Use [SecureContext] for navigator.storage

third_party/WebKit/Source/modules/quota/StorageManager.cpp

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "modules/quota/StorageManager.h"
 
 #include "bindings/core/v8/ScriptPromiseResolver.h"
 #include "bindings/modules/v8/V8StorageEstimate.h"
 #include "core/dom/DOMException.h"
 #include "core/dom/Document.h"
@@ skipping 42 matching lines @@
  private:
   Member<ScriptPromiseResolver> m_resolver;
 };
 
 }  // namespace
 
 ScriptPromise StorageManager::persist(ScriptState* scriptState) {
   ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
   ScriptPromise promise = resolver->promise();
   ExecutionContext* executionContext = scriptState->getExecutionContext();
+  DCHECK(executionContext->isSecureContext());  // [SecureContext] in IDL
   SecurityOrigin* securityOrigin = executionContext->getSecurityOrigin();
-  // TODO(dgrogan): Is the isUnique() check covered by the later
-  // isSecureContext() check? If so, maybe remove it. Write a test if it
-  // stays.
+  // TODO(jsbell): Is the isUnique() check covered by [SecureContext]? If so,

[jsbell, 2017/02/11 01:01:43]

I'm keeping this TODO but maybe mkwst@ has an answer? 

Tracing through the code, the isPotentiallyTrustworthy() check would allow
unique origins that have had setUniqueOriginIsPotentiallyTrustworthy() called,
which apparently happens sometimes (e.g. Document::initSecurityContext). If I'm
reading the code (and [HTML]) correctly, you can get a secure context for a
sandboxed iframe.

The Storage spec says nothing about unique origins, but they make no sense as
far as storage-related APIs are concerned. Our existing storage APIs block them
as this code does. Maybe we want another attribute to restrict this from being
used in unique origins?

+  // maybe remove it. Write a test if it stays.
   if (securityOrigin->isUnique()) {
     resolver->reject(DOMException::create(NotSupportedError));
     return promise;
   }
-  String errorMessage;
-  if (!executionContext->isSecureContext(errorMessage)) {
-    resolver->reject(DOMException::create(SecurityError, errorMessage));
-    return promise;
-  }
+
   ASSERT(executionContext->isDocument());
   PermissionService* permissionService =
       getPermissionService(scriptState->getExecutionContext());
   if (!permissionService) {
     resolver->reject(DOMException::create(
         InvalidStateError,
         "In its current state, the global scope can't request permissions."));
     return promise;
   }
   permissionService->RequestPermission(
       createPermissionDescriptor(PermissionName::DURABLE_STORAGE),
       scriptState->getExecutionContext()->getSecurityOrigin(),
       UserGestureIndicator::processingUserGesture(),
       convertToBaseCallback(
           WTF::bind(&StorageManager::permissionRequestComplete,
                     wrapPersistent(this), wrapPersistent(resolver))));
 
   return promise;
 }
 
 ScriptPromise StorageManager::persisted(ScriptState* scriptState) {
   ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
   ScriptPromise promise = resolver->promise();
+  ExecutionContext* executionContext = scriptState->getExecutionContext();
+  DCHECK(executionContext->isSecureContext());  // [SecureContext] in IDL
+  SecurityOrigin* securityOrigin = executionContext->getSecurityOrigin();
+  // TODO(jsbell): Is the isUnique() check covered by [SecureContext]? If so,
+  // maybe remove it. Write a test if it stays.
+  if (securityOrigin->isUnique()) {
+    resolver->reject(DOMException::create(NotSupportedError));
+    return promise;
+  }
+
   PermissionService* permissionService =
       getPermissionService(scriptState->getExecutionContext());
   if (!permissionService) {
     resolver->reject(DOMException::create(
         InvalidStateError,
         "In its current state, the global scope can't query permissions."));
     return promise;
   }
   permissionService->HasPermission(
       createPermissionDescriptor(PermissionName::DURABLE_STORAGE),
       scriptState->getExecutionContext()->getSecurityOrigin(),
       convertToBaseCallback(
           WTF::bind(&StorageManager::permissionRequestComplete,
                     wrapPersistent(this), wrapPersistent(resolver))));
   return promise;
 }
 
 ScriptPromise StorageManager::estimate(ScriptState* scriptState) {
   ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
   ScriptPromise promise = resolver->promise();
   ExecutionContext* executionContext = scriptState->getExecutionContext();
+  DCHECK(executionContext->isSecureContext());  // [SecureContext] in IDL
   SecurityOrigin* securityOrigin = executionContext->getSecurityOrigin();
+  // TODO(jsbell): Is the isUnique() check covered by [SecureContext]? If so,
+  // maybe remove it. Write a test if it stays.
   if (securityOrigin->isUnique()) {
     resolver->reject(DOMException::create(NotSupportedError));
     return promise;
   }
-  // IDL has: [SecureContext]
-  String errorMessage;
-  if (!executionContext->isSecureContext(errorMessage)) {
-    resolver->reject(DOMException::create(SecurityError, errorMessage));
-    return promise;
-  }
 
   KURL storagePartition = KURL(KURL(), securityOrigin->toString());
   Platform::current()->queryStorageUsageAndQuota(
       storagePartition, WebStorageQuotaTypeTemporary,
       new EstimateCallbacks(resolver));
   return promise;
 }
 
 DEFINE_TRACE(StorageManager) {}
 
@@ skipping 14 matching lines @@
 
 void StorageManager::permissionRequestComplete(ScriptPromiseResolver* resolver,
                                                PermissionStatus status) {
   if (!resolver->getExecutionContext() ||
       resolver->getExecutionContext()->isContextDestroyed())
     return;
   resolver->resolve(status == PermissionStatus::GRANTED);
 }
 
 }  // namespace blink