Add web extensions API to allowlist access to a security origin

Fix Security Origin handling in network process

Currently, when a custom uri scheme handler is registered, its
existence is not passed to the network process. Consequently,
when creating a SecurityOrigin object for an URI that uses a custom
scheme handler, the instance may be created as unique due
shouldTreatAsUniqueOrigin() not detecting the associated scheme as
registered (in LegacySchemeRegistry).

This will cause calls to SecurityPolicy::isAccessAllowed() to not
return the correct authorization in case a custom URI is whitelisted
using webkit_web_extension_add_origin_access_whitelist_entry() API,
which leads to the inclusion of the "Origin" header with the custom URI
in network requests when it should not be included in such case.

Author: pgorszkowski-igalia

Source/WebCore/page/SecurityOrigin.cpp

@@ -32,6 +32,7 @@
 #include "BlobURL.h"
 #include "LegacySchemeRegistry.h"
 #include "OriginAccessEntry.h"
+#include "OriginAccessPatterns.h"
 #include "PublicSuffixStore.h"
 #include "RuntimeApplicationChecks.h"
 #include "SecurityPolicy.h"
@@ -290,6 +291,8 @@ bool SecurityOrigin::isSameOriginDomain(const SecurityOrigin& other) const
     if (canAccess && isLocal())
         canAccess = passesFileCheck(other);
 
+    canAccess |= SecurityPolicy::isAccessAllowed(*this, other, other.toURL(), EmptyOriginAccessPatterns::singleton());
+
     return canAccess;
 }
 

Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp

@@ -82,6 +82,7 @@
 #include <WebCore/DeprecatedGlobalSettings.h>
 #include <WebCore/DocumentStorageAccess.h>
 #include <WebCore/HTTPCookieAcceptPolicy.h>
+#include <WebCore/LegacySchemeRegistry.h>
 #include <WebCore/LogInitialization.h>
 #include <WebCore/NetworkStorageSession.h>
 #include <WebCore/ResourceError.h>
@@ -771,6 +772,11 @@ void NetworkConnectionToWebProcess::registerURLSchemesAsCORSEnabled(Vector<Strin
         m_schemeRegistry->registerURLSchemeAsCORSEnabled(WTFMove(scheme));
 }
 
+void NetworkConnectionToWebProcess::registerURLSchemeAsHandledBySchemeHandler(const String& scheme)
+{
+    WebCore::LegacySchemeRegistry::registerURLSchemeAsHandledBySchemeHandler(scheme);
+}
+
 void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, FrameIdentifier frameID, PageIdentifier pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String cookieString, bool secureCookiesAccessed)>&& completionHandler)
 {
     MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false));

Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h

@@ -271,6 +271,8 @@ class NetworkConnectionToWebProcess
 
     void registerURLSchemesAsCORSEnabled(Vector<String>&& schemes);
 
+    void registerURLSchemeAsHandledBySchemeHandler(const String& scheme);
+
     void cookiesForDOM(const URL& firstParty, const WebCore::SameSiteInfo&, const URL&, WebCore::FrameIdentifier, WebCore::PageIdentifier, WebCore::IncludeSecureCookies, WebCore::ApplyTrackingPrevention, WebCore::ShouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String cookieString, bool secureCookiesAccessed)>&&);
     void setCookiesFromDOM(const URL& firstParty, const WebCore::SameSiteInfo&, const URL&, WebCore::FrameIdentifier, WebCore::PageIdentifier, WebCore::ApplyTrackingPrevention, const String& cookieString, WebCore::ShouldRelaxThirdPartyCookieBlocking);
     void cookieRequestHeaderFieldValue(const URL& firstParty, const WebCore::SameSiteInfo&, const URL&, std::optional<WebCore::FrameIdentifier>, std::optional<WebCore::PageIdentifier>, WebCore::IncludeSecureCookies, WebCore::ApplyTrackingPrevention, WebCore::ShouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String cookieString, bool secureCookiesAccessed)>&&);

Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in

@@ -109,6 +109,7 @@ messages -> NetworkConnectionToWebProcess LegacyReceiver {
     PostMessageToRemote(struct WebCore::MessageWithMessagePorts message, struct WebCore::MessagePortIdentifier remote)
     DidDeliverMessagePortMessages(uint64_t messageBatchIdentifier)
     RegisterURLSchemesAsCORSEnabled(Vector<String> schemes);
+    RegisterURLSchemeAsHandledBySchemeHandler(String scheme)
     SetCORSDisablingPatterns(WebCore::PageIdentifier pageIdentifier, Vector<String> patterns)
 #if PLATFORM(MAC)
     GetProcessDisplayName(struct WebKit::CoreIPCAuditToken auditToken) -> (String displayName)

Source/WebKit/PlatformWPE.cmake

@@ -730,6 +730,7 @@ GI_INTROSPECT(${WPE_WEB_PROCESS_EXTENSION_API_NAME} ${WPE_API_VERSION} wpe/${WPE
         ${DERIVED_SOURCES_WPE_API_DIR}/WebKitContextMenuActions.h
         ${DERIVED_SOURCES_WPE_API_DIR}/WebKitContextMenuItem.h
         ${DERIVED_SOURCES_WPE_API_DIR}/WebKitHitTestResult.h
+        ${DERIVED_SOURCES_WPE_API_DIR}/WebKitSecurityOrigin.h
         ${DERIVED_SOURCES_WPE_API_DIR}/WebKitUserMessage.h
         ${DERIVED_SOURCES_WPE_API_DIR}/WebKitURIRequest.h
         ${DERIVED_SOURCES_WPE_API_DIR}/WebKitURIResponse.h

Source/WebKit/UIProcess/API/glib/WebKitSecurityOrigin.h.in

@@ -17,7 +17,7 @@
  * Boston, MA 02110-1301, USA.
  */
 
-@API_SINGLE_HEADER_CHECK@
+@SHARED_API_SINGLE_HEADER_CHECK@
 
 #ifndef WebKitSecurityOrigin_h
 #define WebKitSecurityOrigin_h

Source/WebKit/WebProcess/InjectedBundle/API/glib/WebKitWebExtension.cpp

@@ -23,6 +23,7 @@
 #include "APIDictionary.h"
 #include "APIInjectedBundleBundleClient.h"
 #include "APIString.h"
+#include "WebKitSecurityOriginPrivate.h"
 #include "WebKitUserMessagePrivate.h"
 #include "WebKitWebPagePrivate.h"
 #include "WebKitWebProcessExtensionPrivate.h"
@@ -122,6 +123,7 @@ enum {
 typedef HashMap<WebPage*, GRefPtr<WebKitWebPage> > WebPageMap;
 
 struct _WebKitWebExtensionPrivate {
+    RefPtr<InjectedBundle> bundle;
     WebPageMap pages;
 #if ENABLE(DEVELOPER_MODE)
     bool garbageCollectOnPageDestroy;
@@ -204,6 +206,7 @@ class WebExtensionInjectedBundleClient final : public API::InjectedBundle::Clien
 WebKitWebExtension* webkitWebProcessExtensionCreate(InjectedBundle* bundle)
 {
     WebKitWebExtension* extension = WEBKIT_WEB_EXTENSION(g_object_new(WEBKIT_TYPE_WEB_EXTENSION, NULL));
+    extension->priv->bundle = bundle;
     bundle->setClient(makeUnique<WebExtensionInjectedBundleClient>(extension));
     return extension;
 }
@@ -246,6 +249,31 @@ WebKitWebPage* webkit_web_extension_get_page(WebKitWebExtension* extension, guin
     return 0;
 }
 
+void webkit_web_extension_add_origin_access_whitelist_entry(WebKitWebExtension* extension, WebKitSecurityOrigin* origin, const char* protocol, const char* host, gboolean allowSubdomains)
+{
+    g_return_if_fail(WEBKIT_IS_WEB_EXTENSION(extension));
+    g_return_if_fail(origin);
+    g_return_if_fail(protocol);
+
+    extension->priv->bundle->addOriginAccessAllowListEntry(webkitSecurityOriginGetSecurityOriginData(origin).toString(), String::fromUTF8(protocol), String::fromUTF8(host), host ? allowSubdomains : true);
+}
+
+void webkit_web_extension_remove_origin_access_whitelist_entry(WebKitWebExtension* extension, WebKitSecurityOrigin* origin, const char* protocol, const char* host, gboolean allowSubdomains)
+{
+    g_return_if_fail(WEBKIT_IS_WEB_EXTENSION(extension));
+    g_return_if_fail(origin);
+    g_return_if_fail(protocol);
+
+    extension->priv->bundle->removeOriginAccessAllowListEntry(webkitSecurityOriginGetSecurityOriginData(origin).toString(), String::fromUTF8(protocol), String::fromUTF8(host), host ? allowSubdomains : true);
+}
+
+void webkit_web_extension_reset_origin_access_whitelists(WebKitWebExtension* extension)
+{
+    g_return_if_fail(WEBKIT_IS_WEB_EXTENSION(extension));
+
+    extension->priv->bundle->resetOriginAccessAllowLists();
+}
+
 /**
  * webkit_web_extension_send_message_to_context:
  * @extension: a #WebKitWebExtension

Source/WebKit/WebProcess/InjectedBundle/API/glib/WebKitWebExtension.h.in

@@ -24,6 +24,7 @@
 
 #include <glib-object.h>
 #include <@API_INCLUDE_PREFIX@/WebKitDefines.h>
+#include <@API_INCLUDE_PREFIX@/WebKitSecurityOrigin.h>
 #include <@API_INCLUDE_PREFIX@/WebKitUserMessage.h>
 #include <@API_INCLUDE_PREFIX@/WebKitWebPage.h>
 
@@ -74,6 +75,23 @@ WEBKIT_API WebKitWebPage *
 webkit_web_extension_get_page                       (WebKitWebExtension *extension,
                                                      guint64             page_id);
 
+WEBKIT_API void
+webkit_web_extension_add_origin_access_whitelist_entry    (WebKitWebExtension   *extension,
+                                                           WebKitSecurityOrigin *origin,
+                                                           const gchar          *protocol,
+                                                           const gchar          *host,
+                                                           gboolean              allow_subdomains);
+
+WEBKIT_API void
+webkit_web_extension_remove_origin_access_whitelist_entry (WebKitWebExtension   *extension,
+                                                           WebKitSecurityOrigin *origin,
+                                                           const gchar          *protocol,
+                                                           const gchar          *host,
+                                                           gboolean              allow_subdomains);
+
+WEBKIT_API void
+webkit_web_extension_reset_origin_access_whitelists       (WebKitWebExtension   *extension);
+
 WEBKIT_API void
 webkit_web_extension_send_message_to_context        (WebKitWebExtension *extension,
                                                      WebKitUserMessage  *message,

Source/WebKit/WebProcess/WebPage/WebPage.cpp

@@ -8115,6 +8115,7 @@ void WebPage::registerURLSchemeHandler(WebURLSchemeHandlerIdentifier handlerIden
     WebCore::LegacySchemeRegistry::registerURLSchemeAsCORSEnabled(scheme);
     auto schemeResult = m_schemeToURLSchemeHandlerProxyMap.add(scheme, WebURLSchemeHandlerProxy::create(*this, handlerIdentifier));
     m_identifierToURLSchemeHandlerProxyMap.add(handlerIdentifier, *schemeResult.iterator->value);
+    WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::RegisterURLSchemeAsHandledBySchemeHandler { scheme }, 0);
 }
 
 void WebPage::urlSchemeTaskWillPerformRedirection(WebURLSchemeHandlerIdentifier handlerIdentifier, WebCore::ResourceLoaderIdentifier taskIdentifier, ResourceResponse&& response, ResourceRequest&& request, CompletionHandler<void(WebCore::ResourceRequest&&)>&& completionHandler)