Add support for importmap integrity #28253
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yoavweiss
force-pushed
the
importmap_integrity
branch
from
f7bd01e
to
50567d7
Compare
|
EWS run on previous version of this PR (hash 50567d7) |
|
Apologies for my noobness, but my git-webkit script didn't seem to do the right thing when uploading this. |
Ahmad-S792
added
the
WebCore Misc.
webkit-ews-buildbot
added
the
merging-blocked
yoavweiss
changed the title
yoavweiss
force-pushed
the
importmap_integrity
branch
from
50567d7
to
5314069
Compare
yoavweiss
changed the title
yoavweiss
changed the title
yoavweiss
force-pushed
the
importmap_integrity
branch
from
5314069
to
3491244
Compare
|
EWS run on previous version of this PR (hash 3491244)
|
yoavweiss
force-pushed
the
importmap_integrity
branch
from
3491244
to
f61a244
Compare
|
EWS run on previous version of this PR (hash f61a244)
|
yoavweiss
force-pushed
the
importmap_integrity
branch
from
f61a244
to
50dc1bb
Compare
|
EWS run on previous version of this PR (hash 50dc1bb)
|
yoavweiss
force-pushed
the
importmap_integrity
branch
from
50dc1bb
to
0e261b9
Compare
|
EWS run on previous version of this PR (hash 0e261b9)
|
yoavweiss
force-pushed
the
importmap_integrity
branch
from
0e261b9
to
41d987a
Compare
|
EWS run on previous version of this PR (hash 41d987a)
|
yoavweiss
commented
May 14, 2024
| FAIL Modulepreload was not loaded as its integrity check was not ignored assert_unreached: Should have rejected: undefined Reached unreachable code | ||
| PASS Modulepreload was loaded as its correct integrity attribute was not ignored | ||
| PASS Modulepreload was loaded as its empty integrity attribute was not ignored | ||
| FAIL Modulepreload was not loaded as its bad integrity attribute was not ignored assert_unreached: Should have rejected: undefined Reached unreachable code |
There was a problem hiding this comment.
This fails because module preload integrity is not supported.
| @@ -29,6 +29,10 @@ PASS Script load (url:https://localhost:9443/service-workers/service-worker/reso | |||
| PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test27) | |||
| PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test28) | |||
| PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test29) | |||
| PASS Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_module) | |||
| FAIL Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_modulepreload) assert_equals: integrity of Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_modulepreload) must be sha384-foobar. expected "sha384-foobar" but got "" | |||
There was a problem hiding this comment.
This fails because of modulepreload integrity is not supported in this PR.
| @@ -29,6 +29,10 @@ PASS Script load (url:https://localhost:9443/service-workers/service-worker/reso | |||
| PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test27) | |||
| PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test28) | |||
| PASS Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test29) | |||
| PASS Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_module) | |||
| FAIL Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_modulepreload) assert_equals: integrity of Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_modulepreload) must be sha384-foobar. expected "sha384-foobar" but got "" | |||
| FAIL Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_moduleimport) assert_equals: integrity of Module Script load (url:https://localhost:9443/service-workers/service-worker/resources/sample?test_moduleimport) must be sha384-foobar. expected "sha384-foobar" but got "" | |||
There was a problem hiding this comment.
This fails because of the way I implemented static import integrity (only on the response side)
| @@ -90,7 +90,67 @@ | |||
| destination: 'script', | |||
| message: `Script load (url:${actual_url})` | |||
| }; | |||
| frame.contentWindow.load_script_with_integrity(actual_url, integrity); | |||
There was a problem hiding this comment.
This is a manual import, as importing the entire service-workers directory introduced too much unrelated noise
| rejectWithFetchError(*m_context, WTFMove(promise), ExceptionCode::TypeError, "Cannot load script due to integrity mismatch"_s); | ||
| return; | ||
| } | ||
| String integrity = downcast<Document>(*m_context).globalObject()->importMap().getIntegrity(sourceURL); |
There was a problem hiding this comment.
This enforces integrity checks on the response even in cases where the integrity value is not propagated through the request (static imports).
|
There are still a few open questions (as comments), but I'd love an initial review of the approach. |
...Tests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid.html
Outdated
Show resolved
Hide resolved
LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity.html
Show resolved
Hide resolved
...orm-tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html
Outdated
Show resolved
Hide resolved
yoavweiss
force-pushed
the
importmap_integrity
branch
from
b9abcca
to
c710e8d
Compare
|
EWS run on previous version of this PR (hash c710e8d)
|
π ios
π§ͺ wpe-wk2
LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity.html
Outdated
Show resolved
Hide resolved
LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity.html
Outdated
Show resolved
Hide resolved
LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity.html
Outdated
Show resolved
Hide resolved
...Tests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid.html
Show resolved
Hide resolved
yoavweiss
force-pushed
the
importmap_integrity
branch
from
c710e8d
to
f11ae62
Compare
|
EWS run on previous version of this PR (hash f11ae62)
|
yoavweiss
force-pushed
the
importmap_integrity
branch
from
f11ae62
to
b224e85
Compare
|
EWS run on previous version of this PR (hash b224e85)
|
rniwa
reviewed
May 21, 2024
rniwa
reviewed
May 21, 2024
rniwa
reviewed
May 21, 2024
rniwa
reviewed
May 21, 2024
yoavweiss
force-pushed
the
importmap_integrity
branch
from
b224e85
to
ac14677
Compare
|
EWS run on current version of this PR (hash ac14677)
|
rniwa
approved these changes
May 21, 2024
marcoscaceres
approved these changes
May 21, 2024
|
@yoavweiss, ping me if/when you need me to add it to the merge queue. |
marcoscaceres
added
merge-queue
https://bugs.webkit.org/show_bug.cgi?id=272884 Reviewed by Ryosuke Niwa. Imported ES modules can't currently have integrity checks, which means they can't be used in sites where integrity checks are a necessity, for security and privacy reasons. This implements such support, by adding an "integrity" section to import maps. See whatwg/html#10269 * LayoutTests/TestExpectations: Ignored console logs to avoid flakiness * LayoutTests/imported/w3c/web-platform-tests/import-maps/WEB_FEATURES.yml: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/data-driven/resources/test-helper.js: (createTestIframe): Updated through import. * LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity.html: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid.html: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity.html: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/nonimport-integrity-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/nonimport-integrity.html: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/static-integrity-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/static-integrity.html: Added. * LayoutTests/imported/w3c/web-platform-tests/import-maps/w3c-import.log: Imports. * LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt: Updated. * LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https.html: Updated to cover Request.integrity. * LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html: Updated to cover Request.integrity. * LayoutTests/platform/glib/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt: Updated. * Source/JavaScriptCore/runtime/ImportMap.cpp: (JSC::ImportMap::resolveImportMatch): Typos and spec link. (JSC::parseURLLikeModuleSpecifier): Typos and spec link. (JSC::ImportMap::resolve const): Typos and spec link. (JSC::normalizeSpecifierKey): Typos and spec link. (JSC::sortAndNormalizeSpecifierMap): Typos and spec link. (JSC::ImportMap::registerImportMap): Add parsing for the integrity section. (JSC::ImportMap::getIntegrity const): Getter for integrity based on URL. * Source/JavaScriptCore/runtime/ImportMap.h: * Source/WebCore/bindings/js/ScriptModuleLoader.cpp: (WebCore::ScriptModuleLoader::importModule): Add integrity to outgoing requests. (WebCore::ScriptModuleLoader::notifyFinished): Enforce integrity from the importmap on responses, even if integrity wasn't present in the request. Needed for static imports triggered by JSCore. * Source/WebCore/dom/ScriptElement.cpp: (WebCore::ScriptElement::requestModuleScript): Add integrity to outgoing requests for top-level modules, if they don't already have an integrity attribute. Canonical link: https://commits.webkit.org/279096@main
webkit-commit-queue
force-pushed
the
importmap_integrity
branch
from
ac14677
to
339bcec
Compare
|
Committed 279096@main (339bcec): https://commits.webkit.org/279096@main Reviewed commits have been landed. Closing PR #28253 and removing active labels. |
webkit-commit-queue
removed
the
merge-queue
This was referenced May 22, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
339bcec
ac14677