Bug 185681

Summary: Cross-Origin-Options: deny/allow-postmessage should prevent getting navigated by cross-origin scripts
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, dbates, esprehn+autocc, ews-watchlist, ggaren, kangil.han, rniwa, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 184996    
Bug Blocks:    
Attachments:
Description Flags
Patch
none
Patch none

Description Chris Dumez 2018-05-16 09:45:04 PDT 
Cross-Origin-Options: deny/allow-postmessage should prevent getting navigated by cross-origin scripts.

My plan is to add a check for Cross-Origin-Options to our "allowed to navigate" logic [1].

[1] https://html.spec.whatwg.org/#allowed-to-navigate
Comment 1 Chris Dumez 2018-05-16 09:45:19 PDT 
<rdar://problem/40296313>
Comment 2 Chris Dumez 2018-05-16 14:51:49 PDT 
Created attachment 340526 [details]
Patch
Comment 3 Geoffrey Garen 2018-05-17 10:21:33 PDT 
Comment on attachment 340526 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=340526&action=review

r=me

> Source/WebCore/ChangeLog:9
> +        Update our canNavigation() implementation [1] to take into account the Cross-Origin-Options header.

canNavigate

> Source/WebCore/ChangeLog:15
> +        possible to trigger a "targetted" navigation via <a target="foo"> or open(url, "foo").

targeted
Comment 4 Chris Dumez 2018-05-17 10:44:38 PDT 
Created attachment 340597 [details]
Patch
Comment 5 WebKit Commit Bot 2018-05-17 11:22:39 PDT 
The commit-queue encountered the following flaky tests while processing attachment 340597 [details]:

media/modern-media-controls/volume-support/volume-support-click.html bug 164229 (author: graouts@apple.com)
The commit-queue is continuing to process your patch.
Comment 6 WebKit Commit Bot 2018-05-17 11:23:28 PDT 
Comment on attachment 340597 [details]
Patch

Clearing flags on attachment: 340597

Committed r231911: <https://trac.webkit.org/changeset/231911>
Comment 7 WebKit Commit Bot 2018-05-17 11:23:30 PDT 
All reviewed patches have been landed.  Closing bug.