Skip to content
Permalink
Browse files
Restrict Referer to just the origin for third parties in private mode…
… and third parties ITP blocks cookies for in regular mode

https://bugs.webkit.org/show_bug.cgi?id=182559
<rdar://problem/36990337>

Reviewed by Andy Estes.

Source/WebCore:

Tests: http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html
       http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html
       http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html
       http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html

* page/SecurityPolicy.cpp:
(WebCore::SecurityPolicy::referrerToOriginString):
    Now exposed within WebCore. This is to make sure we create a proper referrer
    string in WebCore::ResourceRequestBase::setExistingHTTPReferrerToOriginString().
(WebCore::referrerToOriginString): Deleted.
    Used to be internal.
* page/SecurityPolicy.h:
* platform/network/ResourceRequestBase.cpp:
(WebCore::ResourceRequestBase::setExistingHTTPReferrerToOriginString):
    New, exported function used in WebKit. Note that this function does not
    set the referrer if the request has none since before.
* platform/network/ResourceRequestBase.h:

Source/WebKit:

* NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::isThirdPartyRequest):
    New convenience function. Checks whether the resource shares
    partition with the first party.
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
    Now strips the referrer to just the origin for:
    1. All third party requests in private mode.
    2. Third party requests to domains that ITP blocks cookies for.
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
    Now strips the referrer in redirects to just the origin for:
    1. All third party requests in private mode.
    2. Third party requests to domains that ITP blocks cookies for.

LayoutTests:

* TestExpectations:
    New tests marked as [ Skip ]. The change only applies to iOS and Mac.
* http/tests/resourceLoadStatistics/resources/echo-referrer.php: Added.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects-expected.txt: Added.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html: Added.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests-expected.txt: Added.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html: Added.
* http/tests/security/resources/echo-referrer.php: Added.
* http/tests/security/resources/redirect.php: Added.
* http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode-expected.txt: Added.
* http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html: Added.
* http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode-expected.txt: Added.
* http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html: Added.
* platform/ios/TestExpectations:
    New tests marked as [ Pass ].
* platform/mac-wk2/TestExpectations:
    New tests marked as [ Pass ].
* platform/wk2/TestExpectations:
    New tests marked as [ Skip ].


Canonical link: https://commits.webkit.org/198377@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@228239 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
johnwilander committed Feb 7, 2018
1 parent 0503543 commit 220dc25e48625be4fe07921358798caa9a1f1689
Showing with 423 additions and 5 deletions.
  1. +28 −0 LayoutTests/ChangeLog
  2. +2 −0 LayoutTests/TestExpectations
  3. +4 −0 LayoutTests/http/tests/resourceLoadStatistics/resources/echo-referrer.php
  4. +15 −0 .../resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects-expected.txt
  5. +54 −0 ...tp/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html
  6. +16 −0 ...s/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests-expected.txt
  7. +65 −0 ...ttp/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html
  8. +4 −0 LayoutTests/http/tests/security/resources/echo-referrer.php
  9. +14 −0 LayoutTests/http/tests/security/resources/redirect.php
  10. +15 −0 ...tp/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode-expected.txt
  11. +39 −0 ...Tests/http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html
  12. +16 −0 ...ttp/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode-expected.txt
  13. +48 −0 ...tTests/http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html
  14. +6 −0 LayoutTests/platform/ios/TestExpectations
  15. +6 −0 LayoutTests/platform/mac-wk2/TestExpectations
  16. +2 −0 LayoutTests/platform/wk2/TestExpectations
  17. +27 −0 Source/WebCore/ChangeLog
  18. +1 −1 Source/WebCore/page/SecurityPolicy.cpp
  19. +4 −0 Source/WebCore/page/SecurityPolicy.h
  20. +9 −0 Source/WebCore/platform/network/ResourceRequestBase.cpp
  21. +1 −0 Source/WebCore/platform/network/ResourceRequestBase.h
  22. +22 −0 Source/WebKit/ChangeLog
  23. +1 −0 Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h
  24. +24 −4 Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
@@ -1,3 +1,31 @@
2018-02-07 John Wilander <wilander@apple.com>

Restrict Referer to just the origin for third parties in private mode and third parties ITP blocks cookies for in regular mode
https://bugs.webkit.org/show_bug.cgi?id=182559
<rdar://problem/36990337>

Reviewed by Andy Estes.

* TestExpectations:
New tests marked as [ Skip ]. The change only applies to iOS and Mac.
* http/tests/resourceLoadStatistics/resources/echo-referrer.php: Added.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects-expected.txt: Added.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html: Added.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests-expected.txt: Added.
* http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html: Added.
* http/tests/security/resources/echo-referrer.php: Added.
* http/tests/security/resources/redirect.php: Added.
* http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode-expected.txt: Added.
* http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html: Added.
* http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode-expected.txt: Added.
* http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html: Added.
* platform/ios/TestExpectations:
New tests marked as [ Pass ].
* platform/mac-wk2/TestExpectations:
New tests marked as [ Pass ].
* platform/wk2/TestExpectations:
New tests marked as [ Skip ].

2018-02-07 Matt Lewis <jlewis3@apple.com>

Adjusted test expectations for storage/indexeddb/modern/idbtransaction-objectstore-failures.html.
@@ -128,6 +128,8 @@ fast/media/mq-inverted-colors-live-update-in-subframes.html [ Skip ]
fast/media/mq-monochrome-live-update.html [ Skip ]
fast/media/mq-prefers-reduced-motion-live-update.html [ Skip ]
http/tests/loading/basic-auth-remove-credentials.html [ Skip ]
http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html [ Skip ]
http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html [ Skip ]

# ApplePay is only available on iOS (greater than iOS 10) and macOS (greater than macOS 10.12) and only for WebKit2.
http/tests/ssl/applepay/ [ Skip ]
@@ -0,0 +1,4 @@
<?php
header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
echo $_SERVER['HTTP_REFERER'];
?>
@@ -0,0 +1,15 @@
Tests that only the origin is sent as referrer in redirects to prevalent resources without user interaction.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".


PASS referrer is "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html"
PASS successfullyParsed is true

TEST COMPLETE


--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
http://127.0.0.1:8000/
@@ -0,0 +1,54 @@
<!DOCTYPE html>
<html>
<head>
<script src="/js-test-resources/js-test.js"></script>
</head>
<body>
<script>
description("Tests that only the origin is sent as referrer in redirects to prevalent resources without user interaction.");
jsTestIsAsync = true;
testRunner.dumpChildFramesAsText();

function setEnableFeature(enable) {
if (!enable)
testRunner.statisticsResetToConsistentState();
internals.setResourceLoadStatisticsEnabled(enable);
testRunner.setCookieStoragePartitioningEnabled(enable);
}

function openIframe(url, onLoadHandler) {
const element = document.createElement("iframe");
element.src = url;
if (onLoadHandler) {
element.onload = onLoadHandler;
}
document.body.appendChild(element);
}

setEnableFeature(true);
if (testRunner.isStatisticsPrevalentResource("http://localhost"))
testFailed("Localhost was classified as prevalent resource before the test started.");

var referrer;
fetch("resources/echo-referrer.php").then(function(response) {
return response.text();
}).then(function(data) {
referrer = data;
shouldBeEqualToString("referrer", "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html");

testRunner.setStatisticsPrevalentResource("http://localhost", true);
if (!testRunner.isStatisticsPrevalentResource("http://localhost"))
testFailed("Host did not get set as prevalent resource.");

testRunner.statisticsUpdateCookiePartitioning(function() {
openIframe("resources/redirect.php?redirectTo=http://localhost:8000/resourceLoadStatistics/resources/echo-referrer.php", finishJSTest);
});

}).catch(function(error) {
console.log(error.message);
finishJSTest();
});

</script>
</body>
</html>
@@ -0,0 +1,16 @@
Tests that only the origin is sent as referrer for prevalent resources without user interaction.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".


PASS referrer is "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html"
PASS referrer is "http://127.0.0.1:8000/"
PASS successfullyParsed is true

TEST COMPLETE


--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
http://127.0.0.1:8000/
@@ -0,0 +1,65 @@
<!DOCTYPE html>
<html>
<head>
<script src="/js-test-resources/js-test.js"></script>
</head>
<body>
<script>
description("Tests that only the origin is sent as referrer for prevalent resources without user interaction.");
jsTestIsAsync = true;
testRunner.dumpChildFramesAsText();

function setEnableFeature(enable) {
if (!enable)
testRunner.statisticsResetToConsistentState();
internals.setResourceLoadStatisticsEnabled(enable);
testRunner.setCookieStoragePartitioningEnabled(enable);
}

function openIframe(url, onLoadHandler) {
const element = document.createElement("iframe");
element.src = url;
if (onLoadHandler) {
element.onload = onLoadHandler;
}
document.body.appendChild(element);
}

setEnableFeature(true);
if (testRunner.isStatisticsPrevalentResource("http://localhost"))
testFailed("Localhost was classified as prevalent resource before the test started.");

var referrer;
fetch("resources/echo-referrer.php").then(function(response) {
return response.text();
}).then(function(data) {
referrer = data;
shouldBeEqualToString("referrer", "http://127.0.0.1:8000/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html");

testRunner.setStatisticsPrevalentResource("http://localhost", true);
if (!testRunner.isStatisticsPrevalentResource("http://localhost"))
testFailed("Host did not get set as prevalent resource.");

testRunner.statisticsUpdateCookiePartitioning(function() {
fetch("http://localhost:8000/resourceLoadStatistics/resources/echo-referrer.php").then(function(response) {
return response.text();
}).then(function(data) {
referrer = data;
shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");

openIframe("resources/redirect.php?redirectTo=http://localhost:8000/resourceLoadStatistics/resources/echo-referrer.php", finishJSTest);

}).catch(function(error) {
console.log(error.message);
finishJSTest();
});
});

}).catch(function(error) {
console.log(error.message);
finishJSTest();
});

</script>
</body>
</html>
@@ -0,0 +1,4 @@
<?php
header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
echo $_SERVER['HTTP_REFERER'];
?>
@@ -0,0 +1,14 @@
<?php
$redirectURL = $_GET["redirectTo"];
if (isset($_GET["name2"])) {
$redirectURL = $redirectURL . "&name2=" . $_GET["name2"];
}
if (isset($_GET["name3"])) {
$redirectURL = $redirectURL . "&name3=" . $_GET["name3"];
}
if (isset($_GET["message"])) {
$redirectURL = $redirectURL . "&message=" . $_GET["message"];
}
header('Location: ' . $redirectURL);
die();
?>
@@ -0,0 +1,15 @@
Tests that only the origin is sent as referrer for third-party redirects in private browsing mode.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".


PASS referrer is "http://127.0.0.1:8000/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html"
PASS successfullyParsed is true

TEST COMPLETE


--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
http://127.0.0.1:8000/
@@ -0,0 +1,39 @@
<!DOCTYPE html>
<html>
<head>
<script src="/js-test-resources/js-test.js"></script>
</head>
<body>
<script>
description("Tests that only the origin is sent as referrer for third-party redirects in private browsing mode.");
jsTestIsAsync = true;

testRunner.setPrivateBrowsingEnabled(true);
testRunner.dumpChildFramesAsText();

function openIframe(url, onLoadHandler) {
const element = document.createElement("iframe");
element.src = url;
if (onLoadHandler) {
element.onload = onLoadHandler;
}
document.body.appendChild(element);
}

var referrer;
fetch("resources/echo-referrer.php").then(function(response) {
return response.text();
}).then(function(data) {
referrer = data;
shouldBeEqualToString("referrer", "http://127.0.0.1:8000/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html");

openIframe("resources/redirect.php?redirectTo=http://localhost:8000/security/resources/echo-referrer.php", finishJSTest);

}).catch(function(error) {
console.log(error.message);
finishJSTest();
});

</script>
</body>
</html>
@@ -0,0 +1,16 @@
Tests that only the origin is sent as referrer for third-party resources in private browsing mode.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".


PASS referrer is "http://127.0.0.1:8000/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html"
PASS referrer is "http://127.0.0.1:8000/"
PASS successfullyParsed is true

TEST COMPLETE


--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
http://127.0.0.1:8000/
@@ -0,0 +1,48 @@
<!DOCTYPE html>
<html>
<head>
<script src="/js-test-resources/js-test.js"></script>
</head>
<body>
<script>
description("Tests that only the origin is sent as referrer for third-party resources in private browsing mode.");
jsTestIsAsync = true;

testRunner.setPrivateBrowsingEnabled(true);
testRunner.dumpChildFramesAsText();

function openIframe(url, onLoadHandler) {
const element = document.createElement("iframe");
element.src = url;
if (onLoadHandler) {
element.onload = onLoadHandler;
}
document.body.appendChild(element);
}

var referrer;
fetch("resources/echo-referrer.php").then(function(response) {
return response.text();
}).then(function(data) {
referrer = data;
shouldBeEqualToString("referrer", "http://127.0.0.1:8000/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html");

fetch("http://localhost:8000/security/resources/echo-referrer.php").then(function(response) {
return response.text();
}).then(function(data) {
referrer = data;
shouldBeEqualToString("referrer", "http://127.0.0.1:8000/");
openIframe("http://localhost:8000/security/resources/echo-referrer.php", finishJSTest);
}).catch(function(error) {
console.log(error.message);
finishJSTest();
});

}).catch(function(error) {
console.log(error.message);
finishJSTest();
});

</script>
</body>
</html>
@@ -3020,6 +3020,12 @@ http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html [ Pass ]
http/tests/resourceLoadStatistics/grandfathering.html [ Pass ]
http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store.html [ Pass ]
http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store-one-hour.html [ Pass ]
http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html [ Pass ]
http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html [ Pass ]

# Skipped in general expectations since they only work on iOS and Mac, WK2.
http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html [ Pass ]
http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html [ Pass ]

webkit.org/b/175273 imported/w3c/web-platform-tests/html/browsers/windows/noreferrer-window-name.html [ Failure ]

@@ -810,6 +810,12 @@ webkit.org/b/176122 media/video-controls-drop-and-restore-timeline.html [ Pass F
[ HighSierra+ ] http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store.html [ Pass ]
[ HighSierra+ ] http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store-one-hour.html [ Pass ]
[ HighSierra+ ] http/tests/resourceLoadStatistics/grandfathering.html [ Pass ]
[ HighSierra+ ] http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html [ Pass ]
[ HighSierra+ ] http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html [ Pass ]

# Skipped in general expectations since they only work on iOS and Mac, WK2.
http/tests/security/strip-referrer-to-origin-for-third-party-redirects-in-private-mode.html [ Pass ]
http/tests/security/strip-referrer-to-origin-for-third-party-requests-in-private-mode.html [ Pass ]

# <rdar://problem/33555759>
webkit.org/b/177616 [ HighSierra+ ] http/tests/media/video-buffered-range-contains-currentTime.html [ Pass Timeout ]
@@ -705,6 +705,8 @@ http/tests/resourceLoadStatistics/add-partitioning-to-redirect.html [ Skip ]
http/tests/resourceLoadStatistics/add-blocking-to-redirect.html [ Skip ]
http/tests/resourceLoadStatistics/remove-partitioning-in-redirect.html [ Skip ]
http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html [ Skip ]
http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-redirects.html [ Skip ]
http/tests/resourceLoadStatistics/strip-referrer-to-origin-for-prevalent-subresource-requests.html [ Skip ]

### END OF (5) Progressions, expected successes that are expected failures in WebKit1.
########################################

0 comments on commit 220dc25

Please sign in to comment.