Google Git
Sign in
webkit / WebKit / 4edc6bf0898964dbca4c70e5405b849b6d74d487^! / . / Source / WebCore / loader / cache / CachedResourceRequest.h
commit4edc6bf0898964dbca4c70e5405b849b6d74d487[log] [tgz]
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Mon Oct 24 07:49:14 2016 +0000
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Mon Oct 24 07:49:14 2016 +0000
tree79d6578e80967c9c78cb54083d77b41b564fa825
parent19fbc565259ad09ed7f498dc559d8c8f450053ec [diff] [blame]
Redirections should be upgraded if CSP policy says so
https://bugs.webkit.org/show_bug.cgi?id=163544

Patch by Youenn Fablet <youenn@apple.com> on 2016-10-24
Reviewed by Darin Adler.

Source/WebCore:

Test: http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html

Introducing CachedResourceLoader::updateRequestAfterRedirection to do the checks that CachedResourceLoader is doing
to the initial request, but for redirection requests.

Implemented URL upgrade according CSP policy, as specified by fetch algorithm.
Minor refactoring in CachedResourceRequest to share some code.
Fixing some constness issues.

* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::willSendRequestInternal):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::allowedByContentSecurityPolicy):
(WebCore::CachedResourceLoader::canRequestAfterRedirection):
(WebCore::CachedResourceLoader::updateRequestAfterRedirection):
* loader/cache/CachedResourceLoader.h:
* loader/cache/CachedResourceRequest.cpp:
(WebCore::upgradeInsecureResourceRequestIfNeeded):
(WebCore::CachedResourceRequest::upgradeInsecureRequestIfNeeded):
* loader/cache/CachedResourceRequest.h:

LayoutTests:

* http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html: Added.
* http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt:
* http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html:
* platform/mac/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@207752 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebCore/loader/cache/CachedResourceRequest.h b/Source/WebCore/loader/cache/CachedResourceRequest.h
index 390376c..54fc8d8 100644
--- a/Source/WebCore/loader/cache/CachedResourceRequest.h
+++ b/Source/WebCore/loader/cache/CachedResourceRequest.h

@@ -94,6 +94,8 @@
     String m_fragmentIdentifier;
 };
 
+void upgradeInsecureResourceRequestIfNeeded(ResourceRequest&, Document&);
+
 } // namespace WebCore
 
 #endif