Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1219)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/budget/BudgetService.cpp

Issue 2366533002: Budget API calls should only succeed on secure origins (Closed)
Patch Set: Expanded unique origin test. Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/budget_service/budget_manager_unittest.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/budget/BudgetService.cpp
diff --git a/third_party/WebKit/Source/modules/budget/BudgetService.cpp b/third_party/WebKit/Source/modules/budget/BudgetService.cpp
index f73c60acc7cec39867661300830a6427db08f047..9a7833380413fbc875992d57455d778448b5dfc5 100644
--- a/third_party/WebKit/Source/modules/budget/BudgetService.cpp
+++ b/third_party/WebKit/Source/modules/budget/BudgetService.cpp
@@ -59,6 +59,10 @@ ScriptPromise BudgetService::getCost(ScriptState* scriptState, const AtomicStrin
{
DCHECK(m_service);
+ String errorMessage;
+ if (!scriptState->getExecutionContext()->isSecureContext(errorMessage))
+ return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(SecurityError, errorMessage));
+
mojom::blink::BudgetOperationType type = stringToOperationType(operation);
if (type == mojom::blink::BudgetOperationType::INVALID_OPERATION)
return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(NotSupportedError, "Invalid operation type specified"));
@@ -80,12 +84,15 @@ ScriptPromise BudgetService::getBudget(ScriptState* scriptState)
{
DCHECK(m_service);
+ String errorMessage;
+ if (!scriptState->getExecutionContext()->isSecureContext(errorMessage))
+ return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(SecurityError, errorMessage));
+
ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
ScriptPromise promise = resolver->promise();
// Get the budget from the browser BudgetService.
RefPtr<SecurityOrigin> origin(scriptState->getExecutionContext()->getSecurityOrigin());
- // TODO(harkness): Check that this is a valid secure origin.
m_service->GetBudget(origin, convertToBaseCallback(WTF::bind(&BudgetService::gotBudget, wrapPersistent(this), wrapPersistent(resolver))));
return promise;
}
@@ -113,12 +120,15 @@ ScriptPromise BudgetService::reserve(ScriptState* scriptState, const AtomicStrin
if (type == mojom::blink::BudgetOperationType::INVALID_OPERATION)
return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(NotSupportedError, "Invalid operation type specified"));
+ String errorMessage;
+ if (!scriptState->getExecutionContext()->isSecureContext(errorMessage))
+ return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(SecurityError, errorMessage));
+
ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
ScriptPromise promise = resolver->promise();
// Call to the BudgetService to place the reservation.
RefPtr<SecurityOrigin> origin(scriptState->getExecutionContext()->getSecurityOrigin());
- // TODO(harkness): Check that this is a valid secure origin.
m_service->Reserve(origin, type, convertToBaseCallback(WTF::bind(&BudgetService::gotReservation, wrapPersistent(this), wrapPersistent(resolver))));
return promise;
}
« no previous file with comments | « chrome/browser/budget_service/budget_manager_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698