New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 796538 link

Starred by 2 users
Status: Fixed
Owner:
arthurso...@chromium.org
Closed: Jan 2018
Cc:
mkwst@chromium.org
clamy@chromium.org
sc00335...@techmahindra.com
nasko@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Fuchsia
Pri: 2
Type: Bug



Sign in to add a comment

No upgrading of navigation request with upgrade-insecure-requests

Reported by johannes...@sevenval.com, Dec 20 2017 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36

Steps to reproduce the problem:
1. two HTML documents (doc1.html, doc2.html) on server www.some.host linking to each other via <a href="http://www.some.host/doc2.html">link</a> or <a href="http://www.some.host/doc1.html">link</a>
2. server sends 'Content-Security-Policy: upgrade-insecure-requests' with responses to requests for both documents

What is the expected behavior?
The navigation request from doc1.html to doc2.html should be done with https.

What went wrong?
The navigation request from doc1.html to doc2.html is done with http.

Did this work before? N/A 

Does this work in other browsers? N/A

Chrome version: 63.0.3239.108  Channel: stable
OS Version: 10.0
Flash Version: 

Unfortunately I only have a test case which is not publicly available.

Both documents reference subresources (script, style, images) via http. All are requested with https.

I also tested with Firefox 57.0.2, which behaves as expected. I did not test with Safari.

The Chrome version used for my test is Version "63.0.3239.108 (Official Build) (64-bit)" on Windows 10.

Comment 1 by krajshree@chromium.org, Dec 20 2017

Labels: Needs-Triage-M63

Comment 2 by sc00335...@techmahindra.com, Dec 22 2017

Cc: sc00335...@techmahindra.com
Components: Blink>SecurityFeature>ContentSecurityPolicy
Labels: Triaged-ET
Without a test case it would be difficult to triage this further from TE end, Adding proper component 

Could someone from Blink>SecurityFeature>ContentSecurityPolicy team take a look into this.

Thanks!

Comment 3 by mkwst@chromium.org, Dec 28 2017

Cc: clamy@chromium.org nasko@chromium.org
Owner: arthurso...@chromium.org
Status: Assigned (was: Unconfirmed)
I agree that it would be helpful to have a test case where this breaks. I'm OOO, so I haven't tried to build one myself, but if it only affects navigation requests, perhaps we broke something when shipping PlzNavigate? CCing a few folks who are probably also OOO, assigning to Arthur for initial triage. :)

Comment 4 by mkwst@chromium.org, Dec 28 2017

Components: UI>Browser>Navigation

Comment 5 by arthurso...@chromium.org, Jan 2 2018 

I will take a look and try to confirm this issue.

FYI: 1 year ago, I published a CL that fixed some issues with Upgrade-Insecure-Request and I added 8 tests that could be used as a regression test for this issue. It also added support for OOPIF by the way.
https://codereview.chromium.org/2557063002/

Unfortunately, this patch was not fully approved, I needed more reviews. Since it was not a top priority for me. I moved to something more important and forget about it.
I think it might worth trying to submit it again.

Comment 6 by arthurso...@chromium.org, Jan 2 2018 

I confirm the issue.

Test: third_party/WebKit/LayoutTests/http/tests/security/upgrade-insecure-requests/basic-link-upgrade.https.php
From: https://codereview.chromium.org/2557063002
doesn't pass.

Comment 7 by arthurso...@chromium.org, Jan 2 2018

Labels: OS-Android OS-Chrome OS-Fuchsia OS-Linux
Status: Started (was: Assigned)
I rebased https://codereview.chromium.org/2557063002, it fixes the issue. I will publish it after some refinement.

Comment 8 by arthurso...@chromium.org, Jan 5 2018

Cc: mkwst@chromium.org
FYI: The patch will be https://chromium-review.googlesource.com/c/chromium/src/+/848836

Comment 9 by arthurso...@chromium.org, Jan 12 2018 

mkwst@: This regression hit stable (M63), but it looks like it hasn't annoyed a lot of people. AFAIK, this is the only issue reported. Do you think the patch must be merged in M64? (last beta is next week and stable in 10 days).
Project Member

Comment 10 by bugdroid1@chromium.org, Jan 17 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4b62a5cb43c43dcc9a76d8aa2409c1467513412d

commit 4b62a5cb43c43dcc9a76d8aa2409c1467513412d
Author: arthursonzogni <arthursonzogni@chromium.org>
Date: Wed Jan 17 14:14:26 2018

Upgrade Insecure Requests: OOPIF support, bugfixes & tests.

This CL fixes several bugs with Upgrade Insecure Requests. The main one
is that URL were compared against the 'upgrade insecure navigation set'
of the frame that is navigating instead of the frame that has initiated
the navigation.

It fixes  bug 796538 .
8 new tests are added to ensure regressions won't happen anymore.

Finally, it adds the support for OOPIF. The 'upgrade insecure
navigations set' is now replicated across the different processes.

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

BUG=670219,  796538 

Change-Id: I1d138989a1873cd902435de25845ae660769ff98
Reviewed-on: https://chromium-review.googlesource.com/848836
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#529732}
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/browser/frame_host/frame_tree_node.cc
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/browser/frame_host/frame_tree_node.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/browser/frame_host/navigator_impl.cc
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/browser/frame_host/render_frame_host_impl.cc
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/browser/frame_host/render_frame_host_impl.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/browser/frame_host/render_frame_host_manager.cc
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/browser/frame_host/render_frame_host_manager.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/common/frame.mojom
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/common/frame_messages.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/common/frame_replication_state.cc
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/common/frame_replication_state.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/renderer/render_frame_impl.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/renderer/render_frame_proxy.cc
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/renderer/render_frame_proxy.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/content/test/test_render_frame.cc
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade.sub.https.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html.headers
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html.headers
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html.headers
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html.headers
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-2.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html.headers
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html.headers
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-meta.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/resources/click-on-link.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/resources/dummy.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html.headers
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html
[add] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/LayoutTests/external/wpt/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/dom/Document.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/dom/SecurityContext.cpp
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/dom/SecurityContext.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.cpp
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/exported/WebFrame.cpp
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/exported/WebRemoteFrameImpl.cpp
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/exported/WebRemoteFrameImpl.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/frame/LocalFrameClient.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/frame/RemoteFrame.cpp
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/loader/FrameFetchContextTest.cpp
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/loader/FrameLoader.cpp
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/Source/core/loader/FrameLoader.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/public/web/WebFrame.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/public/web/WebFrameClient.h
[modify] https://crrev.com/4b62a5cb43c43dcc9a76d8aa2409c1467513412d/third_party/WebKit/public/web/WebRemoteFrame.h

Comment 11 by arthurso...@chromium.org, Jan 17 2018

Status: Fixed (was: Started)

Sign in to add a comment