Source/modules/serviceworkers/NavigatorServiceWorker.cpp - Issue 1199183002: Throw a SecurityError when navigator.serviceWorker is accessed in a sandboxed iframe.

Side by Side Diff: Source/modules/serviceworkers/NavigatorServiceWorker.cpp

Issue 1199183002: Throw a SecurityError when navigator.serviceWorker is accessed in a sandboxed iframe. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« LayoutTests/http/tests/serviceworker/chromium/sandboxed-iframe-navigator-serviceworker.html ('K') | « Source/modules/serviceworkers/NavigatorServiceWorker.h ('k') | Source/modules/serviceworkers/NavigatorServiceWorker.idl » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "config.h"	5 #include "config.h"

6 #include "modules/serviceworkers/NavigatorServiceWorker.h"	6 #include "modules/serviceworkers/NavigatorServiceWorker.h"

7	7

8 #include "core/dom/Document.h"	8 #include "core/dom/Document.h"

9 #include "core/frame/LocalDOMWindow.h"	9 #include "core/frame/LocalDOMWindow.h"

10 #include "core/frame/LocalFrame.h"	10 #include "core/frame/LocalFrame.h"

11 #include "core/frame/Navigator.h"	11 #include "core/frame/Navigator.h"

12 #include "modules/serviceworkers/ServiceWorkerContainer.h"	12 #include "modules/serviceworkers/ServiceWorkerContainer.h"

13	13

14 namespace blink {	14 namespace blink {

15	15

16 NavigatorServiceWorker::NavigatorServiceWorker(Navigator& navigator)	16 NavigatorServiceWorker::NavigatorServiceWorker(Navigator& navigator)

17 : DOMWindowProperty(navigator.frame())	17 : DOMWindowProperty(navigator.frame())

18 {	18 {

19 }	19 }

20	20

21 NavigatorServiceWorker::~NavigatorServiceWorker()	21 NavigatorServiceWorker::~NavigatorServiceWorker()

22 {	22 {

23 }	23 }

24	24

25 NavigatorServiceWorker* NavigatorServiceWorker::from(Document& document)	25 NavigatorServiceWorker* NavigatorServiceWorker::from(Document& document)

26 {	26 {

27 if (!document.frame() \|\| !document.frame()->domWindow())	27 if (!document.frame() \|\| !document.frame()->domWindow())

28 return nullptr;	28 return nullptr;

	29

29 Navigator& navigator = *document.frame()->domWindow()->navigator();	30 Navigator& navigator = *document.frame()->domWindow()->navigator();

30 return &from(navigator);	31 return &from(navigator);

31 }	32 }

32	33

33 NavigatorServiceWorker& NavigatorServiceWorker::from(Navigator& navigator)	34 NavigatorServiceWorker& NavigatorServiceWorker::from(Navigator& navigator)

34 {	35 {

35 NavigatorServiceWorker* supplement = toNavigatorServiceWorker(navigator);	36 NavigatorServiceWorker* supplement = toNavigatorServiceWorker(navigator);

36 if (!supplement) {	37 if (!supplement) {

37 supplement = new NavigatorServiceWorker(navigator);	38 supplement = new NavigatorServiceWorker(navigator);

38 provideTo(navigator, supplementName(), supplement);	39 provideTo(navigator, supplementName(), supplement);

39 // Initialize ServiceWorkerContainer too.	40 if (navigator.frame() && navigator.frame()->securityContext()->securityO rigin()->canAccessServiceWorkers()) {
	nhiroki 2015/06/24 02:48:17 Is this necessary? Aren't checks in NavigatorServi Is this necessary? Aren't checks in NavigatorServiceWorker::serviceWorker sufficient? horo 2015/06/24 03:39:20 We need this check. Otherwise ASSERT_NOT_REACHED() Show quoted text On 2015/06/24 02:48:17, nhiroki wrote: > Is this necessary? Aren't checks in NavigatorServiceWorker::serviceWorker > sufficient? We need this check. Otherwise ASSERT_NOT_REACHED() in NonThrowableExceptionState::throwSecurityError() kills the process.
40 supplement->serviceWorker();	41 // Initialize ServiceWorkerContainer too.

	42 NonThrowableExceptionState exceptionState;

	43 supplement->serviceWorker(exceptionState);

	44 }

41 }	45 }

42 return *supplement;	46 return *supplement;

43 }	47 }

44	48

45 NavigatorServiceWorker* NavigatorServiceWorker::toNavigatorServiceWorker(Navigat or& navigator)	49 NavigatorServiceWorker* NavigatorServiceWorker::toNavigatorServiceWorker(Navigat or& navigator)

46 {	50 {

47 return static_cast<NavigatorServiceWorker*>(HeapSupplement<Navigator>::from( navigator, supplementName()));	51 return static_cast<NavigatorServiceWorker*>(HeapSupplement<Navigator>::from( navigator, supplementName()));

48 }	52 }

49	53

50 const char* NavigatorServiceWorker::supplementName()	54 const char* NavigatorServiceWorker::supplementName()

51 {	55 {

52 return "NavigatorServiceWorker";	56 return "NavigatorServiceWorker";

53 }	57 }

54	58

55 ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(Navigator& navigat or)	59 ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(Navigator& navigat or, ExceptionState& exceptionState)

56 {	60 {

57 return NavigatorServiceWorker::from(navigator).serviceWorker();	61 return NavigatorServiceWorker::from(navigator).serviceWorker(exceptionState) ;

58 }	62 }

59	63

60 ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker()	64 ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(ExceptionState& ex ceptionState)

61 {	65 {

	66 if (frame() && !frame()->securityContext()->securityOrigin()->canAccessServi ceWorkers()) {

	67 if (frame()->securityContext()->isSandboxed(SandboxOrigin))

	68 exceptionState.throwSecurityError("Service worker is disabled becaus e the context is sandboxed and lacks the 'allow-same-origin' flag.");

	69 else

	70 exceptionState.throwSecurityError("Access to service worker is denie d.");

	71 return nullptr;

	72 }

62 if (!m_serviceWorker && frame()) {	73 if (!m_serviceWorker && frame()) {

63 ASSERT(frame()->domWindow());	74 ASSERT(frame()->domWindow());

64 m_serviceWorker = ServiceWorkerContainer::create(frame()->domWindow()->e xecutionContext());	75 m_serviceWorker = ServiceWorkerContainer::create(frame()->domWindow()->e xecutionContext());

65 }	76 }

66 return m_serviceWorker.get();	77 return m_serviceWorker.get();

67 }	78 }

68	79

69 void NavigatorServiceWorker::willDetachGlobalObjectFromFrame()	80 void NavigatorServiceWorker::willDetachGlobalObjectFromFrame()

70 {	81 {

71 if (m_serviceWorker) {	82 if (m_serviceWorker) {

72 m_serviceWorker->willBeDetachedFromFrame();	83 m_serviceWorker->willBeDetachedFromFrame();

73 m_serviceWorker = nullptr;	84 m_serviceWorker = nullptr;

74 }	85 }

75 }	86 }

76	87

77 DEFINE_TRACE(NavigatorServiceWorker)	88 DEFINE_TRACE(NavigatorServiceWorker)

78 {	89 {

79 visitor->trace(m_serviceWorker);	90 visitor->trace(m_serviceWorker);

80 HeapSupplement<Navigator>::trace(visitor);	91 HeapSupplement<Navigator>::trace(visitor);

81 DOMWindowProperty::trace(visitor);	92 DOMWindowProperty::trace(visitor);

82 }	93 }

83	94

84 } // namespace blink	95 } // namespace blink

OLD	NEW