Source/modules/cachestorage/InspectorCacheStorageAgent.cpp - Issue 1177983007: Cache Storage: restrict access to secure origins (Blink-side)

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: Source/modules/cachestorage/InspectorCacheStorageAgent.cpp

Issue 1177983007: Cache Storage: restrict access to secure origins (Blink-side) (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Simplify DevTools agent changes Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: Source/modules/cachestorage/InspectorCacheStorageAgent.cpp

diff --git a/Source/modules/cachestorage/InspectorCacheStorageAgent.cpp b/Source/modules/cachestorage/InspectorCacheStorageAgent.cpp

index 2caf39e94de18594101c1b5b3e897d8a29d82272..17775d3ee866e20108e0ec4822ade4071f48b122 100644

--- a/Source/modules/cachestorage/InspectorCacheStorageAgent.cpp

+++ b/Source/modules/cachestorage/InspectorCacheStorageAgent.cpp

@@ -70,6 +70,11 @@ bool parseCacheId(ErrorString* errorString, const String& id, String* securityOr

PassOwnPtr<WebServiceWorkerCacheStorage> assertCacheStorage(ErrorString* errorString, const String& securityOrigin)

{

RefPtr<SecurityOrigin> secOrigin = SecurityOrigin::createFromString(securityOrigin);

+ // Cache Storage API is restricted to trustworthy origins.

+ if (!secOrigin->isPotentiallyTrustworthy(*errorString))

+ return nullptr;

String identifier = createDatabaseIdentifierFromSecurityOrigin(secOrigin.get());

OwnPtr<WebServiceWorkerCacheStorage> cache = adoptPtr(Platform::current()->cacheStorage(identifier));

if (!cache)

@@ -408,6 +413,16 @@ DEFINE_TRACE(InspectorCacheStorageAgent)

void InspectorCacheStorageAgent::requestCacheNames(ErrorString* errorString, const String& securityOrigin, PassRefPtrWillBeRawPtr<RequestCacheNamesCallback> callback)

{

+ RefPtr<SecurityOrigin> secOrigin = SecurityOrigin::createFromString(securityOrigin);

+ // Cache Storage API is restricted to trustworthy origins.

+ String ignoredMessage;

+ if (!secOrigin->isPotentiallyTrustworthy(ignoredMessage)) {

+ // Don't treat this as an error, just don't attempt to open and enumerate the caches.

+ callback->sendSuccess(Array<TypeBuilder::CacheStorage::Cache>::create());

+ return;

+ }

OwnPtr<WebServiceWorkerCacheStorage> cache = assertCacheStorage(errorString, securityOrigin);

if (!cache) {

callback->sendFailure(*errorString);

« no previous file with comments | « Source/modules/cachestorage/CacheStorage.idl ('k') | no next file » | no next file with comments »