Bug 190046

Summary:

Web Inspector: crash in InspectorNetworkAgent::didReceiveResponse when loading denied x-frame resources

Product:

WebKit

Reporter:

Devin Rousso <hi>

Component:

Web Inspector

Assignee:

Devin Rousso <hi>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, dbates, ews-watchlist, inspector-bugzilla-changes, joepeck, mkwst, rniwa, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch	none
Archive of layout-test-results from ews106 for mac-sierra-wk2	none
Archive of layout-test-results from ews121 for ios-simulator-wk2	none
Patch	none
Patch	none

Devin Rousso

Reported 2018-09-27 11:08:32 PDT

Create a test file "crash.html" and add the following to it: <iframe src="http://devinrousso.com"></iframe> Open the file in release/debug, open WebInspector, and refresh the page. This is caused by the `ResourceResponse` being "null", which means we generate a `nullptr` value for our `Inspector::Protocol::Network::Response`, which isn't JSON serializable, so crash.

Attachments
Patch (9.65 KB, patch) 2018-09-27 11:33 PDT, Devin Rousso	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews106 for mac-sierra-wk2 (3.27 MB, application/zip) 2018-09-27 12:32 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews121 for ios-simulator-wk2 (2.51 MB, application/zip) 2018-09-27 16:58 PDT, EWS Watchlist	no flags	Details
Patch (9.22 KB, patch) 2018-09-27 23:37 PDT, Devin Rousso	no flags	Details Formatted Diff Diff
Patch (9.88 KB, patch) 2018-09-28 14:58 PDT, Devin Rousso	no flags	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Devin Rousso

Comment 1 2018-09-27 11:33:20 PDT

Created attachment 350982 [details] Patch

EWS Watchlist

Comment 2 2018-09-27 12:32:14 PDT Comment hidden (obsolete)

Comment on attachment 350982 [details] Patch Attachment 350982 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/9370787 New failing tests: imported/w3c/web-platform-tests/service-workers/service-worker/navigation-redirect-to-http.https.html http/wpt/service-workers/header-filtering.https.html imported/w3c/web-platform-tests/xhr/access-control-basic-cors-safelisted-response-headers.htm http/tests/fetch/redirectmode-and-preload.html imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-worker.html imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https.html http/tests/fetch/caching-with-different-options.html imported/w3c/web-platform-tests/service-workers/service-worker/redirected-response.https.html imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.html http/tests/xmlhttprequest/access-control-basic-whitelist-response-headers.html http/tests/webarchive/cross-origin-stylesheet-crash.html

EWS Watchlist

Comment 3 2018-09-27 12:32:15 PDT Comment hidden (obsolete)

Created attachment 350985 [details] Archive of layout-test-results from ews106 for mac-sierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6

EWS Watchlist

Comment 4 2018-09-27 16:58:18 PDT Comment hidden (obsolete)

Comment on attachment 350982 [details] Patch Attachment 350982 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/9373286 New failing tests: imported/w3c/web-platform-tests/service-workers/service-worker/navigation-redirect-to-http.https.html http/wpt/service-workers/header-filtering.https.html imported/w3c/web-platform-tests/xhr/access-control-basic-cors-safelisted-response-headers.htm http/tests/fetch/redirectmode-and-preload.html imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-worker.html imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https.html http/tests/fetch/caching-with-different-options.html imported/w3c/web-platform-tests/service-workers/service-worker/redirected-response.https.html imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.html http/tests/xmlhttprequest/access-control-basic-whitelist-response-headers.html

EWS Watchlist

Comment 5 2018-09-27 16:58:20 PDT Comment hidden (obsolete)

Created attachment 351021 [details] Archive of layout-test-results from ews121 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews121 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6

Devin Rousso

Comment 6 2018-09-27 23:37:50 PDT

Created attachment 351058 [details] Patch

Joseph Pecoraro

Comment 7 2018-09-28 10:24:09 PDT

Comment on attachment 350982 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=350982&action=review Oops apparently I never submitted these comments. > Source/WebKit/WebProcess/Network/WebResourceLoader.cpp:190 > - m_coreLoader->documentLoader()->stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(m_coreLoader->identifier(), ResourceResponse { }); > + m_coreLoader->documentLoader()->stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(m_coreLoader->identifier(), response); My guess is that this now non-null response is going to cause differences in WebCore handling of the response separate from Web Inspector code. That might be a good thing or a bad thing. It looks like some tests saw differences. > LayoutTests/http/tests/inspector/network/x-frame-options.html:18 > + description: "Ensure that x-frame/CSP denials are recieved and don't crash.", Nit: "X-Frame-Options" instead of "x-frame" is clearer and easier to search for. Also drop the "don't crash" part, which is pretty much always our expectation. This fix eliminates the crash but then also provides inspector with the correct data it wasn't getting before and the description of the test can be the latter which. > LayoutTests/http/tests/inspector/network/x-frame-options.html:35 > +<p>Tests for various x-frame-options headers.</p> Nit: X-Frame-Options Did you want to add another test for a different option, like "sameorigin"?

Joseph Pecoraro

Comment 8 2018-09-28 10:25:13 PDT

Comment on attachment 351058 [details] Patch r=me, but the same comments apply regarding the test.

Devin Rousso

Comment 9 2018-09-28 14:58:09 PDT

Created attachment 351117 [details] Patch

WebKit Commit Bot

Comment 10 2018-09-28 17:22:15 PDT

Comment on attachment 351117 [details] Patch Clearing flags on attachment: 351117 Committed r236627: <https://trac.webkit.org/changeset/236627>

WebKit Commit Bot

Comment 11 2018-09-28 17:22:17 PDT

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 12 2018-09-28 17:23:38 PDT

<rdar://problem/44879692>

Note You need to log in before you can comment on or make changes to this bug.