Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1225)

Unified Diff: chrome/browser/extensions/service_worker_apitest.cc

Issue 2061203002: WIP Reland: service worker: Don't control a subframe of an insecure context Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: maybe fix drmemory Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/extensions/service_worker_apitest.cc
diff --git a/chrome/browser/extensions/service_worker_apitest.cc b/chrome/browser/extensions/service_worker_apitest.cc
index e43459379906a8e0ebc2660dc7aba86da1b74f6a..2c9e0eef1de88058f76a29a436a5670cb472c838 100644
--- a/chrome/browser/extensions/service_worker_apitest.cc
+++ b/chrome/browser/extensions/service_worker_apitest.cc
@@ -25,6 +25,7 @@
#include "content/public/browser/permission_type.h"
#include "content/public/browser/web_contents.h"
#include "content/public/common/content_switches.h"
+#include "content/public/common/origin_util.h"
#include "content/public/common/page_type.h"
#include "content/public/test/background_sync_test_util.h"
#include "content/public/test/browser_test_utils.h"
@@ -33,6 +34,7 @@
#include "extensions/browser/process_manager.h"
#include "extensions/test/background_page_watcher.h"
#include "extensions/test/extension_test_message_listener.h"
+#include "net/dns/mock_host_resolver.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
namespace extensions {
@@ -634,9 +636,24 @@ IN_PROC_BROWSER_TEST_F(ServiceWorkerTest, WebAccessibleResourcesIframeSrc) {
kFlagNone);
ASSERT_TRUE(extension);
ASSERT_TRUE(StartEmbeddedTestServer());
- GURL page_url = embedded_test_server()->GetURL(
- "/extensions/api_test/service_worker/web_accessible_resources/"
- "webpage.html");
+
+ // Service workers can only control secure contexts
+ // (https://w3c.github.io/webappsec-secure-contexts/). For documents, this
+ // typically means the document must have a secure origin AND all its ancestor
+ // frames must have documents with secure origins. However, extension pages
+ // are considered secure, even if they have an ancestor document that is an
+ // insecure context (see GetSchemesBypassingSecureContextCheckWhitelist). So
+ // extension service workers must be able to control an extension page
+ // embedded in an insecure context. To test this, set up an insecure
+ // (non-localhost, non-https) URL for the web page. This page will create
+ // iframes that load extension pages that must be controllable by service
+ // worker.
+ host_resolver()->AddRule("a.com", "127.0.0.1");
+ GURL page_url =
+ embedded_test_server()->GetURL("a.com",
+ "/extensions/api_test/service_worker/"
+ "web_accessible_resources/webpage.html");
+ EXPECT_FALSE(content::IsOriginSecure(page_url));
content::WebContents* web_contents = AddTab(browser(), page_url);
std::string result;
« no previous file with comments | « chrome/browser/chrome_content_browser_client.cc ('k') | content/browser/service_worker/service_worker_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698