Source/modules/quota/StorageManager.cpp - Issue 1154573005: Expose Durable Storage API to script

Side by Side Diff: Source/modules/quota/StorageManager.cpp

Issue 1154573005: Expose Durable Storage API to script (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: update comment Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "config.h"

	6 #include "modules/quota/StorageManager.h"

	7

	8 #include "bindings/core/v8/ScriptPromiseResolver.h"

	9 #include "core/dom/DOMError.h"
	jsbell 2015/08/03 19:57:41 DOMError is not used? DOMError is not used? dgrogan 2015/08/06 23:52:02 Only as a vehicle for ExceptionCode.h. Fixed. Show quoted text On 2015/08/03 19:57:41, jsbell wrote: > DOMError is not used? Only as a vehicle for ExceptionCode.h. Fixed.
	10 #include "core/dom/Document.h"

	11 #include "modules/permissions/Permissions.h"

	12 #include "public/platform/Platform.h"

	13 #include "public/platform/WebCallbacks.h"

	14 #include "public/platform/modules/permissions/WebPermissionClient.h"

	15 #include "public/platform/modules/permissions/WebPermissionStatus.h"

	16

	17 namespace blink {

	18

	19 class DurableStoragePermissionCallbacks : public WebCallbacks<WebPermissionStatu s*, void> {
	jsbell 2015/08/03 19:57:41 Put this class in anonymous namespace? Put this class in anonymous namespace? jsbell 2015/08/03 19:57:41 final? final? dgrogan 2015/08/06 23:52:02 Done. Show quoted text On 2015/08/03 19:57:41, jsbell wrote: > Put this class in anonymous namespace? Done. dgrogan 2015/08/06 23:52:02 Done. Show quoted text On 2015/08/03 19:57:41, jsbell wrote: > final? Done.
	20 public:

	21 DurableStoragePermissionCallbacks(PassRefPtr<ScriptPromiseResolver> resolver )

	22 : m_resolver(resolver)

	23 {

	24 }

	25

	26 void onSuccess(WebPermissionStatus* rawStatus) override

	27 {

	28 OwnPtr<WebPermissionStatus> status = adoptPtr(rawStatus);

	29 String toReturn;

	30 switch (*status) {

	31 case WebPermissionStatusGranted:

	32 toReturn = "granted";

	33 break;

	34 case WebPermissionStatusDenied:

	35 toReturn = "denied";

	36 break;

	37 case WebPermissionStatusPrompt:

	38 toReturn = "default";

	39 break;

	40 }

	41 m_resolver->resolve(toReturn);
	Lalit Maganti 2015/08/04 13:27:41 Not really any work to be done but very similar co Not really any work to be done but very similar code to the above exists in PermissionStatus - maybe find a nice place to consolidate? dgrogan 2015/08/06 23:52:02 It'd be awkward to consolidate while the strings a Show quoted text On 2015/08/04 13:27:41, Lalit Maganti wrote: > Not really any work to be done but very similar code to the above exists in > PermissionStatus - maybe find a nice place to consolidate? It'd be awkward to consolidate while the strings are different. But if, as we talk about elsewhere, this enum is merged with PermissionStatus then a consolidation would be in order.
	42 }

	43 void onError() override

	44 {

	45 ASSERT_NOT_REACHED();
	Lalit Maganti 2015/08/04 13:27:41 I think propogating the error to the resolver may I think propogating the error to the resolver may be the right thing to do here. dgrogan 2015/08/06 23:52:02 I was trying to document that this method can neve Show quoted text On 2015/08/04 13:27:41, Lalit Maganti wrote: > I think propogating the error to the resolver may be the right thing to do here. I was trying to document that this method can never be reached and that I wasn't omitting it unintentionally. But you'd know better than me, can it ever be reached? I don't see it being called in permission_dispatcher.cc. Lalit Maganti 2015/08/07 08:47:28 You're right - currently it cannot be reached. How Show quoted text On 2015/08/06 at 23:52:02, dgrogan wrote: > On 2015/08/04 13:27:41, Lalit Maganti wrote: > > I think propogating the error to the resolver may be the right thing to do here. > > I was trying to document that this method can never be reached and that I wasn't omitting it unintentionally. But you'd know better than me, can it ever be reached? I don't see it being called in permission_dispatcher.cc. You're right - currently it cannot be reached. However, I would think that one day we would make use of this in some way and in that case, it makes sense to be implemented in a sensible way especially because it's very easy to simply reject to the promise with no extra effort required. dgrogan 2015/08/10 22:26:40 I thought about this and still prefer to leave it Show quoted text On 2015/08/07 08:47:28, Lalit Maganti wrote: > You're right - currently it cannot be reached. However, I would think that one > day we would make use of this in some way and in that case, it makes sense to be > implemented in a sensible way especially because it's very easy to simply reject > to the promise with no extra effort required. I thought about this and still prefer to leave it as is for a few reasons. The first is that there'd be no way to test the code that I add; there's no way to invoke the error path because it doesn't exist. Adding untestable code seems suboptimal. The second is what would I make this signature? Currently I specify void in the template above. What would I change that to? I'd have to guess as to what type of the potential future error condition is and if I guess wrong then I haven't saved the future maintainer any work. This is good to think through though, so let me know if I've missed something or you remain unconvinced.
	46 }

	47

	48 private:

	49 RefPtr<ScriptPromiseResolver> m_resolver;

	50 };

	51

	52 ScriptPromise StorageManager::requestPersistent(ScriptState* scriptState)

	53 {

	54 RefPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver::create(scrip tState);

	55 ScriptPromise promise = resolver->promise();

	56 ExecutionContext* executionContext = scriptState->executionContext();

	57 SecurityOrigin* securityOrigin = executionContext->securityOrigin();

	58 // TODO(dgrogan): Durable is restricted to secure contexts in the browser

	59 // process. Can we do it here too, before jumping the process boundary?
	jsbell 2015/08/03 19:57:41 Yes, use something like: String errorMessage; if Yes, use something like: String errorMessage; if (!executionContext->isPrivilegedContext(&errorMessage)) { resolver->reject(...); return promise; } Then on the Chromium side, terminate the renderer(via BadMessage) if a request comes through from a non-secure origin (since it means this client-side test was bypassed by a compromised renderer) dgrogan 2015/08/06 23:52:02 Done, thanks a lot for the pointer. Show quoted text On 2015/08/03 19:57:41, jsbell wrote: > Yes, use something like: > > String errorMessage; > if (!executionContext->isPrivilegedContext(&errorMessage)) { > resolver->reject(...); > return promise; > } Done, thanks a lot for the pointer. Show quoted text > Then on the Chromium side, terminate the renderer(via BadMessage) if a request > comes through from a non-secure origin (since it means this client-side test was > bypassed by a compromised renderer) Makes sense. I'll have to figure out how to do implement it though. The code I wrote doesn't handle the messages directly but is 2ish steps removed.
	60 if (securityOrigin->isUnique()) {

	61 resolver->reject(DOMException::create(NotSupportedError));

	62 return promise;

	63 }

	64 if (executionContext->isDocument()) {
	mlamouri (slow - plz ping) 2015/08/04 13:15:19 Why do you want to check if it's in a document? Th Why do you want to check if it's in a document? The call will work and will return the current permission state if you are not in a frame. dgrogan 2015/08/06 23:52:02 I should probably rather DCHECK that it's a Docume Show quoted text On 2015/08/04 13:15:19, Mounir Lamouri wrote: > Why do you want to check if it's in a document? The call will work and will > return the current permission state if you are not in a frame. I should probably rather DCHECK that it's a Document seeing as the IDL calls for it to not even be exposed to anything but a Window. I'd been thinking that I want the poor web dev who tries to call requestPersistent from a worker that it won't actually prompt the user.
	65 WebPermissionClient* permissionClient = Permissions::getClient(execution Context);

	66 ASSERT(permissionClient);
	Lalit Maganti 2015/08/04 13:27:41 Should this be DASSERT or ASSERT? I think you can Should this be DASSERT or ASSERT? I think you can simply return an exception like is done in Permissions if this is null. dgrogan 2015/08/06 23:52:02 I don't think DASSERT exists: https://code.google. Show quoted text On 2015/08/04 13:27:41, Lalit Maganti wrote: > Should this be DASSERT or ASSERT? I think you can simply return an exception > like is done in Permissions if this is null. I don't think DASSERT exists: https://code.google.com/p/chromium/codesearch#search/&q=case:yes%20DASSERT&sq... ... but you're right, this case should be handled and not ASSERTed. Done. Lalit Maganti 2015/08/07 08:47:28 Apologies - I meant DCHECK Show quoted text On 2015/08/06 at 23:52:02, dgrogan wrote: > On 2015/08/04 13:27:41, Lalit Maganti wrote: > > Should this be DASSERT or ASSERT? I think you can simply return an exception > > like is done in Permissions if this is null. > > I don't think DASSERT exists: > https://code.google.com/p/chromium/codesearch#search/&q=case:yes%20DASSERT&sq... > > ... but you're right, this case should be handled and not ASSERTed. > Done. Apologies - I meant DCHECK
	67 permissionClient->requestPermission(WebPermissionTypeDurableStorage, KUR L(KURL(), scriptState->executionContext()->securityOrigin()->toString()), new Du rableStoragePermissionCallbacks(resolver));

	68 } else {

	69 resolver->reject(DOMException::create(NotSupportedError));

	70 return promise;

	71 }

	72

	73 return promise;

	74 }

	75

	76 ScriptPromise StorageManager::persistentPermission(ScriptState* scriptState)

	77 {

	78 // TODO(dgrogan): Add a test for calling this method on a file:/// origin.

	79 RefPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver::create(scrip tState);

	80 ScriptPromise promise = resolver->promise();

	81 WebPermissionClient* permissionClient = Permissions::getClient(scriptState-> executionContext());

	82 permissionClient->queryPermission(WebPermissionTypeDurableStorage, KURL(KURL (), scriptState->executionContext()->securityOrigin()->toString()), new DurableS toragePermissionCallbacks(resolver));

	83 return promise;

	84 }

	85

	86 } // namespace blink

OLD	NEW

« Source/modules/quota/StorageManager.h ('K') | « Source/modules/quota/StorageManager.h ('k') | Source/modules/quota/StorageManager.idl » ('j') | Source/modules/quota/StorageManager.idl » ('J')