Issue 1109633002: Basic experimental suborigin CSP directive and SecurityOrigin mods

Issue 1109633002: Basic experimental suborigin CSP directive and SecurityOrigin mods (Closed)

Created:
5 years, 8 months ago by jww

Modified:
5 years, 6 months ago

Reviewers:
jochen (gone - plz use gerrit), Mike West

CC:
aaj, blink-reviews, blink-reviews-dom_chromium.org, dglazkov+blink, eae+blinkwatch, mkwst+watchlist-csp_chromium.org, rwlbuis, sof

Base URL:
https://chromium.googlesource.com/chromium/blink.git@master

Target Ref:
refs/heads/master

Project:
blink

Visibility:
Public.

More Reviews

Description

Basic experimental suborigin CSP directive and SecurityOrigin mods This adds a basic CSP directive 'suborigin' behind an experimental flag. The implementation also adds plumbing in SecurityOrigin to support suborigins, although nothing is explicitly enforced. However, if a suborigin is used, it will be serialized into the SecurityOrigin's string on a toString call, so this will have lots of side effects that will be addressed in a subsequent CL. BUG=336894 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=196231

Patch Set 1 #

Total comments: 6

Patch Set 2 : Nits #

Patch Set 3 : Rebase on ToT #

Created: 5 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+265 lines, -102 lines)			Patch
M	LayoutTests/http/tests/security/suborigins/crossorigin/suborigin-cross-origin-script-window-onerror-expected.txt	View	1 2	1 chunk	+0 lines, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/crossorigin/suborigin-cross-origin-script-window-onerror-redirected-expected.txt	View	1 2	1 chunk	+0 lines, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/crossorigin/suborigin-cross-origin-window-event-exception.php	View		1 chunk	+2 lines, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/crossorigin/suborigin-cross-origin-window-event-exception-expected.txt	View		1 chunk	+2 lines, -6 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/crossorigin/suborigin-cross-origin-window-open-exception.php	View		1 chunk	+2 lines, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/crossorigin/suborigin-cross-origin-window-open-exception-expected.txt	View		1 chunk	+2 lines, -6 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/multiple-suborigins-disallowed-expected.txt	View	1 2	1 chunk	+0 lines, -4 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/suborigin-allow-in-http-header-expected.txt	View	1 2	1 chunk	+0 lines, -6 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/suborigin-blocked-different-suborigins-expected.txt	View	1 2	1 chunk	+0 lines, -6 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/suborigin-blocked-not-in-suborigin-to-suborigin-expected.txt	View	1 2	1 chunk	+0 lines, -2 lines	0 comments	Download
D	LayoutTests/http/tests/security/suborigins/suborigin-blocked-notifications.php	View	1	1 chunk	+0 lines, -26 lines	0 comments	Download
D	LayoutTests/http/tests/security/suborigins/suborigin-blocked-notifications-expected.txt	View	1 2	1 chunk	+0 lines, -6 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/suborigin-change-document-domain-expected.txt	View	1 2	1 chunk	+0 lines, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/suborigin-document-domain-expected.txt	View	1	1 chunk	+0 lines, -6 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/suborigin-document-suborigin-expected.txt	View	1 2	1 chunk	+0 lines, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/suborigin-in-meta-disallowed-expected.txt	View		1 chunk	+1 line, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/suborigin-invalid-names-expected.txt	View	1 2	1 chunk	+1 line, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/suborigins/suborigin-valid-names-expected.txt	View	1 2	1 chunk	+0 lines, -2 lines	0 comments	Download
M	Source/core/dom/Document.h	View	1 2	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/core/dom/Document.cpp	View	1 2	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/core/dom/ExecutionContext.h	View	1 2	2 chunks	+5 lines, -1 line	0 comments	Download
M	Source/core/dom/ExecutionContext.cpp	View	1 2	3 chunks	+25 lines, -0 lines	0 comments	Download
M	Source/core/frame/csp/CSPDirectiveList.h	View		2 chunks	+4 lines, -1 line	0 comments	Download
M	Source/core/frame/csp/CSPDirectiveList.cpp	View	1 2	5 chunks	+56 lines, -3 lines	0 comments	Download
M	Source/core/frame/csp/ContentSecurityPolicy.h	View	1 2	5 chunks	+8 lines, -0 lines	0 comments	Download
M	Source/core/frame/csp/ContentSecurityPolicy.cpp	View	1 2	7 chunks	+24 lines, -0 lines	0 comments	Download
M	Source/core/testing/NullExecutionContext.h	View	1 2	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/core/workers/WorkerGlobalScope.h	View	1 2	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/platform/RuntimeEnabledFeatures.in	View	1 2	1 chunk	+1 line, -0 lines	0 comments	Download
M	Source/platform/weborigin/SecurityOrigin.h	View	1 2	3 chunks	+17 lines, -0 lines	0 comments	Download
M	Source/platform/weborigin/SecurityOrigin.cpp	View	1 2	8 chunks	+43 lines, -2 lines	0 comments	Download
M	Source/platform/weborigin/SecurityOriginTest.cpp	View		5 chunks	+68 lines, -5 lines	0 comments	Download

Messages

Total messages: 11 (2 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

jww

Hi jochen and mkwst. This is another sub-CL based on https://codereview.chromium.org/27073003/. This implements the basic ...

5 years, 8 months ago (2015-04-25 00:44:46 UTC) #2

jww

On 2015/04/25 00:44:46, jww wrote: > Hi jochen and mkwst. This is another sub-CL based ...

5 years, 8 months ago (2015-04-27 06:46:49 UTC) #3

On 2015/04/25 00:44:46, jww wrote:
> Hi jochen and mkwst. This is another sub-CL based on
> https://codereview.chromium.org/27073003/. This implements the basic CSP
> directive for enforcement plus it adds parsing to SecurityOrigin. Note that
I've
> removed all of the access control checks, including in canAccess and
canRequest.
> However, as mkwst@ pointed out in the other CL, this will have side effects in
> code that makes decisions based on calls to SecurityOrigin::toString since
this
> does serialize the Suborigin into those cases.
> 
> My original idea was to deny-by-default in those cases and work out fixes on a
> per-call basis (such as calling a new SecurityOrigin::toRealOriginString()
> method or something instead of SecurityOrigin::toString()), but after talking
> with aaj, I'm thinking that may be the backwards approach. 
> 
> Given that this is behind an experimental flag, I'm not sure if there's a big
> difference initially, though, so I thought you could take a look at this CL
> as-is.

I realized I should probably clarify a few points. First, I changed the
serialization to be in the host name. I've been debating over whether it should
be in the protocol or the hostname for a while, and from an implementation
perspective, KURL doesn't handle weird protocols well, so it seem to make more
sense to me to put it in the host, as well as it just seeming more of a
host-like property than a protocol related one. I chose to go with '_' because
it's a symbol that KURL understands in the host, but it is not a valid IETF
hostname character.

Additionally, I'm still debating over where to go with serialization. This
implementation serializes the suborigin with '_' as described above in
toString() and toRawString(). This will break a lot of stuff if suborigins are
used. My thought is to go call site by call site and fix the ones that should be
getting a URL without a suborigin, but if you think that the better way to go is
the other way for now (i.e. go call site by call site and figure out what
*should* be using suborigins), I'm open to that as well.

jochen (gone - plz use gerrit)

overall looks ok https://codereview.chromium.org/1109633002/diff/1/Source/core/dom/ExecutionContext.cpp File Source/core/dom/ExecutionContext.cpp (right): https://codereview.chromium.org/1109633002/diff/1/Source/core/dom/ExecutionContext.cpp#newcode263 Source/core/dom/ExecutionContext.cpp:263: ASSERT(RuntimeEnabledFeatures::suboriginsEnabled()); maybe just return if it's ...

5 years, 8 months ago (2015-04-27 19:35:10 UTC) #4

Mike West

These patches are languishing, and I've lost track of the conversation elsewhere. Are you waiting ...

5 years, 7 months ago (2015-05-17 09:34:53 UTC) #5

jww

No, I need to address some of Jochens comments, and I'm still working on some ...

5 years, 6 months ago (2015-05-29 04:36:36 UTC) #6

jww

jochen@, how does this look at this point as a commit? Ready to go? I'd ...

5 years, 6 months ago (2015-05-30 01:11:07 UTC) #7

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1109633002/40001

5 years, 6 months ago (2015-06-01 13:55:26 UTC) #10

commit-bot: I haz the power

5 years, 6 months ago (2015-06-01 15:07:25 UTC) #11

Message was sent while issue was closed.

Committed patchset #3 (id:40001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=196231

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages