Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(205)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/cache_storage/cache_storage_dispatcher_host.cc

Issue 1192003006: Cache Storage: restrict access to secure origins (Chromium-side) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Add chrome-search scheme to secure scheme list Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/bad_message.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/cache_storage/cache_storage_dispatcher_host.h" 5 #include "content/browser/cache_storage/cache_storage_dispatcher_host.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "base/strings/string16.h" 9 #include "base/strings/string16.h"
10 #include "base/strings/utf_string_conversions.h" 10 #include "base/strings/utf_string_conversions.h"
11 #include "base/trace_event/trace_event.h" 11 #include "base/trace_event/trace_event.h"
12 #include "content/browser/bad_message.h" 12 #include "content/browser/bad_message.h"
13 #include "content/browser/cache_storage/cache_storage_cache.h" 13 #include "content/browser/cache_storage/cache_storage_cache.h"
14 #include "content/browser/cache_storage/cache_storage_context_impl.h" 14 #include "content/browser/cache_storage/cache_storage_context_impl.h"
15 #include "content/browser/cache_storage/cache_storage_manager.h" 15 #include "content/browser/cache_storage/cache_storage_manager.h"
16 #include "content/common/cache_storage/cache_storage_messages.h" 16 #include "content/common/cache_storage/cache_storage_messages.h"
17 #include "content/public/browser/content_browser_client.h" 17 #include "content/public/browser/content_browser_client.h"
18 #include "content/public/common/origin_util.h"
18 #include "storage/browser/blob/blob_data_handle.h" 19 #include "storage/browser/blob/blob_data_handle.h"
19 #include "third_party/WebKit/public/platform/WebServiceWorkerCacheError.h" 20 #include "third_party/WebKit/public/platform/WebServiceWorkerCacheError.h"
20 21
21 namespace content { 22 namespace content {
22 23
23 namespace { 24 namespace {
24 25
25 const uint32 kFilteredMessageClasses[] = {CacheStorageMsgStart}; 26 const uint32 kFilteredMessageClasses[] = {CacheStorageMsgStart};
26 27
27 blink::WebServiceWorkerCacheError ToWebServiceWorkerCacheError( 28 blink::WebServiceWorkerCacheError ToWebServiceWorkerCacheError(
28 CacheStorageError err) { 29 CacheStorageError err) {
29 switch (err) { 30 switch (err) {
30 case CACHE_STORAGE_OK: 31 case CACHE_STORAGE_OK:
31 NOTREACHED(); 32 NOTREACHED();
32 return blink::WebServiceWorkerCacheErrorNotImplemented; 33 return blink::WebServiceWorkerCacheErrorNotImplemented;
33 case CACHE_STORAGE_ERROR_EXISTS: 34 case CACHE_STORAGE_ERROR_EXISTS:
34 return blink::WebServiceWorkerCacheErrorExists; 35 return blink::WebServiceWorkerCacheErrorExists;
35 case CACHE_STORAGE_ERROR_STORAGE: 36 case CACHE_STORAGE_ERROR_STORAGE:
36 // TODO(nhiroki): Add WebServiceWorkerCacheError equivalent to 37 // TODO(nhiroki): Add WebServiceWorkerCacheError equivalent to
37 // CACHE_STORAGE_ERROR_STORAGE. 38 // CACHE_STORAGE_ERROR_STORAGE.
38 return blink::WebServiceWorkerCacheErrorNotFound; 39 return blink::WebServiceWorkerCacheErrorNotFound;
39 case CACHE_STORAGE_ERROR_NOT_FOUND: 40 case CACHE_STORAGE_ERROR_NOT_FOUND:
40 return blink::WebServiceWorkerCacheErrorNotFound; 41 return blink::WebServiceWorkerCacheErrorNotFound;
41 } 42 }
42 NOTREACHED(); 43 NOTREACHED();
43 return blink::WebServiceWorkerCacheErrorNotImplemented; 44 return blink::WebServiceWorkerCacheErrorNotImplemented;
44 } 45 }
45 46
47 bool OriginCanAccessCacheStorage(const GURL& url) {
48 return IsOriginSecure(url);
49 }
50
46 } // namespace 51 } // namespace
47 52
48 CacheStorageDispatcherHost::CacheStorageDispatcherHost() 53 CacheStorageDispatcherHost::CacheStorageDispatcherHost()
49 : BrowserMessageFilter(kFilteredMessageClasses, 54 : BrowserMessageFilter(kFilteredMessageClasses,
50 arraysize(kFilteredMessageClasses)) { 55 arraysize(kFilteredMessageClasses)) {
51 } 56 }
52 57
53 CacheStorageDispatcherHost::~CacheStorageDispatcherHost() { 58 CacheStorageDispatcherHost::~CacheStorageDispatcherHost() {
54 } 59 }
55 60
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
97 DCHECK_CURRENTLY_ON(BrowserThread::IO); 102 DCHECK_CURRENTLY_ON(BrowserThread::IO);
98 context_ = context; 103 context_ = context;
99 } 104 }
100 105
101 void CacheStorageDispatcherHost::OnCacheStorageHas( 106 void CacheStorageDispatcherHost::OnCacheStorageHas(
102 int thread_id, 107 int thread_id,
103 int request_id, 108 int request_id,
104 const GURL& origin, 109 const GURL& origin,
105 const base::string16& cache_name) { 110 const base::string16& cache_name) {
106 TRACE_EVENT0("CacheStorage", "CacheStorageDispatcherHost::OnCacheStorageHas"); 111 TRACE_EVENT0("CacheStorage", "CacheStorageDispatcherHost::OnCacheStorageHas");
112 if (!OriginCanAccessCacheStorage(origin)) {
113 bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
114 return;
115 }
107 context_->cache_manager()->HasCache( 116 context_->cache_manager()->HasCache(
108 origin, base::UTF16ToUTF8(cache_name), 117 origin, base::UTF16ToUTF8(cache_name),
109 base::Bind(&CacheStorageDispatcherHost::OnCacheStorageHasCallback, this, 118 base::Bind(&CacheStorageDispatcherHost::OnCacheStorageHasCallback, this,
110 thread_id, request_id)); 119 thread_id, request_id));
111 } 120 }
112 121
113 void CacheStorageDispatcherHost::OnCacheStorageOpen( 122 void CacheStorageDispatcherHost::OnCacheStorageOpen(
114 int thread_id, 123 int thread_id,
115 int request_id, 124 int request_id,
116 const GURL& origin, 125 const GURL& origin,
117 const base::string16& cache_name) { 126 const base::string16& cache_name) {
118 TRACE_EVENT0("CacheStorage", 127 TRACE_EVENT0("CacheStorage",
119 "CacheStorageDispatcherHost::OnCacheStorageOpen"); 128 "CacheStorageDispatcherHost::OnCacheStorageOpen");
129 if (!OriginCanAccessCacheStorage(origin)) {
130 bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
131 return;
132 }
120 context_->cache_manager()->OpenCache( 133 context_->cache_manager()->OpenCache(
121 origin, base::UTF16ToUTF8(cache_name), 134 origin, base::UTF16ToUTF8(cache_name),
122 base::Bind(&CacheStorageDispatcherHost::OnCacheStorageOpenCallback, this, 135 base::Bind(&CacheStorageDispatcherHost::OnCacheStorageOpenCallback, this,
123 thread_id, request_id)); 136 thread_id, request_id));
124 } 137 }
125 138
126 void CacheStorageDispatcherHost::OnCacheStorageDelete( 139 void CacheStorageDispatcherHost::OnCacheStorageDelete(
127 int thread_id, 140 int thread_id,
128 int request_id, 141 int request_id,
129 const GURL& origin, 142 const GURL& origin,
130 const base::string16& cache_name) { 143 const base::string16& cache_name) {
131 TRACE_EVENT0("CacheStorage", 144 TRACE_EVENT0("CacheStorage",
132 "CacheStorageDispatcherHost::OnCacheStorageDelete"); 145 "CacheStorageDispatcherHost::OnCacheStorageDelete");
146 if (!OriginCanAccessCacheStorage(origin)) {
147 bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
148 return;
149 }
133 context_->cache_manager()->DeleteCache( 150 context_->cache_manager()->DeleteCache(
134 origin, base::UTF16ToUTF8(cache_name), 151 origin, base::UTF16ToUTF8(cache_name),
135 base::Bind(&CacheStorageDispatcherHost::OnCacheStorageDeleteCallback, 152 base::Bind(&CacheStorageDispatcherHost::OnCacheStorageDeleteCallback,
136 this, thread_id, request_id)); 153 this, thread_id, request_id));
137 } 154 }
138 155
139 void CacheStorageDispatcherHost::OnCacheStorageKeys(int thread_id, 156 void CacheStorageDispatcherHost::OnCacheStorageKeys(int thread_id,
140 int request_id, 157 int request_id,
141 const GURL& origin) { 158 const GURL& origin) {
142 TRACE_EVENT0("CacheStorage", 159 TRACE_EVENT0("CacheStorage",
143 "CacheStorageDispatcherHost::OnCacheStorageKeys"); 160 "CacheStorageDispatcherHost::OnCacheStorageKeys");
161 if (!OriginCanAccessCacheStorage(origin)) {
162 bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
163 return;
164 }
144 context_->cache_manager()->EnumerateCaches( 165 context_->cache_manager()->EnumerateCaches(
145 origin, 166 origin,
146 base::Bind(&CacheStorageDispatcherHost::OnCacheStorageKeysCallback, this, 167 base::Bind(&CacheStorageDispatcherHost::OnCacheStorageKeysCallback, this,
147 thread_id, request_id)); 168 thread_id, request_id));
148 } 169 }
149 170
150 void CacheStorageDispatcherHost::OnCacheStorageMatch( 171 void CacheStorageDispatcherHost::OnCacheStorageMatch(
151 int thread_id, 172 int thread_id,
152 int request_id, 173 int request_id,
153 const GURL& origin, 174 const GURL& origin,
154 const ServiceWorkerFetchRequest& request, 175 const ServiceWorkerFetchRequest& request,
155 const CacheStorageCacheQueryParams& match_params) { 176 const CacheStorageCacheQueryParams& match_params) {
156 TRACE_EVENT0("CacheStorage", 177 TRACE_EVENT0("CacheStorage",
157 "CacheStorageDispatcherHost::OnCacheStorageMatch"); 178 "CacheStorageDispatcherHost::OnCacheStorageMatch");
158 179 if (!OriginCanAccessCacheStorage(origin)) {
180 bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
181 return;
182 }
159 scoped_ptr<ServiceWorkerFetchRequest> scoped_request( 183 scoped_ptr<ServiceWorkerFetchRequest> scoped_request(
160 new ServiceWorkerFetchRequest(request.url, request.method, 184 new ServiceWorkerFetchRequest(request.url, request.method,
161 request.headers, request.referrer, 185 request.headers, request.referrer,
162 request.is_reload)); 186 request.is_reload));
163 187
164 if (match_params.cache_name.empty()) { 188 if (match_params.cache_name.empty()) {
165 context_->cache_manager()->MatchAllCaches( 189 context_->cache_manager()->MatchAllCaches(
166 origin, scoped_request.Pass(), 190 origin, scoped_request.Pass(),
167 base::Bind(&CacheStorageDispatcherHost::OnCacheStorageMatchCallback, 191 base::Bind(&CacheStorageDispatcherHost::OnCacheStorageMatchCallback,
168 this, thread_id, request_id)); 192 this, thread_id, request_id));
(...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after
418 UUIDToBlobDataHandleList::iterator it = blob_handle_store_.find(uuid); 442 UUIDToBlobDataHandleList::iterator it = blob_handle_store_.find(uuid);
419 if (it == blob_handle_store_.end()) 443 if (it == blob_handle_store_.end())
420 return; 444 return;
421 DCHECK(!it->second.empty()); 445 DCHECK(!it->second.empty());
422 it->second.pop_front(); 446 it->second.pop_front();
423 if (it->second.empty()) 447 if (it->second.empty())
424 blob_handle_store_.erase(it); 448 blob_handle_store_.erase(it);
425 } 449 }
426 450
427 } // namespace content 451 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/bad_message.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698