Service worker bypass for resource requests from suborigins

third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

Index: third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
diff --git a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
index 30d22655ac34043a79a7b0e020b46aef1e801c76..deac274149acfa38012d9fc6eb6883dbdd71305d 100644
--- a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
+++ b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
@@ -594,6 +594,21 @@ ResourceRequestBlockedReason FrameFetchContext::canRequestInternal(Resource::Typ
 bool FrameFetchContext::isControlledByServiceWorker() const
 {
     ASSERT(m_documentLoader || frame()->loader().documentLoader());

[Yoav Weiss, 2016/09/21 15:13:09]

I think you'd need to rebase as this is already DCHECK in my checkout

[jww, 2016/09/21 16:38:12]

Done.

+
+    // Service workers are bypassed by suborigins (see
+    // https://w3c.github.io/webappsec-suborigins/). Since service worker
+    // controllers are assigned based on physical origin, without knowledge of
+    // whether the context is in a suborigin, it is necessary to explicitly
+    // bypass service workers on a per-request basis. Additionally, it is
+    // necessary to explicitly return |false| here so that it is clear that the
+    // SW will be bypassed. In particular, this is important for
+    // ResourceFetcher::getCacheIdentifier(), which will return the SW's cache
+    // if the context's isControlledByServiceWorker() returns |true|, and thus
+    // will returned cached resources from the service worker. That would have
+    // the effect of not bypassing the SW.
+    if (getSecurityOrigin() && getSecurityOrigin()->hasSuborigin())
+        return false;
+
     if (m_documentLoader)
         return frame()->loader().client()->isControlledByServiceWorker(*m_documentLoader);
     // m_documentLoader is null while loading resources from an HTML import.