Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Issue 1775933002: CORS-RFC1918: Pipe creator address space through SharedWorker creation. (Closed)

Created:
4 years, 9 months ago by Mike West
Modified:
4 years, 9 months ago
CC:
blink-reviews, blink-reviews-api_chromium.org, blink-reviews-dom_chromium.org, blink-worker-reviews_chromium.org, chromium-reviews, darin-cc_chromium.org, dglazkov+blink, eae+blinkwatch, falken, gavinp+loader_chromium.org, horo+watch_chromium.org, jam, Nate Chapin, kinuko+worker_chromium.org, kinuko+watch, loading-reviews_chromium.org, mkwst+moarreviews-renderer_chromium.org, mkwst+watchlist-csp_chromium.org, mlamouri+watch-content_chromium.org, rwlbuis, sof, tyoshino+watch_chromium.org, Yoav Weiss
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

CORS-RFC1918: Pipe creator address space through SharedWorker creation. SharedWorkers are created in a fairly arcane process whereby the renderer IPCs up to the browser to look for existing workers, and then the browser IPCs back down to the renderer to kick off a request if a new worker needs to spin up. https://codereview.chromium.org/1760523004 took care of some of the work necessary to ensure that the worker that spins up is correctly marked as "external" if relevant, but didn't deal with the request for the worker itself. "Why do we care?", you ask, "Surely SharedWorkers are same-origin with the requesting page!" True, but part of the goal is to deal with DNS poisoning attacks, which means that we really do need to tag the request itself. Ugh. The CL is large enough, but got even larger when I realized that I needed to split the AddressSpace enum out of WebURLRequest in order to make it includable from //content/{browser,common}. Sorry for the mess! As kinuko@ noted in the previous patch, unit tests that generate a request I could verify are hard to put together with the current infrastructure. There's an upcoming patch (https://codereview.chromium.org/1745083002) which breaks the existing //security/cors-rfc1918/* layout tests without this patch, however. BUG=591052 Committed: https://crrev.com/cfa9893483f1c8b83d9e93c188c4c18f552bb1ba Cr-Commit-Position: refs/heads/master@{#380126}

Patch Set 1 #

Patch Set 2 : compile #

Total comments: 1

Patch Set 3 : kinuko@ #

Patch Set 4 : typo #

Unified diffs Side-by-side diffs Delta from patch set Stats (+158 lines, -88 lines) Patch
M content/browser/DEPS View 1 chunk +1 line, -0 lines 0 comments Download
M content/browser/devtools/shared_worker_devtools_manager_unittest.cc View 1 3 chunks +4 lines, -4 lines 0 comments Download
M content/browser/shared_worker/shared_worker_host.cc View 1 chunk +1 line, -0 lines 0 comments Download
M content/browser/shared_worker/shared_worker_instance.h View 4 chunks +6 lines, -0 lines 0 comments Download
M content/browser/shared_worker/shared_worker_instance.cc View 3 chunks +3 lines, -0 lines 0 comments Download
M content/browser/shared_worker/shared_worker_instance_unittest.cc View 1 2 3 3 chunks +16 lines, -3 lines 0 comments Download
M content/browser/shared_worker/shared_worker_service_impl.cc View 1 chunk +2 lines, -2 lines 0 comments Download
M content/common/DEPS View 1 chunk +1 line, -0 lines 0 comments Download
M content/common/content_param_traits_macros.h View 1 2 chunks +2 lines, -0 lines 0 comments Download
M content/common/view_messages.h View 1 chunk +3 lines, -0 lines 0 comments Download
M content/common/worker_messages.h View 1 chunk +1 line, -0 lines 0 comments Download
M content/renderer/render_thread_impl.cc View 1 2 3 1 chunk +4 lines, -6 lines 0 comments Download
M content/renderer/shared_worker/embedded_shared_worker_stub.h View 2 chunks +2 lines, -0 lines 0 comments Download
M content/renderer/shared_worker/embedded_shared_worker_stub.cc View 3 chunks +4 lines, -6 lines 0 comments Download
M content/renderer/shared_worker_repository.h View 2 chunks +2 lines, -0 lines 0 comments Download
M content/renderer/shared_worker_repository.cc View 2 chunks +2 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/post-addressspace-from-sharedworker.html View 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/Source/core/dom/Document.cpp View 2 chunks +3 lines, -2 lines 0 comments Download
M third_party/WebKit/Source/core/dom/SecurityContext.h View 3 chunks +4 lines, -4 lines 0 comments Download
M third_party/WebKit/Source/core/dom/SecurityContext.cpp View 2 chunks +4 lines, -4 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp View 2 chunks +2 lines, -1 line 0 comments Download
M third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp View 2 chunks +7 lines, -7 lines 0 comments Download
M third_party/WebKit/Source/core/loader/FrameFetchContextTest.cpp View 4 chunks +6 lines, -5 lines 0 comments Download
M third_party/WebKit/Source/core/loader/MixedContentChecker.cpp View 2 chunks +2 lines, -1 line 0 comments Download
M third_party/WebKit/Source/core/workers/InProcessWorkerBase.cpp View 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/Source/core/workers/WorkerGlobalScope.cpp View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/Source/core/workers/WorkerScriptLoader.h View 5 chunks +6 lines, -5 lines 0 comments Download
M third_party/WebKit/Source/core/workers/WorkerScriptLoader.cpp View 6 chunks +10 lines, -9 lines 0 comments Download
M third_party/WebKit/Source/core/workers/WorkerThreadStartupData.h View 3 chunks +4 lines, -4 lines 0 comments Download
M third_party/WebKit/Source/core/workers/WorkerThreadStartupData.cpp View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/Source/core/workers/WorkerThreadTest.cpp View 2 chunks +2 lines, -1 line 0 comments Download
M third_party/WebKit/Source/modules/compositorworker/CompositorWorkerThreadTest.cpp View 2 chunks +2 lines, -1 line 0 comments Download
M third_party/WebKit/Source/modules/worklet/Worklet.cpp View 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/Source/platform/network/ResourceRequest.h View 2 chunks +2 lines, -1 line 0 comments Download
M third_party/WebKit/Source/platform/network/ResourceRequest.cpp View 1 2 3 3 chunks +8 lines, -7 lines 0 comments Download
M third_party/WebKit/Source/web/SharedWorkerRepositoryClientImpl.cpp View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/Source/web/WebEmbeddedWorkerImpl.cpp View 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/Source/web/WebSharedWorkerImpl.h View 3 chunks +3 lines, -1 line 0 comments Download
M third_party/WebKit/Source/web/WebSharedWorkerImpl.cpp View 3 chunks +4 lines, -1 line 0 comments Download
M third_party/WebKit/public/blink_headers.gypi View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
A third_party/WebKit/public/platform/WebAddressSpace.h View 1 chunk +21 lines, -0 lines 0 comments Download
M third_party/WebKit/public/platform/WebURLRequest.h View 2 chunks +1 line, -8 lines 0 comments Download
M third_party/WebKit/public/web/WebSharedWorker.h View 2 chunks +3 lines, -1 line 0 comments Download
M third_party/WebKit/public/web/WebSharedWorkerRepositoryClient.h View 2 chunks +2 lines, -1 line 0 comments Download

Messages

Total messages: 15 (7 generated)
Mike West
Hello, kinuko@ and jochen@! This patch isn't as big as it looks, I swear! kinuko@: ...
4 years, 9 months ago (2016-03-08 13:50:50 UTC) #2
kinuko
Whoa. I see that's mostly for plumbing... lgtm https://codereview.chromium.org/1775933002/diff/20001/content/browser/shared_worker/shared_worker_instance_unittest.cc File content/browser/shared_worker/shared_worker_instance_unittest.cc (right): https://codereview.chromium.org/1775933002/diff/20001/content/browser/shared_worker/shared_worker_instance_unittest.cc#newcode84 content/browser/shared_worker/shared_worker_instance_unittest.cc:84: for ...
4 years, 9 months ago (2016-03-08 15:53:56 UTC) #3
jochen (gone - plz use gerrit)
lgtm
4 years, 9 months ago (2016-03-08 16:11:46 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1775933002/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1775933002/40001
4 years, 9 months ago (2016-03-09 07:17:04 UTC) #7
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_gn_chromeos_rel on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_gn_chromeos_rel/builds/154860)
4 years, 9 months ago (2016-03-09 07:33:47 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1775933002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1775933002/60001
4 years, 9 months ago (2016-03-09 11:18:26 UTC) #12
commit-bot: I haz the power
Committed patchset #4 (id:60001)
4 years, 9 months ago (2016-03-09 13:06:29 UTC) #13
commit-bot: I haz the power
4 years, 9 months ago (2016-03-09 13:08:06 UTC) #15
Message was sent while issue was closed.
Patchset 4 (id:??) landed as
https://crrev.com/cfa9893483f1c8b83d9e93c188c4c18f552bb1ba
Cr-Commit-Position: refs/heads/master@{#380126}

Powered by Google App Engine
This is Rietveld 408576698