[M108 Migration] Add back MaybeCheckCSP() method which was removed in upstream

In M63, MaybeCheckCSP() method was used to decide navigation policy
by checking CSP rules. After M63, the method was removed in upstream
patches [1] & [2] which caused the navigation policy to be decided
by ContentRendererClient. For WebApps, it is routed to WRTRenderClient.
In WRT, the navigation policy is decided but also requests app_control
to the refused URL to support backward compatibility which can't be
avoided, thus resulting in unexpected launch of VD Browser.

[1] https://chromium-review.googlesource.com/c/chromium/src/+/1037804
[2] https://chromium-review.googlesource.com/c/chromium/src/+/1083825

This patch adds back MaybeCheckCSP() to decide the policy at blink side
itself, so that the request doesn't reach WRT.

References:
https://review.tizen.org/gerrit/279285

Change-Id: I32ee8fe2f1d833aa945fa1ab9b5e86b7a179f372
Signed-off-by: v-saha <v.saha@samsung.com>

diff --git a/third_party/blink/public/web/web_navigation_policy.h b/third_party/blink/public/web/web_navigation_policy.h
index 39635dc..e9f144e 100644 (file)
--- a/third_party/blink/public/web/web_navigation_policy.h
+++ b/third_party/blink/public/web/web_navigation_policy.h
@@ -31,9 +31,14 @@
 #ifndef THIRD_PARTY_BLINK_PUBLIC_WEB_WEB_NAVIGATION_POLICY_H_
 #define THIRD_PARTY_BLINK_PUBLIC_WEB_WEB_NAVIGATION_POLICY_H_
 
+#include "build/build_config.h"
+
 namespace blink {
 
 enum WebNavigationPolicy {
+#if BUILDFLAG(IS_TIZEN)
+  kWebNavigationPolicyIgnore,
+#endif
   kWebNavigationPolicyDownload,
   kWebNavigationPolicyCurrentTab,
   kWebNavigationPolicyNewBackgroundTab,

diff --git a/third_party/blink/renderer/core/dom/document.cc b/third_party/blink/renderer/core/dom/document.cc
index 45c0ae6..1fd03b4 100644 (file)
--- a/third_party/blink/renderer/core/dom/document.cc
+++ b/third_party/blink/renderer/core/dom/document.cc
@@ -7540,6 +7540,13 @@ bool Document::AllowInlineEventHandler(Node* node,
   return true;
 }
 
+#if BUILDFLAG(IS_TIZEN)
+void Document::EnforceSandboxFlags(
+    network::mojom::blink::WebSandboxFlags mask) {
+  dom_window_->GetSecurityContext().SetSandboxFlags(mask);
+}
+#endif
+
 void Document::UpdateSelectionAfterLayout() {
   should_update_selection_after_layout_ = false;
   Element* element = FocusedElement();

diff --git a/third_party/blink/renderer/core/dom/document.h b/third_party/blink/renderer/core/dom/document.h
index 2675ff3..2498c9f 100644 (file)
--- a/third_party/blink/renderer/core/dom/document.h
+++ b/third_party/blink/renderer/core/dom/document.h
@@ -1384,6 +1384,10 @@ class CORE_EXPORT Document : public ContainerNode,
                                const String& context_url,
                                const WTF::OrdinalNumber& context_line);
 
+#if BUILDFLAG(IS_TIZEN)
+  void EnforceSandboxFlags(network::mojom::blink::WebSandboxFlags);
+#endif
+
   void StatePopped(scoped_refptr<SerializedScriptValue>);
 
   enum LoadEventProgress {

diff --git a/third_party/blink/renderer/core/frame/csp/content_security_policy.cc b/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
index 6c890d8..39f6712 100644 (file)
--- a/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
+++ b/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
@@ -714,6 +714,19 @@ bool ContentSecurityPolicy::AllowFormAction(const KURL& url) {
                          RedirectStatus::kNoRedirect);
 }
 
+#if BUILDFLAG(IS_TIZEN)
+bool ContentSecurityPolicy::AllowFrameFromSource(
+    const KURL& url,
+    const KURL& url_before_redirects,
+    RedirectStatus redirect_status,
+    ReportingDisposition reporting_disposition,
+    CheckHeaderType check_header_type) {
+  return AllowFromSource(CSPDirectiveName::FrameSrc, url, url_before_redirects,
+                         redirect_status, reporting_disposition,
+                         check_header_type);
+}
+#endif
+
 bool ContentSecurityPolicy::AllowImageFromSource(
     const KURL& url,
     const KURL& url_before_redirects,

diff --git a/third_party/blink/renderer/core/frame/csp/content_security_policy.h b/third_party/blink/renderer/core/frame/csp/content_security_policy.h
index 0f66c3c..8b8b6f7 100644 (file)
--- a/third_party/blink/renderer/core/frame/csp/content_security_policy.h
+++ b/third_party/blink/renderer/core/frame/csp/content_security_policy.h
@@ -205,6 +205,14 @@ class CORE_EXPORT ContentSecurityPolicy final
       ReportingDisposition = ReportingDisposition::kReport,
       CheckHeaderType = CheckHeaderType::kCheckAll);
   bool AllowFormAction(const KURL&);
+#if BUILDFLAG(IS_TIZEN)
+  bool AllowFrameFromSource(
+      const KURL&,
+      const KURL& url_before_redirects,
+      RedirectStatus,
+      ReportingDisposition = ReportingDisposition::kReport,
+      CheckHeaderType = CheckHeaderType::kCheckAll);
+#endif
   bool AllowImageFromSource(
       const KURL&,
       const KURL& url_before_redirects,

diff --git a/third_party/blink/renderer/core/loader/frame_loader.cc b/third_party/blink/renderer/core/loader/frame_loader.cc
index b0c3dfe..b8ebb67 100644 (file)
--- a/third_party/blink/renderer/core/loader/frame_loader.cc
+++ b/third_party/blink/renderer/core/loader/frame_loader.cc
@@ -609,6 +609,48 @@ DetermineRequestContextFromNavigationType(
   return mojom::blink::RequestContextType::HYPERLINK;
 }
 
+#if BUILDFLAG(IS_TIZEN)
+static NavigationPolicy MaybeCheckCSP(
+    const ResourceRequest& request,
+    WebNavigationType type,
+    LocalFrame* frame,
+    NavigationPolicy policy,
+    network::mojom::CSPDisposition should_check_main_world_csp,
+    ContentSecurityPolicy::CheckHeaderType check_header_type) {
+  // If we're loading content into |frame| (NavigationPolicyCurrentTab), check
+  // against the parent's Content Security Policy and kill the load if that
+  // check fails, unless we should bypass the main world's CSP.
+  if (policy == kNavigationPolicyCurrentTab &&
+      should_check_main_world_csp == network::mojom::CSPDisposition::CHECK) {
+    LocalFrame* parent_frame = DynamicTo<LocalFrame>(frame->Tree().Parent());
+    if (parent_frame) {
+      ContentSecurityPolicy* parent_policy =
+          parent_frame->DomWindow()->GetContentSecurityPolicy();
+      const absl::optional<ResourceRequest::RedirectInfo>& redirect_info =
+          request.GetRedirectInfo();
+      const KURL& url_before_redirects =
+          redirect_info ? redirect_info->original_url : request.Url();
+      ResourceRequest::RedirectStatus redirect_status =
+          redirect_info ? RedirectStatus::kFollowedRedirect
+                        : RedirectStatus::kNoRedirect;
+      if (!parent_policy->AllowFrameFromSource(
+              request.Url(), url_before_redirects, redirect_status,
+              ReportingDisposition::kReport, check_header_type)) {
+        // Fire a load event, as timing attacks would otherwise reveal that the
+        // frame was blocked. This way, it looks like every other cross-origin
+        // page load.
+        frame->GetDocument()->EnforceSandboxFlags(
+            network::mojom::blink::WebSandboxFlags::kOrigin);
+        frame->Owner()->DispatchLoad();
+        return kNavigationPolicyIgnore;
+      }
+    }
+  }
+
+  return policy;
+}
+#endif
+
 static network::mojom::RequestDestination
 DetermineRequestDestinationFromNavigationType(
     const WebNavigationType navigation_type) {
@@ -788,6 +830,23 @@ void FrameLoader::StartNavigation(FrameLoadRequest& request,
     }
     return;
   }
+#if BUILDFLAG(IS_TIZEN)
+  else {
+    using CSPDisposition = network::mojom::CSPDisposition;
+    CSPDisposition should_check_main_world_csp =
+        ContentSecurityPolicy::ShouldBypassMainWorldDeprecated(
+            request.JavascriptWorld().get())
+            ? CSPDisposition::DO_NOT_CHECK
+            : CSPDisposition::CHECK;
+
+    if (MaybeCheckCSP(request.GetResourceRequest(), navigation_type, frame_,
+                      request.GetNavigationPolicy(),
+                      should_check_main_world_csp,
+                      ContentSecurityPolicy::CheckHeaderType::kCheckEnforce) ==
+        kNavigationPolicyIgnore)
+      return;
+  }
+#endif
 
   if (auto* navigation_api = NavigationApi::navigation(*frame_->DomWindow())) {
     if (request.GetNavigationPolicy() == kNavigationPolicyCurrentTab &&

diff --git a/third_party/blink/renderer/core/loader/navigation_policy.cc b/third_party/blink/renderer/core/loader/navigation_policy.cc
index 0bf938d..0270ee7 100644 (file)
--- a/third_party/blink/renderer/core/loader/navigation_policy.cc
+++ b/third_party/blink/renderer/core/loader/navigation_policy.cc
@@ -184,6 +184,9 @@ NavigationPolicy NavigationPolicyForCreateWindow(
   return user_policy;
 }
 
+#if BUILDFLAG(IS_TIZEN)
+STATIC_ASSERT_ENUM(kWebNavigationPolicyIgnore, kNavigationPolicyIgnore);
+#endif
 STATIC_ASSERT_ENUM(kWebNavigationPolicyDownload, kNavigationPolicyDownload);
 STATIC_ASSERT_ENUM(kWebNavigationPolicyCurrentTab, kNavigationPolicyCurrentTab);
 STATIC_ASSERT_ENUM(kWebNavigationPolicyNewBackgroundTab,

diff --git a/third_party/blink/renderer/core/loader/navigation_policy.h b/third_party/blink/renderer/core/loader/navigation_policy.h
index 56dc9db..a1385c1 100644 (file)
--- a/third_party/blink/renderer/core/loader/navigation_policy.h
+++ b/third_party/blink/renderer/core/loader/navigation_policy.h
@@ -39,6 +39,9 @@ class Event;
 struct WebWindowFeatures;
 
 enum NavigationPolicy {
+#if BUILDFLAG(IS_TIZEN)
+  kNavigationPolicyIgnore,
+#endif
   kNavigationPolicyDownload,
   kNavigationPolicyCurrentTab,
   kNavigationPolicyNewBackgroundTab,