[epiphany/mcatanzaro/pdfjs-2.9.359: 5/6] Add ephy-resource:// to CORS allowlist for access from PDF.js
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/mcatanzaro/pdfjs-2.9.359: 5/6] Add ephy-resource:// to CORS allowlist for access from PDF.js
- Date: Tue, 10 Aug 2021 02:01:17 +0000 (UTC)
commit 63a02a53d9ebbae437a40947cd25d190d8c0ac3f
Author: Michael Catanzaro <mcatanzaro redhat com>
Date: Mon Aug 9 16:59:37 2021 -0500
Add ephy-resource:// to CORS allowlist for access from PDF.js
The new version of PDF.js is having trouble loading our icons via
ephy-resource:// URIs. We're going to need to disable CORS to solve
this. We can replace it with some custom security checks to restrict
resource access as far as practical based on the URI scheme of the main
resource. Error page assets will have to be left open, though. It's
pretty hard to see how that could be abused, so I think it's OK.
embed/ephy-embed-shell.c | 35 ++++++++++++++++++++++++++++++-----
embed/ephy-web-view.c | 6 ++++++
src/resources/epiphany.gresource.xml | 26 +++++++++++++++-----------
src/resources/error.html | 2 +-
4 files changed, 52 insertions(+), 17 deletions(-)
---
diff --git a/embed/ephy-embed-shell.c b/embed/ephy-embed-shell.c
index a717836c1..63da08954 100644
--- a/embed/ephy-embed-shell.c
+++ b/embed/ephy-embed-shell.c
@@ -714,6 +714,8 @@ ephy_resource_request_cb (WebKitURISchemeRequest *request)
{
const char *path;
gsize size;
+ WebKitWebView *request_view;
+ const char *uri;
g_autoptr (GInputStream) stream = NULL;
g_autoptr (GError) error = NULL;
@@ -723,11 +725,34 @@ ephy_resource_request_cb (WebKitURISchemeRequest *request)
return;
}
- stream = g_resources_open_stream (path, 0, &error);
- if (stream)
- webkit_uri_scheme_request_finish (request, stream, size, NULL);
- else
- webkit_uri_scheme_request_finish_error (request, error);
+ request_view = webkit_uri_scheme_request_get_web_view (request);
+ uri = webkit_web_view_get_uri (request_view);
+
+ /* ephy-resource:// requests bypass CORS in order to allow ephy-pdf:// to
+ * access ephy-resource://. Accordingly, we need some custom security to
+ * prevent websites from directly accessing ephy-resource://.
+ *
+ * We'll have to leave open /page-icons and /page-templates since they are
+ * needed for our alternate HTML error pages.
+ */
+ if (g_str_has_prefix (uri, "ephy-resource:") ||
+ g_str_has_prefix (path, "/org/gnome/epiphany/page-icons/") ||
+ g_str_has_prefix (path, "/org/gnome/epiphany/page-templates/") ||
+ (g_str_has_prefix (uri, "ephy-pdf:") && g_str_has_prefix (path, "/org/gnome/epiphany/pdfjs/")) ||
+ (g_str_has_prefix (uri, "ephy-reader:") && g_str_has_prefix (path,
"/org/gnome/epiphany/readability/")) ||
+ (g_str_has_prefix (uri, "ephy-source:") && g_str_has_prefix (path,
"/org/gnome/epiphany/highlightjs/"))) {
+ stream = g_resources_open_stream (path, 0, &error);
+ if (stream)
+ webkit_uri_scheme_request_finish (request, stream, size, NULL);
+ else
+ webkit_uri_scheme_request_finish_error (request, error);
+ return;
+ }
+
+ error = g_error_new (WEBKIT_NETWORK_ERROR, WEBKIT_NETWORK_ERROR_FAILED,
+ _("URI %s not authorized to access Epiphany resource %s"),
+ uri, path);
+ webkit_uri_scheme_request_finish_error (request, error);
}
static void
diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c
index af3830941..6fed0f3f0 100644
--- a/embed/ephy-web-view.c
+++ b/embed/ephy-web-view.c
@@ -3880,6 +3880,7 @@ static void
ephy_web_view_constructed (GObject *object)
{
EphyWebView *web_view = EPHY_WEB_VIEW (object);
+ g_auto (GStrv) cors_allowlist = NULL;
GtkStyleContext *context;
GdkRGBA color;
@@ -3899,6 +3900,11 @@ ephy_web_view_constructed (GObject *object)
context = gtk_widget_get_style_context (GTK_WIDGET (web_view));
if (gtk_style_context_lookup_color (context, "theme_base_color", &color))
webkit_web_view_set_background_color (WEBKIT_WEB_VIEW (web_view), &color);
+
+ cors_allowlist = g_new (char *, 2);
+ cors_allowlist[0] = g_strdup ("ephy-resource://*/*");
+ cors_allowlist[1] = NULL;
+ webkit_web_view_set_cors_allowlist (WEBKIT_WEB_VIEW (web_view), (const char * const *)cors_allowlist);
}
static void
diff --git a/src/resources/epiphany.gresource.xml b/src/resources/epiphany.gresource.xml
index a1b1a1885..2d8c7f69b 100644
--- a/src/resources/epiphany.gresource.xml
+++ b/src/resources/epiphany.gresource.xml
@@ -1,17 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<gresources>
<gresource prefix="/org/gnome/epiphany">
- <file preprocess="xml-stripblanks" compressed="true">channel-insecure-symbolic.svg</file>
- <file preprocess="xml-stripblanks" compressed="true">computer-fail-symbolic.svg</file>
- <file preprocess="xml-stripblanks" compressed="true">private-mode.svg</file>
- <file preprocess="xml-stripblanks" compressed="true">web-watermark.svg</file>
- <file preprocess="xml-stripblanks" compressed="true">overview-remove-item.svg</file>
- <file preprocess="xml-stripblanks" compressed="true">network-error-symbolic.svg</file>
- <file preprocess="xml-stripblanks" compressed="true">security-high-symbolic.svg</file>
<file compressed="true">about.ini</file>
- <file alias="page-templates/about.css" compressed="true">about.css</file>
- <file alias="page-templates/error.css" compressed="true">error.css</file>
- <file alias="page-templates/error.html" compressed="true">error.html</file>
<file preprocess="xml-stripblanks" compressed="true">gtk/action-bar-end.ui</file>
<file preprocess="xml-stripblanks" compressed="true">gtk/action-bar-start.ui</file>
<file preprocess="xml-stripblanks" compressed="true">gtk/action-bar.ui</file>
@@ -44,8 +34,22 @@
<file preprocess="xml-stripblanks" compressed="true">gtk/webapp-additional-urls-dialog.ui</file>
<file preprocess="xml-stripblanks" compressed="true">gtk/web-extensions-dialog.ui</file>
</gresource>
+ <gresource prefix="/org/gnome/epiphany/page-templates">
+ <file compressed="true">about.css</file>
+ <file compressed="true">error.css</file>
+ <file compressed="true">error.html</file>
+ </gresource>
+ <gresource prefix="/org/gnome/epiphany/page-icons">
+ <file preprocess="xml-stripblanks" compressed="true">channel-insecure-symbolic.svg</file>
+ <file preprocess="xml-stripblanks" compressed="true">computer-fail-symbolic.svg</file>
+ <file preprocess="xml-stripblanks" compressed="true">private-mode.svg</file>
+ <file preprocess="xml-stripblanks" compressed="true">web-watermark.svg</file>
+ <file preprocess="xml-stripblanks" compressed="true">overview-remove-item.svg</file>
+ <file preprocess="xml-stripblanks" compressed="true">network-error-symbolic.svg</file>
+ <file preprocess="xml-stripblanks" compressed="true">security-high-symbolic.svg</file>
+ </gresource>
<gresource prefix="/org/gnome/Epiphany/icons">
- <file compressed="true" alias="scalable/actions/ephy-download-symbolic.svg"
preprocess="xml-stripblanks">ephy-download-symbolic.svg</file>
+ <file compressed="true"
alias="scalable/actions/ephy-download-symbolic.svg">ephy-download-symbolic.svg</file>
<file compressed="true"
alias="scalable/actions/ephy-bookmark-tag-symbolic.svg">ephy-bookmark-tag-symbolic.svg</file>
<file compressed="true"
alias="scalable/actions/ephy-reader-mode-symbolic.svg">ephy-reader-mode-symbolic.svg</file>
<file compressed="true"
alias="scalable/status/ephy-audio-muted-symbolic.svg">ephy-audio-muted-symbolic.svg</file>
diff --git a/src/resources/error.html b/src/resources/error.html
index 58e6c06aa..559e70468 100644
--- a/src/resources/error.html
+++ b/src/resources/error.html
@@ -43,7 +43,7 @@
display: block;
width: 128px;
height: 128px;
- background: url(ephy-resource:///org/gnome/epiphany/%s) center no-repeat;
+ background: url(ephy-resource:///org/gnome/epiphany/page-icons/%s) center no-repeat;
background-size: cover;"></span>
<br>
<h1 id="msg-title" class="%s">%s</h1>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
