Make Document::isSecureContext() work for OOPIFs

third_party/WebKit/Source/core/dom/SecurityContext.cpp

 /*
  * Copyright (C) 2011 Google Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY GOOGLE, INC. ``AS IS'' AND ANY
  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
 
 #include "core/dom/SecurityContext.h"
 
 #include "core/frame/csp/ContentSecurityPolicy.h"
+#include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityOrigin.h"
 
 namespace blink {
 
 SecurityContext::SecurityContext()
     : m_haveInitializedSecurityOrigin(false)
     , m_sandboxFlags(SandboxNone)
     , m_hostedInReservedIPRange(false)
     , m_insecureRequestsPolicy(InsecureRequestsDoNotUpgrade)
     , m_enforceStrictMixedContentChecking(false)
@@ skipping 27 matching lines @@
     // a place to inherit the origin from).
     if (!haveInitializedSecurityOrigin())
         return true;
 
     RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);
     return securityOrigin()->canAccess(other.get());
 }
 
 void SecurityContext::enforceSandboxFlags(SandboxFlags mask)
 {
+    // The security origin must be set already in order to determine a sandboxed origin's potential trustworthiness.

[Mike West, 2016/02/25 11:58:11]

We apparently don't have any unit tests for this method (nor do we have a
SecurityContextTest.cpp at all, which is worrisome :) ).

Would you mind adding a small check for `enforceSandboxFlags` in
`DocumentTest.cpp` to verify that we're doing the right thing? If you wanted to
add tests for isSecureContext at the same time, I certainly wouldn't complain.
:)

[estark, 2016/03/01 02:59:26]

Done. I'm happy to add isSecureContext() tests but I'll do it in a separate CL,
since this one's already gotten a bit big now that I've added the url::Origin
stuff.

+    ASSERT(securityOrigin());
     m_sandboxFlags |= mask;
 
-    if (isSandboxed(SandboxOrigin) && securityOrigin() && !securityOrigin()->isUnique()) {
-        setSecurityOrigin(SecurityOrigin::createUnique());
+    if (isSandboxed(SandboxOrigin) && !securityOrigin()->isUnique()) {
+        // Before overwriting the original origin, compute secure
+        // context properties from it. These properties are used to do
+        // secure context checks involving unique origins in remote
+        // frames.
+        setSecurityOrigin(SecurityOrigin::createUnique(securityOrigin()->isPotentiallyTrustworthy(), securityOrigin()->isPotentiallyTrustworthy() && SchemeRegistry::schemeShouldBypassSecureContextCheck(securityOrigin()->protocol())));

[alexmos, 2016/02/26 19:21:57]

Would it make sense for the scheme check to just use
securityOrigin()->bypassSecureContextCheck() that you've added?

[estark, 2016/03/01 02:59:26]

Done.

         didUpdateSecurityOrigin();
     }
 }
 
 } // namespace blink