Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1624)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/modules/serviceworkers/NavigatorServiceWorker.cpp

Issue 1199183002: Throw a SecurityError when navigator.serviceWorker is accessed in a sandboxed iframe. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: incorporated falken's comment Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/modules/serviceworkers/NavigatorServiceWorker.h ('k') | Source/modules/serviceworkers/NavigatorServiceWorker.idl » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/modules/serviceworkers/NavigatorServiceWorker.cpp
diff --git a/Source/modules/serviceworkers/NavigatorServiceWorker.cpp b/Source/modules/serviceworkers/NavigatorServiceWorker.cpp
index 89d9647a012d09a0abfca5d3dadf3f32b283966d..ea9d4a8a7dda13a097f053ac4e4ea6189b9094f4 100644
--- a/Source/modules/serviceworkers/NavigatorServiceWorker.cpp
+++ b/Source/modules/serviceworkers/NavigatorServiceWorker.cpp
@@ -36,8 +36,11 @@ NavigatorServiceWorker& NavigatorServiceWorker::from(Navigator& navigator)
if (!supplement) {
supplement = new NavigatorServiceWorker(navigator);
provideTo(navigator, supplementName(), supplement);
- // Initialize ServiceWorkerContainer too.
- supplement->serviceWorker();
+ if (navigator.frame() && navigator.frame()->securityContext()->securityOrigin()->canAccessServiceWorkers()) {
+ // Initialize ServiceWorkerContainer too.
+ NonThrowableExceptionState exceptionState;
tkent 2015/06/24 06:22:17 probably |supplement->serviceWorker(ASSERT_NO_EXCE
horo 2015/06/24 06:31:02 Done.
+ supplement->serviceWorker(exceptionState);
+ }
}
return *supplement;
}
@@ -52,13 +55,20 @@ const char* NavigatorServiceWorker::supplementName()
return "NavigatorServiceWorker";
}
-ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(Navigator& navigator)
+ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(Navigator& navigator, ExceptionState& exceptionState)
{
- return NavigatorServiceWorker::from(navigator).serviceWorker();
+ return NavigatorServiceWorker::from(navigator).serviceWorker(exceptionState);
}
-ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker()
+ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(ExceptionState& exceptionState)
{
+ if (frame() && !frame()->securityContext()->securityOrigin()->canAccessServiceWorkers()) {
+ if (frame()->securityContext()->isSandboxed(SandboxOrigin))
+ exceptionState.throwSecurityError("Service worker is disabled because the context is sandboxed and lacks the 'allow-same-origin' flag.");
+ else
+ exceptionState.throwSecurityError("Access to service workers is denied in this document origin.");
+ return nullptr;
+ }
if (!m_serviceWorker && frame()) {
ASSERT(frame()->domWindow());
m_serviceWorker = ServiceWorkerContainer::create(frame()->domWindow()->executionContext());
« no previous file with comments | « Source/modules/serviceworkers/NavigatorServiceWorker.h ('k') | Source/modules/serviceworkers/NavigatorServiceWorker.idl » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698