WebKit Bugzilla
Attachment 341580 Details for
Bug 185807
: REGRESSION (r231107): Test http/tests/quicklook/same-origin-xmlhttprequest-allowed.html logs CSP failure
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Special casing quick look
bug-185807-20180530102503.patch (text/plain), 5.06 KB, created by
youenn fablet
on 2018-05-30 10:25:03 PDT
(
hide
)
Description:
Special casing quick look
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-05-30 10:25:03 PDT
Size:
5.06 KB
patch
obsolete
>Subversion Revision: 232263 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 960240abc14efd2a24e8fa10d35a1cfc1d97a647..2cf62e2addbe5bb40aafbbc050b571242ffe7aba 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,15 @@ >+2018-05-30 Youenn Fablet <youenn@apple.com> >+ >+ REGRESSION (r231107): Test http/tests/quicklook/same-origin-xmlhttprequest-allowed.html logs CSP failure >+ https://bugs.webkit.org/show_bug.cgi?id=185807 >+ <rdar://problem/40402483> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Covered by rebased test. >+ >+ * loader/SubresourceLoader.h: >+ > 2018-05-29 Youenn Fablet <youenn@apple.com> > > Rename FromOrigin runtime flag to CrossOriginResourcePolicy and enable it by default >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 185006659141ac746c33b4a40ee01286f7254fb8..e65f2c8037f3207d39d5ae2bf7d24d8eda5db1cd 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,18 @@ >+2018-05-30 Youenn Fablet <youenn@apple.com> >+ >+ REGRESSION (r231107): Test http/tests/quicklook/same-origin-xmlhttprequest-allowed.html logs CSP failure >+ https://bugs.webkit.org/show_bug.cgi?id=185807 >+ <rdar://problem/40402483> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add a special case for quick look loads that are converted to about: URL. >+ This disables security checks for this load, which is ok since about: URL >+ does not contain any information. >+ >+ * WebProcess/Network/WebLoaderStrategy.cpp: >+ (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess): >+ > 2018-05-29 Youenn Fablet <youenn@apple.com> > > Rename FromOrigin runtime flag to CrossOriginResourcePolicy and enable it by default >diff --git a/Source/WebCore/loader/SubresourceLoader.h b/Source/WebCore/loader/SubresourceLoader.h >index c673818e041c86b8aa25ac79bb98d515ea461d39..9aa71568196952f71f0371e373420d7396dee383 100644 >--- a/Source/WebCore/loader/SubresourceLoader.h >+++ b/Source/WebCore/loader/SubresourceLoader.h >@@ -49,7 +49,7 @@ public: > > void cancelIfNotFinishing(); > bool isSubresourceLoader() const override; >- CachedResource* cachedResource(); >+ WEBCORE_EXPORT CachedResource* cachedResource(); > WEBCORE_EXPORT const HTTPHeaderMap* originalHeaders() const; > > SecurityOrigin* origin() { return m_origin.get(); } >diff --git a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >index 097b8bbd3ecf4551f671eb3a847ebf3e920e0ea6..0861a737b524f90689720e35da087639fcde0904 100644 >--- a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >+++ b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >@@ -325,6 +325,11 @@ void WebLoaderStrategy::scheduleLoadFromNetworkProcess(ResourceLoader& resourceL > > loadParameters.shouldRestrictHTTPResponseAccess = shouldPerformSecurityChecks(); > >+#if USE(QUICK_LOOK) >+ if (loadParameters.shouldRestrictHTTPResponseAccess && resourceLoader.isSubresourceLoader()) >+ loadParameters.shouldRestrictHTTPResponseAccess = !isQuickLookPreviewURL(static_cast<SubresourceLoader&>(resourceLoader).cachedResource()->resourceRequest().url()) || !request.url().protocolIs("about"); >+#endif >+ > loadParameters.isMainFrameNavigation = resourceLoader.frame() && resourceLoader.frame()->isMainFrame() && resourceLoader.options().mode == FetchOptions::Mode::Navigate; > > loadParameters.shouldEnableCrossOriginResourcePolicy = RuntimeEnabledFeatures::sharedFeatures().crossOriginResourcePolicyEnabled() && !loadParameters.isMainFrameNavigation; >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index da391209cb8417770fdc423a2e0f5a65615cc7f8..9a9fc41438af67fd475cdef1b38a1cf730e4c1dd 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,13 @@ >+2018-05-30 Youenn Fablet <youenn@apple.com> >+ >+ REGRESSION (r231107): Test http/tests/quicklook/same-origin-xmlhttprequest-allowed.html logs CSP failure >+ https://bugs.webkit.org/show_bug.cgi?id=185807 >+ <rdar://problem/40402483> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/tests/quicklook/same-origin-xmlhttprequest-allowed-expected.txt: >+ > 2018-05-29 Youenn Fablet <youenn@apple.com> > > Rename CrossOriginResourcePolicy same to same-origin >diff --git a/LayoutTests/http/tests/quicklook/same-origin-xmlhttprequest-allowed-expected.txt b/LayoutTests/http/tests/quicklook/same-origin-xmlhttprequest-allowed-expected.txt >index ead1bcd221a0bd65c6571d96455cbebc61fc3c0b..f801dad8aecc2781efc61b74577004703e96a8b3 100644 >--- a/LayoutTests/http/tests/quicklook/same-origin-xmlhttprequest-allowed-expected.txt >+++ b/LayoutTests/http/tests/quicklook/same-origin-xmlhttprequest-allowed-expected.txt >@@ -1,6 +1,3 @@ >-CONSOLE MESSAGE: Refused to connect to about: because it appears in neither the connect-src directive nor the default-src directive of the Content Security Policy. >-CONSOLE MESSAGE: Blocked by Content Security Policy. >-CONSOLE MESSAGE: XMLHttpRequest cannot load about: due to access control checks. > CONSOLE MESSAGE: line 1: PASS: XMLHttpRequest allowed > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=341580">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185807
: 341580