From 67c5661362749f858ea409475fd3923d21478936 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Thu, 10 Mar 2022 19:18:37 +0200 Subject: [PATCH 1/9] Perform a CSP check when consuming preloaded response --- fetch.bs | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/fetch.bs b/fetch.bs index bd8fae92f..2ccf3c2d1 100644 --- a/fetch.bs +++ b/fetch.bs @@ -3891,9 +3891,16 @@ the request. with request's client's origin. -

  • Let onPreloadedResponseAvailable be an algorithm that runs the following - step in parallel given a response response: run - fetch finale given response and fetchParams. +

  • +

    Let onPreloadedResponseAvailable be an algorithm that runs the following + step in parallel given a response response: If + response + to request should not be blocked by Content Security Policy, then return; Otherwise + run fetch finale given response and fetchParams.

    + +

    An additional CSP check is necessary here as it is possible that new CSP + directives were hadded after the preload was initiated, e.g. by a meta element.

    +

  • Let foundPreloadedResource be the result of invoking consume a preloaded resource for req's window, From 304a867830cafc121344e889012ade1c15732c23 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Thu, 10 Mar 2022 19:29:40 +0200 Subject: [PATCH 2/9] Some fixes --- fetch.bs | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/fetch.bs b/fetch.bs index 2ccf3c2d1..632dbc349 100644 --- a/fetch.bs +++ b/fetch.bs @@ -3893,13 +3893,22 @@ the request.

  • Let onPreloadedResponseAvailable be an algorithm that runs the following - step in parallel given a response response: If - response - to request should not be blocked by Content Security Policy, then return; Otherwise - run fetch finale given response and fetchParams.

    + steps in parallel given a response response: -

    An additional CSP check is necessary here as it is possible that new CSP - directives were hadded after the preload was initiated, e.g. by a meta element.

    +
      +
    1. +

      If + response + to request should be blocked by Content Security Policy, then set + response to a network error.

      + +

      An additional CSP check is necessary here as it is possible that new CSP + directives were added after the preload was initiated, e.g. by appending a meta + element to the document.

      +
      2. + +

    2. Run fetch finale given response and fetchParams.

      3. +

  • Let foundPreloadedResource be the result of invoking From 17161b5a0a395b8023ab73cff6cfb4b617dba1dc Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Fri, 11 Mar 2022 16:04:40 +0200 Subject: [PATCH 3/9] Refactor preload to go through all the checks --- fetch.bs | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/fetch.bs b/fetch.bs index 632dbc349..df56dda15 100644 --- a/fetch.bs +++ b/fetch.bs @@ -215,6 +215,9 @@ lt="authentication entry">authentication entries (for HTTP authentication).

    timing info
    A fetch timing info. + +
    preloaded response (default "pending") +
    Null, "pending", or a response.

    A fetch controller is a struct used to enable callers of @@ -3891,25 +3894,9 @@ the request. with request's client's origin. -

  • -

    Let onPreloadedResponseAvailable be an algorithm that runs the following - steps in parallel given a response response: - -

      -
    1. -

      If - response - to request should be blocked by Content Security Policy, then set - response to a network error.

      - -

      An additional CSP check is necessary here as it is possible that new CSP - directives were added after the preload was initiated, e.g. by appending a meta - element to the document.

      -
      2. - -

    2. Run fetch finale given response and fetchParams.

      3. -
    -
    • +

  • Let onPreloadedResponseAvailable be an algorithm that runs the following + step given a response response: set fetchParams's + preloaded response to response.

  • Let foundPreloadedResource be the result of invoking consume a preloaded resource for req's window, @@ -3918,7 +3905,8 @@ the request. req's integrity metadata, and onPreloadedResponseAvailable. -

  • If foundPreloadedResource is true, then return. +

  • If foundPreloadedResource is false, then set fetchParams's + preloaded response to null.

    • @@ -4004,7 +3992,12 @@ steps:

    1. Let request be fetchParams's request. -

    2. Let response be null. +

    3. If fetchParams's preloaded response is + "pending", then wait until fetchParams's + preloaded response is null or a response. + +

    4. Let response be fetchParams's + preloaded response.

    5. If request's local-URLs-only flag is set and request's current URL is not local, then set response to a From 9cfbfe5a22ac2550a07560eb08d1c3da741be369 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Fri, 11 Mar 2022 16:08:13 +0200 Subject: [PATCH 4/9] nit --- fetch.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fetch.bs b/fetch.bs index df56dda15..910c4110f 100644 --- a/fetch.bs +++ b/fetch.bs @@ -3896,7 +3896,7 @@ the request.

    6. Let onPreloadedResponseAvailable be an algorithm that runs the following step given a response response: set fetchParams's - preloaded response to response. + preloaded response to response.

    7. Let foundPreloadedResource be the result of invoking consume a preloaded resource for req's window, From 65c6225042e751c078ffa60e002acbcba7995458 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Sat, 12 Mar 2022 17:04:14 +0200 Subject: [PATCH 5/9] Small refactor --- fetch.bs | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/fetch.bs b/fetch.bs index 910c4110f..08d063b49 100644 --- a/fetch.bs +++ b/fetch.bs @@ -216,7 +216,7 @@ lt="authentication entry">authentication entries (for HTTP authentication).

      timing info
      A fetch timing info. -
      preloaded response (default "pending") +
      preloaded response candidate (default null)
      Null, "pending", or a response. @@ -3894,9 +3894,12 @@ the request. with request's client's origin. +

    8. Set fetchParams's preloaded response candidate to + "pending". +

    9. Let onPreloadedResponseAvailable be an algorithm that runs the following - step given a response response: set fetchParams's - preloaded response to response. + step given a response response: Set fetchParams's + preloaded response candidate to response.

    10. Let foundPreloadedResource be the result of invoking consume a preloaded resource for req's window, @@ -3906,7 +3909,7 @@ the request. onPreloadedResponseAvailable.

    11. If foundPreloadedResource is false, then set fetchParams's - preloaded response to null. + preloaded response candidate to null.

    • @@ -3992,12 +3995,7 @@ steps:

    1. Let request be fetchParams's request. -

    2. If fetchParams's preloaded response is - "pending", then wait until fetchParams's - preloaded response is null or a response. - -

    3. Let response be fetchParams's - preloaded response. +

    4. Let response be null.

    5. If request's local-URLs-only flag is set and request's current URL is not local, then set response to a @@ -4049,6 +4047,17 @@ steps: corresponding to the first matching statement:

      +
      fetchParams's preloaded response candidate is not null + +
      +
        +

      1. Wait until fetchParams's + preloaded response candidate is not "pending". + +

      2. Return fetchParams's + preloaded response candidate. +

      +
      request's current URL's origin is same origin with request's origin, and request's response tainting is "basic" From 843808ee394ad8976faf5816396b35bdebbd8776 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Wed, 16 Mar 2022 14:13:06 +0200 Subject: [PATCH 6/9] Switch order of 'pending' check --- fetch.bs | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/fetch.bs b/fetch.bs index 08d063b49..f758f8b39 100644 --- a/fetch.bs +++ b/fetch.bs @@ -3894,9 +3894,6 @@ the request. with request's client's origin. -

    6. Set fetchParams's preloaded response candidate to - "pending". -

    7. Let onPreloadedResponseAvailable be an algorithm that runs the following step given a response response: Set fetchParams's preloaded response candidate to response. @@ -3908,8 +3905,9 @@ the request. req's integrity metadata, and onPreloadedResponseAvailable. -

    8. If foundPreloadedResource is false, then set fetchParams's - preloaded response candidate to null.

      9. +

    9. If foundPreloadedResource is true and fetchParams's + preloaded response candidate is null, then set fetchParams's + preloaded response candidate to "pending".

    From 9f484106eb78548ffa963a4b5d541aedfcf98e0f Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Wed, 16 Mar 2022 14:14:06 +0200 Subject: [PATCH 7/9] assert --- fetch.bs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fetch.bs b/fetch.bs index f758f8b39..256401136 100644 --- a/fetch.bs +++ b/fetch.bs @@ -4052,6 +4052,9 @@ steps:

  • Wait until fetchParams's preloaded response candidate is not "pending". +

  • Assert: fetchParams's + preloaded response candidate is a response. +

  • Return fetchParams's preloaded response candidate. From 948fb736dc7ff786c6437bf6e1b20d4f5edbae68 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Wed, 16 Mar 2022 14:17:11 +0200 Subject: [PATCH 8/9] typo --- fetch.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fetch.bs b/fetch.bs index 256401136..bb9851e1e 100644 --- a/fetch.bs +++ b/fetch.bs @@ -3907,7 +3907,7 @@ the request.

  • If foundPreloadedResource is true and fetchParams's preloaded response candidate is null, then set fetchParams's - preloaded response candidate to "pending".

    • + preloaded response candidate to "pending".

    From 808cb65e45d2f421f202afc8bbf86b6408d70fbc Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Thu, 17 Mar 2022 13:55:35 +0100 Subject: [PATCH 9/9] nits (biggest change here is correction of variable names) --- fetch.bs | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/fetch.bs b/fetch.bs index bb9851e1e..290b3e807 100644 --- a/fetch.bs +++ b/fetch.bs @@ -3895,19 +3895,19 @@ the request. origin.

  • Let onPreloadedResponseAvailable be an algorithm that runs the following - step given a response response: Set fetchParams's + step given a response response: set fetchParams's preloaded response candidate to response.

  • Let foundPreloadedResource be the result of invoking - consume a preloaded resource for req's window, - given req's URL, req's destination, - req's mode, req's credentials mode, - req's integrity metadata, and - onPreloadedResponseAvailable. + consume a preloaded resource for request's window, given + request's URL, request's destination, + request's mode, request's + credentials mode, request's integrity metadata, + and onPreloadedResponseAvailable.

  • If foundPreloadedResource is true and fetchParams's preloaded response candidate is null, then set fetchParams's - preloaded response candidate to "pending".

    • + preloaded response candidate to "pending". @@ -4046,17 +4046,15 @@ steps:
    fetchParams's preloaded response candidate is not null -

    1. Wait until fetchParams's preloaded response candidate is not "pending". -

    2. Assert: fetchParams's +

    3. Assert: fetchParams's preloaded response candidate is a response. -

    4. Return fetchParams's - preloaded response candidate. +

    5. Return fetchParams's preloaded response candidate.

    request's current URL's origin is @@ -4066,7 +4064,6 @@ steps: "data"
    request's mode is "navigate" or "websocket" -

    1. Set request's @@ -4083,7 +4080,6 @@ steps:

      request's mode is "same-origin" -

      Return a network error.

      request's mode is @@ -4115,7 +4111,6 @@ steps:
      request's current URL's scheme is not an HTTP(S) scheme -

      Return a network error.

      request's use-CORS-preflight flag is set