Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(746)

Unified Diff: content/child/service_worker/service_worker_network_provider.cc

Issue 2009453002: service worker: Don't control a subframe of an insecure context (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: refactor errorMessage Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/child/service_worker/service_worker_network_provider.cc
diff --git a/content/child/service_worker/service_worker_network_provider.cc b/content/child/service_worker/service_worker_network_provider.cc
index 0632e81e09b3cbaa83e0fbb0e0e0267c160bd782..ab7597cda148c2f0b60b8336ffcbd97e86981cb3 100644
--- a/content/child/service_worker/service_worker_network_provider.cc
+++ b/content/child/service_worker/service_worker_network_provider.cc
@@ -11,6 +11,8 @@
#include "content/common/service_worker/service_worker_messages.h"
#include "content/common/service_worker/service_worker_utils.h"
#include "content/public/common/browser_side_navigation_policy.h"
+#include "third_party/WebKit/public/web/WebLocalFrame.h"
+#include "third_party/WebKit/public/web/WebSandboxFlags.h"
namespace content {
@@ -43,7 +45,7 @@ std::unique_ptr<ServiceWorkerNetworkProvider>
ServiceWorkerNetworkProvider::CreateForNavigation(
int route_id,
const RequestNavigationParams& request_params,
- blink::WebSandboxFlags sandbox_flags,
+ blink::WebLocalFrame* frame,
bool content_initiated) {
bool browser_side_navigation = IsBrowserSideNavigationEnabled();
bool should_create_provider_for_window = false;
@@ -65,24 +67,33 @@ ServiceWorkerNetworkProvider::CreateForNavigation(
service_worker_provider_id == kInvalidServiceWorkerProviderId);
} else {
should_create_provider_for_window =
- (sandbox_flags & blink::WebSandboxFlags::Origin) !=
- blink::WebSandboxFlags::Origin;
+ ((frame->effectiveSandboxFlags() & blink::WebSandboxFlags::Origin) !=
+ blink::WebSandboxFlags::Origin);
}
// Now create the ServiceWorkerNetworkProvider (with invalid id if needed).
if (should_create_provider_for_window) {
+ // Ideally Document::isSecureContext would be called here, but the document
+ // is not created yet, and due to redirects the URL may change. So pass
+ // is_parent_frame_secure to the browser process, so it can determine the
+ // context security when deciding whether to allow a service worker to
+ // control the document.
+ bool is_parent_frame_secure =
+ !frame->parent() || frame->parent()->canHaveSecureChild();
+
if (service_worker_provider_id == kInvalidServiceWorkerProviderId) {
network_provider = std::unique_ptr<ServiceWorkerNetworkProvider>(
new ServiceWorkerNetworkProvider(route_id,
- SERVICE_WORKER_PROVIDER_FOR_WINDOW));
+ SERVICE_WORKER_PROVIDER_FOR_WINDOW,
+ is_parent_frame_secure));
} else {
CHECK(browser_side_navigation);
DCHECK(ServiceWorkerUtils::IsBrowserAssignedProviderId(
service_worker_provider_id));
network_provider = std::unique_ptr<ServiceWorkerNetworkProvider>(
- new ServiceWorkerNetworkProvider(route_id,
- SERVICE_WORKER_PROVIDER_FOR_WINDOW,
- service_worker_provider_id));
+ new ServiceWorkerNetworkProvider(
+ route_id, SERVICE_WORKER_PROVIDER_FOR_WINDOW,
+ service_worker_provider_id, is_parent_frame_secure));
}
} else {
network_provider = std::unique_ptr<ServiceWorkerNetworkProvider>(
@@ -94,7 +105,8 @@ ServiceWorkerNetworkProvider::CreateForNavigation(
ServiceWorkerNetworkProvider::ServiceWorkerNetworkProvider(
int route_id,
ServiceWorkerProviderType provider_type,
- int browser_provider_id)
+ int browser_provider_id,
+ bool is_parent_frame_secure)
: provider_id_(browser_provider_id) {
if (provider_id_ == kInvalidServiceWorkerProviderId)
return;
@@ -104,15 +116,17 @@ ServiceWorkerNetworkProvider::ServiceWorkerNetworkProvider(
provider_id_, provider_type,
ChildThreadImpl::current()->thread_safe_sender());
ChildThreadImpl::current()->Send(new ServiceWorkerHostMsg_ProviderCreated(
- provider_id_, route_id, provider_type));
+ provider_id_, route_id, provider_type, is_parent_frame_secure));
}
ServiceWorkerNetworkProvider::ServiceWorkerNetworkProvider(
int route_id,
- ServiceWorkerProviderType provider_type)
+ ServiceWorkerProviderType provider_type,
+ bool is_parent_frame_secure)
: ServiceWorkerNetworkProvider(route_id,
provider_type,
- GetNextProviderId()) {}
+ GetNextProviderId(),
+ is_parent_frame_secure) {}
ServiceWorkerNetworkProvider::ServiceWorkerNetworkProvider()
: provider_id_(kInvalidServiceWorkerProviderId) {}

Powered by Google App Engine
This is Rietveld 408576698