Chromium Code Reviews Chromium Code Reviews
Issue 1177983007:
Cache Storage: restrict access to secure origins (Blink-side) (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "config.h" | 5 #include "config.h" |
| 6 #include "modules/cachestorage/CacheStorage.h" | 6 #include "modules/cachestorage/CacheStorage.h" |
| 7 | 7 |
| 8 #include "bindings/core/v8/ScriptPromiseResolver.h" | 8 #include "bindings/core/v8/ScriptPromiseResolver.h" |
| 9 #include "bindings/core/v8/ScriptState.h" | 9 #include "bindings/core/v8/ScriptState.h" |
| 10 #include "core/dom/DOMException.h" | 10 #include "core/dom/DOMException.h" |
| 11 #include "core/dom/ExceptionCode.h" | 11 #include "core/dom/ExceptionCode.h" |
| 12 #include "modules/cachestorage/CacheStorageError.h" | 12 #include "modules/cachestorage/CacheStorageError.h" |
| 13 #include "modules/fetch/Request.h" | 13 #include "modules/fetch/Request.h" |
| 14 #include "modules/fetch/Response.h" | 14 #include "modules/fetch/Response.h" |
| 15 #include "public/platform/WebServiceWorkerCacheError.h" | 15 #include "public/platform/WebServiceWorkerCacheError.h" |
| 16 #include "public/platform/WebServiceWorkerCacheStorage.h" | 16 #include "public/platform/WebServiceWorkerCacheStorage.h" |
| 17 | 17 |
| 18 namespace blink { | 18 namespace blink { |
| 19 | 19 |
| 20 namespace { | 20 namespace { |
| 21 | 21 |
| 22 DOMException* createNoImplementationException() | 22 DOMException* createNoImplementationException() |
| 23 { | 23 { |
| 24 return DOMException::create(NotSupportedError, "No CacheStorage implementati on provided."); | 24 return DOMException::create(NotSupportedError, "No CacheStorage implementati on provided."); |
| 25 } | 25 } |
| 26 | 26 |
| 27 bool commonChecks(ScriptState* scriptState, ExceptionState& exceptionState) | |
| 28 { | |
| 29 ExecutionContext* executionContext = scriptState->executionContext(); | |
| 30 // FIXME: May be null due to worker termination: http://crbug.com/413518. | |
| 31 if (!executionContext) | |
| 32 return false; | |
| 33 | |
| 34 RefPtr<SecurityOrigin> documentOrigin = executionContext->securityOrigin(); | |
| 35 String errorMessage; | |
| 36 if (!executionContext->isPrivilegedContext(errorMessage)) { | |
|
jsbell
2015/06/19 20:32:40
Per notes in https://codereview.chromium.org/11920
palmer
2015/06/26 21:13:16
No, this is fine, and correct.
406 bool SecurityO
| |
| 37 exceptionState.throwSecurityError(errorMessage); | |
| 38 return false; | |
| 39 } | |
| 40 return true; | |
| 41 } | |
| 42 | |
| 27 } | 43 } |
| 28 | 44 |
| 29 // FIXME: Consider using CallbackPromiseAdapter. | 45 // FIXME: Consider using CallbackPromiseAdapter. |
| 30 class CacheStorage::Callbacks final : public WebServiceWorkerCacheStorage::Cache StorageCallbacks { | 46 class CacheStorage::Callbacks final : public WebServiceWorkerCacheStorage::Cache StorageCallbacks { |
| 31 WTF_MAKE_NONCOPYABLE(Callbacks); | 47 WTF_MAKE_NONCOPYABLE(Callbacks); |
| 32 public: | 48 public: |
| 33 explicit Callbacks(PassRefPtrWillBeRawPtr<ScriptPromiseResolver> resolver) | 49 explicit Callbacks(PassRefPtrWillBeRawPtr<ScriptPromiseResolver> resolver) |
| 34 : m_resolver(resolver) { } | 50 : m_resolver(resolver) { } |
| 35 virtual ~Callbacks() { } | 51 virtual ~Callbacks() { } |
| 36 | 52 |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 181 | 197 |
| 182 private: | 198 private: |
| 183 RefPtrWillBePersistent<ScriptPromiseResolver> m_resolver; | 199 RefPtrWillBePersistent<ScriptPromiseResolver> m_resolver; |
| 184 }; | 200 }; |
| 185 | 201 |
| 186 CacheStorage* CacheStorage::create(WeakPtr<GlobalFetch::ScopedFetcher> fetcher, WebServiceWorkerCacheStorage* webCacheStorage) | 202 CacheStorage* CacheStorage::create(WeakPtr<GlobalFetch::ScopedFetcher> fetcher, WebServiceWorkerCacheStorage* webCacheStorage) |
| 187 { | 203 { |
| 188 return new CacheStorage(fetcher, adoptPtr(webCacheStorage)); | 204 return new CacheStorage(fetcher, adoptPtr(webCacheStorage)); |
| 189 } | 205 } |
| 190 | 206 |
| 191 ScriptPromise CacheStorage::open(ScriptState* scriptState, const String& cacheNa me) | 207 ScriptPromise CacheStorage::open(ScriptState* scriptState, const String& cacheNa me, ExceptionState& exceptionState) |
| 192 { | 208 { |
| 209 if (!commonChecks(scriptState, exceptionState)) | |
| 210 return ScriptPromise(); | |
| 211 | |
| 193 RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver:: create(scriptState); | 212 RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver:: create(scriptState); |
| 194 const ScriptPromise promise = resolver->promise(); | 213 const ScriptPromise promise = resolver->promise(); |
| 195 | 214 |
| 196 if (m_nameToCacheMap.contains(cacheName)) { | 215 if (m_nameToCacheMap.contains(cacheName)) { |
| 197 Cache* cache = m_nameToCacheMap.find(cacheName)->value; | 216 Cache* cache = m_nameToCacheMap.find(cacheName)->value; |
| 198 resolver->resolve(cache); | 217 resolver->resolve(cache); |
| 199 return promise; | 218 return promise; |
| 200 } | 219 } |
| 201 | 220 |
| 202 if (m_webCacheStorage) | 221 if (m_webCacheStorage) |
| 203 m_webCacheStorage->dispatchOpen(new WithCacheCallbacks(cacheName, this, resolver), cacheName); | 222 m_webCacheStorage->dispatchOpen(new WithCacheCallbacks(cacheName, this, resolver), cacheName); |
| 204 else | 223 else |
| 205 resolver->reject(createNoImplementationException()); | 224 resolver->reject(createNoImplementationException()); |
| 206 | 225 |
| 207 return promise; | 226 return promise; |
| 208 } | 227 } |
| 209 | 228 |
| 210 ScriptPromise CacheStorage::has(ScriptState* scriptState, const String& cacheNam e) | 229 ScriptPromise CacheStorage::has(ScriptState* scriptState, const String& cacheNam e, ExceptionState& exceptionState) |
| 211 { | 230 { |
| 231 if (!commonChecks(scriptState, exceptionState)) | |
| 232 return ScriptPromise(); | |
| 233 | |
| 212 RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver:: create(scriptState); | 234 RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver:: create(scriptState); |
| 213 const ScriptPromise promise = resolver->promise(); | 235 const ScriptPromise promise = resolver->promise(); |
| 214 | 236 |
| 215 if (m_nameToCacheMap.contains(cacheName)) { | 237 if (m_nameToCacheMap.contains(cacheName)) { |
| 216 resolver->resolve(true); | 238 resolver->resolve(true); |
| 217 return promise; | 239 return promise; |
| 218 } | 240 } |
| 219 | 241 |
| 220 if (m_webCacheStorage) | 242 if (m_webCacheStorage) |
| 221 m_webCacheStorage->dispatchHas(new Callbacks(resolver), cacheName); | 243 m_webCacheStorage->dispatchHas(new Callbacks(resolver), cacheName); |
| 222 else | 244 else |
| 223 resolver->reject(createNoImplementationException()); | 245 resolver->reject(createNoImplementationException()); |
| 224 | 246 |
| 225 return promise; | 247 return promise; |
| 226 } | 248 } |
| 227 | 249 |
| 228 ScriptPromise CacheStorage::deleteFunction(ScriptState* scriptState, const Strin g& cacheName) | 250 ScriptPromise CacheStorage::deleteFunction(ScriptState* scriptState, const Strin g& cacheName, ExceptionState& exceptionState) |
| 229 { | 251 { |
| 252 if (!commonChecks(scriptState, exceptionState)) | |
| 253 return ScriptPromise(); | |
| 254 | |
| 230 RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver:: create(scriptState); | 255 RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver:: create(scriptState); |
| 231 const ScriptPromise promise = resolver->promise(); | 256 const ScriptPromise promise = resolver->promise(); |
| 232 | 257 |
| 233 if (m_webCacheStorage) | 258 if (m_webCacheStorage) |
| 234 m_webCacheStorage->dispatchDelete(new DeleteCallbacks(cacheName, this, r esolver), cacheName); | 259 m_webCacheStorage->dispatchDelete(new DeleteCallbacks(cacheName, this, r esolver), cacheName); |
| 235 else | 260 else |
| 236 resolver->reject(createNoImplementationException()); | 261 resolver->reject(createNoImplementationException()); |
| 237 | 262 |
| 238 return promise; | 263 return promise; |
| 239 } | 264 } |
| 240 | 265 |
| 241 ScriptPromise CacheStorage::keys(ScriptState* scriptState) | 266 ScriptPromise CacheStorage::keys(ScriptState* scriptState, ExceptionState& excep tionState) |
| 242 { | 267 { |
| 268 if (!commonChecks(scriptState, exceptionState)) | |
| 269 return ScriptPromise(); | |
| 270 | |
| 243 RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver:: create(scriptState); | 271 RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver:: create(scriptState); |
| 244 const ScriptPromise promise = resolver->promise(); | 272 const ScriptPromise promise = resolver->promise(); |
| 245 | 273 |
| 246 if (m_webCacheStorage) | 274 if (m_webCacheStorage) |
| 247 m_webCacheStorage->dispatchKeys(new KeysCallbacks(resolver)); | 275 m_webCacheStorage->dispatchKeys(new KeysCallbacks(resolver)); |
| 248 else | 276 else |
| 249 resolver->reject(createNoImplementationException()); | 277 resolver->reject(createNoImplementationException()); |
| 250 | 278 |
| 251 return promise; | 279 return promise; |
| 252 } | 280 } |
| 253 | 281 |
| 254 ScriptPromise CacheStorage::match(ScriptState* scriptState, const RequestInfo& r equest, const CacheQueryOptions& options, ExceptionState& exceptionState) | 282 ScriptPromise CacheStorage::match(ScriptState* scriptState, const RequestInfo& r equest, const CacheQueryOptions& options, ExceptionState& exceptionState) |
| 255 { | 283 { |
| 256 ASSERT(!request.isNull()); | 284 ASSERT(!request.isNull()); |
| 285 if (!commonChecks(scriptState, exceptionState)) | |
| 286 return ScriptPromise(); | |
| 257 | 287 |
| 258 if (request.isRequest()) | 288 if (request.isRequest()) |
| 259 return matchImpl(scriptState, request.getAsRequest(), options); | 289 return matchImpl(scriptState, request.getAsRequest(), options); |
| 260 Request* newRequest = Request::create(scriptState, request.getAsUSVString(), exceptionState); | 290 Request* newRequest = Request::create(scriptState, request.getAsUSVString(), exceptionState); |
| 261 if (exceptionState.hadException()) | 291 if (exceptionState.hadException()) |
| 262 return ScriptPromise(); | 292 return ScriptPromise(); |
| 263 return matchImpl(scriptState, newRequest, options); | 293 return matchImpl(scriptState, newRequest, options); |
| 264 } | 294 } |
| 265 | 295 |
| 266 ScriptPromise CacheStorage::matchImpl(ScriptState* scriptState, const Request* r equest, const CacheQueryOptions& options) | 296 ScriptPromise CacheStorage::matchImpl(ScriptState* scriptState, const Request* r equest, const CacheQueryOptions& options) |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 293 { | 323 { |
| 294 m_webCacheStorage.clear(); | 324 m_webCacheStorage.clear(); |
| 295 } | 325 } |
| 296 | 326 |
| 297 DEFINE_TRACE(CacheStorage) | 327 DEFINE_TRACE(CacheStorage) |
| 298 { | 328 { |
| 299 visitor->trace(m_nameToCacheMap); | 329 visitor->trace(m_nameToCacheMap); |
| 300 } | 330 } |
| 301 | 331 |
| 302 } // namespace blink | 332 } // namespace blink |
| OLD | NEW |
