Chromium Code Reviews Chromium Code Reviews
Issue 1958123004:
fix service worker cross-origin problem in multibuffers (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "media/blink/resource_multibuffer_data_provider.h" | 5 #include "media/blink/resource_multibuffer_data_provider.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 305 url_data_->multibuffer()->RemoveProvider(this)); | 305 url_data_->multibuffer()->RemoveProvider(this)); |
| 306 url_data_ = destination_url_data.get(); | 306 url_data_ = destination_url_data.get(); |
| 307 // Give the ownership to our new owner. | 307 // Give the ownership to our new owner. |
| 308 url_data_->multibuffer()->AddProvider(std::move(self)); | 308 url_data_->multibuffer()->AddProvider(std::move(self)); |
| 309 | 309 |
| 310 // Call callback to let upstream users know about the transfer. | 310 // Call callback to let upstream users know about the transfer. |
| 311 // This will merge the data from the two multibuffers and | 311 // This will merge the data from the two multibuffers and |
| 312 // cause clients to start using the new UrlData. | 312 // cause clients to start using the new UrlData. |
| 313 old_url_data->RedirectTo(destination_url_data); | 313 old_url_data->RedirectTo(destination_url_data); |
| 314 } | 314 } |
| 315 | |
| 316 // This test is vital for security! | |
|
DaleCurtis
2016/05/10 00:16:08
Needs unit test too then; did we lose a test from
hubbe
2016/05/10 22:33:23
Turns out we missed one test (added after fork), a
| |
| 317 const GURL& original_url = response.wasFetchedViaServiceWorker() | |
| 318 ? response.originalURLViaServiceWorker() | |
| 319 : response.url(); | |
| 320 if (!url_data_->ValidateDataOrigin(original_url.GetOrigin())) { | |
| 321 url_data_->Fail(); | |
| 322 } | |
| 315 } | 323 } |
| 316 | 324 |
| 317 void ResourceMultiBufferDataProvider::didReceiveData(WebURLLoader* loader, | 325 void ResourceMultiBufferDataProvider::didReceiveData(WebURLLoader* loader, |
| 318 const char* data, | 326 const char* data, |
| 319 int data_length, | 327 int data_length, |
| 320 int encoded_data_length) { | 328 int encoded_data_length) { |
| 321 DVLOG(1) << "didReceiveData: " << data_length << " bytes"; | 329 DVLOG(1) << "didReceiveData: " << data_length << " bytes"; |
| 322 DCHECK(!Available()); | 330 DCHECK(!Available()); |
| 323 DCHECK(active_loader_); | 331 DCHECK(active_loader_); |
| 324 DCHECK_GT(data_length, 0); | 332 DCHECK_GT(data_length, 0); |
| (...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 498 } | 506 } |
| 499 | 507 |
| 500 if (byte_pos() != first_byte_position) { | 508 if (byte_pos() != first_byte_position) { |
| 501 return false; | 509 return false; |
| 502 } | 510 } |
| 503 | 511 |
| 504 return true; | 512 return true; |
| 505 } | 513 } |
| 506 | 514 |
| 507 } // namespace media | 515 } // namespace media |
| OLD | NEW |
