[ServiceWorker] Don't check the origin equality when disable-web-security flag is set.

content/browser/service_worker/service_worker_dispatcher_host.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/service_worker/service_worker_dispatcher_host.h"
 
 #include <utility>
 
+#include "base/command_line.h"
 #include "base/debug/crash_logging.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/profiler/scoped_tracker.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/trace_event/trace_event.h"
 #include "content/browser/bad_message.h"
 #include "content/browser/message_port_message_filter.h"
 #include "content/browser/message_port_service.h"
 #include "content/browser/service_worker/embedded_worker_registry.h"
 #include "content/browser/service_worker/embedded_worker_status.h"
 #include "content/browser/service_worker/service_worker_client_utils.h"
 #include "content/browser/service_worker/service_worker_context_core.h"
 #include "content/browser/service_worker/service_worker_context_wrapper.h"
 #include "content/browser/service_worker/service_worker_handle.h"
 #include "content/browser/service_worker/service_worker_registration.h"
 #include "content/browser/service_worker/service_worker_registration_handle.h"
 #include "content/common/service_worker/embedded_worker_messages.h"
 #include "content/common/service_worker/service_worker_messages.h"
 #include "content/common/service_worker/service_worker_types.h"
 #include "content/common/service_worker/service_worker_utils.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/common/browser_side_navigation_policy.h"
 #include "content/public/common/content_client.h"
+#include "content/public/common/content_switches.h"
 #include "content/public/common/origin_util.h"
 #include "ipc/ipc_message_macros.h"
 #include "third_party/WebKit/public/platform/modules/serviceworker/WebServiceWorkerError.h"
 #include "url/gurl.h"
 
 using blink::WebServiceWorkerError;
 
 namespace content {
 
 namespace {
@@ skipping 12 matching lines @@
 
 void RunSoon(const base::Closure& callback) {
   if (!callback.is_null())
     base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, callback);
 }
 
 bool CanUnregisterServiceWorker(const GURL& document_url,
                                 const GURL& pattern) {
   DCHECK(document_url.is_valid());
   DCHECK(pattern.is_valid());
-  return document_url.GetOrigin() == pattern.GetOrigin() &&
+  return (document_url.GetOrigin() == pattern.GetOrigin() ||
+          base::CommandLine::ForCurrentProcess()->HasSwitch(
+              switches::kDisableWebSecurity)) &&

[nhiroki, 2016/08/01 04:32:45]

Checking the flag whenever matching origins could be error-prone. How about
making AllOriginsMatch() to accept variable length arguments and also checking
the flag in the function like this?

/* In class ServiceWorkerUtils */

// Returns true if all given urls have the same origin or
// '--disable-web-security' flag is specified.
template <typename... Args>
static bool AllOriginsMatch(const GURL& url, const Args&... urls) {
  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
          switches::kDisableWebSecurity))
    return true;
  for (const GURL& u : { urls... }) {
    if (url.GetOrigin() != u.GetOrigin())
      return false;
  }
  return true;
}

Then,

/* In CanUnregisterServiceWorker() etc */
return ServiceWorkerUtils::AllOriginsMatch<GURL>(document_url, pattern) &&
       OriginCanAccessServiceWorkers(document_url) &&
       OriginCanAccessServiceWorkers(pattern);

[horo, 2016/08/01 07:40:55]

Done.
I introduced PassOriginEqualitySecurityCheck().

          OriginCanAccessServiceWorkers(document_url) &&
          OriginCanAccessServiceWorkers(pattern);
 }
 
 bool CanUpdateServiceWorker(const GURL& document_url, const GURL& pattern) {
   DCHECK(document_url.is_valid());
   DCHECK(pattern.is_valid());
   DCHECK(OriginCanAccessServiceWorkers(document_url));
   DCHECK(OriginCanAccessServiceWorkers(pattern));
-  return document_url.GetOrigin() == pattern.GetOrigin();
+  return document_url.GetOrigin() == pattern.GetOrigin() ||
+         base::CommandLine::ForCurrentProcess()->HasSwitch(
+             switches::kDisableWebSecurity);

[nhiroki, 2016/08/01 04:32:45]

Just to confirm: This flag has an effect only when --user-data-dir flag is also
specified, right?

[horo, 2016/08/01 07:40:55]

If "user-data-dir" flag is not set,  "disable-web-security" flag doesn't disable
the same-origin policy in Blink side.
See ChromeContentBrowserClient::OverrideWebkitPrefs().

 }
 
 bool CanGetRegistration(const GURL& document_url,
                         const GURL& given_document_url) {
   DCHECK(document_url.is_valid());
   DCHECK(given_document_url.is_valid());
-  return document_url.GetOrigin() == given_document_url.GetOrigin() &&
+  return (document_url.GetOrigin() == given_document_url.GetOrigin() ||
+          base::CommandLine::ForCurrentProcess()->HasSwitch(
+              switches::kDisableWebSecurity)) &&
          OriginCanAccessServiceWorkers(document_url) &&
          OriginCanAccessServiceWorkers(given_document_url);
 }
 
 }  // namespace
 
 ServiceWorkerDispatcherHost::ServiceWorkerDispatcherHost(
     int render_process_id,
     MessagePortMessageFilter* message_port_message_filter,
     ResourceContext* resource_context)
@@ skipping 1332 matching lines @@
   if (!handle) {
     bad_message::ReceivedBadMessage(this,
                                     bad_message::SWDH_TERMINATE_BAD_HANDLE);
     return;
   }
   handle->version()->StopWorker(
       base::Bind(&ServiceWorkerUtils::NoOpStatusCallback));
 }
 
 }  // namespace content