RESOLVED FIXED 191138
[PSON] Unable to submit a file in FormData cross-site 
https://bugs.webkit.org/show_bug.cgi?id=191138
Summary [PSON] Unable to submit a file in FormData cross-site
Chris Dumez
Reported 2018-10-31 16:05:52 PDT
When PSON is enabled, we are unable to submit a file in FormData cross-site. Although we encode the request body over IPC since r237639, we're missing the right sandbox extensions for its to work for files.
Attachments
Patch (9.12 KB, patch)
2018-10-31 16:12 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (9.13 KB, patch)
2018-10-31 16:20 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews200 for win-future (12.93 MB, application/zip)
2018-10-31 21:13 PDT, EWS Watchlist 		no flags
Details
Patch (9.82 KB, patch)
2018-11-01 08:52 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2018-10-31 16:12:17 PDT
Created attachment 353544 [details] Patch
Chris Dumez
Comment 2 2018-10-31 16:20:28 PDT
Created attachment 353546 [details] Patch
EWS Watchlist
Comment 3 2018-10-31 21:13:28 PDT
Comment on attachment 353546 [details] Patch Attachment 353546 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/9806291 New failing tests: http/tests/misc/form-submit-file-cross-site.html
EWS Watchlist
Comment 4 2018-10-31 21:13:39 PDT
Created attachment 353580 [details] Archive of layout-test-results from ews200 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews200 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Chris Dumez
Comment 5 2018-11-01 08:52:47 PDT
Created attachment 353603 [details] Patch
Alex Christensen
Comment 6 2018-11-01 08:59:26 PDT
Comment on attachment 353603 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353603&action=review > Source/WebKit/Platform/IPC/FormDataReference.h:89 > + WebKit::SandboxExtension::consumePermanently(sandboxExtensionHandles->at(i)); Do we need permanent access to those files?
Chris Dumez
Comment 7 2018-11-01 09:11:34 PDT
(In reply to Alex Christensen from comment #6) > Comment on attachment 353603 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=353603&action=review > > > Source/WebKit/Platform/IPC/FormDataReference.h:89 > > + WebKit::SandboxExtension::consumePermanently(sandboxExtensionHandles->at(i)); > > Do we need permanent access to those files? This is what is normally done for file uploads, see: void WebPage::extendSandboxForFilesFromOpenPanel(SandboxExtension::HandleArray&& handles) { for (size_t i = 0; i < handles.size(); ++i) { bool result = SandboxExtension::consumePermanently(handles[i]); if (!result) { // We have reports of cases where this fails for some unknown reason, <rdar://problem/10156710>. WTFLogAlways("WebPage::extendSandboxForFileFromOpenPanel(): Could not consume a sandbox extension"); } } } and { for (size_t i = 0; i < m_pendingDropExtensionsForFileUpload.size(); i++) m_pendingDropExtensionsForFileUpload[i]->consumePermanently(); m_pendingDropExtensionsForFileUpload.clear(); }
WebKit Commit Bot
Comment 8 2018-11-01 10:10:07 PDT
Comment on attachment 353603 [details] Patch Clearing flags on attachment: 353603 Committed r237683: <https://trac.webkit.org/changeset/237683>
WebKit Commit Bot
Comment 9 2018-11-01 10:10:09 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 10 2018-11-01 10:11:43 PDT
<rdar://problem/45732902>
Note You need to log in before you can comment on or make changes to this bug.