore::ResourceLoader::isAllowedToAskUserForCredentials const):
* Source/WebCore/loader/ResourceTiming.cpp:
(WebCore::ResourceTiming::updateExposure):
* Source/WebCore/loader/SubframeLoader.cpp:
(WebCore::FrameLoader::SubframeLoader::pluginIsLoadable):
(WebCore::FrameLoader::SubframeLoader::loadSubframe):
* Source/WebCore/loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::canRequest):
(WebCore::CachedResourceLoader::canRequestAfterRedirection const):
(WebCore::CachedResourceLoader::canRequestInContentDispositionAttachmentSandbox const):
(WebCore::CachedResourceLoader::requestResource):
* Source/WebCore/loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::updateReferrerAndOriginHeaders):
(WebCore::isRequestCrossOrigin):
* Source/WebCore/page/DragController.cpp:
(WebCore::DragController::prepareForDragStart const):
(WebCore::DragController::startDrag):
* Source/WebCore/page/History.cpp:
(WebCore::History::stateObjectAdded):
* Source/WebCore/page/LocalDOMWindow.cpp:
(WebCore::LocalDOMWindow::createWindow):
* Source/WebCore/page/OriginAccessPatterns.cpp: Added.
(WebCore::OriginAccessPatternsForWebProcess::singleton):
(WebCore::WTF_REQUIRES_LOCK):
(WebCore::OriginAccessPatternsForWebProcess::allowAccessTo):
(WebCore::OriginAccessPatternsForWebProcess::anyPatternMatches const):
(WebCore::EmptyOriginAccessPatterns::singleton):
(WebCore::EmptyOriginAccessPatterns::anyPatternMatches const):
* Source/WebCore/page/OriginAccessPatterns.h: Added.
(WebCore::OriginAccessPatterns::~OriginAccessPatterns):
* Source/WebCore/page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canRequest const):
(WebCore::SecurityOrigin::canDisplay const):
* Source/WebCore/page/SecurityOrigin.h:
* Source/WebCore/page/SecurityPolicy.cpp:
(WebCore::SecurityPolicy::generateReferrerHeader):
(WebCore::SecurityPolicy::generateOriginHeader):
(WebCore::SecurityPolicy::isAccessAllowed):
(WebCore::SecurityPolicy::allowAccessTo): Deleted.
* Source/WebCore/page/SecurityPolicy.h:
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::createURLForReporting const):
* Source/WebCore/platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::isCrossOrigin const):
* Source/WebCore/platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
(-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):
* Source/WebCore/workers/AbstractWorker.cpp:
(WebCore::AbstractWorker::resolveURL):
* Source/WebCore/workers/shared/SharedWorker.cpp:
(WebCore::SharedWorker::create):
* Source/WebCore/xml/XSLTProcessorLibxslt.cpp:
(WebCore::docLoaderFunc):
* Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:
(WebCore::shouldAllowExternalLoad):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::setCORSDisablingPatterns):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
(WebKit::NetworkConnectionToWebProcess::originAccessPatterns):
* Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::isSameOrigin const):
(WebKit::NetworkLoadChecker::originAccessPatterns const):
(WebKit::performCORPCheck):
(WebKit::NetworkLoadChecker::validateResponse):
(WebKit::NetworkLoadChecker::continueCheckingRequest):
(WebKit::NetworkLoadChecker::checkCORSRedirectedRequest):
(WebKit::isSameOrigin): Deleted.
* Source/WebKit/NetworkProcess/NetworkLoadChecker.h:
* Source/WebKit/NetworkProcess/NetworkOriginAccessPatterns.cpp: Added.
(WebKit::NetworkOriginAccessPatterns::allowAccessTo):
(WebKit::NetworkOriginAccessPatterns::anyPatternMatches const):
* Source/WebKit/NetworkProcess/NetworkOriginAccessPatterns.h: Added.
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::setCORSDisablingPatterns):
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::isCrossOriginPrefetch const):
* Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp:
(WebKit::ServiceWorkerFetchTask::processResponse):
* Source/WebKit/NetworkProcess/cache/CacheStorageEngineCache.cpp:
(WebKit::CacheStorage::Cache::retrieveRecords):
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
* Source/WebKit/NetworkProcess/storage/CacheStorageCache.cpp:
(WebKit::CacheStorageCache::retrieveRecords):
* Source/WebKit/Sources.txt:
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKit/WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::loadMainResource):
* Source/WebKit/WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::allowsFollowingLink const):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::parseAndAllowAccessToCORSDisablingPatterns):
* Source/WebKitLegacy/mac/Plugins/WebPluginContainerCheck.mm:
(-[WebPluginContainerCheck _isForbiddenFileLoad]):
* Source/WebKitLegacy/mac/WebView/WebFrame.mm:
(-[WebFrame _allowsFollowingLink:]):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/263652@main
More information about the webkit-changes
mailing list