Bug 184980 - Perform CSP checks for redirects in network process for consistency with other checks that avoid sending the redirect response to the web process
Summary: Perform CSP checks for redirects in network process for consistency with othe...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-04-25 10:49 PDT by Daniel Bates
Modified: 2018-04-25 10:51 PDT (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2018-04-25 10:49:20 PDT
From bug 184149, comment 7, "Youenn expressed an interest in standardizing on IPC messaging semantics between the network process and web content process that avoids passing HTTP response data to the web content process until the last possible moment (*). If we want to do this then we will need to duplicate in the network process all the CSP redirection checks we do in the web content process. Elaborating further, we need to duplicate these checks because we will always need to keep code in WebCore to do the CSP checks for redirections to continue to support CSP in WebKit Legacy." This bug is to track this effort, further detailed in that same comment as option (2):

[[
Option 2: Duplicate frame-ancestor check and all CSP checks applied to redirect requests in the network process.
    Advantage: Network process does not need to message web content process on each redirect request to ask if the load is allowed by the page's CSP policy; => avoid IPC.
    Disadvantage: Must duplicate all CSP checks for redirects in network process to avoid the need to message web content process on each redirect request to ask if the load is allowed by the page's CSP policy. (We may be able to extract some or all of the CSP checks, at least the checks in  CachedResourceLoader, into a common functions that is used both by the network process and WebCore. It is non-trivial to do this refactor).
]]

(*) This is motivated by the desire to have a process-per-origin and only have cross-origin data in the same address space when such cross-origin data has passed all security checks and hence must be delivered to the web content process in order to avoid breaking the web.