diff options
| author | Antonio Sartori <antoniosartori@chromium.org> | 2020-05-19 15:59:40 +0000 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2020-10-15 23:10:35 +0000 |
| commit | 5a8e372fc7e646c359503b0f843ea8a2fa750f93 (patch) | |
| tree | 4ddca41f4f2fbed5c6b208870888f9e7436fa1e1 | |
| parent | 0f55630c2f4e811da4e674b217add4d8022efcac (diff) | |
| download | qtwebengine-chromium-5a8e372fc7e646c359503b0f843ea8a2fa750f93.tar.gz | |
[Backport] CVE-2020-6561: Inappropriate implementation in Content Security Policy
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2181363:
Use original URL before redirects as blocked URL in CSP reporting
When a resource was being blocked because of a Content Security Policy
violation after a redirect happened, we were using the final
URL (after the redirect) in the CSP reporting. This is a security
issue, since it could expose confidential information such as a token
contained in the redirect URL. As stated in
https://w3c.github.io/webappsec-csp/#create-violation-for-request
("We use request's url, and not its current url, as the latter might
contain information about redirect targets to which the page MUST NOT
be given access."), whe should instead report the request's original URL.
Incorporates dependencies which were applied separately on 83-based.
Bug: 932892
Change-Id: I1864e6e9e4cc266615e49276012ba7f9d96672f7
Fixed: 932892
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
37 files changed, 255 insertions, 139 deletions
diff --git a/chromium/content/browser/frame_host/mixed_content_navigation_throttle.cc b/chromium/content/browser/frame_host/mixed_content_navigation_throttle.cc index 24042867287..95fc6561831 100644 --- a/chromium/content/browser/frame_host/mixed_content_navigation_throttle.cc +++ b/chromium/content/browser/frame_host/mixed_content_navigation_throttle.cc @@ -82,6 +82,8 @@ void UpdateRendererOnMixedContentFound(NavigationHandleImpl* navigation_handle, params.mixed_content_url = navigation_handle->GetURL(); params.request_context_type = navigation_handle->request_context_type(); params.was_allowed = was_allowed; + DCHECK(!navigation_handle->GetRedirectChain().empty()); + params.url_before_redirects = navigation_handle->GetRedirectChain()[0]; params.had_redirect = for_redirect; params.source_location = navigation_handle->source_location(); diff --git a/chromium/content/common/frame_messages.h b/chromium/content/common/frame_messages.h index bfc597c92c5..e3e3870d3e8 100644 --- a/chromium/content/common/frame_messages.h +++ b/chromium/content/common/frame_messages.h @@ -745,6 +745,7 @@ IPC_STRUCT_BEGIN(FrameMsg_MixedContentFound_Params) IPC_STRUCT_MEMBER(GURL, mixed_content_url) IPC_STRUCT_MEMBER(content::RequestContextType, request_context_type) IPC_STRUCT_MEMBER(bool, was_allowed) + IPC_STRUCT_MEMBER(GURL, url_before_redirects) IPC_STRUCT_MEMBER(bool, had_redirect) IPC_STRUCT_MEMBER(content::SourceLocation, source_location) IPC_STRUCT_END() diff --git a/chromium/content/renderer/render_frame_impl.cc b/chromium/content/renderer/render_frame_impl.cc index c05fba60224..dc8ed0422b0 100644 --- a/chromium/content/renderer/render_frame_impl.cc +++ b/chromium/content/renderer/render_frame_impl.cc @@ -6481,7 +6481,8 @@ void RenderFrameImpl::OnMixedContentFound( params.request_context_type); frame_->MixedContentFound(params.main_resource_url, params.mixed_content_url, request_context, params.was_allowed, - params.had_redirect, source_location); + params.url_before_redirects, params.had_redirect, + source_location); } void RenderFrameImpl::OnSetOverlayRoutingToken( diff --git a/chromium/third_party/blink/public/web/web_local_frame.h b/chromium/third_party/blink/public/web/web_local_frame.h index 4b0c755062a..71e6084818e 100644 --- a/chromium/third_party/blink/public/web/web_local_frame.h +++ b/chromium/third_party/blink/public/web/web_local_frame.h @@ -328,6 +328,7 @@ class WebLocalFrame : public WebFrame { const WebURL& mixed_content_url, WebURLRequest::RequestContext, bool was_allowed, + const WebURL& url_before_redirects, bool had_redirect, const WebSourceLocation&) = 0; diff --git a/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc b/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc index 442e88fc9e0..50ccea568f4 100644 --- a/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc +++ b/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc @@ -614,7 +614,9 @@ void FetchManager::Loader::Start(ExceptionState& exception_state) { // blocked" if (!ContentSecurityPolicy::ShouldBypassMainWorld(execution_context_) && !execution_context_->GetContentSecurityPolicy()->AllowConnectToSource( - fetch_request_data_->Url())) { + fetch_request_data_->Url(), + fetch_request_data_->Url(), + RedirectStatus::kNoRedirect)) { // "A network error." PerformNetworkError( "Refused to connect to '" + fetch_request_data_->Url().ElidedString() + diff --git a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc index d8c48529b5d..d06a6eb5568 100644 --- a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc +++ b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc @@ -662,6 +662,7 @@ bool ContentSecurityPolicy::AllowScriptFromSource( const String& nonce, const IntegrityMetadataSet& hashes, ParserDisposition parser_disposition, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -694,7 +695,8 @@ bool ContentSecurityPolicy::AllowScriptFromSource( continue; is_allowed &= policy->AllowScriptFromSource(url, nonce, hashes, parser_disposition, - redirect_status, reporting_policy); + url_before_redirects, redirect_status, + reporting_policy); } return is_allowed; } @@ -702,13 +704,14 @@ bool ContentSecurityPolicy::AllowScriptFromSource( bool ContentSecurityPolicy::AllowRequestWithoutIntegrity( WebURLRequest::RequestContext context, const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { for (const auto& policy : policies_) { if (CheckHeaderTypeMatches(check_header_type, policy->HeaderType()) && - !policy->AllowRequestWithoutIntegrity(context, url, redirect_status, - reporting_policy)) + !policy->AllowRequestWithoutIntegrity(context, url, url_before_redirects, + redirect_status, reporting_policy)) return false; } return true; @@ -720,11 +723,12 @@ bool ContentSecurityPolicy::AllowRequest( const String& nonce, const IntegrityMetadataSet& integrity_metadata, ParserDisposition parser_disposition, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { if (integrity_metadata.IsEmpty() && - !AllowRequestWithoutIntegrity(context, url, redirect_status, + !AllowRequestWithoutIntegrity(context, url, url_before_redirects, redirect_status, reporting_policy, check_header_type)) { return false; } @@ -733,7 +737,8 @@ bool ContentSecurityPolicy::AllowRequest( case WebURLRequest::kRequestContextAudio: case WebURLRequest::kRequestContextTrack: case WebURLRequest::kRequestContextVideo: - return AllowMediaFromSource(url, redirect_status, reporting_policy, + return AllowMediaFromSource(url, url_before_redirects, + redirect_status, reporting_policy, check_header_type); case WebURLRequest::kRequestContextBeacon: case WebURLRequest::kRequestContextEventSource: @@ -741,47 +746,53 @@ bool ContentSecurityPolicy::AllowRequest( case WebURLRequest::kRequestContextPing: case WebURLRequest::kRequestContextXMLHttpRequest: case WebURLRequest::kRequestContextSubresource: - return AllowConnectToSource(url, redirect_status, reporting_policy, + return AllowConnectToSource(url, url_before_redirects, + redirect_status, reporting_policy, check_header_type); case WebURLRequest::kRequestContextEmbed: case WebURLRequest::kRequestContextObject: - return AllowObjectFromSource(url, redirect_status, reporting_policy, + return AllowObjectFromSource(url, url_before_redirects, + redirect_status, reporting_policy, check_header_type); case WebURLRequest::kRequestContextPrefetch: - return AllowPrefetchFromSource(url, redirect_status, reporting_policy, + return AllowPrefetchFromSource(url, url_before_redirects, + redirect_status, reporting_policy, check_header_type); case WebURLRequest::kRequestContextFavicon: case WebURLRequest::kRequestContextImage: case WebURLRequest::kRequestContextImageSet: - return AllowImageFromSource(url, redirect_status, reporting_policy, - check_header_type); + return AllowImageFromSource(url, url_before_redirects, redirect_status, + reporting_policy, check_header_type); case WebURLRequest::kRequestContextFont: - return AllowFontFromSource(url, redirect_status, reporting_policy, + return AllowFontFromSource(url, url_before_redirects, + redirect_status, reporting_policy, check_header_type); case WebURLRequest::kRequestContextForm: - return AllowFormAction(url, redirect_status, reporting_policy, + return AllowFormAction(url, url_before_redirects, redirect_status, reporting_policy, check_header_type); case WebURLRequest::kRequestContextFrame: case WebURLRequest::kRequestContextIframe: - return AllowFrameFromSource(url, redirect_status, reporting_policy, + return AllowFrameFromSource(url, url_before_redirects, + redirect_status, reporting_policy, check_header_type); case WebURLRequest::kRequestContextImport: case WebURLRequest::kRequestContextScript: case WebURLRequest::kRequestContextXSLT: return AllowScriptFromSource(url, nonce, integrity_metadata, - parser_disposition, redirect_status, - reporting_policy, check_header_type); + parser_disposition, url_before_redirects, + redirect_status, reporting_policy, + check_header_type); case WebURLRequest::kRequestContextManifest: - return AllowManifestFromSource(url, redirect_status, reporting_policy, - check_header_type); + return AllowManifestFromSource(url, url_before_redirects, redirect_status, + reporting_policy, check_header_type); case WebURLRequest::kRequestContextServiceWorker: case WebURLRequest::kRequestContextSharedWorker: case WebURLRequest::kRequestContextWorker: - return AllowWorkerContextFromSource(url, redirect_status, + return AllowWorkerContextFromSource(url, url, redirect_status, reporting_policy, check_header_type); case WebURLRequest::kRequestContextStyle: - return AllowStyleFromSource(url, nonce, redirect_status, reporting_policy, - check_header_type); + return AllowStyleFromSource(url, nonce, url_before_redirects, redirect_status, + reporting_policy, check_header_type); case WebURLRequest::kRequestContextCSPReport: case WebURLRequest::kRequestContextDownload: case WebURLRequest::kRequestContextHyperlink: @@ -805,6 +816,7 @@ void ContentSecurityPolicy::UsesStyleHashAlgorithms(uint8_t algorithms) { bool ContentSecurityPolicy::AllowObjectFromSource( const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -816,7 +828,8 @@ bool ContentSecurityPolicy::AllowObjectFromSource( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed &= - policy->AllowObjectFromSource(url, redirect_status, reporting_policy); + policy->AllowObjectFromSource(url, url_before_redirects, + redirect_status, reporting_policy); } return is_allowed; @@ -824,6 +837,7 @@ bool ContentSecurityPolicy::AllowObjectFromSource( bool ContentSecurityPolicy::AllowPrefetchFromSource( const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -835,7 +849,7 @@ bool ContentSecurityPolicy::AllowPrefetchFromSource( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed &= - policy->AllowPrefetchFromSource(url, redirect_status, reporting_policy); + policy->AllowPrefetchFromSource(url, url_before_redirects, redirect_status, reporting_policy); } return is_allowed; @@ -843,6 +857,7 @@ bool ContentSecurityPolicy::AllowPrefetchFromSource( bool ContentSecurityPolicy::AllowFrameFromSource( const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -854,7 +869,7 @@ bool ContentSecurityPolicy::AllowFrameFromSource( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed &= - policy->AllowFrameFromSource(url, redirect_status, reporting_policy); + policy->AllowFrameFromSource(url, url_before_redirects, redirect_status, reporting_policy); } return is_allowed; @@ -862,6 +877,7 @@ bool ContentSecurityPolicy::AllowFrameFromSource( bool ContentSecurityPolicy::AllowImageFromSource( const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -874,7 +890,7 @@ bool ContentSecurityPolicy::AllowImageFromSource( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed &= - policy->AllowImageFromSource(url, redirect_status, reporting_policy); + policy->AllowImageFromSource(url, url_before_redirects, redirect_status, reporting_policy); } return is_allowed; @@ -883,6 +899,7 @@ bool ContentSecurityPolicy::AllowImageFromSource( bool ContentSecurityPolicy::AllowStyleFromSource( const KURL& url, const String& nonce, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -894,14 +911,15 @@ bool ContentSecurityPolicy::AllowStyleFromSource( for (const auto& policy : policies_) { if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; - is_allowed &= policy->AllowStyleFromSource(url, nonce, redirect_status, - reporting_policy); + is_allowed &= policy->AllowStyleFromSource(url, nonce, url_before_redirects, + redirect_status, reporting_policy); } return is_allowed; } bool ContentSecurityPolicy::AllowFontFromSource( const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -913,7 +931,7 @@ bool ContentSecurityPolicy::AllowFontFromSource( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed &= - policy->AllowFontFromSource(url, redirect_status, reporting_policy); + policy->AllowFontFromSource(url, url_before_redirects, redirect_status, reporting_policy); } return is_allowed; @@ -921,6 +939,7 @@ bool ContentSecurityPolicy::AllowFontFromSource( bool ContentSecurityPolicy::AllowMediaFromSource( const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -932,7 +951,7 @@ bool ContentSecurityPolicy::AllowMediaFromSource( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed &= - policy->AllowMediaFromSource(url, redirect_status, reporting_policy); + policy->AllowMediaFromSource(url, url_before_redirects, redirect_status, reporting_policy); } return is_allowed; @@ -940,6 +959,7 @@ bool ContentSecurityPolicy::AllowMediaFromSource( bool ContentSecurityPolicy::AllowConnectToSource( const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -951,7 +971,7 @@ bool ContentSecurityPolicy::AllowConnectToSource( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed &= - policy->AllowConnectToSource(url, redirect_status, reporting_policy); + policy->AllowConnectToSource(url, url_before_redirects, redirect_status, reporting_policy); } return is_allowed; @@ -959,6 +979,7 @@ bool ContentSecurityPolicy::AllowConnectToSource( bool ContentSecurityPolicy::AllowFormAction( const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -970,7 +991,7 @@ bool ContentSecurityPolicy::AllowFormAction( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed &= - policy->AllowFormAction(url, redirect_status, reporting_policy); + policy->AllowFormAction(url, url_before_redirects, redirect_status, reporting_policy); } return is_allowed; @@ -990,7 +1011,7 @@ bool ContentSecurityPolicy::AllowBaseURI( if (!CheckHeaderTypeMatches(CheckHeaderType::kCheckAll, policy->HeaderType())) continue; - is_allowed &= policy->AllowBaseURI(url, redirect_status, reporting_policy); + is_allowed &= policy->AllowBaseURI(url, url, redirect_status, reporting_policy); } return is_allowed; @@ -998,6 +1019,7 @@ bool ContentSecurityPolicy::AllowBaseURI( bool ContentSecurityPolicy::AllowWorkerContextFromSource( const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -1012,7 +1034,7 @@ bool ContentSecurityPolicy::AllowWorkerContextFromSource( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed_worker &= policy->AllowWorkerFromSource( - url, redirect_status, + url, url_before_redirects, redirect_status, SecurityViolationReportingPolicy::kSuppressReporting); } } @@ -1025,7 +1047,7 @@ bool ContentSecurityPolicy::AllowWorkerContextFromSource( continue; is_allowed_script &= policy->AllowScriptFromSource( url, AtomicString(), IntegrityMetadataSet(), kNotParserInserted, - redirect_status, + url_before_redirects, redirect_status, SecurityViolationReportingPolicy::kSuppressReporting); } } @@ -1044,7 +1066,7 @@ bool ContentSecurityPolicy::AllowWorkerContextFromSource( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed &= - policy->AllowWorkerFromSource(url, redirect_status, reporting_policy); + policy->AllowWorkerFromSource(url, url_before_redirects, redirect_status, reporting_policy); } return is_allowed; @@ -1052,6 +1074,7 @@ bool ContentSecurityPolicy::AllowWorkerContextFromSource( bool ContentSecurityPolicy::AllowManifestFromSource( const KURL& url, + const KURL& url_before_redirects, RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy, CheckHeaderType check_header_type) const { @@ -1063,7 +1086,7 @@ bool ContentSecurityPolicy::AllowManifestFromSource( if (!CheckHeaderTypeMatches(check_header_type, policy->HeaderType())) continue; is_allowed &= - policy->AllowManifestFromSource(url, redirect_status, reporting_policy); + policy->AllowManifestFromSource(url, url_before_redirects, redirect_status, reporting_policy); } return is_allowed; @@ -1191,7 +1214,7 @@ static void GatherSecurityPolicyViolationEventData( break; case ContentSecurityPolicy::kURLViolation: init.setBlockedURI(StripURLForUseInReport( - context, blocked_url, redirect_status, effective_type)); + context, blocked_url, RedirectStatus::kNoRedirect, effective_type)); break; } } @@ -1438,10 +1461,10 @@ void ContentSecurityPolicy::DispatchViolationEvents( } void ContentSecurityPolicy::ReportMixedContent( - const KURL& mixed_url, + const KURL& blocked_url, RedirectStatus redirect_status) const { for (const auto& policy : policies_) - policy->ReportMixedContent(mixed_url, redirect_status); + policy->ReportMixedContent(blocked_url, redirect_status); } void ContentSecurityPolicy::ReportReportOnlyInMeta(const String& header) { diff --git a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.h b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.h index d97eb519aab..141e59ceda4 100644 --- a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.h +++ b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.h @@ -205,42 +205,50 @@ class CORE_EXPORT ContentSecurityPolicy bool AllowObjectFromSource( const KURL&, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; bool AllowPrefetchFromSource( const KURL&, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; bool AllowFrameFromSource(const KURL&, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; bool AllowImageFromSource(const KURL&, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; bool AllowFontFromSource(const KURL&, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; bool AllowMediaFromSource(const KURL&, + const KURL& url_before_redirects, RedirectStatus = RedirectStatus::kNoRedirect, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; bool AllowConnectToSource(const KURL&, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; bool AllowFormAction(const KURL&, + const KURL& url_before_redirects, RedirectStatus = RedirectStatus::kNoRedirect, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, @@ -251,14 +259,16 @@ class CORE_EXPORT ContentSecurityPolicy SecurityViolationReportingPolicy::kReport) const; bool AllowWorkerContextFromSource( const KURL&, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; bool AllowManifestFromSource( const KURL&, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; @@ -270,13 +280,15 @@ class CORE_EXPORT ContentSecurityPolicy const String& nonce, const IntegrityMetadataSet& hashes, ParserDisposition, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; bool AllowStyleFromSource(const KURL&, const String& nonce, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; @@ -312,7 +324,8 @@ class CORE_EXPORT ContentSecurityPolicy bool AllowRequestWithoutIntegrity( WebURLRequest::RequestContext, const KURL&, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; @@ -322,7 +335,8 @@ class CORE_EXPORT ContentSecurityPolicy const String& nonce, const IntegrityMetadataSet&, ParserDisposition, - RedirectStatus = RedirectStatus::kNoRedirect, + const KURL& url_before_redirects, + RedirectStatus, SecurityViolationReportingPolicy = SecurityViolationReportingPolicy::kReport, CheckHeaderType = CheckHeaderType::kCheckAll) const; @@ -387,7 +401,7 @@ class CORE_EXPORT ContentSecurityPolicy // Called when mixed content is detected on a page; will trigger a violation // report if the 'block-all-mixed-content' directive is specified for a // policy. - void ReportMixedContent(const KURL& mixed_url, RedirectStatus) const; + void ReportMixedContent(const KURL& blocked_url, RedirectStatus) const; void ReportBlockedScriptExecutionToInspector( const String& directive_text) const; diff --git a/chromium/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc b/chromium/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc index 7ee2f0ba3a7..f9aa58aaf5b 100644 --- a/chromium/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc +++ b/chromium/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc @@ -248,14 +248,14 @@ bool CSPDirectiveList::CheckDynamic(SourceListDirective* directive) const { } void CSPDirectiveList::ReportMixedContent( - const KURL& mixed_url, + const KURL& blocked_url, ResourceRequest::RedirectStatus redirect_status) const { if (StrictMixedContentChecking()) { policy_->ReportViolation( ContentSecurityPolicy::GetDirectiveName( ContentSecurityPolicy::DirectiveType::kBlockAllMixedContent), ContentSecurityPolicy::DirectiveType::kBlockAllMixedContent, String(), - mixed_url, report_endpoints_, use_reporting_api_, header_, header_type_, + blocked_url, report_endpoints_, use_reporting_api_, header_, header_type_, ContentSecurityPolicy::kURLViolation, std::unique_ptr<SourceLocation>(), nullptr, // contextFrame, redirect_status); @@ -319,6 +319,7 @@ bool CSPDirectiveList::CheckRequestWithoutIntegrity( bool CSPDirectiveList::CheckRequestWithoutIntegrityAndReportViolation( WebURLRequest::RequestContext context, const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status) const { if (CheckRequestWithoutIntegrity(context)) return true; @@ -352,18 +353,19 @@ bool CSPDirectiveList::CheckRequestWithoutIntegrityAndReportViolation( "' because 'require-sri-for' directive requires " "integrity attribute be present for all " + resource_type + "s.", - url, redirect_status); + url_before_redirects, redirect_status); return DenyIfEnforcingPolicy(); } bool CSPDirectiveList::AllowRequestWithoutIntegrity( WebURLRequest::RequestContext context, const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { if (reporting_policy == SecurityViolationReportingPolicy::kReport) return CheckRequestWithoutIntegrityAndReportViolation(context, url, - redirect_status); + url_before_redirects, redirect_status); return DenyIfEnforcingPolicy() || CheckRequestWithoutIntegrity(context); } @@ -507,6 +509,7 @@ bool CSPDirectiveList::CheckSourceAndReportViolation( SourceListDirective* directive, const KURL& url, const ContentSecurityPolicy::DirectiveType effective_type, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status) const { if (!directive) return true; @@ -570,7 +573,7 @@ bool CSPDirectiveList::CheckSourceAndReportViolation( "' because it violates the following Content Security " "Policy directive: \"" + directive->GetText() + "\"." + suffix + "\n", - url, redirect_status); + url_before_redirects, redirect_status); return DenyIfEnforcingPolicy(); } @@ -736,6 +739,7 @@ bool CSPDirectiveList::AllowScriptFromSource( const String& nonce, const IntegrityMetadataSet& hashes, ParserDisposition parser_disposition, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { SourceListDirective* directive = @@ -750,12 +754,13 @@ bool CSPDirectiveList::AllowScriptFromSource( ? CheckSourceAndReportViolation( directive, url, ContentSecurityPolicy::DirectiveType::kScriptSrc, - redirect_status) + url_before_redirects, redirect_status) : CheckSource(directive, url, redirect_status); } bool CSPDirectiveList::AllowObjectFromSource( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { if (url.ProtocolIsAbout()) @@ -765,7 +770,7 @@ bool CSPDirectiveList::AllowObjectFromSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kObjectSrc), url, ContentSecurityPolicy::DirectiveType::kObjectSrc, - redirect_status) + url_before_redirects, redirect_status) : CheckSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kObjectSrc), @@ -774,6 +779,7 @@ bool CSPDirectiveList::AllowObjectFromSource( bool CSPDirectiveList::AllowPrefetchFromSource( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { return reporting_policy == SecurityViolationReportingPolicy::kReport @@ -781,7 +787,7 @@ bool CSPDirectiveList::AllowPrefetchFromSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kPrefetchSrc), url, ContentSecurityPolicy::DirectiveType::kPrefetchSrc, - redirect_status) + url_before_redirects ,redirect_status) : CheckSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kPrefetchSrc), @@ -790,6 +796,7 @@ bool CSPDirectiveList::AllowPrefetchFromSource( bool CSPDirectiveList::AllowFrameFromSource( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { if (url.ProtocolIsAbout()) @@ -806,12 +813,13 @@ bool CSPDirectiveList::AllowFrameFromSource( ? CheckSourceAndReportViolation( which_directive, url, ContentSecurityPolicy::DirectiveType::kFrameSrc, - redirect_status) + url_before_redirects, redirect_status) : CheckSource(which_directive, url, redirect_status); } bool CSPDirectiveList::AllowImageFromSource( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { return reporting_policy == SecurityViolationReportingPolicy::kReport @@ -819,7 +827,7 @@ bool CSPDirectiveList::AllowImageFromSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kImgSrc), url, ContentSecurityPolicy::DirectiveType::kImgSrc, - redirect_status) + url_before_redirects, redirect_status) : CheckSource(OperativeDirective( ContentSecurityPolicy::DirectiveType::kImgSrc), url, redirect_status); @@ -828,6 +836,7 @@ bool CSPDirectiveList::AllowImageFromSource( bool CSPDirectiveList::AllowStyleFromSource( const KURL& url, const String& nonce, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { if (IsMatchingNoncePresent( @@ -839,7 +848,7 @@ bool CSPDirectiveList::AllowStyleFromSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kStyleSrc), url, ContentSecurityPolicy::DirectiveType::kStyleSrc, - redirect_status) + url_before_redirects, redirect_status) : CheckSource(OperativeDirective( ContentSecurityPolicy::DirectiveType::kStyleSrc), url, redirect_status); @@ -847,6 +856,7 @@ bool CSPDirectiveList::AllowStyleFromSource( bool CSPDirectiveList::AllowFontFromSource( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { return reporting_policy == SecurityViolationReportingPolicy::kReport @@ -854,7 +864,7 @@ bool CSPDirectiveList::AllowFontFromSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kFontSrc), url, ContentSecurityPolicy::DirectiveType::kFontSrc, - redirect_status) + url_before_redirects, redirect_status) : CheckSource(OperativeDirective( ContentSecurityPolicy::DirectiveType::kFontSrc), url, redirect_status); @@ -862,6 +872,7 @@ bool CSPDirectiveList::AllowFontFromSource( bool CSPDirectiveList::AllowMediaFromSource( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { return reporting_policy == SecurityViolationReportingPolicy::kReport @@ -869,7 +880,7 @@ bool CSPDirectiveList::AllowMediaFromSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kMediaSrc), url, ContentSecurityPolicy::DirectiveType::kMediaSrc, - redirect_status) + url_before_redirects, redirect_status) : CheckSource(OperativeDirective( ContentSecurityPolicy::DirectiveType::kMediaSrc), url, redirect_status); @@ -877,6 +888,7 @@ bool CSPDirectiveList::AllowMediaFromSource( bool CSPDirectiveList::AllowManifestFromSource( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { return reporting_policy == SecurityViolationReportingPolicy::kReport @@ -884,7 +896,7 @@ bool CSPDirectiveList::AllowManifestFromSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kManifestSrc), url, ContentSecurityPolicy::DirectiveType::kManifestSrc, - redirect_status) + url_before_redirects, redirect_status) : CheckSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kManifestSrc), @@ -893,6 +905,7 @@ bool CSPDirectiveList::AllowManifestFromSource( bool CSPDirectiveList::AllowConnectToSource( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { return reporting_policy == SecurityViolationReportingPolicy::kReport @@ -900,7 +913,7 @@ bool CSPDirectiveList::AllowConnectToSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kConnectSrc), url, ContentSecurityPolicy::DirectiveType::kConnectSrc, - redirect_status) + url_before_redirects, redirect_status) : CheckSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kConnectSrc), @@ -909,6 +922,7 @@ bool CSPDirectiveList::AllowConnectToSource( bool CSPDirectiveList::AllowFormAction( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { return reporting_policy == SecurityViolationReportingPolicy::kReport @@ -916,7 +930,7 @@ bool CSPDirectiveList::AllowFormAction( OperativeDirective( ContentSecurityPolicy::DirectiveType::kFormAction), url, ContentSecurityPolicy::DirectiveType::kFormAction, - redirect_status) + url_before_redirects, redirect_status) : CheckSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kFormAction), @@ -925,6 +939,7 @@ bool CSPDirectiveList::AllowFormAction( bool CSPDirectiveList::AllowBaseURI( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { bool result = @@ -933,7 +948,7 @@ bool CSPDirectiveList::AllowBaseURI( OperativeDirective( ContentSecurityPolicy::DirectiveType::kBaseURI), url, ContentSecurityPolicy::DirectiveType::kBaseURI, - redirect_status) + url_before_redirects, redirect_status) : CheckSource(OperativeDirective( ContentSecurityPolicy::DirectiveType::kBaseURI), url, redirect_status); @@ -951,6 +966,7 @@ bool CSPDirectiveList::AllowBaseURI( bool CSPDirectiveList::AllowWorkerFromSource( const KURL& url, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, SecurityViolationReportingPolicy reporting_policy) const { if (AllowDynamicWorker()) @@ -961,7 +977,7 @@ bool CSPDirectiveList::AllowWorkerFromSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kWorkerSrc), url, ContentSecurityPolicy::DirectiveType::kWorkerSrc, - redirect_status) + url_before_redirects, redirect_status) : CheckSource( OperativeDirective( ContentSecurityPolicy::DirectiveType::kWorkerSrc), diff --git a/chromium/third_party/blink/renderer/core/frame/csp/csp_directive_list.h b/chromium/third_party/blink/renderer/core/frame/csp/csp_directive_list.h index 2d55db6ef9b..bf4ea709460 100644 --- a/chromium/third_party/blink/renderer/core/frame/csp/csp_directive_list.h +++ b/chromium/third_party/blink/renderer/core/frame/csp/csp_directive_list.h @@ -86,44 +86,57 @@ class CORE_EXPORT CSPDirectiveList const String& nonce, const IntegrityMetadataSet& hashes, ParserDisposition, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowStyleFromSource(const KURL&, const String& nonce, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowObjectFromSource(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowPrefetchFromSource(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowFrameFromSource(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowImageFromSource(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowFontFromSource(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowMediaFromSource(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowManifestFromSource(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowConnectToSource(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowFormAction(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowBaseURI(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool AllowWorkerFromSource(const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; // |allowAncestors| does not need to know whether the resource was a @@ -144,13 +157,14 @@ class CORE_EXPORT CSPDirectiveList bool AllowRequestWithoutIntegrity(WebURLRequest::RequestContext, const KURL&, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, SecurityViolationReportingPolicy) const; bool StrictMixedContentChecking() const { return strict_mixed_content_checking_enforced_; } - void ReportMixedContent(const KURL& mixed_url, + void ReportMixedContent(const KURL& blocked_url, ResourceRequest::RedirectStatus) const; const String& EvalDisabledErrorMessage() const { @@ -303,6 +317,7 @@ class CORE_EXPORT CSPDirectiveList bool CheckSourceAndReportViolation(SourceListDirective*, const KURL&, const ContentSecurityPolicy::DirectiveType, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus) const; bool CheckMediaTypeAndReportViolation(MediaListDirective*, const String& type, @@ -314,6 +329,7 @@ class CORE_EXPORT CSPDirectiveList bool CheckRequestWithoutIntegrityAndReportViolation( WebURLRequest::RequestContext, const KURL&, + const KURL&, ResourceRequest::RedirectStatus) const; bool DenyIfEnforcingPolicy() const { return IsReportOnly(); } diff --git a/chromium/third_party/blink/renderer/core/frame/dom_window.cc b/chromium/third_party/blink/renderer/core/frame/dom_window.cc index 21c4cd01f89..4850f7bb91b 100644 --- a/chromium/third_party/blink/renderer/core/frame/dom_window.cc +++ b/chromium/third_party/blink/renderer/core/frame/dom_window.cc @@ -477,7 +477,7 @@ void DOMWindow::DoPostMessage(scoped_refptr<SerializedScriptValue> message, } if (!source_document->GetContentSecurityPolicy()->AllowConnectToSource( - target_url, RedirectStatus::kNoRedirect, + target_url, target_url, RedirectStatus::kNoRedirect, SecurityViolationReportingPolicy::kSuppressReporting)) { UseCounter::Count( source->GetFrame(), diff --git a/chromium/third_party/blink/renderer/core/frame/local_dom_window.cc b/chromium/third_party/blink/renderer/core/frame/local_dom_window.cc index 4b1dd4d6f67..4f2c818bc93 100644 --- a/chromium/third_party/blink/renderer/core/frame/local_dom_window.cc +++ b/chromium/third_party/blink/renderer/core/frame/local_dom_window.cc @@ -653,7 +653,7 @@ void LocalDOMWindow::DispatchMessageEventWithOriginCheck( KURL sender(static_cast<MessageEvent*>(event)->origin()); if (!document()->GetContentSecurityPolicy()->AllowConnectToSource( - sender, RedirectStatus::kNoRedirect, + sender, sender, RedirectStatus::kNoRedirect, SecurityViolationReportingPolicy::kSuppressReporting)) { UseCounter::Count( GetFrame(), WebFeature::kPostMessageIncomingWouldBeBlockedByConnectSrc); diff --git a/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.cc b/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.cc index 7e49028d641..200eecf21ab 100644 --- a/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.cc +++ b/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.cc @@ -2257,6 +2257,7 @@ void WebLocalFrameImpl::MixedContentFound( const WebURL& mixed_content_url, WebURLRequest::RequestContext request_context, bool was_allowed, + const WebURL& url_before_redirects, bool had_redirect, const WebSourceLocation& source_location) { DCHECK(GetFrame()); @@ -2268,7 +2269,7 @@ void WebLocalFrameImpl::MixedContentFound( } MixedContentChecker::MixedContentFound( GetFrame(), main_resource_url, mixed_content_url, request_context, - was_allowed, had_redirect, std::move(source)); + was_allowed, url_before_redirects, had_redirect, std::move(source)); } void WebLocalFrameImpl::ClientDroppedNavigation() { diff --git a/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.h b/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.h index 7b393b6ee9b..079fc058df7 100644 --- a/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.h +++ b/chromium/third_party/blink/renderer/core/frame/web_local_frame_impl.h @@ -299,6 +299,7 @@ class CORE_EXPORT WebLocalFrameImpl final const WebURL& mixed_content_url, WebURLRequest::RequestContext, bool was_allowed, + const WebURL& url_before_redirects, bool had_redirect, const WebSourceLocation&) override; void ClientDroppedNavigation() override; diff --git a/chromium/third_party/blink/renderer/core/html/forms/html_form_element.cc b/chromium/third_party/blink/renderer/core/html/forms/html_form_element.cc index 7fd27d29aae..dba37838f51 100644 --- a/chromium/third_party/blink/renderer/core/html/forms/html_form_element.cc +++ b/chromium/third_party/blink/renderer/core/html/forms/html_form_element.cc @@ -447,7 +447,7 @@ void HTMLFormElement::ScheduleFormSubmission(FormSubmission* submission) { } if (!GetDocument().GetContentSecurityPolicy()->AllowFormAction( - submission->Action())) { + submission->Action(), submission->Action(), RedirectStatus::kNoRedirect)) { return; } diff --git a/chromium/third_party/blink/renderer/core/html/html_plugin_element.cc b/chromium/third_party/blink/renderer/core/html/html_plugin_element.cc index d849d6968de..2c6a2a6f6d1 100644 --- a/chromium/third_party/blink/renderer/core/html/html_plugin_element.cc +++ b/chromium/third_party/blink/renderer/core/html/html_plugin_element.cc @@ -636,7 +636,7 @@ bool HTMLPlugInElement::AllowedToLoadObject(const KURL& url, return false; AtomicString declared_mime_type = FastGetAttribute(HTMLNames::typeAttr); - if (!GetDocument().GetContentSecurityPolicy()->AllowObjectFromSource(url) || + if (!GetDocument().GetContentSecurityPolicy()->AllowObjectFromSource(url, url, RedirectStatus::kNoRedirect) || !GetDocument().GetContentSecurityPolicy()->AllowPluginTypeForDocument( GetDocument(), mime_type, declared_mime_type, url)) { if (auto* layout_object = GetLayoutEmbeddedObject()) { @@ -651,7 +651,7 @@ bool HTMLPlugInElement::AllowedToLoadObject(const KURL& url, return (!mime_type.IsEmpty() && url.IsEmpty()) || !MixedContentChecker::ShouldBlockFetch( frame, WebURLRequest::kRequestContextObject, - network::mojom::RequestContextFrameType::kNone, + network::mojom::RequestContextFrameType::kNone, url, ResourceRequest::RedirectStatus::kNoRedirect, url); } diff --git a/chromium/third_party/blink/renderer/core/html/link_style.cc b/chromium/third_party/blink/renderer/core/html/link_style.cc index 86d9cc83d45..71fba94e6ca 100644 --- a/chromium/third_party/blink/renderer/core/html/link_style.cc +++ b/chromium/third_party/blink/renderer/core/html/link_style.cc @@ -339,7 +339,7 @@ void LinkStyle::Process() { if (!GetDocument().GetSecurityOrigin()->CanDisplay(params.href)) return; if (!GetDocument().GetContentSecurityPolicy()->AllowImageFromSource( - params.href)) + params.href, params.href, RedirectStatus::kNoRedirect)) return; if (GetDocument().GetFrame() && GetDocument().GetFrame()->Client()) { GetDocument().GetFrame()->Client()->DispatchDidChangeIcons( diff --git a/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc b/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc index e9dd039e4d5..92c7e9280d6 100644 --- a/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc +++ b/chromium/third_party/blink/renderer/core/html/media/html_media_element.cc @@ -1476,7 +1476,7 @@ bool HTMLMediaElement::IsSafeToLoadURL(const KURL& url, return false; } - if (!GetDocument().GetContentSecurityPolicy()->AllowMediaFromSource(url)) { + if (!GetDocument().GetContentSecurityPolicy()->AllowMediaFromSource(url, url, RedirectStatus::kNoRedirect)) { BLINK_MEDIA_LOG << "isSafeToLoadURL(" << (void*)this << ", " << UrlForLoggingMedia(url) << ") -> rejected by Content Security Policy"; diff --git a/chromium/third_party/blink/renderer/core/html/track/html_track_element.cc b/chromium/third_party/blink/renderer/core/html/track/html_track_element.cc index 323b423a0e4..d0a8b6e09b5 100644 --- a/chromium/third_party/blink/renderer/core/html/track/html_track_element.cc +++ b/chromium/third_party/blink/renderer/core/html/track/html_track_element.cc @@ -225,7 +225,7 @@ bool HTMLTrackElement::CanLoadUrl(const KURL& url) { if (url.IsEmpty()) return false; - if (!GetDocument().GetContentSecurityPolicy()->AllowMediaFromSource(url)) { + if (!GetDocument().GetContentSecurityPolicy()->AllowMediaFromSource(url, url, RedirectStatus::kNoRedirect)) { DVLOG(TRACK_LOG_LEVEL) << "canLoadUrl(" << UrlForLoggingTrack(url) << ") -> rejected by Content Security Policy"; return false; diff --git a/chromium/third_party/blink/renderer/core/loader/base_fetch_context.cc b/chromium/third_party/blink/renderer/core/loader/base_fetch_context.cc index 996c07442f3..2a9ed5306c0 100644 --- a/chromium/third_party/blink/renderer/core/loader/base_fetch_context.cc +++ b/chromium/third_party/blink/renderer/core/loader/base_fetch_context.cc @@ -162,10 +162,10 @@ base::Optional<ResourceRequestBlockedReason> BaseFetchContext::CanRequest( const ResourceLoaderOptions& options, SecurityViolationReportingPolicy reporting_policy, FetchParameters::OriginRestriction origin_restriction, - ResourceRequest::RedirectStatus redirect_status) const { + const Vector<KURL>& redirect_chain) const { base::Optional<ResourceRequestBlockedReason> blocked_reason = CanRequestInternal(type, resource_request, url, options, reporting_policy, - origin_restriction, redirect_status); + origin_restriction, redirect_chain); if (blocked_reason && reporting_policy == SecurityViolationReportingPolicy::kReport) { DispatchDidBlockRequest(resource_request, options.initiator_info, @@ -226,9 +226,11 @@ BaseFetchContext::CheckCSPForRequest( const KURL& url, const ResourceLoaderOptions& options, SecurityViolationReportingPolicy reporting_policy, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status) const { return CheckCSPForRequestInternal( - request_context, url, options, reporting_policy, redirect_status, + request_context, url, options, reporting_policy, + url_before_redirects, redirect_status, ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly); } @@ -238,6 +240,7 @@ BaseFetchContext::CheckCSPForRequestInternal( const KURL& url, const ResourceLoaderOptions& options, SecurityViolationReportingPolicy reporting_policy, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, ContentSecurityPolicy::CheckHeaderType check_header_type) const { if (ShouldBypassMainWorldCSP() || options.content_security_policy_option == @@ -249,7 +252,8 @@ BaseFetchContext::CheckCSPForRequestInternal( if (csp && !csp->AllowRequest( request_context, url, options.content_security_policy_nonce, options.integrity_metadata, options.parser_disposition, - redirect_status, reporting_policy, check_header_type)) { + url_before_redirects, redirect_status, reporting_policy, + check_header_type)) { return ResourceRequestBlockedReason::kCSP; } return base::nullopt; @@ -263,10 +267,10 @@ BaseFetchContext::CanRequestInternal( const ResourceLoaderOptions& options, SecurityViolationReportingPolicy reporting_policy, FetchParameters::OriginRestriction origin_restriction, - ResourceRequest::RedirectStatus redirect_status) const { + const Vector<KURL>& redirect_chain) const { if (IsDetached()) { if (!resource_request.GetKeepalive() || - redirect_status == ResourceRequest::RedirectStatus::kNoRedirect) { + redirect_chain.IsEmpty()) { return ResourceRequestBlockedReason::kOther; } } @@ -337,11 +341,17 @@ BaseFetchContext::CanRequestInternal( WebURLRequest::RequestContext request_context = resource_request.GetRequestContext(); + const KURL& url_before_redirects = + redirect_chain.IsEmpty() ? url : redirect_chain.front(); + const ResourceRequest::RedirectStatus redirect_status = + redirect_chain.IsEmpty() + ? ResourceRequest::RedirectStatus::kNoRedirect + : ResourceRequest::RedirectStatus::kFollowedRedirect; // We check the 'report-only' headers before upgrading the request (in // populateResourceRequest). We check the enforced headers here to ensure we // block things we ought to block. if (CheckCSPForRequestInternal( - request_context, url, options, reporting_policy, redirect_status, + request_context, url, options, reporting_policy, url_before_redirects, redirect_status, ContentSecurityPolicy::CheckHeaderType::kCheckEnforce) == ResourceRequestBlockedReason::kCSP) { return ResourceRequestBlockedReason::kCSP; @@ -389,8 +399,8 @@ BaseFetchContext::CanRequestInternal( // mixed content via CSP, they don't get a mixed content warning, but a CSP // warning instead. if (ShouldBlockFetchByMixedContentCheck(request_context, frame_type, - resource_request.GetRedirectStatus(), - url, reporting_policy)) + redirect_chain, url, + reporting_policy)) return ResourceRequestBlockedReason::kMixedContent; if (url.PotentiallyDanglingMarkup() && url.ProtocolIsInHTTPFamily()) { diff --git a/chromium/third_party/blink/renderer/core/loader/base_fetch_context.h b/chromium/third_party/blink/renderer/core/loader/base_fetch_context.h index 3bb6b18d7fa..a0065de538e 100644 --- a/chromium/third_party/blink/renderer/core/loader/base_fetch_context.h +++ b/chromium/third_party/blink/renderer/core/loader/base_fetch_context.h @@ -38,12 +38,13 @@ class CORE_EXPORT BaseFetchContext : public FetchContext { const ResourceLoaderOptions&, SecurityViolationReportingPolicy, FetchParameters::OriginRestriction, - ResourceRequest::RedirectStatus) const override; + const Vector<KURL>&) const override; base::Optional<ResourceRequestBlockedReason> CheckCSPForRequest( WebURLRequest::RequestContext, const KURL&, const ResourceLoaderOptions&, SecurityViolationReportingPolicy, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus) const override; void Trace(blink::Visitor*) override; @@ -81,7 +82,7 @@ class CORE_EXPORT BaseFetchContext : public FetchContext { virtual bool ShouldBlockFetchByMixedContentCheck( WebURLRequest::RequestContext, network::mojom::RequestContextFrameType, - ResourceRequest::RedirectStatus, + const Vector<KURL>& redirect_chain, const KURL&, SecurityViolationReportingPolicy) const = 0; virtual bool ShouldBlockFetchAsCredentialedSubresource(const ResourceRequest&, @@ -105,13 +106,14 @@ class CORE_EXPORT BaseFetchContext : public FetchContext { const ResourceLoaderOptions&, SecurityViolationReportingPolicy, FetchParameters::OriginRestriction, - ResourceRequest::RedirectStatus) const; + const Vector<KURL>& redirect_chain) const; base::Optional<ResourceRequestBlockedReason> CheckCSPForRequestInternal( WebURLRequest::RequestContext, const KURL&, const ResourceLoaderOptions&, SecurityViolationReportingPolicy, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, ContentSecurityPolicy::CheckHeaderType) const; }; diff --git a/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc b/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc index 3393c526ac1..6079763a0eb 100644 --- a/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc +++ b/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc @@ -1172,15 +1172,21 @@ FrameFetchContext::CreateWebSocketHandshakeThrottle() { bool FrameFetchContext::ShouldBlockFetchByMixedContentCheck( WebURLRequest::RequestContext request_context, network::mojom::RequestContextFrameType frame_type, - ResourceRequest::RedirectStatus redirect_status, + const Vector<KURL>& redirect_chain, const KURL& url, SecurityViolationReportingPolicy reporting_policy) const { if (IsDetached()) { // TODO(yhirano): Implement the detached case. return false; } + RedirectStatus redirect_status = redirect_chain.IsEmpty() + ? RedirectStatus::kNoRedirect + : RedirectStatus::kFollowedRedirect; + const KURL& url_before_redirects = + redirect_chain.IsEmpty() ? url : redirect_chain.front(); + return MixedContentChecker::ShouldBlockFetch(GetFrame(), request_context, - frame_type, redirect_status, url, + frame_type, url_before_redirects, redirect_status, url, reporting_policy); } @@ -1522,7 +1528,7 @@ base::Optional<ResourceRequestBlockedReason> FrameFetchContext::CanRequest( const ResourceLoaderOptions& options, SecurityViolationReportingPolicy reporting_policy, FetchParameters::OriginRestriction origin_restriction, - ResourceRequest::RedirectStatus redirect_status) const { + const Vector<KURL>& redirect_chain) const { if (document_ && document_->IsFreezingInProgress() && !resource_request.GetKeepalive()) { AddErrorConsoleMessage( @@ -1532,7 +1538,7 @@ base::Optional<ResourceRequestBlockedReason> FrameFetchContext::CanRequest( } return BaseFetchContext::CanRequest(type, resource_request, url, options, reporting_policy, origin_restriction, - redirect_status); + redirect_chain); } } // namespace blink diff --git a/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.h b/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.h index d2a808077e7..dd42273a23d 100644 --- a/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.h +++ b/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.h @@ -89,7 +89,7 @@ class CORE_EXPORT FrameFetchContext final : public BaseFetchContext { const ResourceLoaderOptions& options, SecurityViolationReportingPolicy reporting_policy, FetchParameters::OriginRestriction origin_restriction, - ResourceRequest::RedirectStatus redirect_status) const override; + const Vector<KURL>& redirect_chain) const override; mojom::FetchCacheMode ResourceRequestCachePolicy( const ResourceRequest&, Resource::Type, @@ -230,7 +230,7 @@ class CORE_EXPORT FrameFetchContext final : public BaseFetchContext { bool ShouldBlockFetchByMixedContentCheck( WebURLRequest::RequestContext, network::mojom::RequestContextFrameType, - ResourceRequest::RedirectStatus, + const Vector<KURL>& redirect_chain, const KURL&, SecurityViolationReportingPolicy) const override; bool ShouldBlockFetchAsCredentialedSubresource(const ResourceRequest&, diff --git a/chromium/third_party/blink/renderer/core/loader/mixed_content_checker.cc b/chromium/third_party/blink/renderer/core/loader/mixed_content_checker.cc index 13cd030f5f4..68843340166 100644 --- a/chromium/third_party/blink/renderer/core/loader/mixed_content_checker.cc +++ b/chromium/third_party/blink/renderer/core/loader/mixed_content_checker.cc @@ -352,6 +352,7 @@ bool MixedContentChecker::ShouldBlockFetch( LocalFrame* frame, WebURLRequest::RequestContext request_context, network::mojom::RequestContextFrameType frame_type, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, const KURL& url, SecurityViolationReportingPolicy reporting_policy) { @@ -369,7 +370,7 @@ bool MixedContentChecker::ShouldBlockFetch( MixedContentChecker::Count(mixed_frame, request_context, frame); if (ContentSecurityPolicy* policy = frame->GetSecurityContext()->GetContentSecurityPolicy()) - policy->ReportMixedContent(url, redirect_status); + policy->ReportMixedContent(url_before_redirects, redirect_status); Settings* settings = mixed_frame->GetSettings(); // Use the current local frame's client; the embedder doesn't distinguish @@ -469,6 +470,7 @@ bool MixedContentChecker::ShouldBlockFetch( bool MixedContentChecker::ShouldBlockFetchOnWorker( const WorkerFetchContext& worker_fetch_context, WebURLRequest::RequestContext request_context, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus redirect_status, const KURL& url, SecurityViolationReportingPolicy reporting_policy, @@ -481,7 +483,7 @@ bool MixedContentChecker::ShouldBlockFetchOnWorker( worker_fetch_context.CountUsage(WebFeature::kMixedContentPresent); worker_fetch_context.CountUsage(WebFeature::kMixedContentBlockable); if (auto* policy = worker_fetch_context.GetContentSecurityPolicy()) - policy->ReportMixedContent(url, redirect_status); + policy->ReportMixedContent(url_before_redirects, redirect_status); // Blocks all mixed content request from worklets. // TODO(horo): Revise this when the spec is updated. @@ -715,6 +717,7 @@ void MixedContentChecker::MixedContentFound( const KURL& mixed_content_url, WebURLRequest::RequestContext request_context, bool was_allowed, + const KURL& url_before_redirects, bool had_redirect, std::unique_ptr<SourceLocation> source_location) { // Logs to the frame console. @@ -726,7 +729,7 @@ void MixedContentChecker::MixedContentFound( frame->GetSecurityContext()->GetContentSecurityPolicy(); if (policy) { policy->ReportMixedContent( - mixed_content_url, + url_before_redirects, had_redirect ? ResourceRequest::RedirectStatus::kFollowedRedirect : ResourceRequest::RedirectStatus::kNoRedirect); } diff --git a/chromium/third_party/blink/renderer/core/loader/mixed_content_checker.h b/chromium/third_party/blink/renderer/core/loader/mixed_content_checker.h index b2933519988..8c00f5cf078 100644 --- a/chromium/third_party/blink/renderer/core/loader/mixed_content_checker.h +++ b/chromium/third_party/blink/renderer/core/loader/mixed_content_checker.h @@ -69,6 +69,7 @@ class CORE_EXPORT MixedContentChecker final { static bool ShouldBlockFetch(LocalFrame*, WebURLRequest::RequestContext, network::mojom::RequestContextFrameType, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, const KURL&, SecurityViolationReportingPolicy = @@ -76,6 +77,7 @@ class CORE_EXPORT MixedContentChecker final { static bool ShouldBlockFetchOnWorker(const WorkerFetchContext&, WebURLRequest::RequestContext, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus, const KURL&, SecurityViolationReportingPolicy, @@ -117,6 +119,7 @@ class CORE_EXPORT MixedContentChecker final { const KURL& mixed_content_url, WebURLRequest::RequestContext, bool was_allowed, + const KURL& url_before_redirects, bool had_redirect, std::unique_ptr<SourceLocation>); diff --git a/chromium/third_party/blink/renderer/core/loader/ping_loader.cc b/chromium/third_party/blink/renderer/core/loader/ping_loader.cc index a4b78155942..635a7da4286 100644 --- a/chromium/third_party/blink/renderer/core/loader/ping_loader.cc +++ b/chromium/third_party/blink/renderer/core/loader/ping_loader.cc @@ -184,7 +184,7 @@ bool SendBeaconCommon(LocalFrame* frame, if (!ContentSecurityPolicy::ShouldBypassMainWorld(frame->GetDocument()) && !frame->GetDocument()->GetContentSecurityPolicy()->AllowConnectToSource( - url)) { + url, url, RedirectStatus::kNoRedirect)) { // We're simulating a network failure here, so we return 'true'. return true; } diff --git a/chromium/third_party/blink/renderer/core/loader/worker_fetch_context.cc b/chromium/third_party/blink/renderer/core/loader/worker_fetch_context.cc index bc3432dce5a..5bedea13f47 100644 --- a/chromium/third_party/blink/renderer/core/loader/worker_fetch_context.cc +++ b/chromium/third_party/blink/renderer/core/loader/worker_fetch_context.cc @@ -177,11 +177,16 @@ WorkerFetchContext::CreateWebSocketHandshakeThrottle() { bool WorkerFetchContext::ShouldBlockFetchByMixedContentCheck( WebURLRequest::RequestContext request_context, network::mojom::RequestContextFrameType frame_type, - ResourceRequest::RedirectStatus redirect_status, + const Vector<KURL>& redirect_chain, const KURL& url, SecurityViolationReportingPolicy reporting_policy) const { + RedirectStatus redirect_status = redirect_chain.IsEmpty() + ? RedirectStatus::kNoRedirect + : RedirectStatus::kFollowedRedirect; + const KURL& url_before_redirects = + redirect_chain.IsEmpty() ? url : redirect_chain.front(); return MixedContentChecker::ShouldBlockFetchOnWorker( - *this, request_context, redirect_status, url, reporting_policy, + *this, request_context, url_before_redirects, redirect_status, url, reporting_policy, global_scope_->IsWorkletGlobalScope()); } diff --git a/chromium/third_party/blink/renderer/core/loader/worker_fetch_context.h b/chromium/third_party/blink/renderer/core/loader/worker_fetch_context.h index fb332f0ca84..e38e0c74949 100644 --- a/chromium/third_party/blink/renderer/core/loader/worker_fetch_context.h +++ b/chromium/third_party/blink/renderer/core/loader/worker_fetch_context.h @@ -57,7 +57,7 @@ class WorkerFetchContext final : public BaseFetchContext { bool ShouldBlockFetchByMixedContentCheck( WebURLRequest::RequestContext, network::mojom::RequestContextFrameType, - ResourceRequest::RedirectStatus, + const Vector<KURL>& redirect_chain, const KURL&, SecurityViolationReportingPolicy) const override; bool ShouldBlockFetchAsCredentialedSubresource(const ResourceRequest&, diff --git a/chromium/third_party/blink/renderer/core/workers/abstract_worker.cc b/chromium/third_party/blink/renderer/core/workers/abstract_worker.cc index 9ca539e4faf..6cc8d7a347c 100644 --- a/chromium/third_party/blink/renderer/core/workers/abstract_worker.cc +++ b/chromium/third_party/blink/renderer/core/workers/abstract_worker.cc @@ -68,8 +68,9 @@ KURL AbstractWorker::ResolveURL(ExecutionContext* execution_context, if (ContentSecurityPolicy* csp = execution_context->GetContentSecurityPolicy()) { - if (!csp->AllowRequestWithoutIntegrity(request_context, script_url) || - !csp->AllowWorkerContextFromSource(script_url)) { + if (!csp->AllowRequestWithoutIntegrity(request_context, script_url, + script_url, RedirectStatus::kNoRedirect) || + !csp->AllowWorkerContextFromSource(script_url, script_url, RedirectStatus::kNoRedirect)) { exception_state.ThrowSecurityError( "Access to the script at '" + script_url.ElidedString() + "' is denied by the document's Content Security Policy."); diff --git a/chromium/third_party/blink/renderer/core/workers/worker_global_scope.cc b/chromium/third_party/blink/renderer/core/workers/worker_global_scope.cc index 3ba10ba9232..f1a0618cfd6 100644 --- a/chromium/third_party/blink/renderer/core/workers/worker_global_scope.cc +++ b/chromium/third_party/blink/renderer/core/workers/worker_global_scope.cc @@ -155,7 +155,8 @@ void WorkerGlobalScope::importScripts(const Vector<String>& urls, return; } if (!GetContentSecurityPolicy()->AllowScriptFromSource( - url, AtomicString(), IntegrityMetadataSet(), kNotParserInserted)) { + url, AtomicString(), IntegrityMetadataSet(), kNotParserInserted, + url, RedirectStatus::kNoRedirect)) { exception_state.ThrowDOMException( DOMExceptionCode::kNetworkError, "The script at '" + url.ElidedString() + "' failed to load."); diff --git a/chromium/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc b/chromium/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc index 04edc0b08dc..2842ec81d2a 100644 --- a/chromium/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc +++ b/chromium/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc @@ -55,7 +55,7 @@ bool ShouldBlockDueToCSP(ExecutionContext* execution_context, const KURL& request_url) { return !ContentSecurityPolicy::ShouldBypassMainWorld(execution_context) && !execution_context->GetContentSecurityPolicy()->AllowConnectToSource( - request_url); + request_url, request_url, RedirectStatus::kNoRedirect); } bool ShouldBlockPort(const KURL& request_url) { diff --git a/chromium/third_party/blink/renderer/modules/service_worker/service_worker_container.cc b/chromium/third_party/blink/renderer/modules/service_worker/service_worker_container.cc index c2cd91e8b21..768131f4ca1 100644 --- a/chromium/third_party/blink/renderer/modules/service_worker/service_worker_container.cc +++ b/chromium/third_party/blink/renderer/modules/service_worker/service_worker_container.cc @@ -268,9 +268,10 @@ ScriptPromise ServiceWorkerContainer::registerServiceWorker( ContentSecurityPolicy* csp = execution_context->GetContentSecurityPolicy(); if (csp) { if (!csp->AllowRequestWithoutIntegrity( - WebURLRequest::kRequestContextServiceWorker, script_url) || + WebURLRequest::kRequestContextServiceWorker, script_url, + script_url, ResourceRequest::RedirectStatus::kNoRedirect) || !csp->AllowWorkerContextFromSource( - script_url, ResourceRequest::RedirectStatus::kNoRedirect, + script_url, script_url, ResourceRequest::RedirectStatus::kNoRedirect, SecurityViolationReportingPolicy::kReport)) { callbacks->OnError(WebServiceWorkerError( mojom::blink::ServiceWorkerErrorType::kSecurity, diff --git a/chromium/third_party/blink/renderer/modules/websockets/dom_websocket.cc b/chromium/third_party/blink/renderer/modules/websockets/dom_websocket.cc index 75126c8edfb..7c97e3bc815 100644 --- a/chromium/third_party/blink/renderer/modules/websockets/dom_websocket.cc +++ b/chromium/third_party/blink/renderer/modules/websockets/dom_websocket.cc @@ -336,7 +336,7 @@ void DOMWebSocket::Connect(const String& url, if (!ContentSecurityPolicy::ShouldBypassMainWorld(GetExecutionContext()) && !GetExecutionContext()->GetContentSecurityPolicy()->AllowConnectToSource( - url_)) { + url_, url_, RedirectStatus::kNoRedirect)) { state_ = kClosed; // Delay the event dispatch until after the current task by suspending and diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_context.h b/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_context.h index 1b713826046..d95a1bb855c 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_context.h +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_context.h @@ -185,7 +185,7 @@ class PLATFORM_EXPORT FetchContext const ResourceLoaderOptions&, SecurityViolationReportingPolicy, FetchParameters::OriginRestriction, - ResourceRequest::RedirectStatus) const { + const Vector<KURL>& redirect_chain) const { return ResourceRequestBlockedReason::kOther; } virtual base::Optional<ResourceRequestBlockedReason> CheckCSPForRequest( @@ -193,6 +193,7 @@ class PLATFORM_EXPORT FetchContext const KURL&, const ResourceLoaderOptions&, SecurityViolationReportingPolicy, + const KURL& url_before_redirects, ResourceRequest::RedirectStatus) const { return ResourceRequestBlockedReason::kOther; } diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc index 186a54eb4c6..ffe2eb19bec 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc @@ -292,10 +292,7 @@ ResourceLoadPriority ResourceFetcher::ComputeLoadPriority( } static void PopulateTimingInfo(ResourceTimingInfo* info, Resource* resource) { - KURL initial_url = resource->GetResponse().RedirectResponses().IsEmpty() - ? resource->GetResourceRequest().Url() - : resource->GetResponse().RedirectResponses()[0].Url(); - info->SetInitialURL(initial_url); + info->SetInitialURL(resource->Url()); info->SetFinalResponse(resource->GetResponse()); } @@ -653,18 +650,27 @@ base::Optional<ResourceRequestBlockedReason> ResourceFetcher::PrepareRequest( ? SecurityViolationReportingPolicy::kSuppressReporting : SecurityViolationReportingPolicy::kReport; - // Note that resource_request.GetRedirectStatus() may return kFollowedRedirect - // here since e.g. DocumentThreadableLoader may create a new Resource from - // a ResourceRequest that originates from the ResourceRequest passed to - // the redirect handling callback. + // Note that resource_request.GetRedirectChain() may be non-empty here since + // e.g. ThreadableLoader may create a new Resource from a ResourceRequest that + // originates from the ResourceRequest passed to the redirect handling + // callback. // Before modifying the request for CSP, evaluate report-only headers. This // allows site owners to learn about requests that are being modified // (e.g. mixed content that is being upgraded by upgrade-insecure-requests). + const Vector<KURL>& redirect_chain = resource_request.GetRedirectChain(); + const KURL& url_before_redirects = + redirect_chain.IsEmpty() ? params.Url() : redirect_chain.front(); + const ResourceRequest::RedirectStatus redirect_status = + redirect_chain.IsEmpty() + ? ResourceRequest::RedirectStatus::kNoRedirect + : ResourceRequest::RedirectStatus::kFollowedRedirect; Context().CheckCSPForRequest( resource_request.GetRequestContext(), MemoryCache::RemoveFragmentIdentifierIfNeeded(params.Url()), options, - reporting_policy, resource_request.GetRedirectStatus()); + reporting_policy, + MemoryCache::RemoveFragmentIdentifierIfNeeded(url_before_redirects), + redirect_status); // This may modify params.Url() (via the resource_request argument). Context().PopulateResourceRequest( @@ -714,7 +720,7 @@ base::Optional<ResourceRequestBlockedReason> ResourceFetcher::PrepareRequest( base::Optional<ResourceRequestBlockedReason> blocked_reason = Context().CanRequest(resource_type, resource_request, url, options, reporting_policy, params.GetOriginRestriction(), - resource_request.GetRedirectStatus()); + resource_request.GetRedirectChain()); if (Context().IsAdResource(url, resource_type, resource_request.GetRequestContext())) { @@ -1760,7 +1766,7 @@ void ResourceFetcher::EmulateLoadStartedForInspector( resource->LastResourceRequest().Url(), params.Options(), SecurityViolationReportingPolicy::kReport, params.GetOriginRestriction(), - resource->LastResourceRequest().GetRedirectStatus()); + resource->LastResourceRequest().GetRedirectChain()); RequestLoadStarted(resource->Identifier(), resource, params, kUse); } diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc index cc52420a1cf..f7474e3e930 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc @@ -288,6 +288,8 @@ bool ResourceLoader::WillFollowRedirect( const ResourceResponse& redirect_response( passed_redirect_response.ToResourceResponse()); + const KURL& url_before_redirects = initial_request.Url(); + if (!IsManualRedirectFetchRequest(initial_request)) { bool unused_preload = resource_->IsUnusedPreload(); @@ -299,14 +301,14 @@ bool ResourceLoader::WillFollowRedirect( // CanRequest() checks only enforced CSP, so check report-only here to // ensure that violations are sent. Context().CheckCSPForRequest( - request_context, new_url, options, reporting_policy, + request_context, new_url, options, reporting_policy, url_before_redirects, ResourceRequest::RedirectStatus::kFollowedRedirect); base::Optional<ResourceRequestBlockedReason> blocked_reason = Context().CanRequest( resource_type, *new_request, new_url, options, reporting_policy, FetchParameters::kUseDefaultOriginRestrictionForType, - ResourceRequest::RedirectStatus::kFollowedRedirect); + new_request->GetRedirectChain()); if (Context().IsAdResource(new_url, resource_type, new_request->GetRequestContext())) { @@ -590,11 +592,13 @@ void ResourceLoader::DidReceiveResponse( // https://w3c.github.io/webappsec-csp/#should-block-response const KURL& original_url = response.OriginalURLViaServiceWorker(); if (!original_url.IsEmpty()) { + Vector<KURL> redirect_chain = initial_request.GetRedirectChain(); + redirect_chain.push_back(initial_request.Url()); // CanRequest() below only checks enforced policies: check report-only // here to ensure violations are sent. Context().CheckCSPForRequest( request_context, original_url, options, - SecurityViolationReportingPolicy::kReport, + SecurityViolationReportingPolicy::kReport, redirect_chain.front(), ResourceRequest::RedirectStatus::kFollowedRedirect); base::Optional<ResourceRequestBlockedReason> blocked_reason = @@ -602,7 +606,7 @@ void ResourceLoader::DidReceiveResponse( resource_type, initial_request, original_url, options, SecurityViolationReportingPolicy::kReport, FetchParameters::kUseDefaultOriginRestrictionForType, - ResourceRequest::RedirectStatus::kFollowedRedirect); + redirect_chain); if (blocked_reason) { HandleError(ResourceError::CancelledDueToAccessCheckError( original_url, blocked_reason.value())); diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.cc index aabeebe9b41..625d5e2a1df 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.cc +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.cc @@ -80,8 +80,7 @@ ResourceRequest::ResourceRequest(const KURL& url) was_discarded_(false), is_external_request_(false), cors_preflight_policy_( - network::mojom::CORSPreflightPolicy::kConsiderPreflight), - redirect_status_(RedirectStatus::kNoRedirect) {} + network::mojom::CORSPreflightPolicy::kConsiderPreflight) {} ResourceRequest::ResourceRequest(CrossThreadResourceRequestData* data) : ResourceRequest(data->url_) { @@ -119,7 +118,6 @@ ResourceRequest::ResourceRequest(CrossThreadResourceRequestData* data) check_for_browser_side_navigation_ = data->check_for_browser_side_navigation_; is_external_request_ = data->is_external_request_; cors_preflight_policy_ = data->cors_preflight_policy_; - redirect_status_ = data->redirect_status_; suggested_filename_ = data->suggested_filename_; is_ad_resource_ = data->is_ad_resource_; SetInitiatorCSP(data->navigation_csp_); @@ -149,8 +147,8 @@ std::unique_ptr<ResourceRequest> ResourceRequest::CreateRedirectRequest( request->SetHTTPReferrer( Referrer(referrer, static_cast<ReferrerPolicy>(new_referrer_policy))); request->SetSkipServiceWorker(skip_service_worker); - request->SetRedirectStatus(RedirectStatus::kFollowedRedirect); - + request->redirect_chain_ = GetRedirectChain(); + request->redirect_chain_.push_back(Url()); // Copy from parameters for |this|. request->SetDownloadToBlob(DownloadToBlob()); request->SetUseStreamOnResponse(UseStreamOnResponse()); @@ -216,7 +214,6 @@ std::unique_ptr<CrossThreadResourceRequestData> ResourceRequest::CopyData() data->check_for_browser_side_navigation_ = check_for_browser_side_navigation_; data->is_external_request_ = is_external_request_; data->cors_preflight_policy_ = cors_preflight_policy_; - data->redirect_status_ = redirect_status_; data->suggested_filename_ = suggested_filename_; data->is_ad_resource_ = is_ad_resource_; data->navigation_csp_ = initiator_csp_; diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.h b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.h index cc93416d2e6..b6dd5001dd9 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.h +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.h @@ -334,8 +334,7 @@ class PLATFORM_EXPORT ResourceRequest final { cors_preflight_policy_ = policy; } - void SetRedirectStatus(RedirectStatus status) { redirect_status_ = status; } - RedirectStatus GetRedirectStatus() const { return redirect_status_; } + const Vector<KURL>& GetRedirectChain() const { return redirect_chain_; } void SetSuggestedFilename(const base::Optional<String>& suggested_filename) { suggested_filename_ = suggested_filename; @@ -430,7 +429,7 @@ class PLATFORM_EXPORT ResourceRequest final { bool was_discarded_; bool is_external_request_; network::mojom::CORSPreflightPolicy cors_preflight_policy_; - RedirectStatus redirect_status_; + Vector<KURL> redirect_chain_; base::Optional<String> suggested_filename_; mutable CacheControlHeader cache_control_header_cache_; @@ -500,7 +499,6 @@ struct PLATFORM_EXPORT CrossThreadResourceRequestData { bool check_for_browser_side_navigation_; bool is_external_request_; network::mojom::CORSPreflightPolicy cors_preflight_policy_; - ResourceRequest::RedirectStatus redirect_status_; base::Optional<String> suggested_filename_; bool is_ad_resource_; WebContentSecurityPolicyList navigation_csp_; |