Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(114)

Issue 2061203002: WIP Reland: service worker: Don't control a subframe of an insecure context

Created:
3 years, 2 months ago by falken
Modified:
3 years, 2 months ago
Reviewers:
CC:
chromium-reviews, kenjibaheux+watch_chromium.org, tzik, nasko+codewatch_chromium.org, eae+blinkwatch, dcheng, kinuko+watch, rwlbuis, extensions-reviews_chromium.org, jam, blink-reviews-dom_chromium.org, dglazkov+blink, darin-cc_chromium.org, blink-reviews, chromium-apps-reviews_chromium.org, blink-reviews-api_chromium.org, blink-worker-reviews_chromium.org, mlamouri+watch-content_chromium.org, creis+watch_chromium.org, jsbell+serviceworker_chromium.org, sof, nhiroki, michaeln, mlamouri+watch-blink_chromium.org, serviceworker-reviews, falken, kinuko+serviceworker, mkwst+moarreviews-renderer_chromium.org, horo+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

WIP Reland: service worker: Don't control a subframe of an insecure context We must check isSecureContext when creating the network provider to adhere to https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged. We already did this for getRegistration(), register(), unregister() but must also do this when deciding whether to control an in-scope document. BUG=607543 CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation Review-Url: https://codereview.chromium.org/2009453002 Cr-Commit-Position: refs/heads/master@{#398229}

Patch Set 1 : original patch that was reverted #

Patch Set 2 : handle claim #

Patch Set 3 : fix tests #

Patch Set 4 : maybe fix drmemory #

Unified diffs Side-by-side diffs Delta from patch set Stats (+558 lines, -148 lines) Patch
M chrome/browser/chrome_content_browser_client.h View 1 chunk +2 lines, -0 lines 0 comments Download
M chrome/browser/chrome_content_browser_client.cc View 2 chunks +6 lines, -0 lines 0 comments Download
M chrome/browser/extensions/service_worker_apitest.cc View 3 chunks +20 lines, -3 lines 0 comments Download
M content/browser/service_worker/service_worker_browsertest.cc View 1 chunk +6 lines, -5 lines 0 comments Download
M content/browser/service_worker/service_worker_context_core.cc View 1 chunk +7 lines, -7 lines 0 comments Download
M content/browser/service_worker/service_worker_context_request_handler_unittest.cc View 1 chunk +6 lines, -5 lines 0 comments Download
M content/browser/service_worker/service_worker_context_unittest.cc View 1 chunk +12 lines, -4 lines 0 comments Download
M content/browser/service_worker/service_worker_controllee_request_handler.cc View 2 chunks +12 lines, -0 lines 0 comments Download
M content/browser/service_worker/service_worker_controllee_request_handler_unittest.cc View 8 chunks +13 lines, -12 lines 0 comments Download
M content/browser/service_worker/service_worker_dispatcher_host.h View 1 chunk +2 lines, -1 line 0 comments Download
M content/browser/service_worker/service_worker_dispatcher_host.cc View 3 chunks +12 lines, -5 lines 0 comments Download
M content/browser/service_worker/service_worker_dispatcher_host_unittest.cc View 5 chunks +13 lines, -7 lines 0 comments Download
M content/browser/service_worker/service_worker_handle_unittest.cc View 1 chunk +3 lines, -2 lines 0 comments Download
M content/browser/service_worker/service_worker_job_unittest.cc View 1 chunk +6 lines, -5 lines 0 comments Download
M content/browser/service_worker/service_worker_provider_host.h View 1 2 6 chunks +28 lines, -2 lines 0 comments Download
M content/browser/service_worker/service_worker_provider_host.cc View 1 8 chunks +25 lines, -1 line 0 comments Download
M content/browser/service_worker/service_worker_provider_host_unittest.cc View 1 2 3 4 chunks +70 lines, -14 lines 0 comments Download
M content/browser/service_worker/service_worker_registration.cc View 1 2 3 1 chunk +2 lines, -0 lines 0 comments Download
M content/browser/service_worker/service_worker_request_handler_unittest.cc View 1 chunk +9 lines, -9 lines 0 comments Download
M content/browser/service_worker/service_worker_storage_unittest.cc View 3 chunks +3 lines, -0 lines 0 comments Download
M content/browser/service_worker/service_worker_url_request_job_unittest.cc View 13 chunks +17 lines, -20 lines 0 comments Download
M content/browser/service_worker/service_worker_version_unittest.cc View 1 chunk +1 line, -0 lines 0 comments Download
M content/browser/service_worker/service_worker_write_to_cache_job_unittest.cc View 1 chunk +5 lines, -3 lines 0 comments Download
M content/child/service_worker/service_worker_network_provider.h View 2 chunks +11 lines, -4 lines 0 comments Download
M content/child/service_worker/service_worker_network_provider.cc View 5 chunks +25 lines, -11 lines 0 comments Download
M content/common/service_worker/service_worker_messages.h View 1 chunk +13 lines, -2 lines 0 comments Download
M content/public/browser/content_browser_client.h View 1 chunk +6 lines, -0 lines 0 comments Download
M content/renderer/render_frame_impl.cc View 1 chunk +2 lines, -2 lines 0 comments Download
M content/renderer/service_worker/service_worker_context_client.cc View 1 chunk +2 lines, -1 line 0 comments Download
M content/renderer/shared_worker/embedded_shared_worker_stub.cc View 1 chunk +2 lines, -1 line 0 comments Download
A third_party/WebKit/LayoutTests/http/tests/serviceworker/insecure-parent-frame.html View 1 2 1 chunk +85 lines, -0 lines 0 comments Download
A third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-inscope.html View 1 1 chunk +12 lines, -0 lines 0 comments Download
A third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-parent.html View 1 1 chunk +16 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/dom/Document.h View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/Source/core/dom/Document.cpp View 4 chunks +10 lines, -21 lines 0 comments Download
M third_party/WebKit/Source/core/frame/Frame.h View 1 chunk +9 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/frame/Frame.cpp View 1 chunk +9 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/web/WebFrame.cpp View 1 chunk +8 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/web/tests/WebFrameTest.cpp View 1 chunk +58 lines, -0 lines 0 comments Download
M third_party/WebKit/public/web/WebFrame.h View 1 chunk +9 lines, -0 lines 0 comments Download

Messages

Total messages: 1 (1 generated)
falken
3 years, 2 months ago (2016-06-16 02:33:14 UTC) #1
Description was changed from

==========
Reland: service worker: Don't control a subframe of an insecure context

We must check isSecureContext when creating the network provider to
adhere to
https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged.

We already did this for getRegistration(), register(), unregister() but must
also do this when deciding whether to control an in-scope document.

BUG=607543
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2009453002
Cr-Commit-Position: refs/heads/master@{#398229}
==========

to

==========
WIP Reland: service worker: Don't control a subframe of an insecure context

We must check isSecureContext when creating the network provider to
adhere to
https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged.

We already did this for getRegistration(), register(), unregister() but must
also do this when deciding whether to control an in-scope document.

BUG=607543
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2009453002
Cr-Commit-Position: refs/heads/master@{#398229}
==========

Powered by Google App Engine
This is Rietveld 408576698