New issue
Advanced search Search tips

Issue 867834 link

Starred by 2 users
Status: Fixed
Owner:
yhirano@chromium.org
Closed: Sep 25
Cc:
toyoshim@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 736308



Sign in to add a comment

CORSURLLoader uses request_initiator which ignores iframe sandboxing

Project Member Reported by yhirano@chromium.org, Jul 26 
CORSURLLoader uses network::ResourceRequest::request_initiator, but that ignores iframe sandboxing, because it is equivalent to blink::ResourceRequest::GetRequestorOrigin. See blink::FrameFetchContext::GetRequestorOrigin.

  // If sandbox is enabled and allow-same-origin is not set in the attribute,
  // |document|'s SecurityOrigin is set to the unique opaque origin, and
  // FrameFetchContext::GetSecurityOrigin also respects the unique origin.
  // But, we still need to set the unveiled document origin to the requestor
  // origin. See also sandbox's spec;
  // https://html.spec.whatwg.org/multipage/iframe-embed-object.html#attr-iframe-sandbox.
Project Member

Comment 1 by bugdroid1@chromium.org, Jul 27 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/308dd0a44aa2f852136233b09869269ee0b9d718

commit 308dd0a44aa2f852136233b09869269ee0b9d718
Author: Yutaka Hirano <yhirano@chromium.org>
Date: Fri Jul 27 14:38:48 2018

[OOR-CORS] Add a wpt for CORS with sandboxed-iframe

CORSURLLoader uses network::ResourceRequest::request_initiator which
ignores iframe sandboxing, which is a bug. Let's add a simple test for
the behavior.

Bug:  867834 
Change-Id: Ia45113503f98b3d18e31c785e703d29eee658d08
Reviewed-on: https://chromium-review.googlesource.com/1151167
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578636}
[modify] https://crrev.com/308dd0a44aa2f852136233b09869269ee0b9d718/third_party/WebKit/LayoutTests/TestExpectations
[add] https://crrev.com/308dd0a44aa2f852136233b09869269ee0b9d718/third_party/WebKit/LayoutTests/external/wpt/fetch/api/cors/sandboxed-iframe.html
[add] https://crrev.com/308dd0a44aa2f852136233b09869269ee0b9d718/third_party/WebKit/LayoutTests/external/wpt/fetch/api/resources/sandboxed-iframe.html

Comment 2 by yhirano@chromium.org, Sep 4 

 Issue 879991  has been merged into this issue.

Comment 3 by yhirano@chromium.org, Sep 5

Cc: -yhirano@chromium.org toyoshim@chromium.org
Owner: yhirano@chromium.org
Let me try.
Project Member

Comment 4 by bugdroid1@chromium.org, Sep 25 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/20a34133c595148668a91237dd2b468310aaa336

commit 20a34133c595148668a91237dd2b468310aaa336
Author: Yutaka Hirano <yhirano@chromium.org>
Date: Tue Sep 25 06:55:59 2018

Unify origins on Resource, ResourceRequest and ResourceLoadOptions

blink::ResourceRequest::RequestorOrigin() has ignored iframe
sandboxing, but the reason why doing so is unknown even to OWNERS -
some comments say it's for site-for-cookies, but ResourceRequest
has a dedicated member for the concept, and there is no corresponding
concept of "RequestorOrigin" in the spec. Let's stop doing that, and
make it "request's origin" specified at
https://fetch.spec.whatwg.org/#concept-request-origin .

This CL also unifies ResourceRequest::RequestorOrigin with members that
are corresponding to "request's origin", i.e., Resource::source_origin_
and ResourceLoadOptions::security_origin.

This CL fixes some layout tests for outofblink-cors, because
network::CORSURLLoader uses network::ResourceRequest::request_initiator
which is corresponding to ResourceRequest::RequestorOrigin() as
"request's origin".

Bug:  867834 ,  811669 ,  879991 , 870173
Change-Id: Ie42d38dcfcc16e0a56d8fb1029475b72bd45f2ca
Reviewed-on: https://chromium-review.googlesource.com/1213422
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#593840}
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/public/platform/web_url_request.h
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/exported/web_associated_url_loader_impl.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/fetch/fetch_manager.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/base_fetch_context.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/base_fetch_context_test.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/frame_fetch_context.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/frame_fetch_context.h
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/frame_fetch_context_test.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/ping_loader.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/resource/image_resource.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/resource/image_resource.h
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/threadable_loader.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/threadable_loader.h
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/worker_fetch_context.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/loader/worker_fetch_context.h
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/modules/background_fetch/background_fetch_icon_loader.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/modules/eventsource/event_source.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/modules/notifications/notification_image_loader.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/memory_cache_correctness_test.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/memory_cache_test.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/raw_resource.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/raw_resource.h
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/raw_resource_test.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/resource.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/resource.h
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/resource_fetcher_test.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/resource_loader.h
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/resource_loader_options.h
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/resource_request.cc
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/fetch/resource_request.h
[modify] https://crrev.com/20a34133c595148668a91237dd2b468310aaa336/third_party/blink/renderer/platform/loader/subresource_integrity_test.cc

Comment 5 by yhirano@chromium.org, Sep 25

Status: Fixed (was: Assigned)

Sign in to add a comment