-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for importmap integrity #28253
Add support for importmap integrity #28253
Conversation
f7bd01e
to
50567d7
Compare
EWS run on previous version of this PR (hash 50567d7) |
Apologies for my noobness, but my git-webkit script didn't seem to do the right thing when uploading this. |
50567d7
to
5314069
Compare
5314069
to
3491244
Compare
EWS run on previous version of this PR (hash 3491244)
|
3491244
to
f61a244
Compare
EWS run on previous version of this PR (hash f61a244)
|
f61a244
to
50dc1bb
Compare
EWS run on previous version of this PR (hash 50dc1bb)
|
50dc1bb
to
0e261b9
Compare
EWS run on previous version of this PR (hash 0e261b9)
|
0e261b9
to
41d987a
Compare
EWS run on previous version of this PR (hash 41d987a)
|
FAIL Modulepreload was not loaded as its integrity check was not ignored assert_unreached: Should have rejected: undefined Reached unreachable code | ||
PASS Modulepreload was loaded as its correct integrity attribute was not ignored | ||
PASS Modulepreload was loaded as its empty integrity attribute was not ignored | ||
FAIL Modulepreload was not loaded as its bad integrity attribute was not ignored assert_unreached: Should have rejected: undefined Reached unreachable code |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This fails because module preload integrity is not supported.
@@ -29,6 +29,10 @@ PASS Script load (url:https://localhost:9443/service-workers/service-worker/reso | |||
PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test27) | |||
PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test28) | |||
PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test29) | |||
PASS Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_module) | |||
FAIL Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_modulepreload) assert_equals: integrity of Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_modulepreload) must be sha384-foobar. expected "sha384-foobar" but got "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This fails because of modulepreload integrity is not supported in this PR.
@@ -29,6 +29,10 @@ PASS Script load (url:https://localhost:9443/service-workers/service-worker/reso | |||
PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test27) | |||
PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test28) | |||
PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test29) | |||
PASS Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_module) | |||
FAIL Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_modulepreload) assert_equals: integrity of Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_modulepreload) must be sha384-foobar. expected "sha384-foobar" but got "" | |||
FAIL Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_moduleimport) assert_equals: integrity of Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_moduleimport) must be sha384-foobar. expected "sha384-foobar" but got "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This fails because of the way I implemented static import integrity (only on the response side)
@@ -90,7 +90,67 @@ | |||
destination: 'script', | |||
message: `Script load (url:${actual_url})` | |||
}; | |||
frame.contentWindow.load_script_with_integrity(actual_url, integrity); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a manual import, as importing the entire service-workers directory introduced too much unrelated noise
rejectWithFetchError(*m_context, WTFMove(promise), ExceptionCode::TypeError, "Cannot load script due to integrity mismatch"_s); | ||
return; | ||
} | ||
String integrity = downcast<Document>(*m_context).globalObject()->importMap().getIntegrity(sourceURL); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This enforces integrity checks on the response even in cases where the integrity value is not propagated through the request (static imports).
There are still a few open questions (as comments), but I'd love an initial review of the approach. |
...Tests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid.html
Outdated
Show resolved
Hide resolved
LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity.html
Show resolved
Hide resolved
...orm-tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html
Outdated
Show resolved
Hide resolved
b9abcca
to
c710e8d
Compare
EWS run on previous version of this PR (hash c710e8d)
|
LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity.html
Outdated
Show resolved
Hide resolved
LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity.html
Outdated
Show resolved
Hide resolved
LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity.html
Outdated
Show resolved
Hide resolved
...Tests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid.html
Show resolved
Hide resolved
c710e8d
to
f11ae62
Compare
EWS run on previous version of this PR (hash f11ae62)
|
f11ae62
to
b224e85
Compare
EWS run on previous version of this PR (hash b224e85)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for reviewing!
b224e85
to
ac14677
Compare
EWS run on current version of this PR (hash ac14677)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Non-reviewer r+ on the tests, with that additional one I suggested.
@yoavweiss, ping me if/when you need me to add it to the merge queue. |
https://bugs.webkit.org/show_bug.cgi?id=272884 Reviewed by Ryosuke Niwa. Imported ES modules can't currently have integrity checks, which means they can't be used in sites where integrity checks are a necessity, for security and privacy reasons. This implements such support, by adding an "integrity" section to import maps. See whatwg/html#10269 * LayoutTests/TestExpectations: Ignored console logs to avoid flakiness * LayoutTests/imported/w3c/web-platform-tests/import-maps/WEB_FEATURES.yml: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/data-driven/resources/test-helper.js: (createTestIframe): Updated through import. * LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity.html: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid.html: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity.html: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/nonimport-integrity-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/nonimport-integrity.html: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/static-integrity-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/static-integrity.html: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/w3c-import.log: Imports. * LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt: Updated. * LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https.html: Updated to cover Request.integrity. * LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html: Updated to cover Request.integrity. * LayoutTests/platform/glib/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt: Updated. * Source/JavaScriptCore/runtime/ImportMap.cpp: (JSC::ImportMap::resolveImportMatch): Typos and spec link. (JSC::parseURLLikeModuleSpecifier): Typos and spec link. (JSC::ImportMap::resolve const): Typos and spec link. (JSC::normalizeSpecifierKey): Typos and spec link. (JSC::sortAndNormalizeSpecifierMap): Typos and spec link. (JSC::ImportMap::registerImportMap): Add parsing for the integrity section. (JSC::ImportMap::getIntegrity const): Getter for integrity based on URL. * Source/JavaScriptCore/runtime/ImportMap.h: * Source/WebCore/bindings/js/ScriptModuleLoader.cpp: (WebCore::ScriptModuleLoader::importModule): Add integrity to outgoing requests. (WebCore::ScriptModuleLoader::notifyFinished): Enforce integrity from the importmap on responses, even if integrity wasn't present in the request. Needed for static imports triggered by JSCore. * Source/WebCore/dom/ScriptElement.cpp: (WebCore::ScriptElement::requestModuleScript): Add integrity to outgoing requests for top-level modules, if they don't already have an integrity attribute. Canonical link: https://commits.webkit.org/279096@main
ac14677
to
339bcec
Compare
Committed 279096@main (339bcec): https://commits.webkit.org/279096@main Reviewed commits have been landed. Closing PR #28253 and removing active labels. |
339bcec
ac14677