[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
ap at apple.com
ap at apple.com
Wed Apr 7 23:13:01 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit ee76f9756de5303078b1c7a48a68e9ca6df66239
Author: ap at apple.com <ap at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Oct 28 18:15:28 2009 +0000
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=30841
<rdar://problem/7342730> WebKit should not pass Referer header through a redirect to a non-secure site
Tests: http/tests/ssl/referer-301.html
http/tests/ssl/referer-303.html
* platform/network/mac/ResourceHandleMac.mm:
(-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]):
Remove Referer header if redirecting from https to another protocol.
* platform/network/ResourceRequestBase.cpp:
(WebCore::ResourceRequestBase::clearHTTPReferrer): Update request counterparts, as it is
always done when changing or adding header fields.
(WebCore::ResourceRequestBase::clearHTTPOrigin): Ditto.
* platform/network/ResourceRequestBase.h: clearHTTPReferrer() and clearHTTPOrigin() are
no longer inline, since they have non-trivial implementations.
* platform/network/mac/ResourceRequestMac.mm:
(WebCore::ResourceRequest::doUpdatePlatformRequest): Fixed to synchronize header field removals.
(WebCore::ResourceRequest::doUpdateResourceRequest): Ditto.
* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::willSendRequest):
* platform/network/cf/ResourceRequestCFNet.cpp:
(WebCore::setHeaderFields):
(WebCore::ResourceRequest::doUpdatePlatformRequest):
(WebCore::ResourceRequest::doUpdateResourceRequest):
Match Mac changes.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50226 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index a3e6490..286540c 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,19 @@
+2009-10-28 Alexey Proskuryakov <ap at apple.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=30841
+ <rdar://problem/7342730> WebKit should not pass Referer header through a redirect to a non-secure site
+
+ * http/tests/ssl/referer-301-expected.txt: Added.
+ * http/tests/ssl/referer-301.html: Added.
+ * http/tests/ssl/referer-303-expected.txt: Added.
+ * http/tests/ssl/referer-303.html: Added.
+ * http/tests/ssl/resources: Added.
+ * http/tests/ssl/resources/referer-301-redir.php: Added.
+ * http/tests/ssl/resources/referer-303-redir.php: Added.
+ * http/tests/ssl/resources/no-http-referer.cgi: Added.
+
2009-10-28 Shu Chang <Chang.Shu at nokia.com>
Reviewed by Eric Seidel.
diff --git a/LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt b/LayoutTests/http/tests/ssl/referer-301-expected.txt
similarity index 100%
copy from LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt
copy to LayoutTests/http/tests/ssl/referer-301-expected.txt
diff --git a/LayoutTests/http/tests/ssl/referer-301.html b/LayoutTests/http/tests/ssl/referer-301.html
new file mode 100644
index 0000000..2764a7e
--- /dev/null
+++ b/LayoutTests/http/tests/ssl/referer-301.html
@@ -0,0 +1,14 @@
+<body>
+<a href="redir.php">Click me.<a/> The resulting request (as dumped on screen) should not have a Referer header.
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+if (location.protocol != "https:")
+ location = "https://127.0.0.1:8443/ssl/referer-301.html";
+else
+ location = "resources/referer-301-redir.php";
+</script>
+</body>
diff --git a/LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt b/LayoutTests/http/tests/ssl/referer-303-expected.txt
similarity index 100%
copy from LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt
copy to LayoutTests/http/tests/ssl/referer-303-expected.txt
diff --git a/LayoutTests/http/tests/ssl/referer-303.html b/LayoutTests/http/tests/ssl/referer-303.html
new file mode 100644
index 0000000..b6a3c2e
--- /dev/null
+++ b/LayoutTests/http/tests/ssl/referer-303.html
@@ -0,0 +1,14 @@
+<body>
+<a href="redir.php">Click me.<a/> The resulting request (as dumped on screen) should not have a Referer header.
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+if (location.protocol != "https:")
+ location = "https://127.0.0.1:8443/ssl/referer-303.html";
+else
+ location = "resources/referer-303-redir.php";
+</script>
+</body>
diff --git a/LayoutTests/http/tests/ssl/resources/no-http-referer.cgi b/LayoutTests/http/tests/ssl/resources/no-http-referer.cgi
new file mode 100755
index 0000000..273d03c
--- /dev/null
+++ b/LayoutTests/http/tests/ssl/resources/no-http-referer.cgi
@@ -0,0 +1,18 @@
+#!/usr/bin/perl -wT
+use strict;
+
+print "Content-Type: text/html\n";
+print "Cache-Control: no-store\n\n";
+
+my $failed = 0;
+foreach (keys %ENV) {
+ if ($_ =~ "HTTP_REFERER") {
+ print "FAIL. " . $_ . ": " . $ENV{$_} . "\n";
+ $failed = 1;
+ }
+}
+if (!$failed) {
+ print "PASS\n";
+}
+
+print "<script>if (window.layoutTestController) layoutTestController.notifyDone()</script>";
diff --git a/LayoutTests/http/tests/ssl/resources/referer-301-redir.php b/LayoutTests/http/tests/ssl/resources/referer-301-redir.php
new file mode 100644
index 0000000..d93dc7a
--- /dev/null
+++ b/LayoutTests/http/tests/ssl/resources/referer-301-redir.php
@@ -0,0 +1,5 @@
+<?php
+header("HTTP/1.1 301 Moved Permanently");
+header("Location: http://127.0.0.1:8000/ssl/resources/no-http-referer.cgi");
+header("Cache-Control: no-cache,no-store");
+?>
diff --git a/LayoutTests/http/tests/ssl/resources/referer-303-redir.php b/LayoutTests/http/tests/ssl/resources/referer-303-redir.php
new file mode 100644
index 0000000..63f859d
--- /dev/null
+++ b/LayoutTests/http/tests/ssl/resources/referer-303-redir.php
@@ -0,0 +1,5 @@
+<?php
+header("HTTP/1.1 303 See Other");
+header("Location: http://127.0.0.1:8000/ssl/resources/no-http-referer.cgi");
+header("Cache-Control: no-cache,no-store");
+?>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 07e58b9..3d35787 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,37 @@
+2009-10-28 Alexey Proskuryakov <ap at apple.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=30841
+ <rdar://problem/7342730> WebKit should not pass Referer header through a redirect to a non-secure site
+
+ Tests: http/tests/ssl/referer-301.html
+ http/tests/ssl/referer-303.html
+
+ * platform/network/mac/ResourceHandleMac.mm:
+ (-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]):
+ Remove Referer header if redirecting from https to another protocol.
+
+ * platform/network/ResourceRequestBase.cpp:
+ (WebCore::ResourceRequestBase::clearHTTPReferrer): Update request counterparts, as it is
+ always done when changing or adding header fields.
+ (WebCore::ResourceRequestBase::clearHTTPOrigin): Ditto.
+
+ * platform/network/ResourceRequestBase.h: clearHTTPReferrer() and clearHTTPOrigin() are
+ no longer inline, since they have non-trivial implementations.
+
+ * platform/network/mac/ResourceRequestMac.mm:
+ (WebCore::ResourceRequest::doUpdatePlatformRequest): Fixed to synchronize header field removals.
+ (WebCore::ResourceRequest::doUpdateResourceRequest): Ditto.
+
+ * platform/network/cf/ResourceHandleCFNet.cpp:
+ (WebCore::willSendRequest):
+ * platform/network/cf/ResourceRequestCFNet.cpp:
+ (WebCore::setHeaderFields):
+ (WebCore::ResourceRequest::doUpdatePlatformRequest):
+ (WebCore::ResourceRequest::doUpdateResourceRequest):
+ Match Mac changes.
+
2009-10-28 Joe Mason <jmason at rim.com>
Reviewed by Adam Treat.
diff --git a/WebCore/platform/network/ResourceRequestBase.cpp b/WebCore/platform/network/ResourceRequestBase.cpp
index 405d84e..e0707d9 100644
--- a/WebCore/platform/network/ResourceRequestBase.cpp
+++ b/WebCore/platform/network/ResourceRequestBase.cpp
@@ -218,6 +218,26 @@ void ResourceRequestBase::setHTTPHeaderField(const AtomicString& name, const Str
m_platformRequestUpdated = false;
}
+void ResourceRequestBase::clearHTTPReferrer()
+{
+ updateResourceRequest();
+
+ m_httpHeaderFields.remove("Referer");
+
+ if (url().protocolInHTTPFamily())
+ m_platformRequestUpdated = false;
+}
+
+void ResourceRequestBase::clearHTTPOrigin()
+{
+ updateResourceRequest();
+
+ m_httpHeaderFields.remove("Origin");
+
+ if (url().protocolInHTTPFamily())
+ m_platformRequestUpdated = false;
+}
+
void ResourceRequestBase::setResponseContentDispositionEncodingFallbackArray(const String& encoding1, const String& encoding2, const String& encoding3)
{
updateResourceRequest();
diff --git a/WebCore/platform/network/ResourceRequestBase.h b/WebCore/platform/network/ResourceRequestBase.h
index 348e6b3..84a7bd0 100644
--- a/WebCore/platform/network/ResourceRequestBase.h
+++ b/WebCore/platform/network/ResourceRequestBase.h
@@ -88,11 +88,11 @@ namespace WebCore {
String httpReferrer() const { return httpHeaderField("Referer"); }
void setHTTPReferrer(const String& httpReferrer) { setHTTPHeaderField("Referer", httpReferrer); }
- void clearHTTPReferrer() { m_httpHeaderFields.remove("Referer"); }
+ void clearHTTPReferrer();
String httpOrigin() const { return httpHeaderField("Origin"); }
void setHTTPOrigin(const String& httpOrigin) { setHTTPHeaderField("Origin", httpOrigin); }
- void clearHTTPOrigin() { m_httpHeaderFields.remove("Origin"); }
+ void clearHTTPOrigin();
String httpUserAgent() const { return httpHeaderField("User-Agent"); }
void setHTTPUserAgent(const String& httpUserAgent) { setHTTPHeaderField("User-Agent", httpUserAgent); }
diff --git a/WebCore/platform/network/cf/ResourceHandleCFNet.cpp b/WebCore/platform/network/cf/ResourceHandleCFNet.cpp
index 477df9a..38a9705 100644
--- a/WebCore/platform/network/cf/ResourceHandleCFNet.cpp
+++ b/WebCore/platform/network/cf/ResourceHandleCFNet.cpp
@@ -156,7 +156,11 @@ CFURLRequestRef willSendRequest(CFURLConnectionRef conn, CFURLRequestRef cfReque
}
if (request.isNull())
request = cfRequest;
-
+
+ // Should not set Referer after a redirect from a secure resource to non-secure one.
+ if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https"))
+ request.clearHTTPReferrer();
+
handle->willSendRequest(request, cfRedirectResponse);
if (request.isNull())
diff --git a/WebCore/platform/network/cf/ResourceRequestCFNet.cpp b/WebCore/platform/network/cf/ResourceRequestCFNet.cpp
index df58616..7898353 100644
--- a/WebCore/platform/network/cf/ResourceRequestCFNet.cpp
+++ b/WebCore/platform/network/cf/ResourceRequestCFNet.cpp
@@ -78,11 +78,16 @@ CFURLRequestRef ResourceRequest::cfURLRequest() const
return m_cfRequest.get();
}
-static inline void addHeadersFromHashMap(CFMutableURLRequestRef request, const HTTPHeaderMap& requestHeaders)
+static inline void setHeaderFields(CFMutableURLRequestRef request, const HTTPHeaderMap& requestHeaders)
{
- if (!requestHeaders.size())
- return;
-
+ // Remove existing headers first, as some of them may no longer be present in the map.
+ RetainPtr<CFDictionaryRef> oldHeaderFields(AdoptCF, CFURLRequestCopyAllHTTPHeaderFields(request));
+ CFIndex oldHeaderFieldCount = CFDictionaryGetCount(oldHeaderFields.get());
+ Vector<CFStringRef> oldHeaderFieldNames(oldHeaderFieldCount);
+ CFDictionaryGetKeysAndValues(oldHeaderFields.get(), reinterpret_cast<const void**>(&oldHeaderFieldNames[0]), 0);
+ for (CFIndex i = 0; i < oldHeaderFieldCount; ++i)
+ CFURLRequestSetHTTPHeaderFieldValue(request, oldHeaderFieldNames[i], 0);
+
HTTPHeaderMap::const_iterator end = requestHeaders.end();
for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; ++it) {
CFStringRef key = it->first.createCFString();
@@ -112,7 +117,7 @@ void ResourceRequest::doUpdatePlatformRequest()
RetainPtr<CFStringRef> requestMethod(AdoptCF, httpMethod().createCFString());
CFURLRequestSetHTTPRequestMethod(cfRequest, requestMethod.get());
- addHeadersFromHashMap(cfRequest, httpHeaderFields());
+ setHeaderFields(cfRequest, httpHeaderFields());
WebCore::setHTTPBody(cfRequest, httpBody());
CFURLRequestSetShouldHandleHTTPCookies(cfRequest, allowCookies());
@@ -150,6 +155,7 @@ void ResourceRequest::doUpdateResourceRequest()
}
m_allowCookies = CFURLRequestShouldHandleHTTPCookies(m_cfRequest.get());
+ m_httpHeaderFields.clear();
if (CFDictionaryRef headers = CFURLRequestCopyAllHTTPHeaderFields(m_cfRequest.get())) {
CFIndex headerCount = CFDictionaryGetCount(headers);
Vector<const void*, 128> keys(headerCount);
diff --git a/WebCore/platform/network/mac/ResourceHandleMac.mm b/WebCore/platform/network/mac/ResourceHandleMac.mm
index d9722fa..3630b30 100644
--- a/WebCore/platform/network/mac/ResourceHandleMac.mm
+++ b/WebCore/platform/network/mac/ResourceHandleMac.mm
@@ -634,6 +634,11 @@ void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challen
CallbackGuard guard;
ResourceRequest request = newRequest;
+
+ // Should not set Referer after a redirect from a secure resource to non-secure one.
+ if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https"))
+ request.clearHTTPReferrer();
+
m_handle->willSendRequest(request, redirectResponse);
if (!ResourceHandle::didSendBodyDataDelegateExists()) {
diff --git a/WebCore/platform/network/mac/ResourceRequestMac.mm b/WebCore/platform/network/mac/ResourceRequestMac.mm
index c4355b2..c2ad7d1 100644
--- a/WebCore/platform/network/mac/ResourceRequestMac.mm
+++ b/WebCore/platform/network/mac/ResourceRequestMac.mm
@@ -66,6 +66,7 @@ void ResourceRequest::doUpdateResourceRequest()
NSDictionary *headers = [m_nsRequest.get() allHTTPHeaderFields];
NSEnumerator *e = [headers keyEnumerator];
NSString *name;
+ m_httpHeaderFields.clear();
while ((name = [e nextObject]))
m_httpHeaderFields.set(name, [headers objectForKey:name]);
@@ -114,7 +115,11 @@ void ResourceRequest::doUpdatePlatformRequest()
if (!httpMethod().isEmpty())
[nsRequest setHTTPMethod:httpMethod()];
[nsRequest setHTTPShouldHandleCookies:allowCookies()];
-
+
+ // Cannot just use setAllHTTPHeaderFields here, because it does not remove headers.
+ NSArray *oldHeaderFieldNames = [[nsRequest allHTTPHeaderFields] allKeys];
+ for (unsigned i = [oldHeaderFieldNames count]; i != 0; --i)
+ [nsRequest setValue:nil forHTTPHeaderField:[oldHeaderFieldNames objectAtIndex:i - 1]];
HTTPHeaderMap::const_iterator end = httpHeaderFields().end();
for (HTTPHeaderMap::const_iterator it = httpHeaderFields().begin(); it != end; ++it)
[nsRequest setValue:it->second forHTTPHeaderField:it->first];
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list