Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(494)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/modules/budget/BudgetService.cpp

Issue 2366533002: Budget API calls should only succeed on secure origins (Closed)
Patch Set: Expanded unique origin test. Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/budget_service/budget_manager_unittest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "modules/budget/BudgetService.h" 5 #include "modules/budget/BudgetService.h"
6 6
7 #include "bindings/core/v8/ScriptPromise.h" 7 #include "bindings/core/v8/ScriptPromise.h"
8 #include "bindings/core/v8/ScriptPromiseResolver.h" 8 #include "bindings/core/v8/ScriptPromiseResolver.h"
9 #include "bindings/core/v8/ScriptState.h" 9 #include "bindings/core/v8/ScriptState.h"
10 #include "core/dom/DOMException.h" 10 #include "core/dom/DOMException.h"
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
52 } 52 }
53 53
54 BudgetService::~BudgetService() 54 BudgetService::~BudgetService()
55 { 55 {
56 } 56 }
57 57
58 ScriptPromise BudgetService::getCost(ScriptState* scriptState, const AtomicStrin g& operation) 58 ScriptPromise BudgetService::getCost(ScriptState* scriptState, const AtomicStrin g& operation)
59 { 59 {
60 DCHECK(m_service); 60 DCHECK(m_service);
61 61
62 String errorMessage;
63 if (!scriptState->getExecutionContext()->isSecureContext(errorMessage))
64 return ScriptPromise::rejectWithDOMException(scriptState, DOMException:: create(SecurityError, errorMessage));
65
62 mojom::blink::BudgetOperationType type = stringToOperationType(operation); 66 mojom::blink::BudgetOperationType type = stringToOperationType(operation);
63 if (type == mojom::blink::BudgetOperationType::INVALID_OPERATION) 67 if (type == mojom::blink::BudgetOperationType::INVALID_OPERATION)
64 return ScriptPromise::rejectWithDOMException(scriptState, DOMException:: create(NotSupportedError, "Invalid operation type specified")); 68 return ScriptPromise::rejectWithDOMException(scriptState, DOMException:: create(NotSupportedError, "Invalid operation type specified"));
65 69
66 ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState) ; 70 ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState) ;
67 ScriptPromise promise = resolver->promise(); 71 ScriptPromise promise = resolver->promise();
68 72
69 // Get the cost for the action from the browser BudgetService. 73 // Get the cost for the action from the browser BudgetService.
70 m_service->GetCost(type, convertToBaseCallback(WTF::bind(&BudgetService::got Cost, wrapPersistent(this), wrapPersistent(resolver)))); 74 m_service->GetCost(type, convertToBaseCallback(WTF::bind(&BudgetService::got Cost, wrapPersistent(this), wrapPersistent(resolver))));
71 return promise; 75 return promise;
72 } 76 }
73 77
74 void BudgetService::gotCost(ScriptPromiseResolver* resolver, double cost) const 78 void BudgetService::gotCost(ScriptPromiseResolver* resolver, double cost) const
75 { 79 {
76 resolver->resolve(cost); 80 resolver->resolve(cost);
77 } 81 }
78 82
79 ScriptPromise BudgetService::getBudget(ScriptState* scriptState) 83 ScriptPromise BudgetService::getBudget(ScriptState* scriptState)
80 { 84 {
81 DCHECK(m_service); 85 DCHECK(m_service);
82 86
87 String errorMessage;
88 if (!scriptState->getExecutionContext()->isSecureContext(errorMessage))
89 return ScriptPromise::rejectWithDOMException(scriptState, DOMException:: create(SecurityError, errorMessage));
90
83 ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState) ; 91 ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState) ;
84 ScriptPromise promise = resolver->promise(); 92 ScriptPromise promise = resolver->promise();
85 93
86 // Get the budget from the browser BudgetService. 94 // Get the budget from the browser BudgetService.
87 RefPtr<SecurityOrigin> origin(scriptState->getExecutionContext()->getSecurit yOrigin()); 95 RefPtr<SecurityOrigin> origin(scriptState->getExecutionContext()->getSecurit yOrigin());
88 // TODO(harkness): Check that this is a valid secure origin.
89 m_service->GetBudget(origin, convertToBaseCallback(WTF::bind(&BudgetService: :gotBudget, wrapPersistent(this), wrapPersistent(resolver)))); 96 m_service->GetBudget(origin, convertToBaseCallback(WTF::bind(&BudgetService: :gotBudget, wrapPersistent(this), wrapPersistent(resolver))));
90 return promise; 97 return promise;
91 } 98 }
92 99
93 void BudgetService::gotBudget(ScriptPromiseResolver* resolver, mojom::blink::Bud getServiceErrorType error, const mojo::WTFArray<mojom::blink::BudgetStatePtr> ex pectations) const 100 void BudgetService::gotBudget(ScriptPromiseResolver* resolver, mojom::blink::Bud getServiceErrorType error, const mojo::WTFArray<mojom::blink::BudgetStatePtr> ex pectations) const
94 { 101 {
95 if (error != mojom::blink::BudgetServiceErrorType::NONE) { 102 if (error != mojom::blink::BudgetServiceErrorType::NONE) {
96 resolver->reject(errorTypeToException(error)); 103 resolver->reject(errorTypeToException(error));
97 return; 104 return;
98 } 105 }
99 106
100 // Copy the chunks into the budget array. 107 // Copy the chunks into the budget array.
101 HeapVector<Member<BudgetState>> budget(expectations.size()); 108 HeapVector<Member<BudgetState>> budget(expectations.size());
102 for (size_t i = 0; i < expectations.size(); i++) 109 for (size_t i = 0; i < expectations.size(); i++)
103 budget[i] = new BudgetState(expectations[i]->budget_at, expectations[i]- >time); 110 budget[i] = new BudgetState(expectations[i]->budget_at, expectations[i]- >time);
104 111
105 resolver->resolve(budget); 112 resolver->resolve(budget);
106 } 113 }
107 114
108 ScriptPromise BudgetService::reserve(ScriptState* scriptState, const AtomicStrin g& operation) 115 ScriptPromise BudgetService::reserve(ScriptState* scriptState, const AtomicStrin g& operation)
109 { 116 {
110 DCHECK(m_service); 117 DCHECK(m_service);
111 118
112 mojom::blink::BudgetOperationType type = stringToOperationType(operation); 119 mojom::blink::BudgetOperationType type = stringToOperationType(operation);
113 if (type == mojom::blink::BudgetOperationType::INVALID_OPERATION) 120 if (type == mojom::blink::BudgetOperationType::INVALID_OPERATION)
114 return ScriptPromise::rejectWithDOMException(scriptState, DOMException:: create(NotSupportedError, "Invalid operation type specified")); 121 return ScriptPromise::rejectWithDOMException(scriptState, DOMException:: create(NotSupportedError, "Invalid operation type specified"));
115 122
123 String errorMessage;
124 if (!scriptState->getExecutionContext()->isSecureContext(errorMessage))
125 return ScriptPromise::rejectWithDOMException(scriptState, DOMException:: create(SecurityError, errorMessage));
126
116 ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState) ; 127 ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState) ;
117 ScriptPromise promise = resolver->promise(); 128 ScriptPromise promise = resolver->promise();
118 129
119 // Call to the BudgetService to place the reservation. 130 // Call to the BudgetService to place the reservation.
120 RefPtr<SecurityOrigin> origin(scriptState->getExecutionContext()->getSecurit yOrigin()); 131 RefPtr<SecurityOrigin> origin(scriptState->getExecutionContext()->getSecurit yOrigin());
121 // TODO(harkness): Check that this is a valid secure origin.
122 m_service->Reserve(origin, type, convertToBaseCallback(WTF::bind(&BudgetServ ice::gotReservation, wrapPersistent(this), wrapPersistent(resolver)))); 132 m_service->Reserve(origin, type, convertToBaseCallback(WTF::bind(&BudgetServ ice::gotReservation, wrapPersistent(this), wrapPersistent(resolver))));
123 return promise; 133 return promise;
124 } 134 }
125 135
126 void BudgetService::gotReservation(ScriptPromiseResolver* resolver, mojom::blink ::BudgetServiceErrorType error, bool success) const 136 void BudgetService::gotReservation(ScriptPromiseResolver* resolver, mojom::blink ::BudgetServiceErrorType error, bool success) const
127 { 137 {
128 if (error != mojom::blink::BudgetServiceErrorType::NONE) { 138 if (error != mojom::blink::BudgetServiceErrorType::NONE) {
129 resolver->reject(errorTypeToException(error)); 139 resolver->reject(errorTypeToException(error));
130 return; 140 return;
131 } 141 }
132 142
133 resolver->resolve(success); 143 resolver->resolve(success);
134 } 144 }
135 145
136 void BudgetService::onConnectionError() 146 void BudgetService::onConnectionError()
137 { 147 {
138 LOG(ERROR) << "Unable to connect to the Mojo BudgetService."; 148 LOG(ERROR) << "Unable to connect to the Mojo BudgetService.";
139 // TODO(harkness): Reject in flight promises. 149 // TODO(harkness): Reject in flight promises.
140 } 150 }
141 151
142 } // namespace blink 152 } // namespace blink
OLDNEW
« no previous file with comments | « chrome/browser/budget_service/budget_manager_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698