Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(624)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 2055433002: Revert of service worker: Don't control a subframe of an insecure context (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/Document.h ('k') | third_party/WebKit/Source/core/frame/Frame.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/dom/Document.cpp
diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp
index f9c5602a6102cf49caa7c325114d588192cee7eb..76c57e79f91044268011c9d41f0a9e8943d5b79d 100644
--- a/third_party/WebKit/Source/core/dom/Document.cpp
+++ b/third_party/WebKit/Source/core/dom/Document.cpp
@@ -354,6 +354,15 @@
return element.document().frame() && element.rootEditableElement();
}
+static bool isOriginPotentiallyTrustworthy(SecurityOrigin* origin, String* errorMessage)
+{
+ if (origin->isPotentiallyTrustworthy())
+ return true;
+ if (errorMessage)
+ *errorMessage = origin->isPotentiallyTrustworthyErrorMessage();
+ return false;
+}
+
uint64_t Document::s_globalTreeVersion = 0;
static bool s_threadedParsingEnabledForTesting = true;
@@ -3311,7 +3320,7 @@
setMimeType(other.contentType());
}
-bool Document::isSecureContextImpl(const SecureContextCheck privilegeContextCheck) const
+bool Document::isSecureContextImpl(String* errorMessage, const SecureContextCheck privilegeContextCheck) const
{
// There may be exceptions for the secure context check defined for certain
// schemes. The exceptions are applied only to the special scheme and to
@@ -3341,16 +3350,21 @@
//
// In all cases, a frame must be potentially trustworthy in addition to
// having an exception listed in order for the exception to be granted.
- if (!getSecurityOrigin()->isPotentiallyTrustworthy())
+ if (!isOriginPotentiallyTrustworthy(getSecurityOrigin(), errorMessage))
return false;
if (SchemeRegistry::schemeShouldBypassSecureContextCheck(getSecurityOrigin()->protocol()))
return true;
if (privilegeContextCheck == StandardSecureContextCheck) {
- Frame* parent = m_frame ? m_frame->tree().parent() : nullptr;
- if (parent && !parent->canHaveSecureChild())
- return false;
+ if (!m_frame)
+ return true;
+ Frame* parent = m_frame->tree().parent();
+ while (parent) {
+ if (!isOriginPotentiallyTrustworthy(parent->securityContext()->getSecurityOrigin(), errorMessage))
+ return false;
+ parent = parent->tree().parent();
+ }
}
return true;
}
@@ -5827,15 +5841,12 @@
bool Document::isSecureContext(String& errorMessage, const SecureContextCheck privilegeContextCheck) const
{
- if (isSecureContextImpl(privilegeContextCheck))
- return true;
- errorMessage = SecurityOrigin::isPotentiallyTrustworthyErrorMessage();
- return false;
+ return isSecureContextImpl(&errorMessage, privilegeContextCheck);
}
bool Document::isSecureContext(const SecureContextCheck privilegeContextCheck) const
{
- return isSecureContextImpl(privilegeContextCheck);
+ return isSecureContextImpl(nullptr, privilegeContextCheck);
}
WebTaskRunner* Document::loadingTaskRunner() const
« no previous file with comments | « third_party/WebKit/Source/core/dom/Document.h ('k') | third_party/WebKit/Source/core/frame/Frame.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698