content/child/service_worker/service_worker_network_provider.cc - Issue 2009453002: service worker: Don't control a subframe of an insecure context

Unified Diff: content/child/service_worker/service_worker_network_provider.cc

Issue 2009453002: service worker: Don't control a subframe of an insecure context (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: cover plznavigation case too Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« content/browser/service_worker/service_worker_request_handler.cc ('K') | « content/child/service_worker/service_worker_network_provider.h ('k') | content/renderer/render_frame_impl.cc » ('j') | third_party/WebKit/Source/web/WebFrame.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/child/service_worker/service_worker_network_provider.cc

diff --git a/content/child/service_worker/service_worker_network_provider.cc b/content/child/service_worker/service_worker_network_provider.cc

index dab3db7517595f4598357183fb9f3af54ad28a42..d5bc153d0714f531b0581cfa3d81a8c1e0e944f1 100644

--- a/content/child/service_worker/service_worker_network_provider.cc

+++ b/content/child/service_worker/service_worker_network_provider.cc

@@ -11,6 +11,10 @@

#include "content/common/service_worker/service_worker_messages.h"

#include "content/common/service_worker/service_worker_utils.h"

#include "content/public/common/browser_side_navigation_policy.h"

+#include "third_party/WebKit/public/platform/WebSecurityOrigin.h"

+#include "third_party/WebKit/public/platform/WebString.h"

+#include "third_party/WebKit/public/web/WebLocalFrame.h"

+#include "third_party/WebKit/public/web/WebSandboxFlags.h"

namespace content {

@@ -52,7 +56,7 @@ std::unique_ptr<ServiceWorkerNetworkProvider>

ServiceWorkerNetworkProvider::CreateForNavigation(

int route_id,

const RequestNavigationParams& request_params,

- blink::WebSandboxFlags sandbox_flags,

+ blink::WebLocalFrame* frame,

bool content_initiated) {

bool browser_side_navigation = IsBrowserSideNavigationEnabled();

bool should_create_provider_for_window = false;

@@ -74,8 +78,23 @@ ServiceWorkerNetworkProvider::CreateForNavigation(

service_worker_provider_id == kInvalidServiceWorkerProviderId);

} else {

should_create_provider_for_window =

- (sandbox_flags & blink::WebSandboxFlags::Origin) !=

- blink::WebSandboxFlags::Origin;

+ ((frame->effectiveSandboxFlags() & blink::WebSandboxFlags::Origin) !=

+ blink::WebSandboxFlags::Origin);

+ }

+ if (should_create_provider_for_window) {

+ // Check if |frame| is the subframe of an insecure context.

+ // frame->document()->isSecureContext() cannot be called here since

+ // the document does not yet exist.

+ //

+ // Note that a provider is necessary but insufficient for a service worker

+ // to control the document. If |frame|'s parent is secure but |frame|

+ // turns out to load an insecure origin, a service worker would still not

+ // control the document, because service workers cannot be registered for

+ // insecure origins.

+ blink::WebString errorMessage;

+ if (frame->parent() && !frame->parent()->canHaveSecureChild(errorMessage))

+ should_create_provider_for_window = false;

}

// Now create the ServiceWorkerNetworkProvider (with invalid id if needed).