NetworkLoadChecker.cpp [plain text]
#include "config.h"
#include "NetworkLoadChecker.h"
#include "FormDataReference.h"
#include "Logging.h"
#include "NetworkCORSPreflightChecker.h"
#include "NetworkConnectionToWebProcess.h"
#include "NetworkProcess.h"
#include "WebCompiledContentRuleList.h"
#include "WebPageMessages.h"
#include "WebUserContentController.h"
#include <JavaScriptCore/ConsoleTypes.h>
#include <WebCore/ContentSecurityPolicy.h>
#include <WebCore/CrossOriginAccessControl.h>
#include <WebCore/CrossOriginPreflightResultCache.h>
#include <WebCore/HTTPParsers.h>
#include <WebCore/SchemeRegistry.h>
#include <wtf/Scope.h>
#define RELEASE_LOG_IF_ALLOWED(fmt, ...) RELEASE_LOG_IF(m_sessionID.isAlwaysOnLoggingAllowed(), Network, "%p - NetworkLoadChecker::" fmt, this, ##__VA_ARGS__)
namespace WebKit {
using namespace WebCore;
static inline bool isSameOrigin(const URL& url, const SecurityOrigin* origin)
{
return url.protocolIsData() || url.protocolIsBlob() || !origin || origin->canRequest(url);
}
NetworkLoadChecker::NetworkLoadChecker(FetchOptions&& options, PAL::SessionID sessionID, uint64_t pageID, uint64_t frameID, HTTPHeaderMap&& originalRequestHeaders, URL&& url, RefPtr<SecurityOrigin>&& sourceOrigin, PreflightPolicy preflightPolicy, String&& referrer, bool shouldCaptureExtraNetworkLoadMetrics)
: m_options(WTFMove(options))
, m_sessionID(sessionID)
, m_pageID(pageID)
, m_frameID(frameID)
, m_originalRequestHeaders(WTFMove(originalRequestHeaders))
, m_url(WTFMove(url))
, m_origin(WTFMove(sourceOrigin))
, m_preflightPolicy(preflightPolicy)
, m_referrer(WTFMove(referrer))
, m_shouldCaptureExtraNetworkLoadMetrics(shouldCaptureExtraNetworkLoadMetrics)
{
m_isSameOriginRequest = isSameOrigin(m_url, m_origin.get());
switch (options.credentials) {
case FetchOptions::Credentials::Include:
m_storedCredentialsPolicy = StoredCredentialsPolicy::Use;
break;
case FetchOptions::Credentials::SameOrigin:
m_storedCredentialsPolicy = m_isSameOriginRequest ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
break;
case FetchOptions::Credentials::Omit:
m_storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
break;
}
}
NetworkLoadChecker::~NetworkLoadChecker() = default;
void NetworkLoadChecker::check(ResourceRequest&& request, ContentSecurityPolicyClient* client, ValidationHandler&& handler)
{
ASSERT(!isChecking());
if (m_shouldCaptureExtraNetworkLoadMetrics)
m_loadInformation.request = request;
m_firstRequestHeaders = request.httpHeaderFields();
m_dntHeaderValue = m_firstRequestHeaders.get(HTTPHeaderName::DNT);
if (m_dntHeaderValue.isNull() && m_sessionID.isEphemeral()) {
m_dntHeaderValue = "1";
request.setHTTPHeaderField(HTTPHeaderName::DNT, m_dntHeaderValue);
}
checkRequest(WTFMove(request), client, WTFMove(handler));
}
void NetworkLoadChecker::prepareRedirectedRequest(ResourceRequest& request)
{
if (!m_dntHeaderValue.isNull())
request.setHTTPHeaderField(HTTPHeaderName::DNT, m_dntHeaderValue);
}
static inline NetworkLoadChecker::RedirectionRequestOrError redirectionError(const ResourceResponse& redirectResponse, String&& errorMessage)
{
return makeUnexpected(ResourceError { String { }, 0, redirectResponse.url(), WTFMove(errorMessage), ResourceError::Type::AccessControl });
}
void NetworkLoadChecker::checkRedirection(ResourceRequest&& request, ResourceRequest&& redirectRequest, ResourceResponse&& redirectResponse, ContentSecurityPolicyClient* client, RedirectionValidationHandler&& handler)
{
ASSERT(!isChecking());
auto error = validateResponse(redirectResponse);
if (!error.isNull()) {
handler(redirectionError(redirectResponse, makeString("Cross-origin redirection to ", redirectRequest.url().string(), " denied by Cross-Origin Resource Sharing policy: ", error.localizedDescription())));
return;
}
if (m_options.redirect == FetchOptions::Redirect::Error) {
handler(redirectionError(redirectResponse, makeString("Not allowed to follow a redirection while loading ", redirectResponse.url().string())));
return;
}
if (m_options.redirect == FetchOptions::Redirect::Manual) {
handler(RedirectionTriplet { WTFMove(request), WTFMove(redirectRequest), WTFMove(redirectResponse) });
return;
}
if (++m_redirectCount > 20) {
handler(redirectionError(redirectResponse, "Load cannot follow more than 20 redirections"_s));
return;
}
m_previousURL = WTFMove(m_url);
m_url = redirectRequest.url();
checkRequest(WTFMove(redirectRequest), client, [handler = WTFMove(handler), request = WTFMove(request), redirectResponse = WTFMove(redirectResponse)](auto&& result) mutable {
if (!result.has_value()) {
handler(makeUnexpected(WTFMove(result.error())));
return;
}
handler(RedirectionTriplet { WTFMove(request), WTFMove(result.value()), WTFMove(redirectResponse) });
});
}
ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response)
{
if (m_redirectCount)
response.setRedirected(true);
if (response.type() == ResourceResponse::Type::Opaqueredirect) {
response.setTainting(ResourceResponse::Tainting::Opaqueredirect);
return { };
}
if (m_options.mode == FetchOptions::Mode::Navigate || m_isSameOriginRequest) {
response.setTainting(ResourceResponse::Tainting::Basic);
return { };
}
if (m_options.mode == FetchOptions::Mode::NoCors) {
if (auto error = validateCrossOriginResourcePolicy(*m_origin, m_url, response))
return WTFMove(*error);
response.setTainting(ResourceResponse::Tainting::Opaque);
return { };
}
ASSERT(m_options.mode == FetchOptions::Mode::Cors);
if (response.httpStatusCode() == 304)
return { };
String errorMessage;
if (!passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage))
return ResourceError { String { }, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl };
response.setTainting(ResourceResponse::Tainting::Cors);
return { };
}
auto NetworkLoadChecker::accessControlErrorForValidationHandler(String&& message) -> RequestOrError
{
return makeUnexpected(ResourceError { String { }, 0, m_url, WTFMove(message), ResourceError::Type::AccessControl });
}
void NetworkLoadChecker::checkRequest(ResourceRequest&& request, ContentSecurityPolicyClient* client, ValidationHandler&& handler)
{
if (auto* contentSecurityPolicy = this->contentSecurityPolicy()) {
if (isRedirected()) {
auto type = m_options.mode == FetchOptions::Mode::Navigate ? ContentSecurityPolicy::InsecureRequestType::Navigation : ContentSecurityPolicy::InsecureRequestType::Load;
contentSecurityPolicy->upgradeInsecureRequestIfNeeded(request, type);
}
if (!isAllowedByContentSecurityPolicy(request, client)) {
handler(accessControlErrorForValidationHandler("Blocked by Content Security Policy."_s));
return;
}
}
#if ENABLE(CONTENT_EXTENSIONS)
processContentExtensionRulesForLoad(WTFMove(request), [this, handler = WTFMove(handler)](auto result) mutable {
if (!result.has_value()) {
ASSERT(result.error().isCancellation());
handler(makeUnexpected(WTFMove(result.error())));
return;
}
if (result.value().status.blockedLoad) {
handler(this->accessControlErrorForValidationHandler("Blocked by content extension"_s));
return;
}
this->continueCheckingRequest(WTFMove(result.value().request), WTFMove(handler));
});
#else
continueCheckingRequest(WTFMove(request), WTFMove(handler));
#endif
}
bool NetworkLoadChecker::isAllowedByContentSecurityPolicy(const ResourceRequest& request, WebCore::ContentSecurityPolicyClient* client)
{
auto* contentSecurityPolicy = this->contentSecurityPolicy();
contentSecurityPolicy->setClient(client);
auto clearContentSecurityPolicyClient = makeScopeExit([&] {
contentSecurityPolicy->setClient(nullptr);
});
auto redirectResponseReceived = isRedirected() ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No;
switch (m_options.destination) {
case FetchOptions::Destination::Worker:
case FetchOptions::Destination::Serviceworker:
case FetchOptions::Destination::Sharedworker:
return contentSecurityPolicy->allowChildContextFromSource(request.url(), redirectResponseReceived);
case FetchOptions::Destination::Script:
if (request.requester() == ResourceRequest::Requester::ImportScripts && !contentSecurityPolicy->allowScriptFromSource(request.url(), redirectResponseReceived))
return false;
return true;
case FetchOptions::Destination::EmptyString:
return contentSecurityPolicy->allowConnectToSource(request.url(), redirectResponseReceived);
case FetchOptions::Destination::Audio:
case FetchOptions::Destination::Document:
case FetchOptions::Destination::Embed:
case FetchOptions::Destination::Font:
case FetchOptions::Destination::Image:
case FetchOptions::Destination::Manifest:
case FetchOptions::Destination::Object:
case FetchOptions::Destination::Report:
case FetchOptions::Destination::Style:
case FetchOptions::Destination::Track:
case FetchOptions::Destination::Video:
case FetchOptions::Destination::Xslt:
return true;
}
ASSERT_NOT_REACHED();
return true;
}
void NetworkLoadChecker::continueCheckingRequest(ResourceRequest&& request, ValidationHandler&& handler)
{
if (m_options.credentials == FetchOptions::Credentials::SameOrigin)
m_storedCredentialsPolicy = m_isSameOriginRequest && m_origin->canRequest(request.url()) ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
m_isSameOriginRequest = m_isSameOriginRequest && isSameOrigin(request.url(), m_origin.get());
if (doesNotNeedCORSCheck(request.url())) {
handler(WTFMove(request));
return;
}
if (m_options.mode == FetchOptions::Mode::SameOrigin) {
String message = makeString("Unsafe attempt to load URL ", request.url().stringCenterEllipsizedToLength(), " from origin ", m_origin->toString(), ". Domains, protocols and ports must match.\n");
handler(accessControlErrorForValidationHandler(WTFMove(message)));
return;
}
if (isRedirected()) {
RELEASE_LOG_IF_ALLOWED("checkRequest - Redirect requires CORS checks");
checkCORSRedirectedRequest(WTFMove(request), WTFMove(handler));
return;
}
checkCORSRequest(WTFMove(request), WTFMove(handler));
}
void NetworkLoadChecker::checkCORSRequest(ResourceRequest&& request, ValidationHandler&& handler)
{
ASSERT(m_options.mode == FetchOptions::Mode::Cors);
switch (m_preflightPolicy) {
case PreflightPolicy::Force:
checkCORSRequestWithPreflight(WTFMove(request), WTFMove(handler));
break;
case PreflightPolicy::Consider:
if (!m_isSimpleRequest || !isSimpleCrossOriginAccessRequest(request.httpMethod(), m_originalRequestHeaders)) {
checkCORSRequestWithPreflight(WTFMove(request), WTFMove(handler));
return;
}
FALLTHROUGH;
case PreflightPolicy::Prevent:
updateRequestForAccessControl(request, *m_origin, m_storedCredentialsPolicy);
handler(WTFMove(request));
break;
}
}
void NetworkLoadChecker::checkCORSRedirectedRequest(ResourceRequest&& request, ValidationHandler&& handler)
{
ASSERT(m_options.mode == FetchOptions::Mode::Cors);
ASSERT(isRedirected());
m_isSameOriginRequest = false;
if (!m_origin->canRequest(m_previousURL) && !protocolHostAndPortAreEqual(m_previousURL, request.url())) {
if (!m_origin || !m_origin->isUnique())
m_origin = SecurityOrigin::createUnique();
}
if (!request.httpHeaderFields().contains(HTTPHeaderName::Authorization))
m_firstRequestHeaders.remove(HTTPHeaderName::Authorization);
request.setHTTPHeaderFields(m_firstRequestHeaders);
checkCORSRequest(WTFMove(request), WTFMove(handler));
}
void NetworkLoadChecker::checkCORSRequestWithPreflight(ResourceRequest&& request, ValidationHandler&& handler)
{
ASSERT(m_options.mode == FetchOptions::Mode::Cors);
m_isSimpleRequest = false;
if (CrossOriginPreflightResultCache::singleton().canSkipPreflight(m_origin->toString(), request.url(), m_storedCredentialsPolicy, request.httpMethod(), m_originalRequestHeaders)) {
RELEASE_LOG_IF_ALLOWED("checkCORSRequestWithPreflight - preflight can be skipped thanks to cached result");
updateRequestForAccessControl(request, *m_origin, m_storedCredentialsPolicy);
handler(WTFMove(request));
return;
}
auto requestForPreflight = request;
requestForPreflight.setHTTPHeaderFields(m_originalRequestHeaders);
NetworkCORSPreflightChecker::Parameters parameters = {
WTFMove(requestForPreflight),
*m_origin,
request.httpReferrer(),
request.httpUserAgent(),
m_sessionID,
m_pageID,
m_frameID,
m_storedCredentialsPolicy
};
m_corsPreflightChecker = std::make_unique<NetworkCORSPreflightChecker>(WTFMove(parameters), m_shouldCaptureExtraNetworkLoadMetrics, [this, request = WTFMove(request), handler = WTFMove(handler), isRedirected = isRedirected()](auto&& error) mutable {
RELEASE_LOG_IF_ALLOWED("checkCORSRequestWithPreflight - makeCrossOriginAccessRequestWithPreflight preflight complete, success: %d forRedirect? %d", error.isNull(), isRedirected);
if (!error.isNull()) {
handler(makeUnexpected(WTFMove(error)));
return;
}
if (m_shouldCaptureExtraNetworkLoadMetrics)
m_loadInformation.transactions.append(m_corsPreflightChecker->takeInformation());
auto corsPreflightChecker = WTFMove(m_corsPreflightChecker);
updateRequestForAccessControl(request, *m_origin, m_storedCredentialsPolicy);
handler(WTFMove(request));
});
m_corsPreflightChecker->startPreflight();
}
bool NetworkLoadChecker::doesNotNeedCORSCheck(const URL& url) const
{
if (m_options.mode == FetchOptions::Mode::NoCors || m_options.mode == FetchOptions::Mode::Navigate)
return true;
if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol().toStringWithoutCopying()))
return true;
return m_isSameOriginRequest;
}
ContentSecurityPolicy* NetworkLoadChecker::contentSecurityPolicy()
{
if (!m_contentSecurityPolicy && m_cspResponseHeaders) {
m_contentSecurityPolicy = std::make_unique<ContentSecurityPolicy>(URL { URL { }, m_origin->toString() });
m_contentSecurityPolicy->didReceiveHeaders(*m_cspResponseHeaders, String { m_referrer }, ContentSecurityPolicy::ReportParsingErrors::No);
}
return m_contentSecurityPolicy.get();
}
#if ENABLE(CONTENT_EXTENSIONS)
void NetworkLoadChecker::processContentExtensionRulesForLoad(ResourceRequest&& request, ContentExtensionCallback&& callback)
{
if (!m_checkContentExtensions || !m_userContentControllerIdentifier || m_options.mode == FetchOptions::Mode::Navigate) {
ContentExtensions::BlockedStatus status;
callback(ContentExtensionResult { WTFMove(request), status });
return;
}
NetworkProcess::singleton().networkContentRuleListManager().contentExtensionsBackend(*m_userContentControllerIdentifier, [this, weakThis = makeWeakPtr(this), request = WTFMove(request), callback = WTFMove(callback)](auto& backend) mutable {
if (!weakThis) {
callback(makeUnexpected(ResourceError { ResourceError::Type::Cancellation }));
return;
}
auto status = backend.processContentExtensionRulesForPingLoad(request.url(), m_mainDocumentURL);
applyBlockedStatusToRequest(status, nullptr, request);
callback(ContentExtensionResult { WTFMove(request), status });
});
}
#endif // ENABLE(CONTENT_EXTENSIONS)
void NetworkLoadChecker::storeRedirectionIfNeeded(const ResourceRequest& request, const ResourceResponse& response)
{
if (!m_shouldCaptureExtraNetworkLoadMetrics)
return;
m_loadInformation.transactions.append(NetworkTransactionInformation { NetworkTransactionInformation::Type::Redirection, ResourceRequest { request }, ResourceResponse { response }, { } });
}
}