Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(122)

Issue 1957783002: Replicate Content-Security-Policy into remote frame proxies. (Closed)

Created:
4 years, 7 months ago by Łukasz Anforowicz
Modified:
4 years, 7 months ago
CC:
dcheng, alexmos, blink-reviews, blink-reviews-api_chromium.org, blink-reviews-dom_chromium.org, chromium-reviews, creis+watch_chromium.org, darin-cc_chromium.org, dglazkov+blink, eae+blinkwatch, gavinp+loader_chromium.org, jam, Nate Chapin, loading-reviews_chromium.org, mkwst+moarreviews-renderer_chromium.org, mkwst+watchlist-csp_chromium.org, mlamouri+watch-blink_chromium.org, mlamouri+watch-content_chromium.org, nasko+codewatch_chromium.org, rwlbuis, sof, site-isolation-reviews_chromium.org, tyoshino+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Replicate Content-Security-Policy into remote frame proxies. After this CL, when a local frame parses a new CSP header (from http headers, from <meta> element, or when copying CSP from the parent frame in case of about:blank children), a notification will be sent all the way to the browser. The browser will store the CSP accumulated headers in FrameReplicationState and notify RenderFrameProxies. RenderFrameProxy will take care of using CSP headers received from the browser to fill out RemoteSecurityContext's ContentSecurityPolicy. After this CL, frame-src is properly enforced when navigating a frame when its parent is a remote frame proxy. For example, when running http/tests/security/contentSecurityPolicy/frame-src-child-frame-navigates-to-blocked-origin.html the subframe navigation is blocked after this CL. OTOH, we cannot yet enable this test, because the console message about CSP violation is currently dropped when CSP comes from a remote frame. To work around this, a few regression tests are being added by this CL as browser tests. BUG=585501 CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation Committed: https://crrev.com/8e1c02e4ee2f50b204c234c033d09a4a866bf932 Cr-Commit-Position: refs/heads/master@{#394200}

Patch Set 1 #

Total comments: 39

Patch Set 2 : Addressed most CR feedback from mkwst@, alexmos@ and dcheng@. #

Total comments: 12

Patch Set 3 : Rebasing... #

Patch Set 4 : More reordering of methods. #

Patch Set 5 : Added browser tests. #

Patch Set 6 : Addressed second round of CR feedback from alexmos@. #

Patch Set 7 : Fixing handling of CSP coming from HTTP headers. #

Patch Set 8 : Test for inheriting CSP via srcdoc frame. #

Patch Set 9 : Fixing CSP inheritance for srcdoc. #

Total comments: 14

Patch Set 10 : Addressed feedback from alexmos@ related to tests and asserts. #

Patch Set 11 : Fixing resetting of old CSP after a new navigation commits. #

Patch Set 12 : Rebasing + small self-review tweaks (comments + assert->dcheck). #

Total comments: 6

Patch Set 13 : Test tweaks. #

Patch Set 14 : Added test verification for resetting the CSP after navigation. #

Patch Set 15 : s/title.html/title1.html/ #

Total comments: 6

Patch Set 16 : Addressed CR feedback from dcheng@. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+563 lines, -29 lines) Patch
M content/browser/frame_host/frame_tree_node.h View 1 2 3 4 5 6 7 8 9 10 11 2 chunks +9 lines, -0 lines 0 comments Download
M content/browser/frame_host/frame_tree_node.cc View 9 10 11 1 chunk +11 lines, -0 lines 0 comments Download
M content/browser/frame_host/navigator_impl.cc View 1 2 3 4 5 6 7 8 9 10 1 chunk +5 lines, -0 lines 0 comments Download
M content/browser/frame_host/render_frame_host_impl.h View 1 2 2 chunks +2 lines, -0 lines 0 comments Download
M content/browser/frame_host/render_frame_host_impl.cc View 1 2 2 chunks +7 lines, -0 lines 0 comments Download
M content/browser/frame_host/render_frame_host_manager.h View 2 chunks +7 lines, -0 lines 0 comments Download
M content/browser/frame_host/render_frame_host_manager.cc View 1 2 1 chunk +21 lines, -0 lines 0 comments Download
M content/browser/site_per_process_browsertest.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 2 chunks +214 lines, -0 lines 0 comments Download
M content/common/content_param_traits_macros.h View 1 chunk +2 lines, -0 lines 0 comments Download
A content/common/content_security_policy_header.h View 1 chunk +24 lines, -0 lines 0 comments Download
M content/common/frame_messages.h View 1 2 3 4 5 6 7 8 9 10 11 5 chunks +24 lines, -0 lines 0 comments Download
M content/common/frame_replication_state.h View 2 chunks +8 lines, -0 lines 0 comments Download
M content/content_common.gypi View 1 2 3 4 5 6 7 8 9 10 11 1 chunk +1 line, -0 lines 0 comments Download
M content/renderer/render_frame_impl.h View 1 2 3 4 5 6 7 8 9 10 11 1 chunk +4 lines, -0 lines 0 comments Download
M content/renderer/render_frame_impl.cc View 1 2 3 4 5 6 7 8 9 10 11 2 chunks +15 lines, -0 lines 0 comments Download
M content/renderer/render_frame_proxy.h View 2 chunks +3 lines, -0 lines 0 comments Download
M content/renderer/render_frame_proxy.cc View 4 chunks +20 lines, -0 lines 0 comments Download
A content/test/data/frame-src-self-and-b.html View 1 2 3 4 5 6 7 8 9 1 chunk +21 lines, -0 lines 0 comments Download
A content/test/data/frame-src-self-and-b.html.mock-http-headers View 1 2 3 4 1 chunk +2 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/dom/RemoteSecurityContext.h View 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 3 chunks +10 lines, -3 lines 0 comments Download
M third_party/WebKit/Source/core/frame/LocalFrame.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1 chunk +2 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/frame/LocalFrame.cpp View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1 chunk +5 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 3 chunks +6 lines, -2 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 9 chunks +54 lines, -16 lines 0 comments Download
M third_party/WebKit/Source/core/loader/FrameLoader.cpp View 1 2 3 4 5 6 7 8 9 10 11 2 chunks +22 lines, -8 lines 0 comments Download
M third_party/WebKit/Source/core/loader/FrameLoaderClient.h View 1 2 3 4 5 6 7 8 9 10 11 2 chunks +7 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/web/AssertMatchingEnums.cpp View 1 2 3 4 5 6 7 8 9 10 11 1 chunk +3 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/web/FrameLoaderClientImpl.h View 1 2 3 4 5 6 7 8 9 10 11 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/Source/web/FrameLoaderClientImpl.cpp View 1 2 3 4 5 6 7 8 9 10 11 1 chunk +13 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/web/WebRemoteFrameImpl.h View 1 chunk +2 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 2 chunks +16 lines, -0 lines 0 comments Download
M third_party/WebKit/public/web/WebContentSecurityPolicy.h View 1 chunk +6 lines, -0 lines 0 comments Download
M third_party/WebKit/public/web/WebFrameClient.h View 1 2 3 4 5 6 7 8 9 10 11 2 chunks +7 lines, -0 lines 0 comments Download
M third_party/WebKit/public/web/WebRemoteFrame.h View 3 chunks +8 lines, -0 lines 0 comments Download

Messages

Total messages: 35 (10 generated)
Łukasz Anforowicz
Mike, could you take a look please? The goal of this CL is to make ...
4 years, 7 months ago (2016-05-09 04:25:40 UTC) #3
Mike West
This LGTM % a few nits. I think the ductwork is pretty reasonable, and as ...
4 years, 7 months ago (2016-05-11 06:21:05 UTC) #4
alexmos
(I'm also taking a look at this after discussing some of it with Lukasz offline.) ...
4 years, 7 months ago (2016-05-11 19:46:41 UTC) #6
alexmos
Also, nit in CL description: RemoteFrameProxies -> RenderFrameProxies or RemoteFrames
4 years, 7 months ago (2016-05-11 19:49:01 UTC) #7
dcheng
https://codereview.chromium.org/1957783002/diff/1/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp File third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp (right): https://codereview.chromium.org/1957783002/diff/1/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp#newcode40 third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp:40: if (getSecurityOrigin()) Is this ever actually null? it seems ...
4 years, 7 months ago (2016-05-11 20:15:07 UTC) #9
Łukasz Anforowicz
Thank you for reviewing. I've tried to address most of the feedback, but I still ...
4 years, 7 months ago (2016-05-11 23:14:49 UTC) #11
alexmos
https://codereview.chromium.org/1957783002/diff/1/content/browser/frame_host/render_frame_host_manager.cc File content/browser/frame_host/render_frame_host_manager.cc (right): https://codereview.chromium.org/1957783002/diff/1/content/browser/frame_host/render_frame_host_manager.cc#newcode942 content/browser/frame_host/render_frame_host_manager.cc:942: for (const auto& pair : proxy_hosts_) { > > ...
4 years, 7 months ago (2016-05-12 22:37:25 UTC) #12
Łukasz Anforowicz
Thanks for reviewing Alex - can you take another look please? Open issues we still ...
4 years, 7 months ago (2016-05-13 17:29:15 UTC) #13
Łukasz Anforowicz
Nick, could you please take a look? (to review as a //content owner, but I ...
4 years, 7 months ago (2016-05-13 23:31:44 UTC) #16
alexmos
Thanks! One thought about your CSP reset question below, and a couple of nits. https://codereview.chromium.org/1957783002/diff/160001/content/browser/frame_host/frame_tree_node.cc ...
4 years, 7 months ago (2016-05-16 16:17:03 UTC) #17
Łukasz Anforowicz
Alex, can you take another look please? https://codereview.chromium.org/1957783002/diff/160001/content/browser/frame_host/frame_tree_node.cc File content/browser/frame_host/frame_tree_node.cc (right): https://codereview.chromium.org/1957783002/diff/160001/content/browser/frame_host/frame_tree_node.cc#newcode251 content/browser/frame_host/frame_tree_node.cc:251: // header ...
4 years, 7 months ago (2016-05-16 19:44:46 UTC) #18
ncarter (slow)
content lgtm
4 years, 7 months ago (2016-05-16 20:31:43 UTC) #19
alexmos
Thanks, LGTM! Just a couple of non-blocking nits on the test. https://codereview.chromium.org/1957783002/diff/160001/content/browser/frame_host/frame_tree_node.cc File content/browser/frame_host/frame_tree_node.cc (right): ...
4 years, 7 months ago (2016-05-16 22:31:56 UTC) #20
Łukasz Anforowicz
Thanks for reviewing Alex (and for overall help with this CL :-). https://codereview.chromium.org/1957783002/diff/220001/content/browser/site_per_process_browsertest.cc File content/browser/site_per_process_browsertest.cc ...
4 years, 7 months ago (2016-05-16 23:12:51 UTC) #21
Łukasz Anforowicz
Daniel, could you please do a quick sanity check of the Blink changes? They've been ...
4 years, 7 months ago (2016-05-16 23:16:16 UTC) #22
alexmos
https://codereview.chromium.org/1957783002/diff/220001/content/browser/site_per_process_browsertest.cc File content/browser/site_per_process_browsertest.cc (right): https://codereview.chromium.org/1957783002/diff/220001/content/browser/site_per_process_browsertest.cc#newcode6349 content/browser/site_per_process_browsertest.cc:6349: root->child_at(0)->current_url()); On 2016/05/16 23:12:51, Łukasz Anforowicz wrote: > On ...
4 years, 7 months ago (2016-05-16 23:38:56 UTC) #23
Łukasz Anforowicz
https://codereview.chromium.org/1957783002/diff/220001/content/browser/site_per_process_browsertest.cc File content/browser/site_per_process_browsertest.cc (right): https://codereview.chromium.org/1957783002/diff/220001/content/browser/site_per_process_browsertest.cc#newcode6349 content/browser/site_per_process_browsertest.cc:6349: root->child_at(0)->current_url()); On 2016/05/16 23:38:56, alexmos wrote: > On 2016/05/16 ...
4 years, 7 months ago (2016-05-17 00:19:43 UTC) #24
alexmos
Thanks! LGTM
4 years, 7 months ago (2016-05-17 01:01:26 UTC) #25
dcheng
https://codereview.chromium.org/1957783002/diff/280001/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp File third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp (right): https://codereview.chromium.org/1957783002/diff/280001/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp#newcode48 third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp:48: if (getSecurityOrigin()) Is it possible to call this when ...
4 years, 7 months ago (2016-05-17 05:57:15 UTC) #26
Łukasz Anforowicz
Daniel, please take another look. https://codereview.chromium.org/1957783002/diff/280001/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp File third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp (right): https://codereview.chromium.org/1957783002/diff/280001/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp#newcode48 third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp:48: if (getSecurityOrigin()) On 2016/05/17 ...
4 years, 7 months ago (2016-05-17 17:01:23 UTC) #27
dcheng
lgtm minor nitpick about inconsistency in terminology: some places we use "forward" (input events, which ...
4 years, 7 months ago (2016-05-17 18:32:23 UTC) #28
Łukasz Anforowicz
On 2016/05/17 18:32:23, dcheng wrote: > lgtm > > minor nitpick about inconsistency in terminology: ...
4 years, 7 months ago (2016-05-17 18:36:29 UTC) #29
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1957783002/300001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1957783002/300001
4 years, 7 months ago (2016-05-17 18:37:16 UTC) #32
commit-bot: I haz the power
Committed patchset #16 (id:300001)
4 years, 7 months ago (2016-05-17 20:05:25 UTC) #33
commit-bot: I haz the power
4 years, 7 months ago (2016-05-17 20:06:48 UTC) #35
Message was sent while issue was closed.
Patchset 16 (id:??) landed as
https://crrev.com/8e1c02e4ee2f50b204c234c033d09a4a866bf932
Cr-Commit-Position: refs/heads/master@{#394200}

Powered by Google App Engine
This is Rietveld 408576698