-
jpfau@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=93390 Reviewed by Adam Barth. Source/WebCore: Add checks for if a page is third-party and third-party storage blocking is enabled while accessing storage. Tests: http/tests/security/cross-origin-local-storage-allowed.html http/tests/security/cross-origin-local-storage.html http/tests/security/cross-origin-session-storage-allowed.html http/tests/security/cross-origin-session-storage.html http/tests/security/same-origin-document-domain-storage-allowed.html * dom/Document.cpp: (WebCore::Document::initSecurityContext): Initialize securityOrigin with knowledge of if we should block third-party storage. * page/DOMWindow.cpp: Check if the origin trying to access storage is third-party relative to the top document. (WebCore::DOMWindow::sessionStorage): (WebCore::DOMWindow::localStorage): * page/SecurityOrigin.cpp: Add a call in Security origin to see if another origin counts as a third-party. (WebCore::SecurityOrigin::SecurityOrigin): (WebCore::SecurityOrigin::canAccessLocalStorage): (WebCore): (WebCore::SecurityOrigin::isThirdParty): * page/SecurityOrigin.h: (WebCore::SecurityOrigin::blockThirdPartyStorage): (SecurityOrigin): * testing/InternalSettings.cpp: Add an internals.settings hook for setting third-party storage blocking enabled. (WebCore::InternalSettings::setThirdPartyStorageBlockingEnabled): (WebCore): * testing/InternalSettings.h: (InternalSettings): * testing/InternalSettings.idl: LayoutTests: Created tests for testing accessing localStorage and selfStorage from a third party and first party when third-party blocking is on and off. * http/tests/security/cross-origin-local-storage-allowed-expected.txt: Added. * http/tests/security/cross-origin-local-storage-allowed.html: Added. * http/tests/security/cross-origin-local-storage-expected.txt: Added. * http/tests/security/cross-origin-local-storage.html: Added. * http/tests/security/cross-origin-session-storage-allowed-expected.txt: Added. * http/tests/security/cross-origin-session-storage-allowed.html: Added. * http/tests/security/cross-origin-session-storage-expected.txt: Added. * http/tests/security/cross-origin-session-storage.html: Added. * http/tests/security/same-origin-document-domain-storage-allowed-expected.html: Added. * http/tests/security/same-origin-document-domain-storage-allowed.html: Added. * http/tests/security/resources/document-domain-iframe-for-local-storage.html: Added. * http/tests/security/resources/cross-origin-iframe-for-local-storage.html: Added. * http/tests/security/resources/cross-origin-iframe-for-session-storage.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125335 268f45cc-cd09-0410-ab3c-d52691b4dbfc
d9930b31