nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/Source/WebCore/workers/service
History
Youenn Fablet 0004e55c9c Overly verbose catchable fetch error messages lead to cross-origin leaks 
https://bugs.webkit.org/show_bug.cgi?id=228861

Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

Rebasing tests with new error message.

* web-platform-tests/FileAPI/url/url-with-fetch.any-expected.txt:
* web-platform-tests/FileAPI/url/url-with-fetch.any.worker-expected.txt:
* web-platform-tests/clipboard-apis/async-navigator-clipboard-basics.https-expected.txt:
* web-platform-tests/content-security-policy/inside-worker/dedicatedworker-report-only-expected.txt:
* web-platform-tests/content-security-policy/inside-worker/serviceworker-report-only.https.sub-expected.txt:
* web-platform-tests/fetch/api/cors/cors-cookies.any.worker-expected.txt:
* web-platform-tests/fetch/api/policies/referrer-origin-when-cross-origin-service-worker.https-expected.txt:
* web-platform-tests/fetch/http-cache/cc-request.any-expected.txt:
* web-platform-tests/fetch/http-cache/cc-request.any.worker-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/coep-on-response-from-service-worker.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/none-sw-from-none.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/none-sw-from-require-corp.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-none.https-expected.txt:
* web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-require-corp.https-expected.txt:
* web-platform-tests/html/semantics/scripting-1/the-script-element/css-module/credentials.sub-expected.txt:
* web-platform-tests/html/semantics/scripting-1/the-script-element/json-module/credentials.sub-expected.txt:
* web-platform-tests/html/semantics/scripting-1/the-script-element/module/credentials.sub-expected.txt:
* web-platform-tests/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-credentials-setTimeout.sub-expected.txt:
* web-platform-tests/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-credentials.sub-expected.txt:
* web-platform-tests/html/semantics/scripting-1/the-script-element/module/integrity-expected.txt:
* web-platform-tests/service-workers/service-worker/fetch-event-referrer-policy.https-expected.txt:
* web-platform-tests/service-workers/service-worker/import-scripts-cross-origin.https-expected.txt:
* web-platform-tests/service-workers/service-worker/redirected-response.https-expected.txt:
* web-platform-tests/wasm/jsapi/table/constructor-reftypes.tentative.any.worker-expected.txt:
* web-platform-tests/wasm/jsapi/table/grow-reftypes.tentative.any.worker-expected.txt:
* web-platform-tests/wasm/jsapi/table/set-reftypes.tentative.any.worker-expected.txt:

Source/WebCore:

Standardize error messages to get more uniform with other browsers.
To continue supporting service worker errors going to page errors,
we add a boolean to ResourceError to control whether sanitizing the error message or not.
This allows to keep error messages from service worker type exceptions to be exposed in window environments through fetch rejection.
Also handle ScriptModuleLoader since it is doing its own SRI checks.
Covered by rebased tests.

* Modules/fetch/FetchBodyOwner.cpp:
(WebCore::FetchBodyOwner::loadingException const):
* Modules/fetch/FetchResponse.cpp:
(WebCore::FetchResponse::BodyLoader::didFail):
* platform/network/ResourceErrorBase.h:
(WebCore::ResourceErrorBase::sanitizedDescription const):
(WebCore::ResourceErrorBase::isSanitized const):
(WebCore::ResourceErrorBase::setAsSanitized):
(WebCore::ResourceErrorBase::ResourceErrorBase):
* platform/network/cf/ResourceError.h:
(WebCore::ResourceError::ResourceError):
* platform/network/curl/ResourceError.h:
(WebCore::ResourceError::ResourceError):
* platform/network/soup/ResourceError.h:
(WebCore::ResourceError::ResourceError):
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadSynchronously):
* workers/service/FetchEvent.cpp:
(WebCore::FetchEvent::createResponseError):
(WebCore::FetchEvent::respondWith):
(WebCore::FetchEvent::promiseIsSettled):
* workers/service/FetchEvent.h:
* workers/service/context/ServiceWorkerFetch.cpp:
(WebCore::ServiceWorkerFetch::processResponse):
(WebCore::ServiceWorkerFetch::dispatchFetchEvent):
* bindings/js/ScriptModuleLoader.cpp:
(WebCore::ScriptModuleLoader::notifyFinished):

Source/WebKit:

* Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<ResourceError>::encode):
(IPC::ArgumentCoder<ResourceError>::decode):

LayoutTests:

* http/tests/contentextensions/block-ping-resource-type-raw-expected.txt:
* http/tests/contentextensions/fetch-redirect-blocked.html:
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked-expected.txt:
* http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked-expected.txt:
* http/tests/subresource-integrity/sri-module-expected.txt:
* http/tests/workers/service/shift-reload-navigation-expected.txt:
* http/tests/workers/resources/worker-importScripts.js: changed error logging for better readability.
* http/tests/workers/worker-importScripts-expected.txt:
* http/wpt/service-workers/cors-preflight-star.any-serviceworker-expected.txt:
* js/dom/modules/module-fetch-failure-not-cached-expected.txt:
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked-expected.txt:
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/FileAPI/url/url-with-fetch.any-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/FileAPI/url/url-with-fetch.any.worker-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/clipboard-apis/async-navigator-clipboard-basics.https-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/content-security-policy/inside-worker/dedicatedworker-report-only-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/request/request-cache-only-if-cached.any-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/request/request-cache-only-if-cached.any.worker-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/fetch/http-cache/cc-request.any-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/fetch/http-cache/cc-request.any.worker-expected.txt:


Canonical link: https://commits.webkit.org/240502@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281012 268f45cc-cd09-0410-ab3c-d52691b4dbfc
 		2021-08-13 10:22:38 +00:00
..
context Overly verbose catchable fetch error messages lead to cross-origin leaks 2021-08-13 10:22:38 +00:00
server Add initial support for Cross-Origin-Embedder-Policy (COEP) 2021-08-12 02:43:53 +00:00
ExtendableEvent.cpp
ExtendableEvent.h
ExtendableEvent.idl
ExtendableEventInit.h
ExtendableEventInit.idl
ExtendableMessageEvent.cpp Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ExtendableMessageEvent.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ExtendableMessageEvent.idl
FetchEvent.cpp Overly verbose catchable fetch error messages lead to cross-origin leaks 2021-08-13 10:22:38 +00:00
FetchEvent.h Overly verbose catchable fetch error messages lead to cross-origin leaks 2021-08-13 10:22:38 +00:00
FetchEvent.idl
SWClientConnection.cpp Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
SWClientConnection.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorker.cpp Enable more release logging in WebCore for ephemeral sessions 2021-06-11 23:13:05 +00:00
ServiceWorker.h Enable more release logging in WebCore for ephemeral sessions 2021-06-11 23:13:05 +00:00
ServiceWorker.idl
ServiceWorkerClient.cpp
ServiceWorkerClient.h
ServiceWorkerClient.idl
ServiceWorkerClientData.cpp Clean up App Privacy Report code 2021-07-08 20:54:04 +00:00
ServiceWorkerClientData.h Clean up App Privacy Report code 2021-07-08 20:54:04 +00:00
ServiceWorkerClientIdentifier.cpp Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerClientIdentifier.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerClientQueryOptions.h Non-unified build fixes, early May 2021 edition 2021-06-10 08:36:18 +00:00
ServiceWorkerClientType.h
ServiceWorkerClientType.idl
ServiceWorkerClients.cpp Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerClients.h
ServiceWorkerClients.idl
ServiceWorkerContainer.cpp Add initial support for Cross-Origin-Embedder-Policy (COEP) 2021-08-12 02:43:53 +00:00
ServiceWorkerContainer.h Add initial support for Cross-Origin-Embedder-Policy (COEP) 2021-08-12 02:43:53 +00:00
ServiceWorkerContainer.idl
ServiceWorkerContextData.cpp Add initial support for Cross-Origin-Embedder-Policy (COEP) 2021-08-12 02:43:53 +00:00
ServiceWorkerContextData.h Add initial support for Cross-Origin-Embedder-Policy (COEP) 2021-08-12 02:43:53 +00:00
ServiceWorkerData.cpp
ServiceWorkerData.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerFetchResult.h Add initial support for Cross-Origin-Embedder-Policy (COEP) 2021-08-12 02:43:53 +00:00
ServiceWorkerGlobalScope.cpp Make sure service workers use a ScriptSourceCode backed by file-mapped memory when possible 2021-04-06 01:05:24 +00:00
ServiceWorkerGlobalScope.h Use Hasher more, remove IntegerHasher, fix hashing-related mistakes 2021-04-08 02:19:20 +00:00
ServiceWorkerGlobalScope.idl [WebIDL] Remove [ImplicitThis] and [CustomProxyToJSObject] extended attributes 2021-05-20 22:25:01 +00:00
ServiceWorkerIdentifier.h
ServiceWorkerJob.cpp Add initial support for Cross-Origin-Embedder-Policy (COEP) 2021-08-12 02:43:53 +00:00
ServiceWorkerJob.h
ServiceWorkerJobClient.h Add initial support for Cross-Origin-Embedder-Policy (COEP) 2021-08-12 02:43:53 +00:00
ServiceWorkerJobData.cpp
ServiceWorkerJobData.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerJobDataIdentifier.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerJobType.h
ServiceWorkerProvider.cpp
ServiceWorkerProvider.h
ServiceWorkerRegistration.cpp Enable more release logging in WebCore for ephemeral sessions 2021-06-11 23:13:05 +00:00
ServiceWorkerRegistration.h
ServiceWorkerRegistration.idl
ServiceWorkerRegistrationData.cpp Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerRegistrationData.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerRegistrationKey.cpp Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerRegistrationKey.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerRegistrationOptions.cpp
ServiceWorkerRegistrationOptions.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
ServiceWorkerTypes.h
ServiceWorkerUpdateViaCache.h
ServiceWorkerUpdateViaCache.idl
ServiceWorkerWindowClient.cpp
ServiceWorkerWindowClient.h
ServiceWorkerWindowClient.idl
WorkerSWClientConnection.cpp Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
WorkerSWClientConnection.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00