Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(55)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/cache_storage/cache_storage_dispatcher_host.cc

Issue 1192003006: Cache Storage: restrict access to secure origins (Chromium-side) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Updated histograms Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/bad_message.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | tools/metrics/histograms/histograms.xml » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/cache_storage/cache_storage_dispatcher_host.cc
diff --git a/content/browser/cache_storage/cache_storage_dispatcher_host.cc b/content/browser/cache_storage/cache_storage_dispatcher_host.cc
index 77bc33fb397095bbc62860e3de875de931f57cb4..efb4af4afc60805ec336f4e30798cdf9e45bcecb 100644
--- a/content/browser/cache_storage/cache_storage_dispatcher_host.cc
+++ b/content/browser/cache_storage/cache_storage_dispatcher_host.cc
@@ -15,6 +15,7 @@
#include "content/browser/cache_storage/cache_storage_manager.h"
#include "content/common/cache_storage/cache_storage_messages.h"
#include "content/public/browser/content_browser_client.h"
+#include "content/public/common/origin_util.h"
#include "storage/browser/blob/blob_data_handle.h"
#include "third_party/WebKit/public/platform/WebServiceWorkerCacheError.h"
@@ -43,6 +44,11 @@ blink::WebServiceWorkerCacheError ToWebServiceWorkerCacheError(
return blink::WebServiceWorkerCacheErrorNotImplemented;
}
+bool OriginCanAccessCacheStorage(const GURL& url) {
+ // TODO(jsbell): Further restrict to HTTPS, like Service Workers?
Mike West 2015/06/18 19:57:14 Aren't service workers available to any "secure co
jsbell 2015/06/18 20:00:04 Whoops, the TODO is incorrect. I mean to refer to
+ return IsOriginSecure(url);
+}
+
} // namespace
CacheStorageDispatcherHost::CacheStorageDispatcherHost()
@@ -104,6 +110,10 @@ void CacheStorageDispatcherHost::OnCacheStorageHas(
const GURL& origin,
const base::string16& cache_name) {
TRACE_EVENT0("CacheStorage", "CacheStorageDispatcherHost::OnCacheStorageHas");
+ if (!OriginCanAccessCacheStorage(origin)) {
+ bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
+ return;
+ }
context_->cache_manager()->HasCache(
origin, base::UTF16ToUTF8(cache_name),
base::Bind(&CacheStorageDispatcherHost::OnCacheStorageHasCallback, this,
@@ -117,6 +127,10 @@ void CacheStorageDispatcherHost::OnCacheStorageOpen(
const base::string16& cache_name) {
TRACE_EVENT0("CacheStorage",
"CacheStorageDispatcherHost::OnCacheStorageOpen");
+ if (!OriginCanAccessCacheStorage(origin)) {
+ bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
+ return;
+ }
context_->cache_manager()->OpenCache(
origin, base::UTF16ToUTF8(cache_name),
base::Bind(&CacheStorageDispatcherHost::OnCacheStorageOpenCallback, this,
@@ -130,6 +144,10 @@ void CacheStorageDispatcherHost::OnCacheStorageDelete(
const base::string16& cache_name) {
TRACE_EVENT0("CacheStorage",
"CacheStorageDispatcherHost::OnCacheStorageDelete");
+ if (!OriginCanAccessCacheStorage(origin)) {
+ bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
+ return;
+ }
context_->cache_manager()->DeleteCache(
origin, base::UTF16ToUTF8(cache_name),
base::Bind(&CacheStorageDispatcherHost::OnCacheStorageDeleteCallback,
@@ -141,6 +159,10 @@ void CacheStorageDispatcherHost::OnCacheStorageKeys(int thread_id,
const GURL& origin) {
TRACE_EVENT0("CacheStorage",
"CacheStorageDispatcherHost::OnCacheStorageKeys");
+ if (!OriginCanAccessCacheStorage(origin)) {
+ bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
+ return;
+ }
context_->cache_manager()->EnumerateCaches(
origin,
base::Bind(&CacheStorageDispatcherHost::OnCacheStorageKeysCallback, this,
@@ -155,7 +177,10 @@ void CacheStorageDispatcherHost::OnCacheStorageMatch(
const CacheStorageCacheQueryParams& match_params) {
TRACE_EVENT0("CacheStorage",
"CacheStorageDispatcherHost::OnCacheStorageMatch");
-
+ if (!OriginCanAccessCacheStorage(origin)) {
+ bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
+ return;
+ }
scoped_ptr<ServiceWorkerFetchRequest> scoped_request(
new ServiceWorkerFetchRequest(request.url, request.method,
request.headers, request.referrer,
« no previous file with comments | « content/browser/bad_message.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | tools/metrics/histograms/histograms.xml » ('J')

Powered by Google App Engine
This is Rietveld 408576698