angler-fishThe Vulnerability History Project

Ignore paths in CSP matching after redirects

      When a ResourceRequest has a redirect chain before it, set an
ignoreSourcePaths flag that gets passed all the way down to the CSP
source matching, which will ignore paths in sources when the resource
URL is the result of a redirect.

BUG=452821

Review URL: https://codereview.chromium.org/960833003

git-svn-id: svn://svn.chromium.org/blink/trunk@191574 bbb929c8-8fbe-4397-9dbb-9b2b20218538
by Jaime the Cobra 2015-03-09 19:00:22 UTC
commit 8f2e3a351ea1cfe3d6d778e1cf17ebb6d42c089c
Chromium VCC CVE-2016-1617
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-redirect-to-blocked-expected.txt
+1 -1
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-eventsource-redirect-to-blocked.html
+1 -3
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-redirect-to-blocked-expected.txt
+1 -1
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-redirect-to-blocked.html
+1 -3
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/redirect-does-not-match-paths.html
-18
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/iframe-redirect-not-allowed.html
-7
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/redirect-does-not-match-paths.js
-34
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/redirect.pl
-34
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/script-redirect-not-allowed.js
-1
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/stylesheet-redirect-not-allowed.css
-3
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.pl
-8
third_party/WebKit/Source/core/core.gypi
-2
third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp
+7 -11
third_party/WebKit/Source/core/fetch/ResourceLoader.cpp
-1
third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
+57 -31
third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
+14 -20
third_party/WebKit/Source/core/frame/csp/CSPSource.cpp
+2 -3
third_party/WebKit/Source/core/frame/csp/CSPSource.h
+1 -2
third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
+2 -2
third_party/WebKit/Source/core/frame/csp/CSPSourceList.h
+1 -1
third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
-125
third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
-70
third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
+34 -34
third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
+13 -27
third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
+6 -6
third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp
+3 -2
third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
+1 -2
third_party/WebKit/Source/core/loader/DocumentLoader.cpp
+1 -1
third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
+4 -4
third_party/WebKit/Source/core/loader/DocumentThreadableLoader.h
+1 -2
third_party/WebKit/Source/platform/network/ResourceRequest.cpp
-3
third_party/WebKit/Source/platform/network/ResourceRequest.h
-6
expand_less