Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1627)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/modules/cachestorage/CacheStorage.cpp

Issue 1177983007: Cache Storage: restrict access to secure origins (Blink-side) (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Factor out common checks Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/modules/cachestorage/CacheStorage.h ('k') | Source/modules/cachestorage/CacheStorage.idl » ('j') | Source/modules/cachestorage/InspectorCacheStorageAgent.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/modules/cachestorage/CacheStorage.cpp
diff --git a/Source/modules/cachestorage/CacheStorage.cpp b/Source/modules/cachestorage/CacheStorage.cpp
index 4961a3fa425ef4fa40a96aa96f7531f7b8449511..ecef79b1c90f5455d41dcc59b03e34078f464711 100644
--- a/Source/modules/cachestorage/CacheStorage.cpp
+++ b/Source/modules/cachestorage/CacheStorage.cpp
@@ -24,6 +24,22 @@ DOMException* createNoImplementationException()
return DOMException::create(NotSupportedError, "No CacheStorage implementation provided.");
}
+bool commonChecks(ScriptState* scriptState, ExceptionState& exceptionState)
+{
+ ExecutionContext* executionContext = scriptState->executionContext();
+ // FIXME: May be null due to worker termination: http://crbug.com/413518.
+ if (!executionContext)
+ return false;
+
+ RefPtr<SecurityOrigin> documentOrigin = executionContext->securityOrigin();
+ String errorMessage;
+ if (!executionContext->isPrivilegedContext(errorMessage)) {
jsbell 2015/06/19 20:32:40 Per notes in https://codereview.chromium.org/11920
palmer 2015/06/26 21:13:16 No, this is fine, and correct. 406 bool SecurityO
+ exceptionState.throwSecurityError(errorMessage);
+ return false;
+ }
+ return true;
+}
+
}
// FIXME: Consider using CallbackPromiseAdapter.
@@ -188,8 +204,11 @@ CacheStorage* CacheStorage::create(WeakPtr<GlobalFetch::ScopedFetcher> fetcher,
return new CacheStorage(fetcher, adoptPtr(webCacheStorage));
}
-ScriptPromise CacheStorage::open(ScriptState* scriptState, const String& cacheName)
+ScriptPromise CacheStorage::open(ScriptState* scriptState, const String& cacheName, ExceptionState& exceptionState)
{
+ if (!commonChecks(scriptState, exceptionState))
+ return ScriptPromise();
+
RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver::create(scriptState);
const ScriptPromise promise = resolver->promise();
@@ -207,8 +226,11 @@ ScriptPromise CacheStorage::open(ScriptState* scriptState, const String& cacheNa
return promise;
}
-ScriptPromise CacheStorage::has(ScriptState* scriptState, const String& cacheName)
+ScriptPromise CacheStorage::has(ScriptState* scriptState, const String& cacheName, ExceptionState& exceptionState)
{
+ if (!commonChecks(scriptState, exceptionState))
+ return ScriptPromise();
+
RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver::create(scriptState);
const ScriptPromise promise = resolver->promise();
@@ -225,8 +247,11 @@ ScriptPromise CacheStorage::has(ScriptState* scriptState, const String& cacheNam
return promise;
}
-ScriptPromise CacheStorage::deleteFunction(ScriptState* scriptState, const String& cacheName)
+ScriptPromise CacheStorage::deleteFunction(ScriptState* scriptState, const String& cacheName, ExceptionState& exceptionState)
{
+ if (!commonChecks(scriptState, exceptionState))
+ return ScriptPromise();
+
RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver::create(scriptState);
const ScriptPromise promise = resolver->promise();
@@ -238,8 +263,11 @@ ScriptPromise CacheStorage::deleteFunction(ScriptState* scriptState, const Strin
return promise;
}
-ScriptPromise CacheStorage::keys(ScriptState* scriptState)
+ScriptPromise CacheStorage::keys(ScriptState* scriptState, ExceptionState& exceptionState)
{
+ if (!commonChecks(scriptState, exceptionState))
+ return ScriptPromise();
+
RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver::create(scriptState);
const ScriptPromise promise = resolver->promise();
@@ -254,6 +282,8 @@ ScriptPromise CacheStorage::keys(ScriptState* scriptState)
ScriptPromise CacheStorage::match(ScriptState* scriptState, const RequestInfo& request, const CacheQueryOptions& options, ExceptionState& exceptionState)
{
ASSERT(!request.isNull());
+ if (!commonChecks(scriptState, exceptionState))
+ return ScriptPromise();
if (request.isRequest())
return matchImpl(scriptState, request.getAsRequest(), options);
« no previous file with comments | « Source/modules/cachestorage/CacheStorage.h ('k') | Source/modules/cachestorage/CacheStorage.idl » ('j') | Source/modules/cachestorage/InspectorCacheStorageAgent.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698