DescriptionDon't create ServiceWorkerProviderHost for sandboxed frames without allow-same-origin flag.
If the frame is a sandboxed iframe without "allow-same-origin" flag, the request from the frame should not be handled by the ServiceWorker.
And the frame should not be controlled by any ServiceWorker even if the url of the frame is in a ServiceWorker's scope and "clients.claim()" is called inside the ServiceWorker.
To do so, this cl introduces a new ServiceWorkerProviderType for sandboxed iframes named SERVICE_WORKER_PROVIDER_FOR_SANDBOXED_FRAME.
If the frame is sandboxed:
- Create ServiceWorkerNetworkProvider with SERVICE_WORKER_PROVIDER_FOR_SANDBOXED_FRAME type.
- Don't create ServiceWorkerProviderContext.
- Don't send ServiceWorkerHostMsg_ProviderCreated message to the browser process.
- Don't create ServiceWorkerProviderHost in the browser process.
This CL depends on the blink side patches.
https://codereview.chromium.org/1197383002/
https://codereview.chromium.org/1199183002/
BUG=486308
TEST=layout test which will be added in https://codereview.chromium.org/1208693003
Committed: https://crrev.com/ec2c1c8707b7d2fe6b236a745b76c19a404b1ec6
Cr-Commit-Position: refs/heads/master@{#336089}
Patch Set 1 : #Patch Set 2 : #
Total comments: 8
Patch Set 3 : incorporated kinuko's comment #
Messages
Total messages: 19 (10 generated)
|