content/renderer/render_frame_impl.cc - Issue 2689653003: PlzNavigate: Enforce 'form-action' CSP on the browser-side.

Side by Side Diff: content/renderer/render_frame_impl.cc

Issue 2689653003: PlzNavigate: Enforce 'form-action' CSP on the browser-side. (Closed)

Patch Set: PlzNavigate: Enforce 'form-action' CSP on the browser-side. Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/renderer/render_frame_impl.h"	5 #include "content/renderer/render_frame_impl.h"

6	6

7 #include <map>	7 #include <map>

8 #include <string>	8 #include <string>

9 #include <utility>	9 #include <utility>

10 #include <vector>	10 #include <vector>

(...skipping 6292 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
6303	6303

6304 int load_flags = GetLoadFlagsForWebURLRequest(info.urlRequest);	6304 int load_flags = GetLoadFlagsForWebURLRequest(info.urlRequest);

6305	6305

6306 // Requests initiated via devtools can have caching disabled.	6306 // Requests initiated via devtools can have caching disabled.

6307 if (info.isCacheDisabled) {	6307 if (info.isCacheDisabled) {

6308 // Turn off all caching related flags and set LOAD_BYPASS_CACHE.	6308 // Turn off all caching related flags and set LOAD_BYPASS_CACHE.

6309 load_flags &= ~(net::LOAD_VALIDATE_CACHE \| net::LOAD_SKIP_CACHE_VALIDATION \|	6309 load_flags &= ~(net::LOAD_VALIDATE_CACHE \| net::LOAD_SKIP_CACHE_VALIDATION \|

6310 net::LOAD_ONLY_FROM_CACHE \| net::LOAD_DISABLE_CACHE);	6310 net::LOAD_ONLY_FROM_CACHE \| net::LOAD_DISABLE_CACHE);

6311 load_flags \|= net::LOAD_BYPASS_CACHE;	6311 load_flags \|= net::LOAD_BYPASS_CACHE;

6312 }	6312 }

	6313

	6314 bool is_form_submission =

	6315 info.navigationType == blink::WebNavigationTypeFormSubmitted \|\|

	6316 info.navigationType == blink::WebNavigationTypeFormSubmitted;
	Mike West 2017/02/22 15:36:08 This seems like you pasted the same thing twice. D This seems like you pasted the same thing twice. Did you mean Resubmitted? We apparently don't have any tests that cover the difference here: can you add one? arthursonzogni 2017/02/22 17:15:23 Oops, thanks! Ack for the test. I assume that a fo Show quoted text On 2017/02/22 15:36:08, Mike West (sloooooow) wrote: > This seems like you pasted the same thing twice. Did you mean Resubmitted? We > apparently don't have any tests that cover the difference here: can you add one? Oops, thanks! Ack for the test. I assume that a form resubmission happens when the current page is the result of a form submission and it gets reloaded. right? But if the first navigation was blocked by the 'form-action', it can't be reloaded since it wasn't loaded. It's probably for this reason that we don't have any test for this. Is it what you had in mind? Do you want to test something else? alexmos 2017/02/28 02:48:46 Again, can't speak for Mike, but there's a Blink u Show quoted text On 2017/02/22 17:15:23, arthursonzogni wrote: > On 2017/02/22 15:36:08, Mike West (sloooooow) wrote: > > This seems like you pasted the same thing twice. Did you mean Resubmitted? We > > apparently don't have any tests that cover the difference here: can you add > one? > > Oops, thanks! > Ack for the test. I assume that a form resubmission happens when the current > page is the result of a form submission and it gets reloaded. right? But if the > first navigation was blocked by the 'form-action', it can't be reloaded since it > wasn't loaded. It's probably for this reason that we don't have any test for > this. > Is it what you had in mind? Do you want to test something else? Again, can't speak for Mike, but there's a Blink unittest, ParameterizedWebFrameTest.ReloadPost, that shows how to get the Resubmitted navigation type, which indeed just seems to be a reload (or back-forward) of a page resulting from a form submit. The original bug presumably would've prevented the throttle from being created for the resubmission. So perhaps you can have a test where the form submission succeeds (not blocked by form-action), and then reload the resulting page and ensure that the reload has a correct is_form_submission() bit? I'm also a bit confused by how a form resubmission is supposed to interact with CSP form-action, namely which frame's CSP is supposed to be checked for the resubmission. Presumably the old frame's CSP is gone after the first form submit loads, but it doesn't seem like the new doc's (the result of first submit) CSP should apply for the resubmit. The Blink check in FrameLoader::shouldContinueForNavigationPolicy checks for both regular form submits and resubmissions, but I'm not sure whether a CSP form-action can allow a form submission but then later block the resubmission (which is what you might also want in a test for this). arthursonzogni 2017/03/07 16:25:51 I will add a test with an allowed form submission Show quoted text On 2017/02/28 02:48:46, alexmos (OOO on 3-7) wrote: > On 2017/02/22 17:15:23, arthursonzogni wrote: > > On 2017/02/22 15:36:08, Mike West (sloooooow) wrote: > > > This seems like you pasted the same thing twice. Did you mean Resubmitted? > We > > > apparently don't have any tests that cover the difference here: can you add > > one? > > > > Oops, thanks! > > Ack for the test. I assume that a form resubmission happens when the current > > page is the result of a form submission and it gets reloaded. right? But if > the > > first navigation was blocked by the 'form-action', it can't be reloaded since > it > > wasn't loaded. It's probably for this reason that we don't have any test for > > this. > > Is it what you had in mind? Do you want to test something else? > > Again, can't speak for Mike, but there's a Blink unittest, > ParameterizedWebFrameTest.ReloadPost, that shows how to get the Resubmitted > navigation type, which indeed just seems to be a reload (or back-forward) of a > page resulting from a form submit. The original bug presumably would've > prevented the throttle from being created for the resubmission. So perhaps you > can have a test where the form submission succeeds (not blocked by form-action), > and then reload the resulting page and ensure that the reload has a correct > is_form_submission() bit? > > I'm also a bit confused by how a form resubmission is supposed to interact with > CSP form-action, namely which frame's CSP is supposed to be checked for the > resubmission. Presumably the old frame's CSP is gone after the first form > submit loads, but it doesn't seem like the new doc's (the result of first > submit) CSP should apply for the resubmit. The Blink check in > FrameLoader::shouldContinueForNavigationPolicy checks for both regular form > submits and resubmissions, but I'm not sure whether a CSP form-action can allow > a form submission but then later block the resubmission (which is what you might > also want in a test for this). I will add a test with an allowed form submission to a page that disallow form submission. Then I reload the page to see what happens. I think I will not get the right behavior with my CL and maybe not with the current architecture too.
	6317

6313 BeginNavigationParams begin_navigation_params(	6318 BeginNavigationParams begin_navigation_params(

6314 GetWebURLRequestHeaders(info.urlRequest), load_flags,	6319 GetWebURLRequestHeaders(info.urlRequest), load_flags,

6315 info.urlRequest.hasUserGesture(),	6320 info.urlRequest.hasUserGesture(),

6316 info.urlRequest.skipServiceWorker() !=	6321 info.urlRequest.skipServiceWorker() !=

6317 blink::WebURLRequest::SkipServiceWorker::None,	6322 blink::WebURLRequest::SkipServiceWorker::None,

6318 GetRequestContextTypeForWebURLRequest(info.urlRequest),	6323 GetRequestContextTypeForWebURLRequest(info.urlRequest),

6319 GetMixedContentContextTypeForWebURLRequest(info.urlRequest),	6324 GetMixedContentContextTypeForWebURLRequest(info.urlRequest),

6320 initiator_origin);	6325 is_form_submission, initiator_origin);

6321	6326

6322 if (!info.form.isNull()) {	6327 if (!info.form.isNull()) {

6323 WebSearchableFormData web_searchable_form_data(info.form);	6328 WebSearchableFormData web_searchable_form_data(info.form);

6324 begin_navigation_params.searchable_form_url =	6329 begin_navigation_params.searchable_form_url =

6325 web_searchable_form_data.url();	6330 web_searchable_form_data.url();

6326 begin_navigation_params.searchable_form_encoding =	6331 begin_navigation_params.searchable_form_encoding =

6327 web_searchable_form_data.encoding().utf8();	6332 web_searchable_form_data.encoding().utf8();

6328 }	6333 }

6329	6334

6330 if (info.isClientRedirect)	6335 if (info.isClientRedirect)

(...skipping 547 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
6878 // event target. Potentially a Pepper plugin will receive the event.	6883 // event target. Potentially a Pepper plugin will receive the event.

6879 // In order to tell whether a plugin gets the last mouse event and which it	6884 // In order to tell whether a plugin gets the last mouse event and which it

6880 // is, we set \|pepper_last_mouse_event_target_\| to null here. If a plugin gets	6885 // is, we set \|pepper_last_mouse_event_target_\| to null here. If a plugin gets

6881 // the event, it will notify us via DidReceiveMouseEvent() and set itself as	6886 // the event, it will notify us via DidReceiveMouseEvent() and set itself as

6882 // \|pepper_last_mouse_event_target_\|.	6887 // \|pepper_last_mouse_event_target_\|.

6883 pepper_last_mouse_event_target_ = nullptr;	6888 pepper_last_mouse_event_target_ = nullptr;

6884 #endif	6889 #endif

6885 }	6890 }

6886	6891

6887 } // namespace content	6892 } // namespace content

OLD	NEW

« content/common/frame_messages.h ('K') | « content/public/browser/navigation_handle.cc ('k') | content/test/test_render_frame_host.cc » ('j') | no next file with comments »