<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[208549] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/208549">208549</a></dd>
<dt>Author</dt> <dd>dbates@webkit.org</dd>
<dt>Date</dt> <dd>2016-11-10 10:50:08 -0800 (Thu, 10 Nov 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>REGRESSION (<a href="http://trac.webkit.org/projects/webkit/changeset/195004">r195004</a>): Scripts and plugins blocked for subsequent loads in same WebContent
process after receiving HTTP 0.9 response
https://bugs.webkit.org/show_bug.cgi?id=164387
<rdar://problem/28987537>
Reviewed by Brent Fulgham.
Source/WebCore:
Fixes an issue where the HTTP 0.9 sandbox persisted across subsequent loads in the same
WebContent process.
Currently when an HTTP 0.9 response is received for a request made to a default port
(e.g. 80) we apply a sandbox policy on the FrameLoader for the main resource that
disallows scripts and plugins. A FrameLoader may be re-used for navigations. Therefore,
the sandbox policy applied to one site may be applied to another site. Moreover the
sandbox policy was applied to the FrameLoader of the main resource regardless of whether
the HTTP response was for a subresource. Instead we should apply the sandbox on a per-
Document basis and only if we receive an HTTP 0.9 response for the document when the
corresponding HTTP request was made to a default port.
As a side benefit of this change, we emit exactly one console message to Web Inspector
when the HTTP 0.9 sandbox is applied to a document as opposed to three console messages.
Moreover, we only emit this console message when the document load is not blocked.
Test: http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation.html
* dom/Document.cpp:
(WebCore::Document::initSecurityContext): Disallow scripts and plugins if an HTTP 0.9
response was received for this document. Note that if this function is called for a
document associated with an HTTP 0.9 response then the corresponding HTTP request was
made to a default port. DocumentLoader::responseReceived() blocks the load for a document
with an HTTP 0.9 response corresponding to an HTTP request made to a non-default port.
This invariant is covered by the tests LayoutTests/http/tests/security/http-0.9/default-port-{plugin, script}-blocked.html.
(WebCore::Document::shouldEnforceHTTP0_9Sandbox): Added. Returns whether an HTTP 0.9 response
was received for this document.
* dom/Document.h:
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived): Remove logic to apply sandbox policy to the
FrameLoader associated with the main resource. We will apply the sandbox during initialization
of the document.
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didReceiveResponse): Ditto.
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didReceiveResponse): Ditto.
LayoutTests:
Add a new test to ensure that the HTTP 0.9 sandbox policy does not persist across navigations.
Unskip HTTP 0.9 tests and update expected results for existing tests as needed.
* TestExpectations: Unskip the HTTP 0.9 tests.
* http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt: Remove duplicate console
messages now that we emit the console message exactly once per document.
* http/tests/security/http-0.9/default-port-script-blocked-expected.txt: Ditto.
* http/tests/security/http-0.9/iframe-blocked-expected.txt: Update expected result now that we
no longer emit a console message for a blocked load.
* http/tests/security/http-0.9/image-blocked-expected.txt: Ditto.
* http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt: Remove
duplicate console messages now that we emit the console message exactly once per document.
* http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt: Ditto.
* http/tests/security/http-0.9/resources/sandbox-should-not-persist-on-navigation.html: Added.
* http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt: Added.
* http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation.html: Added.
* http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt: Update expected result
now that we no longer apply a sandbox policy to the main resource if a subresource had an HTTP 0.9
response.
* http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt: Ditto.
* http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt: Ditto.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsTestExpectations">trunk/LayoutTests/TestExpectations</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09defaultportpluginblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09defaultportscriptblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09iframeblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/image-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageonHTTP09defaultportpageallowedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageonHTTP09pageblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09workerconnectsrcblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09workerimportScriptsblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09xhrasynchronousblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoredomDocumentcpp">trunk/Source/WebCore/dom/Document.cpp</a></li>
<li><a href="#trunkSourceWebCoredomDocumenth">trunk/Source/WebCore/dom/Document.h</a></li>
<li><a href="#trunkSourceWebCoreloaderDocumentLoadercpp">trunk/Source/WebCore/loader/DocumentLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderResourceLoadercpp">trunk/Source/WebCore/loader/ResourceLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderSubresourceLoadercpp">trunk/Source/WebCore/loader/SubresourceLoader.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09resourcessandboxshouldnotpersistonnavigationhtml">trunk/LayoutTests/http/tests/security/http-0.9/resources/sandbox-should-not-persist-on-navigation.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09sandboxshouldnotpersistonnavigationexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09sandboxshouldnotpersistonnavigationhtml">trunk/LayoutTests/http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/ChangeLog 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,3 +1,35 @@
</span><ins>+2016-11-10 Daniel Bates <dabates@apple.com>
+
+ REGRESSION (r195004): Scripts and plugins blocked for subsequent loads in same WebContent
+ process after receiving HTTP 0.9 response
+ https://bugs.webkit.org/show_bug.cgi?id=164387
+ <rdar://problem/28987537>
+
+ Reviewed by Brent Fulgham.
+
+ Add a new test to ensure that the HTTP 0.9 sandbox policy does not persist across navigations.
+
+ Unskip HTTP 0.9 tests and update expected results for existing tests as needed.
+
+ * TestExpectations: Unskip the HTTP 0.9 tests.
+ * http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt: Remove duplicate console
+ messages now that we emit the console message exactly once per document.
+ * http/tests/security/http-0.9/default-port-script-blocked-expected.txt: Ditto.
+ * http/tests/security/http-0.9/iframe-blocked-expected.txt: Update expected result now that we
+ no longer emit a console message for a blocked load.
+ * http/tests/security/http-0.9/image-blocked-expected.txt: Ditto.
+ * http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt: Remove
+ duplicate console messages now that we emit the console message exactly once per document.
+ * http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt: Ditto.
+ * http/tests/security/http-0.9/resources/sandbox-should-not-persist-on-navigation.html: Added.
+ * http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt: Added.
+ * http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation.html: Added.
+ * http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt: Update expected result
+ now that we no longer apply a sandbox policy to the main resource if a subresource had an HTTP 0.9
+ response.
+ * http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt: Ditto.
+ * http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt: Ditto.
+
</ins><span class="cx"> 2016-11-04 Jiewen Tan <jiewen_tan@apple.com>
</span><span class="cx">
</span><span class="cx"> Update SubtleCrypto::importKey to match the latest spec
</span></span></pre></div>
<a id="trunkLayoutTestsTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/TestExpectations (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/TestExpectations 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/TestExpectations 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -67,9 +67,6 @@
</span><span class="cx"> # Only iOS has selection UI drawn by UIKit
</span><span class="cx"> editing/selection/character-granularity-rect.html [ Skip ]
</span><span class="cx">
</span><del>-# Until we fix webkit.org/b/164387 these tests will only pass when run singly (i.e. pass --run-singly to run-webkit-tests).
-webkit.org/b/164387 http/tests/security/http-0.9 [ Skip ]
-
</del><span class="cx"> #//////////////////////////////////////////////////////////////////////////////////////////
</span><span class="cx"> # End platform-specific tests.
</span><span class="cx"> #//////////////////////////////////////////////////////////////////////////////////////////
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09defaultportpluginblockedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,6 +1,4 @@
</span><span class="cx"> CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-load-plugin-fail.pl' because it is using HTTP/0.9.
</span><del>-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-load-plugin-fail.pl' because it is using HTTP/0.9.
-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-load-plugin-fail.pl' because it is using HTTP/0.9.
</del><span class="cx"> This tests that loading of a plugin is blocked in a HTTP 0.9 response served over port 80. This test PASSED if you see content in the iframe below. Otherwise, it FAILED.
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09defaultportscriptblockedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked-expected.txt (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked-expected.txt 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked-expected.txt 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,6 +1,4 @@
</span><span class="cx"> CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-alert-fail.pl' because it is using HTTP/0.9.
</span><del>-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-alert-fail.pl' because it is using HTTP/0.9.
-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-alert-fail.pl' because it is using HTTP/0.9.
</del><span class="cx"> CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/http-0.9/resources/nph-alert-fail.pl' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
</span><span class="cx"> This tests that JavaScript is blocked in a HTTP 0.9 response served over port 80. This test PASSED if you see content in the iframe below and do not see a JavaScript alert. Otherwise, it FAILED. This page and its subresources must be served over port 80 to run this test by hand.
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09iframeblockedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked-expected.txt (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked-expected.txt 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked-expected.txt 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,4 +1,3 @@
</span><del>-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-fail.pl' because it is using HTTP/0.9.
</del><span class="cx"> CONSOLE MESSAGE: Stopped document load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-fail.pl' because it is using HTTP/0.9 on a non-default port.
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageblockedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/http-0.9/image-blocked-expected.txt (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-blocked-expected.txt 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-blocked-expected.txt 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,4 +1,3 @@
</span><del>-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9.
</del><span class="cx"> CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9 and the document was loaded with a different HTTP version.
</span><span class="cx"> ALERT: PASS
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageonHTTP09defaultportpageallowedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,8 +1,4 @@
</span><span class="cx"> CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl' because it is using HTTP/0.9.
</span><del>-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl' because it is using HTTP/0.9.
-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl' because it is using HTTP/0.9.
-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9.
-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9.
</del><span class="cx">
</span><span class="cx">
</span><span class="cx"> --------
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageonHTTP09pageblockedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,7 +1,4 @@
</span><span class="cx"> CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl' because it is using HTTP/0.9.
</span><del>-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl' because it is using HTTP/0.9.
-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl' because it is using HTTP/0.9.
-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8080/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9.
</del><span class="cx"> CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8080/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9 on a non-default port.
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09resourcessandboxshouldnotpersistonnavigationhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/resources/sandbox-should-not-persist-on-navigation.html (0 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/resources/sandbox-should-not-persist-on-navigation.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/resources/sandbox-should-not-persist-on-navigation.html 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<p id="result">FAIL</p>
+<script>
+document.getElementById("result").textContent = "PASS";
+if (window.testRunner)
+ testRunner.notifyDone();
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09sandboxshouldnotpersistonnavigationexpectedtxtfromrev208548trunkLayoutTestshttptestssecurityhttp09imageblockedexpectedtxt"></a>
<div class="copfile"><h4>Copied: trunk/LayoutTests/http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt (from rev 208548, trunk/LayoutTests/http/tests/security/http-0.9/image-blocked-expected.txt) (0 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation-expected.txt 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -0,0 +1,2 @@
</span><ins>+CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9 and the document was loaded with a different HTTP version.
+PASS
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09sandboxshouldnotpersistonnavigationhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation.html (0 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation.html 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -0,0 +1,20 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ testRunner.waitUntilDone();
+}
+
+function runTest()
+{
+ window.location.href = "resources/sandbox-should-not-persist-on-navigation.html";
+}
+</script>
+</head>
+<body>
+<img src="resources/nph-image.pl" onload="runTest()" onerror="runTest()"> <!-- Apply sandbox -->
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09workerconnectsrcblockedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,4 +1,3 @@
</span><del>-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-worker-fail.pl' because it is using HTTP/0.9.
</del><span class="cx"> CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-worker-fail.pl' because it is using HTTP/0.9 and the document was loaded with a different HTTP version.
</span><span class="cx"> ALERT: PASS
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09workerimportScriptsblockedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,4 +1,3 @@
</span><del>-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-worker-fail.pl' because it is using HTTP/0.9.
</del><span class="cx"> CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-worker-fail.pl' because it is using HTTP/0.9 and the document was loaded with a different HTTP version.
</span><span class="cx"> ALERT: PASS
</span><span class="cx">
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09xhrasynchronousblockedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,4 +1,3 @@
</span><del>-CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-fail.pl' because it is using HTTP/0.9.
</del><span class="cx"> CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-fail.pl' because it is using HTTP/0.9 and the document was loaded with a different HTTP version.
</span><span class="cx"> ALERT: PASS
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/Source/WebCore/ChangeLog 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1,3 +1,49 @@
</span><ins>+2016-11-10 Daniel Bates <dabates@apple.com>
+
+ REGRESSION (r195004): Scripts and plugins blocked for subsequent loads in same WebContent
+ process after receiving HTTP 0.9 response
+ https://bugs.webkit.org/show_bug.cgi?id=164387
+ <rdar://problem/28987537>
+
+ Reviewed by Brent Fulgham.
+
+ Fixes an issue where the HTTP 0.9 sandbox persisted across subsequent loads in the same
+ WebContent process.
+
+ Currently when an HTTP 0.9 response is received for a request made to a default port
+ (e.g. 80) we apply a sandbox policy on the FrameLoader for the main resource that
+ disallows scripts and plugins. A FrameLoader may be re-used for navigations. Therefore,
+ the sandbox policy applied to one site may be applied to another site. Moreover the
+ sandbox policy was applied to the FrameLoader of the main resource regardless of whether
+ the HTTP response was for a subresource. Instead we should apply the sandbox on a per-
+ Document basis and only if we receive an HTTP 0.9 response for the document when the
+ corresponding HTTP request was made to a default port.
+
+ As a side benefit of this change, we emit exactly one console message to Web Inspector
+ when the HTTP 0.9 sandbox is applied to a document as opposed to three console messages.
+ Moreover, we only emit this console message when the document load is not blocked.
+
+ Test: http/tests/security/http-0.9/sandbox-should-not-persist-on-navigation.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::initSecurityContext): Disallow scripts and plugins if an HTTP 0.9
+ response was received for this document. Note that if this function is called for a
+ document associated with an HTTP 0.9 response then the corresponding HTTP request was
+ made to a default port. DocumentLoader::responseReceived() blocks the load for a document
+ with an HTTP 0.9 response corresponding to an HTTP request made to a non-default port.
+ This invariant is covered by the tests LayoutTests/http/tests/security/http-0.9/default-port-{plugin, script}-blocked.html.
+ (WebCore::Document::shouldEnforceHTTP0_9Sandbox): Added. Returns whether an HTTP 0.9 response
+ was received for this document.
+ * dom/Document.h:
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::responseReceived): Remove logic to apply sandbox policy to the
+ FrameLoader associated with the main resource. We will apply the sandbox during initialization
+ of the document.
+ * loader/ResourceLoader.cpp:
+ (WebCore::ResourceLoader::didReceiveResponse): Ditto.
+ * loader/SubresourceLoader.cpp:
+ (WebCore::SubresourceLoader::didReceiveResponse): Ditto.
+
</ins><span class="cx"> 2016-11-04 Jiewen Tan <jiewen_tan@apple.com>
</span><span class="cx">
</span><span class="cx"> Update SubtleCrypto::importKey to match the latest spec
</span></span></pre></div>
<a id="trunkSourceWebCoredomDocumentcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/Document.cpp (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/Document.cpp 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/Source/WebCore/dom/Document.cpp 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -5122,6 +5122,12 @@
</span><span class="cx"> applyQuickLookSandbox();
</span><span class="cx"> #endif
</span><span class="cx">
</span><ins>+ if (shouldEnforceHTTP0_9Sandbox()) {
+ String message = makeString("Sandboxing '", m_url.stringCenterEllipsizedToLength(), "' because it is using HTTP/0.9.");
+ addConsoleMessage(MessageSource::Security, MessageLevel::Error, message);
+ enforceSandboxFlags(SandboxScripts | SandboxPlugins);
+ }
+
</ins><span class="cx"> if (Settings* settings = this->settings()) {
</span><span class="cx"> if (settings->needsStorageAccessFromFileURLsQuirk())
</span><span class="cx"> securityOrigin()->grantStorageAccessFromFileURLsQuirk();
</span><span class="lines">@@ -6906,6 +6912,14 @@
</span><span class="cx"> return ShouldOpenExternalURLsPolicy::ShouldNotAllow;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool Document::shouldEnforceHTTP0_9Sandbox() const
+{
+ if (m_isSynthesized || !m_frame)
+ return false;
+ DocumentLoader* documentLoader = m_frame->loader().activeDocumentLoader();
+ return documentLoader && documentLoader->response().isHttpVersion0_9();
+}
+
</ins><span class="cx"> #if USE(QUICK_LOOK)
</span><span class="cx"> bool Document::shouldEnforceQuickLookSandbox() const
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceWebCoredomDocumenth"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/Document.h (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/Document.h 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/Source/WebCore/dom/Document.h 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -1397,6 +1397,8 @@
</span><span class="cx"> void applyQuickLookSandbox();
</span><span class="cx"> #endif
</span><span class="cx">
</span><ins>+ bool shouldEnforceHTTP0_9Sandbox() const;
+
</ins><span class="cx"> unsigned m_referencingNodeCount;
</span><span class="cx">
</span><span class="cx"> std::unique_ptr<StyleResolver> m_userAgentShadowTreeStyleResolver;
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderDocumentLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -740,12 +740,6 @@
</span><span class="cx"> stopLoading();
</span><span class="cx"> return;
</span><span class="cx"> }
</span><del>-
- ASSERT(m_identifierForLoadWithoutResourceLoader || m_mainResource);
- unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : m_mainResource->identifier();
- String message = "Sandboxing '" + url.string() + "' because it is using HTTP/0.9.";
- m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, identifier);
- frameLoader()->forceSandboxFlags(SandboxScripts | SandboxPlugins);
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> frameLoader()->policyChecker().checkContentPolicy(m_response, [this](PolicyAction policy) {
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderResourceLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/ResourceLoader.cpp (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/ResourceLoader.cpp 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/Source/WebCore/loader/ResourceLoader.cpp 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -456,10 +456,6 @@
</span><span class="cx"> didFail(error);
</span><span class="cx"> return;
</span><span class="cx"> }
</span><del>-
- String message = "Sandboxing '" + m_response.url().string() + "' because it is using HTTP/0.9.";
- m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, m_identifier);
- frameLoader()->forceSandboxFlags(SandboxScripts | SandboxPlugins);
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (FormData* data = m_request.httpBody())
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderSubresourceLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/SubresourceLoader.cpp (208548 => 208549)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/SubresourceLoader.cpp 2016-11-10 18:36:44 UTC (rev 208548)
+++ trunk/Source/WebCore/loader/SubresourceLoader.cpp 2016-11-10 18:50:08 UTC (rev 208549)
</span><span class="lines">@@ -262,14 +262,6 @@
</span><span class="cx"> if (shouldIncludeCertificateInfo())
</span><span class="cx"> response.includeCertificateInfo();
</span><span class="cx">
</span><del>- if (response.isHttpVersion0_9()) {
- if (m_frame) {
- String message = "Sandboxing '" + response.url().string() + "' because it is using HTTP/0.9.";
- m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, identifier());
- frameLoader()->forceSandboxFlags(SandboxScripts | SandboxPlugins);
- }
- }
-
</del><span class="cx"> if (m_resource->resourceToRevalidate()) {
</span><span class="cx"> if (response.httpStatusCode() == 304) {
</span><span class="cx"> // 304 Not modified / Use local copy
</span></span></pre>
</div>
</div>
</body>
</html>