Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(166)

Side by Side Diff: third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp

Issue 2362263003: Disable WebSockets API in suborigins (Closed)
Patch Set: Rebase on ToT Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-websocket.php ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google Inc. All rights reserved. 2 * Copyright (C) 2011 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after
338 // Fail if there're duplicated elements in |protocols|. 338 // Fail if there're duplicated elements in |protocols|.
339 HashSet<String> visited; 339 HashSet<String> visited;
340 for (size_t i = 0; i < protocols.size(); ++i) { 340 for (size_t i = 0; i < protocols.size(); ++i) {
341 if (!visited.add(protocols[i]).isNewEntry) { 341 if (!visited.add(protocols[i]).isNewEntry) {
342 m_state = kClosed; 342 m_state = kClosed;
343 exceptionState.throwDOMException(SyntaxError, "The subprotocol '" + encodeSubprotocolString(protocols[i]) + "' is duplicated."); 343 exceptionState.throwDOMException(SyntaxError, "The subprotocol '" + encodeSubprotocolString(protocols[i]) + "' is duplicated.");
344 return; 344 return;
345 } 345 }
346 } 346 }
347 347
348 if (getExecutionContext()->getSecurityOrigin()->hasSuborigin()) {
349 m_state = kClosed;
350 exceptionState.throwSecurityError("Connecting to a WebSocket from a subo rigin is not allowed.");
351 return;
352 }
353
348 String protocolString; 354 String protocolString;
349 if (!protocols.isEmpty()) 355 if (!protocols.isEmpty())
350 protocolString = joinStrings(protocols, subprotocolSeperator()); 356 protocolString = joinStrings(protocols, subprotocolSeperator());
351 357
352 m_channel = createChannel(getExecutionContext(), this); 358 m_channel = createChannel(getExecutionContext(), this);
353 359
354 if (!m_channel->connect(m_url, protocolString)) { 360 if (!m_channel->connect(m_url, protocolString)) {
355 m_state = kClosed; 361 m_state = kClosed;
356 exceptionState.throwSecurityError("An insecure WebSocket connection may not be initiated from a page loaded over HTTPS."); 362 exceptionState.throwSecurityError("An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.");
357 releaseChannel(); 363 releaseChannel();
(...skipping 431 matching lines...) Expand 10 before | Expand all | Expand 10 after
789 DEFINE_TRACE(DOMWebSocket) 795 DEFINE_TRACE(DOMWebSocket)
790 { 796 {
791 visitor->trace(m_channel); 797 visitor->trace(m_channel);
792 visitor->trace(m_eventQueue); 798 visitor->trace(m_eventQueue);
793 WebSocketChannelClient::trace(visitor); 799 WebSocketChannelClient::trace(visitor);
794 EventTargetWithInlineData::trace(visitor); 800 EventTargetWithInlineData::trace(visitor);
795 ActiveDOMObject::trace(visitor); 801 ActiveDOMObject::trace(visitor);
796 } 802 }
797 803
798 } // namespace blink 804 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-websocket.php ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698