Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(164)

Side by Side Diff: third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp

Issue 1861253004: Check CSP before registering ServiceWorkers (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2013 Google Inc. All rights reserved. 2 * Copyright (C) 2013 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 24 matching lines...) Expand all
35 #include "bindings/core/v8/SerializedScriptValue.h" 35 #include "bindings/core/v8/SerializedScriptValue.h"
36 #include "bindings/core/v8/SerializedScriptValueFactory.h" 36 #include "bindings/core/v8/SerializedScriptValueFactory.h"
37 #include "bindings/core/v8/V8ThrowException.h" 37 #include "bindings/core/v8/V8ThrowException.h"
38 #include "core/dom/DOMException.h" 38 #include "core/dom/DOMException.h"
39 #include "core/dom/Document.h" 39 #include "core/dom/Document.h"
40 #include "core/dom/ExceptionCode.h" 40 #include "core/dom/ExceptionCode.h"
41 #include "core/dom/ExecutionContext.h" 41 #include "core/dom/ExecutionContext.h"
42 #include "core/dom/MessagePort.h" 42 #include "core/dom/MessagePort.h"
43 #include "core/frame/LocalDOMWindow.h" 43 #include "core/frame/LocalDOMWindow.h"
44 #include "core/frame/UseCounter.h" 44 #include "core/frame/UseCounter.h"
45 #include "core/frame/csp/ContentSecurityPolicy.h"
45 #include "modules/EventTargetModules.h" 46 #include "modules/EventTargetModules.h"
46 #include "modules/serviceworkers/ServiceWorker.h" 47 #include "modules/serviceworkers/ServiceWorker.h"
47 #include "modules/serviceworkers/ServiceWorkerContainerClient.h" 48 #include "modules/serviceworkers/ServiceWorkerContainerClient.h"
48 #include "modules/serviceworkers/ServiceWorkerError.h" 49 #include "modules/serviceworkers/ServiceWorkerError.h"
49 #include "modules/serviceworkers/ServiceWorkerMessageEvent.h" 50 #include "modules/serviceworkers/ServiceWorkerMessageEvent.h"
50 #include "modules/serviceworkers/ServiceWorkerRegistration.h" 51 #include "modules/serviceworkers/ServiceWorkerRegistration.h"
51 #include "platform/RuntimeEnabledFeatures.h" 52 #include "platform/RuntimeEnabledFeatures.h"
52 #include "platform/weborigin/SchemeRegistry.h" 53 #include "platform/weborigin/SchemeRegistry.h"
53 #include "public/platform/WebString.h" 54 #include "public/platform/WebString.h"
54 #include "public/platform/WebURL.h" 55 #include "public/platform/WebURL.h"
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after
239 callbacks->onError(WebServiceWorkerError(WebServiceWorkerError::ErrorTyp eSecurity, String("Failed to register a ServiceWorker: The URL protocol of the s cope ('" + patternURL.getString() + "') is not supported."))); 240 callbacks->onError(WebServiceWorkerError(WebServiceWorkerError::ErrorTyp eSecurity, String("Failed to register a ServiceWorker: The URL protocol of the s cope ('" + patternURL.getString() + "') is not supported.")));
240 return; 241 return;
241 } 242 }
242 243
243 WebString webErrorMessage; 244 WebString webErrorMessage;
244 if (!m_provider->validateScopeAndScriptURL(patternURL, scriptURL, &webErrorM essage)) { 245 if (!m_provider->validateScopeAndScriptURL(patternURL, scriptURL, &webErrorM essage)) {
245 callbacks->onError(WebServiceWorkerError(WebServiceWorkerError::ErrorTyp eType, WebString::fromUTF8("Failed to register a ServiceWorker: " + webErrorMess age.utf8()))); 246 callbacks->onError(WebServiceWorkerError(WebServiceWorkerError::ErrorTyp eType, WebString::fromUTF8("Failed to register a ServiceWorker: " + webErrorMess age.utf8())));
246 return; 247 return;
247 } 248 }
248 249
250 ContentSecurityPolicy* csp = executionContext->contentSecurityPolicy();
251 if (csp) {
252 if (!csp->allowWorkerContextFromSource(scriptURL, ContentSecurityPolicy: :DidNotRedirect, ContentSecurityPolicy::SendReport)) {
253 callbacks->onError(WebServiceWorkerError(WebServiceWorkerError::Erro rTypeSecurity, String("Failed to register a ServiceWorker: The provided scriptUR L ('" + scriptURL.getString() + "') violates the Content Security Policy.")));
254 return;
255 }
256 }
257
249 m_provider->registerServiceWorker(patternURL, scriptURL, callbacks.leakPtr() ); 258 m_provider->registerServiceWorker(patternURL, scriptURL, callbacks.leakPtr() );
250 } 259 }
251 260
252 ScriptPromise ServiceWorkerContainer::registerServiceWorker(ScriptState* scriptS tate, const String& url, const RegistrationOptions& options) 261 ScriptPromise ServiceWorkerContainer::registerServiceWorker(ScriptState* scriptS tate, const String& url, const RegistrationOptions& options)
253 { 262 {
254 ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState) ; 263 ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState) ;
255 ScriptPromise promise = resolver->promise(); 264 ScriptPromise promise = resolver->promise();
256 265
257 if (!m_provider) { 266 if (!m_provider) {
258 resolver->reject(DOMException::create(InvalidStateError, "Failed to regi ster a ServiceWorker: The document is in an invalid state.")); 267 resolver->reject(DOMException::create(InvalidStateError, "Failed to regi ster a ServiceWorker: The document is in an invalid state."));
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after
408 return; 417 return;
409 418
410 if (ServiceWorkerContainerClient* client = ServiceWorkerContainerClient::fro m(executionContext)) { 419 if (ServiceWorkerContainerClient* client = ServiceWorkerContainerClient::fro m(executionContext)) {
411 m_provider = client->provider(); 420 m_provider = client->provider();
412 if (m_provider) 421 if (m_provider)
413 m_provider->setClient(this); 422 m_provider->setClient(this);
414 } 423 }
415 } 424 }
416 425
417 } // namespace blink 426 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/service-worker-blocked-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698