| Index: content/browser/cache_storage/cache_storage_dispatcher_host.cc
|
| diff --git a/content/browser/cache_storage/cache_storage_dispatcher_host.cc b/content/browser/cache_storage/cache_storage_dispatcher_host.cc
|
| index 79d3f5a884033aab3533b9edcdef23d565608aa0..99c7a70977c9d67318ba6f4754cda42d53a06b08 100644
|
| --- a/content/browser/cache_storage/cache_storage_dispatcher_host.cc
|
| +++ b/content/browser/cache_storage/cache_storage_dispatcher_host.cc
|
| @@ -15,6 +15,7 @@
|
| #include "content/browser/cache_storage/cache_storage_manager.h"
|
| #include "content/common/cache_storage/cache_storage_messages.h"
|
| #include "content/public/browser/content_browser_client.h"
|
| +#include "content/public/common/origin_util.h"
|
| #include "storage/browser/blob/blob_data_handle.h"
|
| #include "third_party/WebKit/public/platform/WebServiceWorkerCacheError.h"
|
|
|
| @@ -43,6 +44,10 @@ blink::WebServiceWorkerCacheError ToWebServiceWorkerCacheError(
|
| return blink::WebServiceWorkerCacheErrorNotImplemented;
|
| }
|
|
|
| +bool OriginCanAccessCacheStorage(const GURL& url) {
|
| + return IsOriginSecure(url);
|
| +}
|
| +
|
| } // namespace
|
|
|
| CacheStorageDispatcherHost::CacheStorageDispatcherHost()
|
| @@ -104,6 +109,10 @@ void CacheStorageDispatcherHost::OnCacheStorageHas(
|
| const GURL& origin,
|
| const base::string16& cache_name) {
|
| TRACE_EVENT0("CacheStorage", "CacheStorageDispatcherHost::OnCacheStorageHas");
|
| + if (!OriginCanAccessCacheStorage(origin)) {
|
| + bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
|
| + return;
|
| + }
|
| context_->cache_manager()->HasCache(
|
| origin, base::UTF16ToUTF8(cache_name),
|
| base::Bind(&CacheStorageDispatcherHost::OnCacheStorageHasCallback, this,
|
| @@ -117,6 +126,10 @@ void CacheStorageDispatcherHost::OnCacheStorageOpen(
|
| const base::string16& cache_name) {
|
| TRACE_EVENT0("CacheStorage",
|
| "CacheStorageDispatcherHost::OnCacheStorageOpen");
|
| + if (!OriginCanAccessCacheStorage(origin)) {
|
| + bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
|
| + return;
|
| + }
|
| context_->cache_manager()->OpenCache(
|
| origin, base::UTF16ToUTF8(cache_name),
|
| base::Bind(&CacheStorageDispatcherHost::OnCacheStorageOpenCallback, this,
|
| @@ -130,6 +143,10 @@ void CacheStorageDispatcherHost::OnCacheStorageDelete(
|
| const base::string16& cache_name) {
|
| TRACE_EVENT0("CacheStorage",
|
| "CacheStorageDispatcherHost::OnCacheStorageDelete");
|
| + if (!OriginCanAccessCacheStorage(origin)) {
|
| + bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
|
| + return;
|
| + }
|
| context_->cache_manager()->DeleteCache(
|
| origin, base::UTF16ToUTF8(cache_name),
|
| base::Bind(&CacheStorageDispatcherHost::OnCacheStorageDeleteCallback,
|
| @@ -141,6 +158,10 @@ void CacheStorageDispatcherHost::OnCacheStorageKeys(int thread_id,
|
| const GURL& origin) {
|
| TRACE_EVENT0("CacheStorage",
|
| "CacheStorageDispatcherHost::OnCacheStorageKeys");
|
| + if (!OriginCanAccessCacheStorage(origin)) {
|
| + bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
|
| + return;
|
| + }
|
| context_->cache_manager()->EnumerateCaches(
|
| origin,
|
| base::Bind(&CacheStorageDispatcherHost::OnCacheStorageKeysCallback, this,
|
| @@ -155,7 +176,10 @@ void CacheStorageDispatcherHost::OnCacheStorageMatch(
|
| const CacheStorageCacheQueryParams& match_params) {
|
| TRACE_EVENT0("CacheStorage",
|
| "CacheStorageDispatcherHost::OnCacheStorageMatch");
|
| -
|
| + if (!OriginCanAccessCacheStorage(origin)) {
|
| + bad_message::ReceivedBadMessage(this, bad_message::CSDH_INVALID_ORIGIN);
|
| + return;
|
| + }
|
| scoped_ptr<ServiceWorkerFetchRequest> scoped_request(
|
| new ServiceWorkerFetchRequest(request.url, request.method,
|
| request.headers, request.referrer,
|
|
|
Chromium Code Reviews
Issue 1192003006:
Cache Storage: restrict access to secure origins (Chromium-side) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master