Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
CSP: XHR from an isolated world should bypass a page's policy.
https://bugs.webkit.org/show_bug.cgi?id=104480 Reviewed by Adam Barth. Source/WebCore: Connections of various types are governed by the page's Content Security Policy 'connect-src' directive. In the special case of connections generated from an isolated world, we'd like to bypass these restrictions in order to allow things like extensions to enjoy their uniquely high- privilege lifestyle. This patch does just that. We'll lock them down to their own policy in webkit.org/b/104520, but that's a bit far away at the moment. Soon! Test: http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html * Modules/websockets/WebSocket.cpp: (WebCore::WebSocket::connect): * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::canRequest): * page/EventSource.cpp: (WebCore::EventSource::create): * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::open): Check whether or not code is running in an isolated world that has its own Content Security Policy. If so, bypass the main world's CSP checks. Isolated worlds gotta be free, man. LayoutTests: * http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-expected.txt: Added. * http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr.html: Added. A new test! How wonderful! * platform/efl/TestExpectations: * platform/mac/TestExpectations: * platform/qt/TestExpectations: * platform/win/TestExpectations: * platform/wincairo/TestExpectations: Skipping the new test on ports that don't support it. Canonical link: https://commits.webkit.org/124292@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@138817 268f45cc-cd09-0410-ab3c-d52691b4dbfc
- Loading branch information
Showing
13 changed files
with
223 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
CONSOLE MESSAGE: Refused to connect to 'http://localhost:8000/security/isolatedWorld/resources/cross-origin-xhr.txt' because it violates the following Content Security Policy directive: "connect-src 'none'". | ||
|
||
CONSOLE MESSAGE: Refused to connect to 'http://localhost:8000/security/isolatedWorld/resources/cross-origin-xhr.txt' because it violates the following Content Security Policy directive: "connect-src 'none'". | ||
|
||
CONSOLE MESSAGE: Refused to connect to 'http://localhost:8000/security/isolatedWorld/resources/cross-origin-xhr.txt' because it violates the following Content Security Policy directive: "connect-src 'none'". | ||
|
||
CONSOLE MESSAGE: Refused to connect to 'http://localhost:8000/security/isolatedWorld/resources/cross-origin-xhr.txt' because it violates the following Content Security Policy directive: "connect-src 'none'". | ||
|
||
Tests that isolated worlds can have XHRs that the page's CSP wouldn't allow. | ||
|
||
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". | ||
|
||
|
||
XHR from main world | ||
PASS: XHR.open threw an exception. | ||
XHR from isolated world with unchanged CSP | ||
PASS: XHR.open threw an exception. | ||
XHR from isolated world with same security origin as XHR target. | ||
PASS: XHR.open threw an exception. | ||
XHR from isolated world with same security origin as XHR target, and looser CSP. | ||
PASS: XHR.open did not throw an exception. | ||
XHR from main world is not affected by the isolated world origin or CSP | ||
PASS: XHR.open threw an exception. | ||
PASS successfullyParsed is true | ||
|
||
TEST COMPLETE | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,114 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
<script src="../../js-test-resources/js-test-pre.js"></script> | ||
<meta http-equiv="Content-Security-Policy" content="connect-src 'none'"> | ||
<body> | ||
<p id="description"></p> | ||
<div id="console"></div> | ||
|
||
<script> | ||
description('Tests that isolated worlds can have XHRs that the page\'s CSP wouldn\'t allow.'); | ||
|
||
jsTestIsAsync = true; | ||
|
||
var tests = [ | ||
function() { | ||
debug('XHR from main world'); | ||
xhr(true); | ||
}, | ||
function() { | ||
debug('XHR from isolated world with unchanged CSP'); | ||
runTestInWorld(1, 'xhr', 'true'); | ||
}, | ||
function() { | ||
debug('XHR from isolated world with same security origin as XHR target.'); | ||
testRunner.setIsolatedWorldSecurityOrigin(2, 'http://localhost:8000'); | ||
runTestInWorld(2, 'xhr', 'true'); | ||
}, | ||
function() { | ||
debug('XHR from isolated world with same security origin as XHR target, and looser CSP.'); | ||
testRunner.setIsolatedWorldContentSecurityPolicy(3, 'connect-src *'); | ||
testRunner.setIsolatedWorldSecurityOrigin(3, 'http://localhost:8000'); | ||
runTestInWorld(3, 'xhr', 'false'); | ||
}, | ||
function() { | ||
debug('XHR from main world is not affected by the isolated world origin or CSP'); | ||
xhr(true); | ||
} | ||
]; | ||
var currentTest = 0; | ||
|
||
// This test is meaningless without testRunner. | ||
if (window.testRunner) { | ||
window.addEventListener( | ||
'message', | ||
function(event) { | ||
var message = JSON.parse(event.data); | ||
switch (message.type) { | ||
case 'test-done': | ||
currentTest++; | ||
if (currentTest == tests.length) { | ||
testRunner.setIsolatedWorldSecurityOrigin(1, null); | ||
testRunner.setIsolatedWorldSecurityOrigin(2, null); | ||
testRunner.setIsolatedWorldSecurityOrigin(3, null); | ||
testRunner.setIsolatedWorldContentSecurityPolicy(1, ''); | ||
testRunner.setIsolatedWorldContentSecurityPolicy(2, ''); | ||
testRunner.setIsolatedWorldContentSecurityPolicy(3, ''); | ||
finishJSTest(); | ||
} | ||
else | ||
tests[currentTest](); | ||
break; | ||
case 'debug': | ||
debug(message.message); | ||
break; | ||
default: | ||
testFailed('Unknown message: ' + event.data); | ||
break; | ||
} | ||
}, | ||
false); | ||
|
||
tests[0](); | ||
} else { | ||
testFailed('Test depends on LayoutTestController and must be run by DRT'); | ||
} | ||
|
||
function runTestInWorld(worldId, funcName, param) | ||
{ | ||
testRunner.evaluateScriptInIsolatedWorld( | ||
worldId, String(eval(funcName)) + "\n" + funcName + "(" + param + ");"); | ||
} | ||
|
||
function xhr(shouldBlock) | ||
{ | ||
function debug(message) { | ||
window.postMessage(JSON.stringify({ | ||
'type': 'debug', | ||
'message': message | ||
}), | ||
'*'); | ||
} | ||
|
||
var xhr = new XMLHttpRequest(); | ||
try { | ||
xhr.open('GET', 'http://localhost:8000/security/isolatedWorld/resources/cross-origin-xhr.txt', true); | ||
if (shouldBlock) | ||
debug('FAIL: XHR.open should have thrown an exception.'); | ||
else | ||
debug('PASS: XHR.open did not throw an exception.'); | ||
} catch (e) { | ||
if (shouldBlock) | ||
debug('PASS: XHR.open threw an exception.'); | ||
else | ||
debug('FAIL: XHR.open should not have thrown an exception.'); | ||
} finally { | ||
window.postMessage(JSON.stringify({'type': 'test-done'}), '*'); | ||
} | ||
} | ||
|
||
</script> | ||
|
||
<script src="../../js-test-resources/js-test-post.js"></script> | ||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters