-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Upgrade Insecure Requests: OOPIF support, bugfixes & tests.
This CL fixes several bugs with Upgrade Insecure Requests. The main one is that URL were compared against the 'upgrade insecure navigation set' of the frame that is navigating instead of the frame that has initiated the navigation. It fixes bug 796538. 8 new tests are added to ensure regressions won't happen anymore. Finally, it adds the support for OOPIF. The 'upgrade insecure navigations set' is now replicated across the different processes. CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation BUG=670219, 796538 Change-Id: I1d138989a1873cd902435de25845ae660769ff98 Reviewed-on: https://chromium-review.googlesource.com/848836 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#529732}
- Loading branch information
1 parent
c3c0eec
commit 39c94cc
Showing
21 changed files
with
241 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
|
||
<head> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
</head> | ||
|
||
<body> | ||
<script> | ||
const test_data = [ | ||
{ | ||
url : './link-upgrade/basic-link-no-upgrade.sub.html', | ||
done_message : 'basic-link-no-upgrade', | ||
}, | ||
{ | ||
url : './link-upgrade/basic-link-upgrade.sub.html', | ||
done_message : 'basic-link-upgrade', | ||
}, | ||
{ | ||
url : './link-upgrade/iframe-link-upgrade.sub.html', | ||
done_message : 'iframe-link-upgrade', | ||
}, | ||
{ | ||
url : './link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html', | ||
done_message : 'iframe-top-navigation-no-upgrade-1', | ||
}, | ||
{ | ||
url : './link-upgrade/iframe-top-navigation-no-upgrade-2.sub.html', | ||
done_message : 'iframe-top-navigation-no-upgrade-2', | ||
}, | ||
{ | ||
url : './link-upgrade/iframe-top-navigation-upgrade-1.sub.html', | ||
done_message : 'iframe-top-navigation-upgrade-1', | ||
}, | ||
{ | ||
url : './link-upgrade/iframe-top-navigation-upgrade-2.sub.html', | ||
done_message : 'iframe-top-navigation-upgrade-2', | ||
}, | ||
{ | ||
url : './link-upgrade/iframe-top-navigation-upgrade-meta.sub.html', | ||
done_message : 'iframe-top-navigation-upgrade-meta', | ||
}, | ||
]; | ||
for(let i = 0; i<test_data.length; i+=1) { | ||
let data = test_data[i]; | ||
let test = async_test(data.url); | ||
test.step(function() { | ||
let w = window.open(data.url, data.url); | ||
this.add_cleanup(() => w.close()); | ||
assert_true(w != undefined, "Popup must not be blocked"); | ||
|
||
window.addEventListener("message", event => { | ||
if (event.data == data.done_message) | ||
test.done(); | ||
}); | ||
}); | ||
|
||
test.step_timeout(function(){test.force_timeout()}, 5000); | ||
} | ||
</script> | ||
</body> | ||
|
||
</html> |
19 changes: 19 additions & 0 deletions
19
upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<html> | ||
<title>Upgrade Insecure Requests: link no upgrade.</title> | ||
<head> | ||
<script> | ||
function click() { | ||
document.getElementById("link").click(); | ||
} | ||
</script> | ||
</head> | ||
<body onload="click()"> | ||
<!-- | ||
This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if | ||
the url is upgraded, the url becomes invalid (https over the http port). | ||
The expected behavior is that the url is not upgraded and the page loads. | ||
--> | ||
<a id="link" | ||
href="http://{{domains[www]}}:{{ports[http][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html?message=basic-link-no-upgrade"> Click me </a> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: upgrade-insecure-requests |
19 changes: 19 additions & 0 deletions
19
upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<html> | ||
<title>Upgrade Insecure Requests: link upgrade.</title> | ||
<head> | ||
<script> | ||
function click() { | ||
document.getElementById("link").click(); | ||
} | ||
</script> | ||
</head> | ||
<body onload="click()"> | ||
<!-- | ||
This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we | ||
specify this non-existent URL ('http' over https port). If UPGRADE doesn't | ||
work, it won't load. The expected behavior is that the url is upgraded and | ||
the page loads. | ||
--> | ||
<a id="link" href="http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html?message=basic-link-upgrade"> Click me </a> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: upgrade-insecure-requests |
11 changes: 11 additions & 0 deletions
11
upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<!-- | ||
This document has set "Content-Security-Policy: upgrade-insecure-requests". It | ||
contains an iframe. This iframe clicks on a link to the same host. The link | ||
must be upgraded. | ||
This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if | ||
the url is not upgraded, the url is invalid (http over the https port). | ||
The expected behavior is that the url is upgraded and the page loads. | ||
--> | ||
<iframe src= "./resources/click-on-link.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-link-upgrade"> | ||
</iframe> |
1 change: 1 addition & 0 deletions
1
upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: upgrade-insecure-requests |
16 changes: 16 additions & 0 deletions
16
upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
<html> | ||
<head> | ||
<title>Upgrade Insecure Requests: top-frame navigation inside iframe (no upgrade expected)</title> | ||
</head> | ||
<body> | ||
<!-- | ||
This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if the | ||
url is upgraded, the url becomes invalid (https over the http port). The | ||
expected behavior is that the url is not upgraded and the page loads. | ||
--> | ||
<iframe | ||
sandbox="allow-scripts allow-top-navigation" | ||
src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{domains[www]}}:{{ports[http][1]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-no-upgrade-1" | ||
></iframe> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: upgrade-insecure-requests |
16 changes: 16 additions & 0 deletions
16
upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-2.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
<html> | ||
<head> | ||
<title>Upgrade Insecure Requests: top-frame navigation inside iframe (no upgrade expected)</title> | ||
</head> | ||
<body> | ||
<!-- | ||
This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if the | ||
url is upgraded, the url becomes invalid (https over the http port). The | ||
expected behavior is that the url is not upgraded and the page loads. | ||
--> | ||
<iframe | ||
sandbox="allow-scripts allow-top-navigation" | ||
src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html?url=http://{{host}}:{{ports[http][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-no-upgrade-2" | ||
></iframe> | ||
</body> | ||
</html> |
17 changes: 17 additions & 0 deletions
17
upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<html> | ||
<head> | ||
<title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title> | ||
</head> | ||
<body> | ||
<!-- | ||
This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we | ||
specify this non-existent URL ('http' over https port). If UPGRADE doesn't | ||
work, it won't load. The expected behavior is that the url is upgraded and | ||
the page loads. | ||
--> | ||
<iframe | ||
sandbox="allow-scripts allow-top-navigation" | ||
src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-1" | ||
></iframe> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: upgrade-insecure-requests |
17 changes: 17 additions & 0 deletions
17
upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<html> | ||
<head> | ||
<title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title> | ||
</head> | ||
<body> | ||
<!-- | ||
This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we | ||
specify this non-existent URL ('http' over https port). If UPGRADE doesn't | ||
work, it won't load. The expected behavior is that the url is upgraded and | ||
the page loads. | ||
--> | ||
<iframe | ||
sandbox="allow-scripts allow-top-navigation" | ||
src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html?url=http://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-2" | ||
></iframe> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: upgrade-insecure-requests |
31 changes: 31 additions & 0 deletions
31
upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-meta.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
<html> | ||
<head> | ||
<title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title> | ||
<script> | ||
function iframe_onload() { | ||
var iframe = document.getElementsByTagName("iframe")[0]; | ||
iframe.onload = null; | ||
|
||
// Enable upgrade-insecure-requests dynamically. | ||
var meta = document.createElement('meta'); | ||
meta.httpEquiv = "Content-Security-Policy"; | ||
meta.content = "upgrade-insecure-requests"; | ||
document.getElementsByTagName('head')[0].appendChild(meta); | ||
|
||
// This is a bit of a hack. UPGRADE doesn't upgrade the port number, | ||
// so we specify this non-existent URL ('http' over port https port). If | ||
// UPGRADE doesn't work, it won't load. The expected behavior is that | ||
// the url is upgraded and the page loads. | ||
iframe.src = | ||
"https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-meta" | ||
} | ||
</script> | ||
</head> | ||
<body> | ||
<iframe | ||
sandbox = "allow-scripts allow-top-navigation" | ||
src = "./resources/dummy.html" | ||
onload = "iframe_onload()" | ||
></iframe> | ||
</body> | ||
</html> |
10 changes: 10 additions & 0 deletions
10
upgrade-insecure-requests/link-upgrade/resources/click-on-link.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<body> | ||
coucou | ||
<a href="{{GET[url]}}">Click me</a> | ||
</body> | ||
|
||
<script> | ||
window.addEventListener("load", function() { | ||
document.getElementsByTagName("a")[0].click(); | ||
}) | ||
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
I am not an interesting file... |
5 changes: 5 additions & 0 deletions
5
upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<script> | ||
window.addEventListener("load", function() { | ||
window.top.location.href = "{{GET[url]}}"; | ||
}) | ||
</script> |
1 change: 1 addition & 0 deletions
1
upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: upgrade-insecure-requests |
5 changes: 5 additions & 0 deletions
5
upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<script> | ||
window.addEventListener("load", function() { | ||
window.top.location.href = "{{GET[url]}}"; | ||
}) | ||
</script> |
3 changes: 3 additions & 0 deletions
3
upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<script> | ||
top.opener.postMessage("{{GET[message]}}", "*"); | ||
</script> |