[webkit-changes] [WebKit/WebKit] a58085: Cherry-pick 0445ac553799. rdar://problem/103170891

Mon, 19 Dec 2022 18:36:04 -0800 

  Branch: refs/heads/safari-7615.1.16-branch
  Home:   https://github.com/WebKit/WebKit
  Commit: a58085420faa7872aad9c6c8d2ce01275cbea1a1
      
https://github.com/WebKit/WebKit/commit/a58085420faa7872aad9c6c8d2ce01275cbea1a1
  Author: Ryan Reno <rr...@apple.com>
  Date:   2022-12-19 (Mon, 19 Dec 2022)

  Changed paths:
    M Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp

  Log Message:
  -----------
  Cherry-pick 0445ac553799. rdar://problem/103170891

    Store CSP delivered via meta tag as a valid HTTP header.
    https://bugs.webkit.org/show_bug.cgi?id=249596
    rdar://103170891

    Reviewed by Brent Fulgham.

    A CSP delivered via a meta tag could have invalid HTTP header values in it. 
Take for example this:

    <meta http-equiv="Content-Security-Policy" content="
        default-src 'none';
        script-src 'self';
        img-src 'self'">

    The value of the CSP header that the ContentSecurityPolicyDirectiveList 
will get will be the raw
    string including whitespace and most importantly newline characters. These 
newline characters are
    invalid characters in an HTTP header[0].

    The parsing algorithm for CSP handles this appropriately and creates a 
valid CSP for the document. However,
    if a script in the document then creates blob URLs which are navigated to 
or otherwise fetched, the Network
    process will return a ResourceResponse object with a 
Content-Security-Policy header that contains the newlines.
    This is caught by the ResourceResponseBase::containsInvalidHTTPHeaders 
function which causes the fetch to fail.

    To combat this we can simply strip the newline characters from the 
meta-delivered CSP and store the policy as a
    valid HTTP header.

    [0] https://fetch.spec.whatwg.org/#header-value

    * Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:
    (WebCore::ContentSecurityPolicyDirectiveList::parse):

    Canonical link: https://commits.webkit.org/258110@main

Canonical link: https://commits.webkit.org/257979.6@safari-7615.1.16-branch


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to