-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
https://bugs.webkit.org/show_bug.cgi?id=272682 rdar://126531139 Reviewed by Alex Christensen. We move the TAO check from platform specific NetworkDataTask implementations to NetworkLoadChecker. This allows us to implement the algorithm as defined in fetch, including checking the response tainting. This aligns behavior with Chrome and Firefox. For top level navigation, we were using the source origin, but we should use the top origin for top level navigations, as top level navigations are same origin. * LayoutTests/http/wpt/resource-timing/resources/rt-utilities.sub.js: (addACAOHeader): * LayoutTests/http/wpt/resource-timing/rt-cors-2-expected.txt: Added. * LayoutTests/http/wpt/resource-timing/rt-cors-2.html: Added. * LayoutTests/http/wpt/resource-timing/rt-cors-2.js: Added. (assertAlways): (assertRedirectWithDisallowedTimingData): (assertDisallowedTimingData): (promise_test): * Source/WebKit/NetworkProcess/NetworkDataTask.h: (WebKit::NetworkDataTask::setTimingAllowFailedFlag): * Source/WebKit/NetworkProcess/NetworkLoad.cpp: (WebKit::NetworkLoad::setTimingAllowFailedFlag): * Source/WebKit/NetworkProcess/NetworkLoad.h: * Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp: (WebKit::NetworkLoadChecker::validateResponse): (WebKit::NetworkLoadChecker::checkTAO): * Source/WebKit/NetworkProcess/NetworkLoadChecker.h: (WebKit::NetworkLoadChecker::timingAllowFailedFlag const): (WebKit::NetworkLoadChecker::isSameOriginRequest const): * Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp: (WebKit::NetworkResourceLoader::didReceiveResponse): (WebKit::NetworkResourceLoader::didFinishLoading): (WebKit::NetworkResourceLoader::willSendRedirectedRequestInternal): * Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h: * Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: (WebKit::NetworkDataTaskCocoa::setTimingAllowFailedFlag): (WebKit::NetworkDataTaskCocoa::checkTAO): Deleted. * Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm: (-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]): (-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]): * Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.cpp: (WebKit::NetworkDataTaskCurl::updateNetworkLoadMetrics): (WebKit::NetworkDataTaskCurl::setTimingAllowFailedFlag): * Source/WebKit/NetworkProcess/curl/NetworkDataTaskCurl.h: * Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp: (WebKit::NetworkDataTaskSoup::didSendRequest): (WebKit::NetworkDataTaskSoup::setTimingAllowFailedFlag): * Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.h: Canonical link: https://commits.webkit.org/278448@main
- Loading branch information
Showing
17 changed files
with
161 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
Resource Timing: CORS requests | ||
|
||
|
||
PASS Cross-origin redirection with TAO to same origin loads without TAO must have filtered timing data | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
<head> | ||
<meta charset="utf-8"> | ||
<title>Resource Timing - CORS requests</title> | ||
<link rel="help" href="https://w3c.github.io/resource-timing/#cross-origin-resources"> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="resources/rt-utilities.sub.js"></script> | ||
</head> | ||
<body> | ||
<h1>Resource Timing: CORS requests</h1> | ||
<div id="log"></div> | ||
<script src="rt-cors-2.js"></script> | ||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
function assertAlways(entry) { | ||
assert_equals(entry.workerStart, 0, "entry should not have a workerStart time"); | ||
assert_equals(entry.secureConnectionStart, 0, "entry should not have a secureConnectionStart time"); | ||
|
||
assert_not_equals(entry.startTime, 0, "entry should have a non-0 fetchStart time"); | ||
assert_not_equals(entry.fetchStart, 0, "entry should have a non-0 startTime time"); | ||
assert_not_equals(entry.responseEnd, 0, "entry should have a non-0 responseEnd time"); | ||
|
||
assert_greater_than_equal(entry.fetchStart, entry.startTime, "fetchStart after startTime"); | ||
assert_greater_than_equal(entry.responseEnd, entry.fetchStart, "responseEnd after fetchStart"); | ||
} | ||
|
||
function assertRedirectWithDisallowedTimingData(entry) { | ||
assertAlways(entry); | ||
assert_equals(entry.redirectStart, 0, "entry should not have a redirectStart time"); | ||
assert_equals(entry.redirectEnd, 0, "entry should not have a redirectEnd time"); | ||
assert_equals(entry.startTime, entry.fetchStart, "entry startTime should have matched redirectStart but it was disallowed so it should match fetchStart"); | ||
} | ||
|
||
function assertDisallowedTimingData(entry) { | ||
// These attributes must be zero: | ||
// https://w3c.github.io/resource-timing/#cross-origin-resources | ||
const keys = [ | ||
"redirectStart", | ||
"redirectEnd", | ||
"domainLookupStart", | ||
"domainLookupEnd", | ||
"connectStart", | ||
"connectEnd", | ||
"requestStart", | ||
"responseStart", | ||
"secureConnectionStart", | ||
]; | ||
for (let key of keys) | ||
assert_equals(entry[key], 0, `entry ${key} must be zero for Cross Origin resource without passing Timing-Allow-Origin check`); | ||
} | ||
|
||
promise_test(function(t) { | ||
let promise = observeResources(1).then(([entry]) => { | ||
assertRedirectWithDisallowedTimingData(entry); | ||
assertDisallowedTimingData(entry); | ||
}); | ||
|
||
let sameOriginURL = uniqueDataURL("redirect-cross-origin-to-same-origin"); | ||
sameOriginURL = addACAOHeader(sameOriginURL); | ||
const urlRedirect = urlWithRedirectTo(sameOriginURL); | ||
const urlWithoutTAO = simpleCrossOriginURLBase() + urlRedirect; | ||
const url = addTimingAllowOriginHeader(urlWithoutTAO, location.origin); | ||
|
||
fetch(url); | ||
return promise; | ||
}, "Cross-origin redirection with TAO to same origin loads without TAO must have filtered timing data"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters