Bug 185681 - Cross-Origin-Options: deny/allow-postmessage should prevent getting navigated by cross-origin scripts
Summary: Cross-Origin-Options: deny/allow-postmessage should prevent getting navigated...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on: 184996
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-16 09:45 PDT by Chris Dumez
Modified: 2018-05-17 11:23 PDT (History)
10 users (show)

See Also:


Attachments
Patch (30.75 KB, patch)
2018-05-16 14:51 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff
Patch (30.76 KB, patch)
2018-05-17 10:44 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2018-05-16 09:45:04 PDT
Cross-Origin-Options: deny/allow-postmessage should prevent getting navigated by cross-origin scripts.

My plan is to add a check for Cross-Origin-Options to our "allowed to navigate" logic [1].

[1] https://html.spec.whatwg.org/#allowed-to-navigate
Comment 1 Chris Dumez 2018-05-16 09:45:19 PDT
<rdar://problem/40296313>
Comment 2 Chris Dumez 2018-05-16 14:51:49 PDT
Created attachment 340526 [details]
Patch
Comment 3 Geoffrey Garen 2018-05-17 10:21:33 PDT
Comment on attachment 340526 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=340526&action=review

r=me

> Source/WebCore/ChangeLog:9
> +        Update our canNavigation() implementation [1] to take into account the Cross-Origin-Options header.

canNavigate

> Source/WebCore/ChangeLog:15
> +        possible to trigger a "targetted" navigation via <a target="foo"> or open(url, "foo").

targeted
Comment 4 Chris Dumez 2018-05-17 10:44:38 PDT
Created attachment 340597 [details]
Patch
Comment 5 WebKit Commit Bot 2018-05-17 11:22:39 PDT
The commit-queue encountered the following flaky tests while processing attachment 340597 [details]:

media/modern-media-controls/volume-support/volume-support-click.html bug 164229 (author: graouts@apple.com)
The commit-queue is continuing to process your patch.
Comment 6 WebKit Commit Bot 2018-05-17 11:23:28 PDT
Comment on attachment 340597 [details]
Patch

Clearing flags on attachment: 340597

Committed r231911: <https://trac.webkit.org/changeset/231911>
Comment 7 WebKit Commit Bot 2018-05-17 11:23:30 PDT
All reviewed patches have been landed.  Closing bug.