WebKit Bugzilla
Attachment 339589 Details for
Bug 185120
: From-Origin load violation in network process should make main resource loads look successful
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185120-20180504134641.patch (text/plain), 28.81 KB, created by
Daniel Bates
on 2018-05-04 13:47:40 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Daniel Bates
Created:
2018-05-04 13:47:40 PDT
Size:
28.81 KB
patch
obsolete
>Subversion Revision: 231356 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 2dbcc93bbae000f7075903cc393d4e5ef6c67545..fb99c18033fc2fc9af857872e2e88532880dc069 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,15 @@ >+2018-05-04 Daniel Bates <dabates@apple.com> >+ >+ Load violation in network process should make main resource loads look successful >+ https://bugs.webkit.org/show_bug.cgi?id=185120 >+ <rdar://problem/39825500> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add enum traits for MessageSource and MessageLevel so that we can encode and decode them for IPC. >+ >+ * runtime/ConsoleTypes.h: >+ > 2018-05-03 Yusuke Suzuki <utatane.tea@gmail.com> > > Remove std::random_shuffle >diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog >index d7509ebfe1d0eb420b739bd75269bca8d93636cb..7d8ec5bbd7eda9d3dbf1430787960cd5f8fe4f39 100644 >--- a/Source/WTF/ChangeLog >+++ b/Source/WTF/ChangeLog >@@ -1,3 +1,21 @@ >+2018-05-04 Daniel Bates <dabates@apple.com> >+ >+ Load violation in network process should make main resource loads look successful >+ https://bugs.webkit.org/show_bug.cgi?id=185120 >+ <rdar://problem/39825500> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add support for instantiating a String object with a const StaticStringImpl{&, *}. >+ It is safe to do this because StaticStringImpls are guaranteed to be immutable. This >+ immutability is guaranteed both at runtime (see [1] for more details) and by >+ convention of only instantiating a StaticStringImpl in a constexpr expression. >+ >+ [1] <https://trac.webkit.org/browser/trunk/Source/WTF/wtf/text/StringImpl.h?rev=231268#L330> >+ >+ * wtf/text/WTFString.h: >+ (WTF::String::String): >+ > 2018-05-04 Antti Koivisto <antti@apple.com> > > OptionsSet initializer list constructor should be constexpr >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 01554fd8b8e853d39c6718f7f87d94006665a56a..32210beb8839982a75ce53217508c32657eb46b0 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,25 @@ >+2018-05-04 Daniel Bates <dabates@apple.com> >+ >+ Load violation in network process should make main resource loads look successful >+ https://bugs.webkit.org/show_bug.cgi?id=185120 >+ <rdar://problem/39825500> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Rename DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() to stopLoadingAfterXFrameOptionsLikeViolation() >+ as we now invoked this function for violations of X-Frame-Options, From-Origin, and Content Security >+ Policy frame-ancestors directive. Also change the visibility of this function from private to public >+ and export it so that it can be invoked from WebKit. >+ >+ * loader/DocumentLoader.cpp: >+ (WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsLikeViolation): Formerly named stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied. >+ (WebCore::DocumentLoader::responseReceived): Update for renaming. >+ (WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied): Deleted; renamed to >+ stopLoadingAfterXFrameOptionsLikeViolation since we now invoke this function for violations of the HTTP >+ headers X-Frame-Options and From-Origin as well as as a violation of the Content Security Policy frame- >+ ancestors directive. >+ * loader/DocumentLoader.h: >+ > 2018-05-04 Zalan Bujtas <zalan@apple.com> > > [LFC] Set the invalidation root as the result of style change. >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 8123a8e9393460ea4b1a56ba1fab32b60b5f079c..c4a53b65aa6f6374ab12cb3e7c750abda9f3e701 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,40 @@ >+2018-05-04 Daniel Bates <dabates@apple.com> >+ >+ Load violation in network process should make main resource loads look successful >+ https://bugs.webkit.org/show_bug.cgi?id=185120 >+ <rdar://problem/39825500> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Log a message and tell the WebContent process that we are stopping the load for a main resource >+ that violates its From-Origin header. We do this for the same reason we do it for >+ X-Frame-Options and CSP frame-ancestors violations to avoid leaking the existence >+ of the main resource. >+ >+ * NetworkProcess/NetworkResourceLoader.cpp: >+ (WebKit::fromOriginResourceError): Extract out error message into a file-level constexpr variable >+ so that it can be shared between this function and NetworkResourceLoader::didReceiveResponse(). >+ (WebKit::NetworkResourceLoader::didReceiveResponse): Log a console message and tell the web >+ process to stop the load for a main resource that violated its From-Origin header. >+ * Scripts/webkit/messages.py: Teach the generator about data types MessageLevel and MessageSource >+ as they are both defined in file JavaScriptCore/ConsoleTypes.h as opposed to independent headers. >+ Also tell the generator that these types should not be forward declared so that we can use these >+ types without their JSC:: prefix in WebPage.messages.in. >+ * WebProcess/Network/NetworkProcessConnection.cpp: >+ (WebKit::NetworkProcessConnection::didReceiveMessage): Route WebPage messages to the appropriate >+ web page. >+ * WebProcess/Network/WebResourceLoader.cpp: >+ (WebKit::WebResourceLoader::stopLoadingAfterXFrameOptionsLikeViolation): Added. >+ * WebProcess/Network/WebResourceLoader.h: >+ * WebProcess/Network/WebResourceLoader.messages.in: Added message StopLoadingAfterXFrameOptionsLikeViolation. >+ * WebProcess/WebPage/WebFrame.cpp: >+ (WebKit::WebFrame::addConsoleMessage): Added. >+ * WebProcess/WebPage/WebFrame.h: >+ * WebProcess/WebPage/WebPage.cpp: >+ (WebKit::WebPage::addConsoleMessage): Added. Routes the message to the appropriate frame. >+ * WebProcess/WebPage/WebPage.h: >+ * WebProcess/WebPage/WebPage.messages.in: Added message AddConsoleMessage. >+ > 2018-05-04 Sihui Liu <sihui_liu@apple.com> > > Assertion failure in NetworkStorageSession::setCookie: privilege of UI process is not set >diff --git a/Source/JavaScriptCore/runtime/ConsoleTypes.h b/Source/JavaScriptCore/runtime/ConsoleTypes.h >index 7ca2fe7c7fcdf4cee0b8005e14b0b3ae896c465d..3dfec02b550b3fcf2e7f561bd56a3e65f2368339 100644 >--- a/Source/JavaScriptCore/runtime/ConsoleTypes.h >+++ b/Source/JavaScriptCore/runtime/ConsoleTypes.h >@@ -25,6 +25,8 @@ > > #pragma once > >+#include <wtf/EnumTraits.h> >+ > namespace JSC { > > enum class MessageSource { >@@ -69,6 +71,40 @@ enum class MessageLevel { > > } // namespace JSC > >+namespace WTF { >+ >+template<> struct EnumTraits<JSC::MessageSource> { >+ using values = EnumValues< >+ JSC::MessageSource, >+ JSC::MessageSource::XML, >+ JSC::MessageSource::JS, >+ JSC::MessageSource::Network, >+ JSC::MessageSource::ConsoleAPI, >+ JSC::MessageSource::Storage, >+ JSC::MessageSource::AppCache, >+ JSC::MessageSource::Rendering, >+ JSC::MessageSource::CSS, >+ JSC::MessageSource::Security, >+ JSC::MessageSource::ContentBlocker, >+ JSC::MessageSource::Other, >+ JSC::MessageSource::Media, >+ JSC::MessageSource::WebRTC >+ >; >+}; >+ >+template<> struct EnumTraits<JSC::MessageLevel> { >+ using values = EnumValues< >+ JSC::MessageLevel, >+ JSC::MessageLevel::Log, >+ JSC::MessageLevel::Warning, >+ JSC::MessageLevel::Error, >+ JSC::MessageLevel::Debug, >+ JSC::MessageLevel::Info >+ >; >+}; >+ >+} // namespace WTF >+ > using JSC::MessageSource; > using JSC::MessageType; > using JSC::MessageLevel; >diff --git a/Source/WTF/wtf/text/WTFString.h b/Source/WTF/wtf/text/WTFString.h >index a3e91d991dcc857b8a3d18729f17d880b482ca0c..0958ab40cccee068eced696c75f2e303b077a3fb 100644 >--- a/Source/WTF/wtf/text/WTFString.h >+++ b/Source/WTF/wtf/text/WTFString.h >@@ -115,8 +115,8 @@ public: > String(Ref<AtomicStringImpl>&&); > String(RefPtr<AtomicStringImpl>&&); > >- String(StaticStringImpl&); >- String(StaticStringImpl*); >+ String(const StaticStringImpl&); >+ String(const StaticStringImpl*); > > // Construct a string from a constant string literal. > WTF_EXPORT_PRIVATE String(ASCIILiteral); >@@ -468,13 +468,13 @@ inline String::String(RefPtr<AtomicStringImpl>&& string) > { > } > >-inline String::String(StaticStringImpl& string) >- : m_impl(reinterpret_cast<StringImpl*>(&string)) >+inline String::String(const StaticStringImpl& string) >+ : m_impl(reinterpret_cast<StringImpl*>(const_cast<StaticStringImpl*>(&string))) > { > } > >-inline String::String(StaticStringImpl* string) >- : m_impl(reinterpret_cast<StringImpl*>(string)) >+inline String::String(const StaticStringImpl* string) >+ : m_impl(reinterpret_cast<StringImpl*>(const_cast<StaticStringImpl*>(string))) > { > } > >diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp >index 4cc1b18449716049b412f3ac623ad110c91fa01f..789b5afe1456d54e34014ab3f70df8bb8e562435 100644 >--- a/Source/WebCore/loader/DocumentLoader.cpp >+++ b/Source/WebCore/loader/DocumentLoader.cpp >@@ -723,7 +723,7 @@ void DocumentLoader::restartLoadingDueToServiceWorkerRegistrationChange(Resource > } > #endif > >-void DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(unsigned long identifier, const ResourceResponse& response) >+void DocumentLoader::stopLoadingAfterXFrameOptionsLikeViolation(unsigned long identifier, const ResourceResponse& response) > { > InspectorInstrumentation::continueAfterXFrameOptionsDenied(*m_frame, identifier, *this, response); > m_frame->document()->enforceSandboxFlags(SandboxOrigin); >@@ -770,7 +770,7 @@ void DocumentLoader::responseReceived(const ResourceResponse& response, Completi > ContentSecurityPolicy contentSecurityPolicy(SecurityOrigin::create(url), m_frame); > contentSecurityPolicy.didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response)); > if (!contentSecurityPolicy.allowFrameAncestors(*m_frame, url)) { >- stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(identifier, response); >+ stopLoadingAfterXFrameOptionsLikeViolation(identifier, response); > return; > } > >@@ -781,7 +781,7 @@ void DocumentLoader::responseReceived(const ResourceResponse& response, Completi > if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, url, identifier)) { > String message = "Refused to display '" + url.stringCenterEllipsizedToLength() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; > m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, identifier); >- stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(identifier, response); >+ stopLoadingAfterXFrameOptionsLikeViolation(identifier, response); > return; > } > } >diff --git a/Source/WebCore/loader/DocumentLoader.h b/Source/WebCore/loader/DocumentLoader.h >index 18094ec71a52369b052fefe195f08edbe355639f..d1894ed9f76d833bbb09a8972dad4916b2ed7ef4 100644 >--- a/Source/WebCore/loader/DocumentLoader.h >+++ b/Source/WebCore/loader/DocumentLoader.h >@@ -248,6 +248,7 @@ public: > > void stopLoadingPlugIns(); > void stopLoadingSubresources(); >+ WEBCORE_EXPORT void stopLoadingAfterXFrameOptionsLikeViolation(unsigned long identifier, const ResourceResponse&); > > bool userContentExtensionsEnabled() const { return m_userContentExtensionsEnabled; } > void setUserContentExtensionsEnabled(bool enabled) { m_userContentExtensionsEnabled = enabled; } >@@ -379,8 +380,6 @@ private: > void stopLoadingForPolicyChange(); > ResourceError interruptedForPolicyChangeError() const; > >- void stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(unsigned long identifier, const ResourceResponse&); >- > #if HAVE(RUNLOOP_TIMER) > typedef RunLoopTimer<DocumentLoader> DocumentLoaderTimer; > #else >diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >index 9d78a44f5612ec6b32aa74a82ed03565d82d0c6b..3f0e6806b8222b3a1819e8bd44834d341c2141d4 100644 >--- a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >@@ -38,8 +38,10 @@ > #include "SessionTracker.h" > #include "WebCoreArgumentCoders.h" > #include "WebErrors.h" >+#include "WebPageMessages.h" > #include "WebResourceLoaderMessages.h" > #include "WebsiteDataStoreParameters.h" >+#include <JavaScriptCore/ConsoleTypes.h> > #include <WebCore/BlobDataFileReference.h> > #include <WebCore/CertificateInfo.h> > #include <WebCore/DiagnosticLoggingKeys.h> >@@ -390,9 +392,11 @@ static bool shouldCancelCrossOriginLoad(const ResourceResponse& response, const > RELEASE_ASSERT_NOT_REACHED(); > } > >+constexpr StringImpl::StaticStringImpl fromOriginErrorMessage { "Cancelled load because it violates the resource's From-Origin response header." }; >+ > static ResourceError fromOriginResourceError(const URL& url) > { >- return { errorDomainWebKitInternal, 0, url, ASCIILiteral { "Cancelled load because it violates the resource's From-Origin response header." }, ResourceError::Type::AccessControl }; >+ return { errorDomainWebKitInternal, 0, url, fromOriginErrorMessage, ResourceError::Type::AccessControl }; > } > > auto NetworkResourceLoader::didReceiveResponse(ResourceResponse&& receivedResponse) -> ShouldContinueDidReceiveResponse >@@ -425,18 +429,23 @@ auto NetworkResourceLoader::didReceiveResponse(ResourceResponse&& receivedRespon > return ShouldContinueDidReceiveResponse::Yes; > > ResourceError error; >- if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(m_response, m_parameters.frameAncestorOrigins)) >+ if (m_parameters.shouldEnableFromOriginResponseHeader && shouldCancelCrossOriginLoad(m_response, m_parameters.frameAncestorOrigins)) { > error = fromOriginResourceError(m_response.url()); >+ if (!error.isNull() && isMainResource()) { >+ send(Messages::WebPage::AddConsoleMessage { m_parameters.webFrameID, MessageSource::Security, MessageLevel::Error, fromOriginErrorMessage, 0 }, m_parameters.webPageID); >+ send(Messages::WebResourceLoader::StopLoadingAfterXFrameOptionsLikeViolation { }); >+ return ShouldContinueDidReceiveResponse::No; >+ } >+ } > if (error.isNull() && m_networkLoadChecker) > error = m_networkLoadChecker->validateResponse(m_response); > if (!error.isNull()) { >- // FIXME: We need to make a main resource load look successful to prevent leaking its existence. See <https://bugs.webkit.org/show_bug.cgi?id=185120>. >+ // Only subresources can fail to load. Main resources must look like they loaded successfully or we leak their existence. >+ RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!isMainResource()); > RunLoop::main().dispatch([protectedThis = makeRef(*this), error = WTFMove(error)] { > if (protectedThis->m_networkLoad) > protectedThis->didFailLoading(error); > }); >- // FIXME: We know that we are not going to continue this load. ShouldContinueDidReceiveResponse::No should only be returned when >- // the network process is waiting to receive message NetworkResourceLoader::ContinueDidReceiveResponse to continue a load. > return ShouldContinueDidReceiveResponse::No; > } > >diff --git a/Source/WebKit/Scripts/webkit/messages.py b/Source/WebKit/Scripts/webkit/messages.py >index 3ca1ff73f5f57e6a787977c627f54d1814267074..6ed46e925b5e591eaaa2935ddf059becfc11b678 100644 >--- a/Source/WebKit/Scripts/webkit/messages.py >+++ b/Source/WebKit/Scripts/webkit/messages.py >@@ -187,6 +187,8 @@ def forward_declarations_and_headers(receiver): > > no_forward_declaration_types = frozenset([ > 'MachSendRight', >+ 'MessageLevel', >+ 'MessageSource', > 'String', > 'WebCore::DocumentIdentifier', > 'WebCore::ServiceWorkerIdentifier', >@@ -368,6 +370,8 @@ def headers_for_type(type): > > special_cases = { > 'MachSendRight': ['<wtf/MachSendRight.h>'], >+ 'MessageLevel': ['<JavaScriptCore/ConsoleTypes.h>'], >+ 'MessageSource': ['<JavaScriptCore/ConsoleTypes.h>'], > 'MonotonicTime': ['<wtf/MonotonicTime.h>'], > 'Seconds': ['<wtf/Seconds.h>'], > 'WallTime': ['<wtf/WallTime.h>'], >diff --git a/Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp b/Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp >index 4b5e10418eda009ec21dfdf161ef4b3bde1ceb16..9a238ecfdeb93ac8988184066f1667b997aa505f 100644 >--- a/Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp >+++ b/Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp >@@ -35,6 +35,8 @@ > #include "WebCoreArgumentCoders.h" > #include "WebLoaderStrategy.h" > #include "WebMDNSRegisterMessages.h" >+#include "WebPage.h" >+#include "WebPageMessages.h" > #include "WebProcess.h" > #include "WebRTCMonitor.h" > #include "WebRTCMonitorMessages.h" >@@ -75,6 +77,11 @@ void NetworkProcessConnection::didReceiveMessage(IPC::Connection& connection, IP > stream->didReceiveMessage(connection, decoder); > return; > } >+ if (decoder.messageReceiverName() == Messages::WebPage::messageReceiverName()) { >+ if (auto* webPage = WebProcess::singleton().webPage(decoder.destinationID())) >+ webPage->didReceiveWebPageMessage(connection, decoder); >+ return; >+ } > > #if USE(LIBWEBRTC) > if (decoder.messageReceiverName() == Messages::WebRTCSocket::messageReceiverName()) { >diff --git a/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp b/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp >index ca464820560d3c13c18600ab08dbea1a7fd3dea3..f609a6e86d6e016836bffb24f9cc93cfc3c0c568 100644 >--- a/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp >+++ b/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp >@@ -180,6 +180,14 @@ void WebResourceLoader::didBlockAuthenticationChallenge() > m_coreLoader->didBlockAuthenticationChallenge(); > } > >+void WebResourceLoader::stopLoadingAfterXFrameOptionsLikeViolation() >+{ >+ LOG(Network, "(WebProcess) WebResourceLoader::stopLoadingAfterXFrameOptionsLikeViolation for '%s'", m_coreLoader->url().string().latin1().data()); >+ RELEASE_LOG_IF_ALLOWED("stopLoadingAfterXFrameOptionsLikeViolation: (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ")", m_trackingParameters.pageID, m_trackingParameters.frameID, m_trackingParameters.resourceID); >+ >+ m_coreLoader->documentLoader()->stopLoadingAfterXFrameOptionsLikeViolation(m_coreLoader->identifier(), ResourceResponse { }); >+} >+ > #if ENABLE(SHAREABLE_RESOURCE) > void WebResourceLoader::didReceiveResource(const ShareableResource::Handle& handle) > { >diff --git a/Source/WebKit/WebProcess/Network/WebResourceLoader.h b/Source/WebKit/WebProcess/Network/WebResourceLoader.h >index d2ae6a2bd64db1c2cb3449aa35e09bbe809c9169..d93cc0302bab0462983e67a59552e5a8f4978406 100644 >--- a/Source/WebKit/WebProcess/Network/WebResourceLoader.h >+++ b/Source/WebKit/WebProcess/Network/WebResourceLoader.h >@@ -82,6 +82,9 @@ private: > void didFinishResourceLoad(const WebCore::NetworkLoadMetrics&); > void didFailResourceLoad(const WebCore::ResourceError&); > void didBlockAuthenticationChallenge(); >+ >+ void stopLoadingAfterXFrameOptionsLikeViolation(); >+ > #if ENABLE(SHAREABLE_RESOURCE) > void didReceiveResource(const ShareableResource::Handle&); > #endif >diff --git a/Source/WebKit/WebProcess/Network/WebResourceLoader.messages.in b/Source/WebKit/WebProcess/Network/WebResourceLoader.messages.in >index 95f69cbceb0462f479cf73c3969ab3397658ded8..92d77453feb5a8c17b3e63cdfc8116af32fb7a9f 100644 >--- a/Source/WebKit/WebProcess/Network/WebResourceLoader.messages.in >+++ b/Source/WebKit/WebProcess/Network/WebResourceLoader.messages.in >@@ -30,6 +30,8 @@ messages -> WebResourceLoader LegacyReceiver { > DidFailResourceLoad(WebCore::ResourceError error) > DidBlockAuthenticationChallenge() > >+ StopLoadingAfterXFrameOptionsLikeViolation() >+ > #if ENABLE(SHAREABLE_RESOURCE) > // DidReceiveResource is for when we have the entire resource data available at once, such as when the resource is cached in memory > DidReceiveResource(WebKit::ShareableResource::Handle resource) >diff --git a/Source/WebKit/WebProcess/WebPage/WebFrame.cpp b/Source/WebKit/WebProcess/WebPage/WebFrame.cpp >index 16abe5571dc817cbff9b1b04ade1076c517ca38f..43c1ae0101acb047acc869c6135f7819daa5c33e 100644 >--- a/Source/WebKit/WebProcess/WebPage/WebFrame.cpp >+++ b/Source/WebKit/WebProcess/WebPage/WebFrame.cpp >@@ -315,6 +315,14 @@ void WebFrame::convertMainResourceLoadToDownload(DocumentLoader* documentLoader, > webProcess.ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::ConvertMainResourceLoadToDownload(sessionID, mainResourceLoadIdentifier, policyDownloadID, request, response), 0); > } > >+void WebFrame::addConsoleMessage(MessageSource messageSource, MessageLevel messageLevel, const String& message, uint64_t requestID) >+{ >+ if (!m_coreFrame) >+ return; >+ if (auto* document = m_coreFrame->document()) >+ document->addConsoleMessage(messageSource, messageLevel, message, requestID); >+} >+ > String WebFrame::source() const > { > if (!m_coreFrame) >diff --git a/Source/WebKit/WebProcess/WebPage/WebFrame.h b/Source/WebKit/WebProcess/WebPage/WebFrame.h >index 9fef7f13a2f07dc07eab974f18476a20e5a05430..a73d22db72377523be8bbe089fa15778289bdf2b 100644 >--- a/Source/WebKit/WebProcess/WebPage/WebFrame.h >+++ b/Source/WebKit/WebProcess/WebPage/WebFrame.h >@@ -30,6 +30,7 @@ > #include "ShareableBitmap.h" > #include "WKBase.h" > #include "WebFrameLoaderClient.h" >+#include <JavaScriptCore/ConsoleTypes.h> > #include <JavaScriptCore/JSBase.h> > #include <WebCore/FrameLoaderClient.h> > #include <WebCore/FrameLoaderTypes.h> >@@ -94,6 +95,8 @@ public: > void startDownload(const WebCore::ResourceRequest&, const String& suggestedName = { }); > void convertMainResourceLoadToDownload(WebCore::DocumentLoader*, PAL::SessionID, const WebCore::ResourceRequest&, const WebCore::ResourceResponse&); > >+ void addConsoleMessage(MessageSource, MessageLevel, const String&, uint64_t requestID = 0); >+ > String source() const; > String contentsAsString() const; > String selectionAsString() const; >diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.cpp b/Source/WebKit/WebProcess/WebPage/WebPage.cpp >index a82871d5691fba588ddb6655c435fbe71a1638b0..4140f2bfaf66911cf1bce71118f2fc3fdfda5949 100644 >--- a/Source/WebKit/WebProcess/WebPage/WebPage.cpp >+++ b/Source/WebKit/WebProcess/WebPage/WebPage.cpp >@@ -3297,6 +3297,12 @@ WebFullScreenManager* WebPage::fullScreenManager() > } > #endif > >+void WebPage::addConsoleMessage(uint64_t frameID, MessageSource messageSource, MessageLevel messageLevel, const String& message, uint64_t requestID) >+{ >+ if (auto* frame = WebProcess::singleton().webFrame(frameID)) >+ frame->addConsoleMessage(messageSource, messageLevel, message, requestID); >+} >+ > NotificationPermissionRequestManager* WebPage::notificationPermissionRequestManager() > { > if (m_notificationPermissionRequestManager) >diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.h b/Source/WebKit/WebProcess/WebPage/WebPage.h >index 9780cfc6c5af840cbdafb1d093eca8e4e2eef2f1..4fa201db854f84e1e8941e62d409b48007e7b6df 100644 >--- a/Source/WebKit/WebProcess/WebPage/WebPage.h >+++ b/Source/WebKit/WebProcess/WebPage/WebPage.h >@@ -304,6 +304,8 @@ public: > WebFullScreenManager* fullScreenManager(); > #endif > >+ void addConsoleMessage(uint64_t frameID, MessageSource, MessageLevel, const String&, uint64_t requestID = 0); >+ > // -- Called by the DrawingArea. > // FIXME: We could genericize these into a DrawingArea client interface. Would that be beneficial? > void drawRect(WebCore::GraphicsContext&, const WebCore::IntRect&); >@@ -1077,6 +1079,8 @@ public: > > bool isSuspended() const { return m_isSuspended; } > >+ void didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&); >+ > private: > WebPage(uint64_t pageID, WebPageCreationParameters&&); > >@@ -1099,7 +1103,6 @@ private: > void sendTouchBarMenuItemDataRemovedUpdate(WebCore::HTMLMenuItemElement&); > #endif > >- void didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&); > void didReceiveSyncWebPageMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder>&); > > #if PLATFORM(IOS) >diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.messages.in b/Source/WebKit/WebProcess/WebPage/WebPage.messages.in >index 5d1cf6f14227d3179861d6fdd4297c8d7d0b77b3..32dccb5c4011321e1794a03572b4c82437171e3e 100644 >--- a/Source/WebKit/WebProcess/WebPage/WebPage.messages.in >+++ b/Source/WebKit/WebProcess/WebPage/WebPage.messages.in >@@ -27,6 +27,8 @@ messages -> WebPage LegacyReceiver { > > SetDrawsBackground(bool drawsBackground) > >+ AddConsoleMessage(uint64_t frameID, enum MessageSource messageSource, enum MessageLevel messageLevel, String message, uint64_t requestID) >+ > #if PLATFORM(COCOA) > SetTopContentInsetFenced(float contentInset, IPC::Attachment fencePort) > #endif >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 25096b07600519f69bbbe2613095c1619072e205..80acfbe1fd7c865d7ca19602d17e8e19a07e9fd6 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,18 @@ >+2018-05-04 Daniel Bates <dabates@apple.com> >+ >+ Load violation in network process should make main resource loads look successful >+ https://bugs.webkit.org/show_bug.cgi?id=185120 >+ <rdar://problem/39825500> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Update test sandboxed-sub-frame-from-origin-same-blocked.html and its expected result now >+ that we fire a DOM load event at the frame for a blocked load. A side benefit of this is >+ that we no longer need to wait 500 ms to know if the test PASSED. >+ >+ * http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt: >+ * http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html: >+ > 2018-05-04 Youenn Fablet <youenn@apple.com> > > PeerConnection should have its connectionState closed even if doing gathering >diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt >index 946da80854ac36762dc13113109fb741e2faf933..c03dd9574410b1f1b278dc598a17d49a014b3b32 100644 >--- a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt >+++ b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked-expected.txt >@@ -1,10 +1,10 @@ > CONSOLE MESSAGE: Cancelled load because it violates the resource's From-Origin response header. >-Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed. >+Tests that a cross-origin document load is blocked (the iframe should be empty) if 'From-Origin: same' is in the the HTTP response and the iframe is sandboxed. > > On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". > > >-PASS Timeout fired without iframe onload event fired. >+PASS Document load succeeded. > PASS successfullyParsed is true > > TEST COMPLETE >diff --git a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html >index f9e125ed1ea65f7a3f50de310c3f9fb859b6f7f7..0d7102e672ff077d5f27f2b5191fa9d2a7f8e9fe 100644 >--- a/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html >+++ b/LayoutTests/http/tests/from-origin/sandboxed-sub-frame-from-origin-same-blocked.html >@@ -3,24 +3,18 @@ > <head> > <script src="/js-test-resources/js-test.js"></script> > <script> >- description("Tests that a cross-origin document load fails if the server blocks cross-origin loads with a 'From-Origin: same' response header and the iframe is sandboxed."); >+ description("Tests that a cross-origin document load is blocked (the iframe should be empty) if 'From-Origin: same' is in the the HTTP response and the iframe is sandboxed."); > jsTestIsAsync = true; > testRunner.dumpChildFramesAsText(); > >- function iframeLoadError() { >- testPassed("Timeout fired without iframe onload event fired."); >+ function passAndNotifyDone() >+ { >+ testPassed("Document load succeeded."); > finishJSTest(); > } >- >- function iframeLoadSuccess() { >- testFailed("Document load succeeded."); >- finishJSTest(); >- } >- >- setTimeout("iframeLoadError()", 500); > </script> > </head> > <body> >-<iframe src="http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same" sandbox="" onload="iframeLoadSuccess()"></iframe> >+<iframe src="http://localhost:8000/from-origin/resources/iframe.php?fromOrigin=same" sandbox="" onload="passAndNotifyDone()"></iframe> > </body> > </html>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=339589">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185120
:
339589
|
385719