RESOLVED FIXED 106084
CSP: 'frame-src' should block redirects to invalid sources. 
https://bugs.webkit.org/show_bug.cgi?id=106084
Summary CSP: 'frame-src' should block redirects to invalid sources.
Mike West
Reported 2013-01-04 04:35:18 PST
WebKit currently fails test 95 and 101 on http://csptesting.herokuapp.com/. These test variations on whitelisting a source via a 'frame-src' directive, and then loading a whitelisted frame from that source which redirects to a non-whitelisted source. This redirection should be blocked, but currently isn't.
Attachments
Patch (6.00 KB, patch)
2013-01-04 04:38 PST, Mike West 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2013-01-04 04:38:22 PST
Created attachment 181289 [details] Patch
Mike West
Comment 2 2013-01-04 04:40:03 PST
Hi Adam! This patch moves the CSP check for 'frame-src' out of SubframeLoader and into PolicyChecker, which allows us to validate the whole redirect chain, and also seems like a better location semantically. FrameLoader is pretty complex, however, so I'm not actually sure I'm doing the right thing here. Would you mind taking a look? Thanks!
Adam Barth
Comment 3 2013-01-04 09:57:50 PST
Comment on attachment 181289 [details] Patch Yeah, putting this in policy checker is much better.
Mike West
Comment 4 2013-01-04 10:51:41 PST
Comment on attachment 181289 [details] Patch Glad I interpreted things correctly. Thanks for the review!
WebKit Review Bot
Comment 5 2013-01-04 11:14:42 PST
Comment on attachment 181289 [details] Patch Clearing flags on attachment: 181289 Committed r138818: <http://trac.webkit.org/changeset/138818>
WebKit Review Bot
Comment 6 2013-01-04 11:14:45 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.