third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp - Issue 1454003003: [CSP] Don't check the path component of the URL when the response was fetched via ServiceWorker.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp

Issue 1454003003: [CSP] Don't check the path component of the URL when the response was fetched via ServiceWorker. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « third_party/WebKit/Source/core/fetch/FetchContext.h ('k') | third_party/WebKit/Source/core/loader/FrameFetchContext.h » ('j') | third_party/WebKit/Source/core/loader/FrameFetchContext.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp

diff --git a/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp b/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp

index dc7a14c9c6ce335816033e7266ef2157ce702a24..3cb3ae7f16662b9b2387444f2ec2f269c3b6c302 100644

--- a/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp

+++ b/third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp

@@ -932,11 +932,11 @@ void ResourceFetcher::willSendRequest(unsigned long identifier, ResourceRequest&

void ResourceFetcher::didReceiveResponse(const Resource* resource, const ResourceResponse& response)

{

// If the response is fetched via ServiceWorker, the original URL of the response could be different from the URL of the request.

- // We check the URL not to load the resources which are forbidden by the page CSP. This behavior is not specified in the CSP specification yet.

- // FIXME(mkwst): Fix this behavior when the CSP docs are updated.

+ // We check the URL not to load the resources which are forbidden by the page CSP.

+ // https://w3c.github.io/webappsec-csp/#should-block-response

if (response.wasFetchedViaServiceWorker()) {

const KURL& originalURL = response.originalURLViaServiceWorker();

- if (!originalURL.isEmpty() && !context().canRequest(resource->type(), resource->resourceRequest(), originalURL, resource->options(), false, FetchRequest::UseDefaultOriginRestrictionForType)) {

+ if (!originalURL.isEmpty() && !context().allowResponse(resource->type(), resource->resourceRequest(), originalURL, resource->options())) {

resource->loader()->cancel();

bool isInternalRequest = resource->options().initiatorInfo.name == FetchInitiatorTypeNames::internal;

context().dispatchDidFail(resource->identifier(), ResourceError(errorDomainBlinkInternal, 0, originalURL.string(), "Unsafe attempt to load URL " + originalURL.elidedString() + " fetched by a ServiceWorker."), isInternalRequest);