Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(350)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/service_worker/service_worker_utils.cc

Issue 2196633002: [ServiceWorker] Don't check the origin equality when disable-web-security flag is set. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: incorporated nhiroki and shimazu's comment Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/service_worker/service_worker_utils.h ('k') | content/test/data/service_worker/disable_web_security_get_registration.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/service_worker/service_worker_utils.h" 5 #include "content/common/service_worker/service_worker_utils.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/command_line.h"
9 #include "base/logging.h" 10 #include "base/logging.h"
10 #include "base/strings/string_util.h" 11 #include "base/strings/string_util.h"
12 #include "content/public/common/content_switches.h"
nhiroki 2016/08/01 08:21:25 These inclusions are not necessary.
horo 2016/08/01 10:48:47 Done.
11 #include "content/public/common/origin_util.h" 13 #include "content/public/common/origin_util.h"
12 14
13 namespace content { 15 namespace content {
14 16
15 namespace { 17 namespace {
16 18
17 bool PathContainsDisallowedCharacter(const GURL& url) { 19 bool PathContainsDisallowedCharacter(const GURL& url) {
18 std::string path = url.path(); 20 std::string path = url.path();
19 DCHECK(base::IsStringUTF8(path)); 21 DCHECK(base::IsStringUTF8(path));
20 22
21 // We should avoid these escaped characters in the path component because 23 // We should avoid these escaped characters in the path component because
22 // these can be handled differently depending on server implementation. 24 // these can be handled differently depending on server implementation.
23 if (path.find("%2f") != std::string::npos || 25 if (path.find("%2f") != std::string::npos ||
24 path.find("%2F") != std::string::npos) { 26 path.find("%2F") != std::string::npos) {
25 return true; 27 return true;
26 } 28 }
27 if (path.find("%5c") != std::string::npos || 29 if (path.find("%5c") != std::string::npos ||
28 path.find("%5C") != std::string::npos) { 30 path.find("%5C") != std::string::npos) {
29 return true; 31 return true;
30 } 32 }
31 return false; 33 return false;
32 } 34 }
33 35
34 bool AllOriginsMatch(const GURL& url_a, const GURL& url_b, const GURL& url_c) {
35 return url_a.GetOrigin() == url_b.GetOrigin() &&
36 url_a.GetOrigin() == url_c.GetOrigin();
37 }
38
39 } // namespace 36 } // namespace
40 37
41 // static 38 // static
42 bool ServiceWorkerUtils::ScopeMatches(const GURL& scope, const GURL& url) { 39 bool ServiceWorkerUtils::ScopeMatches(const GURL& scope, const GURL& url) {
43 DCHECK(!scope.has_ref()); 40 DCHECK(!scope.has_ref());
44 return base::StartsWith(url.spec(), scope.spec(), 41 return base::StartsWith(url.spec(), scope.spec(),
45 base::CompareCase::SENSITIVE); 42 base::CompareCase::SENSITIVE);
46 } 43 }
47 44
48 // static 45 // static
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
109 return false; 106 return false;
110 } 107 }
111 108
112 // static 109 // static
113 bool ServiceWorkerUtils::CanRegisterServiceWorker(const GURL& context_url, 110 bool ServiceWorkerUtils::CanRegisterServiceWorker(const GURL& context_url,
114 const GURL& pattern, 111 const GURL& pattern,
115 const GURL& script_url) { 112 const GURL& script_url) {
116 DCHECK(context_url.is_valid()); 113 DCHECK(context_url.is_valid());
117 DCHECK(pattern.is_valid()); 114 DCHECK(pattern.is_valid());
118 DCHECK(script_url.is_valid()); 115 DCHECK(script_url.is_valid());
119 return AllOriginsMatch(context_url, pattern, script_url) && 116 return ServiceWorkerUtils::PassOriginEqualitySecurityCheck<GURL>(
117 context_url, pattern, script_url) &&
120 OriginCanAccessServiceWorkers(context_url) && 118 OriginCanAccessServiceWorkers(context_url) &&
121 OriginCanAccessServiceWorkers(pattern) && 119 OriginCanAccessServiceWorkers(pattern) &&
122 OriginCanAccessServiceWorkers(script_url); 120 OriginCanAccessServiceWorkers(script_url);
123 } 121 }
124 122
125 bool LongestScopeMatcher::MatchLongest(const GURL& scope) { 123 bool LongestScopeMatcher::MatchLongest(const GURL& scope) {
126 if (!ServiceWorkerUtils::ScopeMatches(scope, url_)) 124 if (!ServiceWorkerUtils::ScopeMatches(scope, url_))
127 return false; 125 return false;
128 if (match_.is_empty() || match_.spec().size() < scope.spec().size()) { 126 if (match_.is_empty() || match_.spec().size() < scope.spec().size()) {
129 match_ = scope; 127 match_ = scope;
130 return true; 128 return true;
131 } 129 }
132 return false; 130 return false;
133 } 131 }
134 132
135 } // namespace content 133 } // namespace content
OLDNEW
« no previous file with comments | « content/common/service_worker/service_worker_utils.h ('k') | content/test/data/service_worker/disable_web_security_get_registration.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698