[epiphany/mcatanzaro/localhost: 24/24] Treat localhost as a secure origin
- From: Jan-Michael Brummer <jbrummer src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/mcatanzaro/localhost: 24/24] Treat localhost as a secure origin
- Date: Wed, 6 Nov 2019 15:40:50 +0000 (UTC)
commit c133e876e5b8efc27671c346833f8e08cce53b38
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Thu Oct 10 10:23:59 2019 -0500
Treat localhost as a secure origin
Since glib!616 we know localhost now always resolves to the local
computer, so we can suppress any transport security warnings like we
already do for 127.0.0.1 and ::1.
embed/ephy-embed-shell.c | 6 ++---
embed/ephy-web-view.c | 28 +++++++++++++++++++-----
embed/web-process-extension/resources/js/ephy.js | 14 ++++++++----
3 files changed, 35 insertions(+), 13 deletions(-)
---
diff --git a/embed/ephy-embed-shell.c b/embed/ephy-embed-shell.c
index 811796553..b0c871e5a 100644
--- a/embed/ephy-embed-shell.c
+++ b/embed/ephy-embed-shell.c
@@ -227,16 +227,16 @@ web_process_extension_password_form_focused_message_received_cb (WebKitUserConte
EphyEmbedShell *shell)
{
guint64 page_id;
- gboolean insecure_action;
+ gboolean insecure_form_action;
g_autoptr (GVariant) variant = NULL;
g_autofree char *message_str = NULL;
message_str = jsc_value_to_string (webkit_javascript_result_get_js_value (message));
variant = g_variant_parse (G_VARIANT_TYPE ("(tb)"), message_str, NULL, NULL, NULL);
- g_variant_get (variant, "(tb)", &page_id, &insecure_action);
+ g_variant_get (variant, "(tb)", &page_id, &insecure_form_action);
g_signal_emit (shell, signals[PASSWORD_FORM_FOCUSED], 0,
- page_id, insecure_action);
+ page_id, insecure_form_action);
}
static void
diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c
index aeedd254c..8b563b8ad 100644
--- a/embed/ephy-web-view.c
+++ b/embed/ephy-web-view.c
@@ -836,7 +836,7 @@ icon_changed_cb (EphyWebView *view,
static void
password_form_focused_cb (EphyEmbedShell *shell,
guint64 page_id,
- gboolean insecure_action,
+ gboolean insecure_form_action,
EphyWebView *web_view)
{
GtkWidget *info_bar;
@@ -847,7 +847,7 @@ password_form_focused_cb (EphyEmbedShell *shell,
return;
if (webkit_web_view_get_page_id (WEBKIT_WEB_VIEW (web_view)) != page_id)
return;
- if (!insecure_action && ephy_security_level_is_secure (web_view->security_level))
+ if (!insecure_form_action && ephy_security_level_is_secure (web_view->security_level))
return;
/* Translators: Message appears when insecure password form is focused. */
@@ -1865,6 +1865,18 @@ ephy_web_view_set_committed_location (EphyWebView *view,
g_object_thaw_notify (object);
}
+static char *
+hostname_to_tld (const char *hostname)
+{
+ g_auto (GStrv) parts = NULL;
+ guint length;
+
+ parts = g_strsplit (hostname, ".", 0);
+ length = g_strv_length (parts);
+
+ return g_strdup (parts[length - 1]);
+}
+
static void
update_security_status_for_committed_load (EphyWebView *view,
const char *uri)
@@ -1875,6 +1887,7 @@ update_security_status_for_committed_load (EphyWebView *view,
WebKitWebContext *web_context;
WebKitSecurityManager *security_manager;
SoupURI *soup_uri;
+ g_autofree char *tld = NULL;
if (view->loading_error_page)
return;
@@ -1889,11 +1902,14 @@ update_security_status_for_committed_load (EphyWebView *view,
g_clear_object (&view->certificate);
g_clear_pointer (&view->tls_error_failing_uri, g_free);
+ if (soup_uri && soup_uri->host)
+ tld = hostname_to_tld (soup_uri->host);
+
if (!soup_uri ||
- strcmp (soup_uri_get_scheme (soup_uri), EPHY_VIEW_SOURCE_SCHEME) == 0 ||
- /* Warning: we do not whitelist localhost because it could be redirected by DNS. */
- g_strcmp0 (soup_uri_get_host (soup_uri), "127.0.0.1") == 0 ||
- g_strcmp0 (soup_uri_get_host (soup_uri), "::1") == 0 ||
+ strcmp (soup_uri->scheme, EPHY_VIEW_SOURCE_SCHEME) == 0 ||
+ g_strcmp0 (tld, "127.0.0.1") == 0 ||
+ g_strcmp0 (tld, "::1") == 0 ||
+ g_strcmp0 (tld, "localhost") == 0 || /* We trust localhost to be local since glib!616. */
webkit_security_manager_uri_scheme_is_local (security_manager, soup_uri->scheme) ||
webkit_security_manager_uri_scheme_is_empty_document (security_manager, soup_uri->scheme)) {
security_level = EPHY_SECURITY_LEVEL_LOCAL_PAGE;
diff --git a/embed/web-process-extension/resources/js/ephy.js
b/embed/web-process-extension/resources/js/ephy.js
index 379035e5b..9759b882e 100644
--- a/embed/web-process-extension/resources/js/ephy.js
+++ b/embed/web-process-extension/resources/js/ephy.js
@@ -562,13 +562,19 @@ Ephy.FormManager = class FormManager
_passwordFormFocused(event)
{
- let isInsecureAction = false;
+ let isFormActionInsecure = false;
if (this._form.action) {
let url = new URL(this._form.action);
- // Warning: we do not whitelist localhost because it could be redirected by DNS.
- isInsecureAction = url.protocol == 'http:' && url.hostname != "127.0.0.1" && url.hostname !=
"::1";
+ if (url.protocol == 'http:') {
+ // We trust localhost to be local since glib!616.
+ let parts = url.hostname.split('.');
+ if (parts.length > 0) {
+ let tld = parts[parts.length - 1];
+ isFormActionInsecure = tld != "127.0.0.1" && tld != "::1" && tld != "localhost";
+ }
+ }
}
-
window.webkit.messageHandlers.passwordFormFocused.postMessage(this._passwordFormMessageSerializer(this._frameID,
isInsecureAction));
+
window.webkit.messageHandlers.passwordFormFocused.postMessage(this._passwordFormMessageSerializer(this._frameID,
isFormActionInsecure));
}
_findPasswordFields()
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
