Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2231)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/modules/cachestorage/CacheStorage.cpp

Issue 1177983007: Cache Storage: restrict access to secure origins (Blink-side) (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: DevTools: Skip enumeration if access denied Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/modules/cachestorage/CacheStorage.h ('k') | Source/modules/cachestorage/CacheStorage.idl » ('j') | Source/modules/cachestorage/InspectorCacheStorageAgent.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/modules/cachestorage/CacheStorage.cpp
diff --git a/Source/modules/cachestorage/CacheStorage.cpp b/Source/modules/cachestorage/CacheStorage.cpp
index 86ffcb2ac4a93601d43240c5964e44c217af0342..fcf275ee5484253297b158f963c48c23de3012ac 100644
--- a/Source/modules/cachestorage/CacheStorage.cpp
+++ b/Source/modules/cachestorage/CacheStorage.cpp
@@ -24,6 +24,21 @@ DOMException* createNoImplementationException()
return DOMException::create(NotSupportedError, "No CacheStorage implementation provided.");
}
+bool commonChecks(ScriptState* scriptState, ExceptionState& exceptionState)
+{
+ ExecutionContext* executionContext = scriptState->executionContext();
+ // FIXME: May be null due to worker termination: http://crbug.com/413518.
+ if (!executionContext)
+ return false;
+
+ String errorMessage;
+ if (!executionContext->isPrivilegedContext(errorMessage)) {
+ exceptionState.throwSecurityError(errorMessage);
+ return false;
+ }
+ return true;
+}
+
}
// FIXME: Consider using CallbackPromiseAdapter.
@@ -183,13 +198,26 @@ private:
RefPtrWillBePersistent<ScriptPromiseResolver> m_resolver;
};
+// static
+bool CacheStorage::canAccessCacheStorage(ExecutionContext* executionContext, String* errorMessage)
+{
+ String ignored;
+ if (!errorMessage)
+ errorMessage = &ignored;
+ return executionContext->isPrivilegedContext(*errorMessage);
+}
+
+// static
CacheStorage* CacheStorage::create(WeakPtr<GlobalFetch::ScopedFetcher> fetcher, WebServiceWorkerCacheStorage* webCacheStorage)
{
return new CacheStorage(fetcher, adoptPtr(webCacheStorage));
}
-ScriptPromise CacheStorage::open(ScriptState* scriptState, const String& cacheName)
+ScriptPromise CacheStorage::open(ScriptState* scriptState, const String& cacheName, ExceptionState& exceptionState)
{
+ if (!commonChecks(scriptState, exceptionState))
+ return ScriptPromise();
+
RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver::create(scriptState);
const ScriptPromise promise = resolver->promise();
@@ -207,8 +235,11 @@ ScriptPromise CacheStorage::open(ScriptState* scriptState, const String& cacheNa
return promise;
}
-ScriptPromise CacheStorage::has(ScriptState* scriptState, const String& cacheName)
+ScriptPromise CacheStorage::has(ScriptState* scriptState, const String& cacheName, ExceptionState& exceptionState)
{
+ if (!commonChecks(scriptState, exceptionState))
+ return ScriptPromise();
+
RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver::create(scriptState);
const ScriptPromise promise = resolver->promise();
@@ -225,8 +256,11 @@ ScriptPromise CacheStorage::has(ScriptState* scriptState, const String& cacheNam
return promise;
}
-ScriptPromise CacheStorage::deleteFunction(ScriptState* scriptState, const String& cacheName)
+ScriptPromise CacheStorage::deleteFunction(ScriptState* scriptState, const String& cacheName, ExceptionState& exceptionState)
{
+ if (!commonChecks(scriptState, exceptionState))
+ return ScriptPromise();
+
RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver::create(scriptState);
const ScriptPromise promise = resolver->promise();
@@ -238,8 +272,11 @@ ScriptPromise CacheStorage::deleteFunction(ScriptState* scriptState, const Strin
return promise;
}
-ScriptPromise CacheStorage::keys(ScriptState* scriptState)
+ScriptPromise CacheStorage::keys(ScriptState* scriptState, ExceptionState& exceptionState)
{
+ if (!commonChecks(scriptState, exceptionState))
+ return ScriptPromise();
+
RefPtrWillBeRawPtr<ScriptPromiseResolver> resolver = ScriptPromiseResolver::create(scriptState);
const ScriptPromise promise = resolver->promise();
@@ -254,6 +291,8 @@ ScriptPromise CacheStorage::keys(ScriptState* scriptState)
ScriptPromise CacheStorage::match(ScriptState* scriptState, const RequestInfo& request, const CacheQueryOptions& options, ExceptionState& exceptionState)
{
ASSERT(!request.isNull());
+ if (!commonChecks(scriptState, exceptionState))
+ return ScriptPromise();
if (request.isRequest())
return matchImpl(scriptState, request.getAsRequest(), options);
« no previous file with comments | « Source/modules/cachestorage/CacheStorage.h ('k') | Source/modules/cachestorage/CacheStorage.idl » ('j') | Source/modules/cachestorage/InspectorCacheStorageAgent.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698