haikuwebkit

nephele

History

Kate Cheney 4b0a22b5f3 Report correct blocked URI in CSP violation report https://bugs.webkit.org/show_bug.cgi?id=226316 <rdar://problem/78552912> Reviewed by Alex Christensen. Source/WebCore: Tests: http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect.html http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects.html Currently for a blocked redirection we report the blocked URI as the target URL. This is not up to spec and we should actually report the requested URL. * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::redirectReceived): (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): * loader/DocumentThreadableLoader.h: * page/csp/ContentSecurityPolicy.cpp: (WebCore::ContentSecurityPolicy::allowConnectToSource const): (WebCore::ContentSecurityPolicy::reportViolation const): * page/csp/ContentSecurityPolicy.h: Source/WebKit: Currently for a blocked redirection we report the blocked URI as the target URL. This is not up to spec and we should actually report the requested URL. * NetworkProcess/NetworkLoadChecker.cpp: (WebKit::NetworkLoadChecker::check): (WebKit::NetworkLoadChecker::checkRedirection): (WebKit::NetworkLoadChecker::checkRequest): (WebKit::NetworkLoadChecker::isAllowedByContentSecurityPolicy): * NetworkProcess/NetworkLoadChecker.h: LayoutTests: * http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added. * http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect.html: Added. * http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added. * http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects.html: Added. * platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added. * platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added. * platform/win/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added. * platform/win/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added. WebKitLegacy and Win have different console logging. Canonical link: https://commits.webkit.org/240818@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281431 268f45cc-cd09-0410-ab3c-d52691b4dbfc	2021-08-23 02:24:23 +00:00
..
tests	Report correct blocked URI in CSP violation report	2021-08-23 02:24:23 +00:00
wpt	…

Kate Cheney 4b0a22b5f3 Report correct blocked URI in CSP violation report

https://bugs.webkit.org/show_bug.cgi?id=226316
<rdar://problem/78552912>

Reviewed by Alex Christensen.

Source/WebCore:

Tests: http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect.html
       http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects.html

Currently for a blocked redirection we report the blocked URI as the
target URL. This is not up to spec and we should actually report the
requested URL.

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::redirectReceived):
(WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy):
* loader/DocumentThreadableLoader.h:
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowConnectToSource const):
(WebCore::ContentSecurityPolicy::reportViolation const):
* page/csp/ContentSecurityPolicy.h:

Source/WebKit:

Currently for a blocked redirection we report the blocked URI as the
target URL. This is not up to spec and we should actually report the
requested URL.

* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::check):
(WebKit::NetworkLoadChecker::checkRedirection):
(WebKit::NetworkLoadChecker::checkRequest):
(WebKit::NetworkLoadChecker::isAllowedByContentSecurityPolicy):
* NetworkProcess/NetworkLoadChecker.h:

LayoutTests:

* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect.html: Added.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects.html: Added.
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added.
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added.
* platform/win/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added.
* platform/win/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added.
WebKitLegacy and Win have different console logging.


Canonical link: https://commits.webkit.org/240818@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281431 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2021-08-23 02:24:23 +00:00

tests

Report correct blocked URI in CSP violation report

2021-08-23 02:24:23 +00:00

wpt

…