Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1805)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/modules/serviceworkers/NavigatorServiceWorker.cpp

Issue 1199183002: Throw a SecurityError when navigator.serviceWorker is accessed in a sandboxed iframe. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« LayoutTests/http/tests/serviceworker/chromium/sandboxed-iframe-navigator-serviceworker.html ('K') | « Source/modules/serviceworkers/NavigatorServiceWorker.h ('k') | Source/modules/serviceworkers/NavigatorServiceWorker.idl » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/modules/serviceworkers/NavigatorServiceWorker.cpp
diff --git a/Source/modules/serviceworkers/NavigatorServiceWorker.cpp b/Source/modules/serviceworkers/NavigatorServiceWorker.cpp
index 89d9647a012d09a0abfca5d3dadf3f32b283966d..a61470b16a3fe162624b1b3059ed366d5ac33d84 100644
--- a/Source/modules/serviceworkers/NavigatorServiceWorker.cpp
+++ b/Source/modules/serviceworkers/NavigatorServiceWorker.cpp
@@ -26,6 +26,7 @@ NavigatorServiceWorker* NavigatorServiceWorker::from(Document& document)
{
if (!document.frame() || !document.frame()->domWindow())
return nullptr;
+
Navigator& navigator = *document.frame()->domWindow()->navigator();
return &from(navigator);
}
@@ -36,8 +37,11 @@ NavigatorServiceWorker& NavigatorServiceWorker::from(Navigator& navigator)
if (!supplement) {
supplement = new NavigatorServiceWorker(navigator);
provideTo(navigator, supplementName(), supplement);
- // Initialize ServiceWorkerContainer too.
- supplement->serviceWorker();
+ if (navigator.frame() && navigator.frame()->securityContext()->securityOrigin()->canAccessServiceWorkers()) {
nhiroki 2015/06/24 02:48:17 Is this necessary? Aren't checks in NavigatorServi
horo 2015/06/24 03:39:20 We need this check. Otherwise ASSERT_NOT_REACHED()
+ // Initialize ServiceWorkerContainer too.
+ NonThrowableExceptionState exceptionState;
+ supplement->serviceWorker(exceptionState);
+ }
}
return *supplement;
}
@@ -52,13 +56,20 @@ const char* NavigatorServiceWorker::supplementName()
return "NavigatorServiceWorker";
}
-ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(Navigator& navigator)
+ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(Navigator& navigator, ExceptionState& exceptionState)
{
- return NavigatorServiceWorker::from(navigator).serviceWorker();
+ return NavigatorServiceWorker::from(navigator).serviceWorker(exceptionState);
}
-ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker()
+ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(ExceptionState& exceptionState)
{
+ if (frame() && !frame()->securityContext()->securityOrigin()->canAccessServiceWorkers()) {
+ if (frame()->securityContext()->isSandboxed(SandboxOrigin))
+ exceptionState.throwSecurityError("Service worker is disabled because the context is sandboxed and lacks the 'allow-same-origin' flag.");
+ else
+ exceptionState.throwSecurityError("Access to service worker is denied.");
+ return nullptr;
+ }
if (!m_serviceWorker && frame()) {
ASSERT(frame()->domWindow());
m_serviceWorker = ServiceWorkerContainer::create(frame()->domWindow()->executionContext());
« LayoutTests/http/tests/serviceworker/chromium/sandboxed-iframe-navigator-serviceworker.html ('K') | « Source/modules/serviceworkers/NavigatorServiceWorker.h ('k') | Source/modules/serviceworkers/NavigatorServiceWorker.idl » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698