Bug 1438478 [wpt PR 9536] - Stop reusing MemoryCache entries for requests with a different source origin., a=testonly
authorTakeshi Yoshino <tyoshino@chromium.org>
Mon, 26 Mar 2018 12:26:55 +0000
changeset 410962 d9e926e5f731819768d45bef3bcb828a4cdc77f4
parent 410961 b8139542e58db7d1692142e600bdaa348fdb6239
child 410963 8e7a50052c03167179489c7bf1ad0f811a736bb5
push id101593
push userjames@hoppipolla.co.uk
push dateSat, 31 Mar 2018 22:09:06 +0000
treeherdermozilla-inbound@feb3750f2fac [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1438478, 799477, 809350, 897040, 537580
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1438478 [wpt PR 9536] - Stop reusing MemoryCache entries for requests with a different source origin., a=testonly Automatic update from web-platform-testsStop reusing MemoryCache entries for requests with a different source origin. ResourceFetcher/ResourceLoader now saves the result of the CORS check on the Resource object. Though the result of the CORS check varies depending on the source origin, reusing an existing resource fetched by a different source origin is allowed by mistake. This patch introduces a logic to prevent MemoryCache entries from being reused for requests with a different source (requestor) origin by saving the source origin on the Resource object and comparing that with the new source origin in Resource::CanReuse(), so that the result of the CORS check is reused only when the source origin is the same. An alternative possibly-better approach is to isolate MemoryCache for different origins by changing the cache identifier to take into account the source origin of requests. However, to keep the patch small and fix the issue quickly, this patch just prevents reuse. Bug: 799477, 809350 Change-Id: Ib96c9e728abe969a53f3d80519118a83392067b4 Reviewed-on: https://chromium-review.googlesource.com/897040 Commit-Queue: Takeshi Yoshino <tyoshino@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#537580} wpt-commits: e6bda363d5bc9722b326631c36333d41101c0cb3 wpt-pr: 9536 wpt-commits: e6bda363d5bc9722b326631c36333d41101c0cb3 wpt-pr: 9536
testing/web-platform/meta/MANIFEST.json
testing/web-platform/tests/cors/image-tainting-in-cross-origin-iframe.sub.html
testing/web-platform/tests/cors/resources/image-tainting-checker.sub.html
testing/web-platform/tests/images/blue-png-cachable.py
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -213267,16 +213267,21 @@
      {}
     ]
    ],
    "cors/resources/cors-makeheader.py": [
     [
      {}
     ]
    ],
+   "cors/resources/image-tainting-checker.sub.html": [
+    [
+     {}
+    ]
+   ],
    "cors/resources/preflight.py": [
     [
      {}
     ]
    ],
    "cors/resources/remote-xhrer.html": [
     [
      {}
@@ -283877,16 +283882,21 @@
      {}
     ]
    ],
    "images/blue-border.png": [
     [
      {}
     ]
    ],
+   "images/blue-png-cachable.py": [
+    [
+     {}
+    ]
+   ],
    "images/blue.png": [
     [
      {}
     ]
    ],
    "images/blue96x96.png": [
     [
      {}
@@ -309486,16 +309496,22 @@
     ]
    ],
    "cors/credentials-flag.htm": [
     [
      "/cors/credentials-flag.htm",
      {}
     ]
    ],
+   "cors/image-tainting-in-cross-origin-iframe.sub.html": [
+    [
+     "/cors/image-tainting-in-cross-origin-iframe.sub.html",
+     {}
+    ]
+   ],
    "cors/late-upload-events.htm": [
     [
      "/cors/late-upload-events.htm",
      {}
     ]
    ],
    "cors/origin.htm": [
     [
@@ -420239,16 +420255,20 @@
   "cors/basic.htm": [
    "a3589dffef076a17cc33610ad49fae71485886c4",
    "testharness"
   ],
   "cors/credentials-flag.htm": [
    "0c2e70a707db7426e86726fc8e9cf86159606227",
    "testharness"
   ],
+  "cors/image-tainting-in-cross-origin-iframe.sub.html": [
+   "e0066d1d3376a5a3a73cd47597fe04efa4330cbe",
+   "testharness"
+  ],
   "cors/late-upload-events.htm": [
    "fd228ae2b8c82e4ec4a13659c95f9e42f8030b50",
    "testharness"
   ],
   "cors/origin.htm": [
    "4fd804db576f22f4afc4ebc9f339341969322dbb",
    "testharness"
   ],
@@ -420311,16 +420331,20 @@
   "cors/resources/cors-headers.asis": [
    "758f91ae0ce63c2f3f273a3588bea290d208e0d2",
    "support"
   ],
   "cors/resources/cors-makeheader.py": [
    "153ae440de7512da3001507010b5ef7bbbfb391e",
    "support"
   ],
+  "cors/resources/image-tainting-checker.sub.html": [
+   "1e439e4c2c715bbde208c010118b382c56047d08",
+   "support"
+  ],
   "cors/resources/preflight.py": [
    "d57c82ffc41dd9d78ea69df75dc11aa6a626f660",
    "support"
   ],
   "cors/resources/remote-xhrer.html": [
    "c942d5cf7950ebd9b968654a06d3a616f80ce9c2",
    "support"
   ],
@@ -567287,16 +567311,20 @@
   "images/blue-area.png": [
    "b87d753e5caae6d356ed5ae0bf9430e69380a968",
    "support"
   ],
   "images/blue-border.png": [
    "d7e6fa96c94057798d394cfbd2cf9be077ba5870",
    "support"
   ],
+  "images/blue-png-cachable.py": [
+   "f1c756b52805137b2f472e2bc9e533949b245769",
+   "support"
+  ],
   "images/blue.png": [
    "7de5cdb5ad04ac365430b3b5f5ba01d2ba57ea23",
    "support"
   ],
   "images/blue96x96.png": [
    "99949c515749e66f471c3589ee7a0ef518aaccb5",
    "support"
   ],
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/cors/image-tainting-in-cross-origin-iframe.sub.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+</body>
+<script>
+async_test(t => {
+  const img = document.createElement('img');
+  img.onload = t.step_func(() => {
+    const iframe = document.createElement('iframe');
+    window.onmessage = t.step_func_done(e => {
+      assert_equals(e.data, 'DONE');
+    });
+    iframe.src = 'http://{{domains[www1]}}:{{ports[http][0]}}/cors/resources/image-tainting-checker.sub.html';
+    document.body.appendChild(iframe);
+  });
+  img.src = '/images/blue-png-cachable.py';
+  document.body.appendChild(img);
+}, 'An image resource that is same-origin to the top-level frame loaded in ' +
+  'the frame is not treated as same-origin for an iframe that is ' +
+  'cross-origin to the top-level frame, and therefore a canvas where the ' +
+  'image is drawn gets tainted.');
+</script>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/cors/resources/image-tainting-checker.sub.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<body>
+<canvas id="canvas"></canvas>
+<script>
+// Used by image-tainting-in-cross-origin-iframe.sub.html to check that an
+// image resource loaded by the top level frame that is same-origin to the
+// frame isn't treated as a same-origin resource in a cross-origin iframe.
+const canvas = document.getElementById('canvas');
+const ctx = canvas.getContext('2d');
+const img = new Image();
+img.src = 'http://{{host}}:{{ports[http][0]}}/images/blue-png-cachable.py';
+img.onload = () => {
+  ctx.drawImage(img, 0, 0);
+  try {
+    ctx.getImageData(0, 0, 1, 1);
+    parent.postMessage('FAIL: getImageData() didn\'t throw', '*');
+  } catch (e) {
+    parent.postMessage('DONE', '*');
+  }
+};
+</script>
+</body>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/images/blue-png-cachable.py
@@ -0,0 +1,13 @@
+import os
+import time
+
+def main(request, response):
+  """Serves the contents in blue.png but with a Cache-Control header.
+
+  Emits a Cache-Control header with max-age set to 1h to allow the browser
+  cache the image. Used for testing behaviors involving caching logics.
+  """
+  image_path = os.path.join(os.path.dirname(__file__), "blue.png")
+  response.headers.set("Cache-Control", "max-age=3600")
+  response.headers.set("Content-Type", "image/png")
+  response.content = open(image_path, mode='rb').read()