Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(100)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/service_worker/service_worker_dispatcher_host.cc

Issue 1099453005: Switch web API/permission code to use IsOriginSecure() instead of SchemeIsSecure(). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Remove an ad-hoc definition of IsSchemeSecure() from a header file. Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/appcache/appcache_update_job.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/service_worker/service_worker_dispatcher_host.h" 5 #include "content/browser/service_worker/service_worker_dispatcher_host.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/profiler/scoped_tracker.h" 8 #include "base/profiler/scoped_tracker.h"
9 #include "base/strings/utf_string_conversions.h" 9 #include "base/strings/utf_string_conversions.h"
10 #include "base/trace_event/trace_event.h" 10 #include "base/trace_event/trace_event.h"
11 #include "chrome/common/origin_util.h"
11 #include "content/browser/message_port_message_filter.h" 12 #include "content/browser/message_port_message_filter.h"
12 #include "content/browser/message_port_service.h" 13 #include "content/browser/message_port_service.h"
13 #include "content/browser/service_worker/embedded_worker_registry.h" 14 #include "content/browser/service_worker/embedded_worker_registry.h"
14 #include "content/browser/service_worker/service_worker_context_core.h" 15 #include "content/browser/service_worker/service_worker_context_core.h"
15 #include "content/browser/service_worker/service_worker_context_wrapper.h" 16 #include "content/browser/service_worker/service_worker_context_wrapper.h"
16 #include "content/browser/service_worker/service_worker_handle.h" 17 #include "content/browser/service_worker/service_worker_handle.h"
17 #include "content/browser/service_worker/service_worker_registration.h" 18 #include "content/browser/service_worker/service_worker_registration.h"
18 #include "content/browser/service_worker/service_worker_registration_handle.h" 19 #include "content/browser/service_worker/service_worker_registration_handle.h"
19 #include "content/browser/service_worker/service_worker_utils.h" 20 #include "content/browser/service_worker/service_worker_utils.h"
20 #include "content/common/service_worker/embedded_worker_messages.h" 21 #include "content/common/service_worker/embedded_worker_messages.h"
(...skipping 22 matching lines...) Expand all
43 const uint32 kFilteredMessageClasses[] = { 44 const uint32 kFilteredMessageClasses[] = {
44 ServiceWorkerMsgStart, 45 ServiceWorkerMsgStart,
45 EmbeddedWorkerMsgStart, 46 EmbeddedWorkerMsgStart,
46 }; 47 };
47 48
48 bool AllOriginsMatch(const GURL& url_a, const GURL& url_b, const GURL& url_c) { 49 bool AllOriginsMatch(const GURL& url_a, const GURL& url_b, const GURL& url_c) {
49 return url_a.GetOrigin() == url_b.GetOrigin() && 50 return url_a.GetOrigin() == url_b.GetOrigin() &&
50 url_a.GetOrigin() == url_c.GetOrigin(); 51 url_a.GetOrigin() == url_c.GetOrigin();
51 } 52 }
52 53
53 // TODO(dominicc): When crbug.com/362214 is fixed use that to be
54 // consistent with Blink's
55 // SecurityOrigin::canAccessFeatureRequiringSecureOrigin.
56 bool OriginCanAccessServiceWorkers(const GURL& url) {
57 return url.SchemeIsHTTPOrHTTPS() &&
58 (url.SchemeIsSecure() || net::IsLocalhost(url.host()));
59 }
60
61 bool CanRegisterServiceWorker(const GURL& document_url, 54 bool CanRegisterServiceWorker(const GURL& document_url,
62 const GURL& pattern, 55 const GURL& pattern,
63 const GURL& script_url) { 56 const GURL& script_url) {
64 DCHECK(document_url.is_valid()); 57 DCHECK(document_url.is_valid());
65 DCHECK(pattern.is_valid()); 58 DCHECK(pattern.is_valid());
66 DCHECK(script_url.is_valid()); 59 DCHECK(script_url.is_valid());
67 return AllOriginsMatch(document_url, pattern, script_url) && 60 return AllOriginsMatch(document_url, pattern, script_url) &&
68 OriginCanAccessServiceWorkers(document_url) && 61 IsOriginSecure(document_url) && IsOriginSecure(pattern) &&
69 OriginCanAccessServiceWorkers(pattern) && 62 IsOriginSecure(script_url);
nhiroki 2015/04/23 01:29:58 IsOriginSecure() is not sufficient here because Se
lgarron 2015/04/23 02:06:04 Drive-by comments are welcome! You're right, that
70 OriginCanAccessServiceWorkers(script_url);
71 } 63 }
72 64
73 bool CanUnregisterServiceWorker(const GURL& document_url, 65 bool CanUnregisterServiceWorker(const GURL& document_url,
74 const GURL& pattern) { 66 const GURL& pattern) {
75 DCHECK(document_url.is_valid()); 67 DCHECK(document_url.is_valid());
76 DCHECK(pattern.is_valid()); 68 DCHECK(pattern.is_valid());
77 return document_url.GetOrigin() == pattern.GetOrigin() && 69 return document_url.GetOrigin() == pattern.GetOrigin() &&
78 OriginCanAccessServiceWorkers(document_url) && 70 IsOriginSecure(document_url) && IsOriginSecure(pattern);
79 OriginCanAccessServiceWorkers(pattern);
80 } 71 }
81 72
82 bool CanGetRegistration(const GURL& document_url, 73 bool CanGetRegistration(const GURL& document_url,
83 const GURL& given_document_url) { 74 const GURL& given_document_url) {
84 DCHECK(document_url.is_valid()); 75 DCHECK(document_url.is_valid());
85 DCHECK(given_document_url.is_valid()); 76 DCHECK(given_document_url.is_valid());
86 return document_url.GetOrigin() == given_document_url.GetOrigin() && 77 return document_url.GetOrigin() == given_document_url.GetOrigin() &&
87 OriginCanAccessServiceWorkers(document_url) && 78 IsOriginSecure(document_url) && IsOriginSecure(given_document_url);
88 OriginCanAccessServiceWorkers(given_document_url);
89 } 79 }
90 80
91 } // namespace 81 } // namespace
92 82
93 ServiceWorkerDispatcherHost::ServiceWorkerDispatcherHost( 83 ServiceWorkerDispatcherHost::ServiceWorkerDispatcherHost(
94 int render_process_id, 84 int render_process_id,
95 MessagePortMessageFilter* message_port_message_filter, 85 MessagePortMessageFilter* message_port_message_filter,
96 ResourceContext* resource_context) 86 ResourceContext* resource_context)
97 : BrowserMessageFilter(kFilteredMessageClasses, 87 : BrowserMessageFilter(kFilteredMessageClasses,
98 arraysize(kFilteredMessageClasses)), 88 arraysize(kFilteredMessageClasses)),
(...skipping 936 matching lines...) Expand 10 before | Expand all | Expand 10 after
1035 ServiceWorkerHandle* handle = handles_.Lookup(handle_id); 1025 ServiceWorkerHandle* handle = handles_.Lookup(handle_id);
1036 if (!handle) { 1026 if (!handle) {
1037 BadMessageReceived(); 1027 BadMessageReceived();
1038 return; 1028 return;
1039 } 1029 }
1040 handle->version()->StopWorker( 1030 handle->version()->StopWorker(
1041 base::Bind(&ServiceWorkerUtils::NoOpStatusCallback)); 1031 base::Bind(&ServiceWorkerUtils::NoOpStatusCallback));
1042 } 1032 }
1043 1033
1044 } // namespace content 1034 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/appcache/appcache_update_job.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698