WebKit Bugzilla
Attachment 342490 Details for
Bug 186550
: Apply CSP checks before Content blocker checks in NetworkLoadChecker as done by CachedResourceLoader
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186550-20180611171309.patch (text/plain), 3.34 KB, created by
youenn fablet
on 2018-06-11 17:13:10 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-06-11 17:13:10 PDT
Size:
3.34 KB
patch
obsolete
>Subversion Revision: 232720 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index f1afd16924c7fee46c204759ed1075673e07b98d..46c1b532e964121c67070356d5b1db1c4f996080 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,14 @@ >+2018-06-11 Youenn Fablet <youenn@apple.com> >+ >+ Apply CSP checks before Content blocker checks in NetworkLoadChecker as done by CachedResourceLoader >+ https://bugs.webkit.org/show_bug.cgi?id=186550 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * NetworkProcess/NetworkLoadChecker.cpp: >+ (WebKit::NetworkLoadChecker::checkRequest): >+ (WebKit::NetworkLoadChecker::continueCheckingRequest): >+ > 2018-06-10 Carlos Garcia Campos <cgarcia@igalia.com> > > [GTK][WPE] Add API run run javascript from a WebKitWebView in an isolated world >diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >index d0f21256534a9be2de01838b9e0ba6965caa074d..00a89902842333cc6da3658b39f479a4d4df970c 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >@@ -193,6 +193,20 @@ auto NetworkLoadChecker::accessControlErrorForValidationHandler(String&& message > > void NetworkLoadChecker::checkRequest(ResourceRequest&& request, ValidationHandler&& handler) > { >+ if (auto* contentSecurityPolicy = this->contentSecurityPolicy()) { >+ if (isRedirected()) { >+ URL url = request.url(); >+ auto type = m_options.mode == FetchOptions::Mode::Navigate ? ContentSecurityPolicy::InsecureRequestType::Navigation : ContentSecurityPolicy::InsecureRequestType::Load; >+ contentSecurityPolicy->upgradeInsecureRequestIfNeeded(url, type); >+ if (url != request.url()) >+ request.setURL(url); >+ } >+ if (!isAllowedByContentSecurityPolicy(request)) { >+ handler(accessControlErrorForValidationHandler(ASCIILiteral { "Blocked by Content Security Policy." })); >+ return; >+ } >+ } >+ > #if ENABLE(CONTENT_EXTENSIONS) > processContentExtensionRulesForLoad(WTFMove(request), [this, handler = WTFMove(handler)](auto result) mutable { > if (!result.has_value()) { >@@ -248,20 +262,6 @@ bool NetworkLoadChecker::isAllowedByContentSecurityPolicy(const ResourceRequest& > > void NetworkLoadChecker::continueCheckingRequest(ResourceRequest&& request, ValidationHandler&& handler) > { >- if (auto* contentSecurityPolicy = this->contentSecurityPolicy()) { >- if (isRedirected()) { >- URL url = request.url(); >- auto type = m_options.mode == FetchOptions::Mode::Navigate ? ContentSecurityPolicy::InsecureRequestType::Navigation : ContentSecurityPolicy::InsecureRequestType::Load; >- contentSecurityPolicy->upgradeInsecureRequestIfNeeded(url, type); >- if (url != request.url()) >- request.setURL(url); >- } >- if (!isAllowedByContentSecurityPolicy(request)) { >- handler(accessControlErrorForValidationHandler(ASCIILiteral { "Blocked by Content Security Policy." })); >- return; >- } >- } >- > if (m_options.credentials == FetchOptions::Credentials::SameOrigin) > m_storedCredentialsPolicy = m_isSameOriginRequest && m_origin->canRequest(request.url()) ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=342490">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186550
:
342490
|
342495
|
342501
|
342503
|
342528