Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(473)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp

Issue 2880133002: PaymentHandler: Should not allow accessing PaymentManager in Extension.
Patch Set: typo Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/test/data/extensions/api_test/service_worker/payments/page.html ('K') | « third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.h ('k') | third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.idl » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp
diff --git a/third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp b/third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp
index e8c3b7bae9441310de21a0791793174118a1bc8d..e5827bbc5437f1b05491382575a2eae41c1b18a4 100644
--- a/third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp
+++ b/third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp
@@ -4,10 +4,14 @@
#include "modules/payments/PaymentAppServiceWorkerRegistration.h"
+#include "bindings/core/v8/ExceptionState.h"
#include "core/dom/Document.h"
+#include "core/dom/ExecutionContext.h"
#include "modules/payments/PaymentManager.h"
#include "modules/serviceworkers/ServiceWorkerRegistration.h"
#include "platform/bindings/ScriptState.h"
+#include "platform/weborigin/KURL.h"
+#include "platform/weborigin/SecurityOrigin.h"
namespace blink {
@@ -32,13 +36,23 @@ PaymentAppServiceWorkerRegistration& PaymentAppServiceWorkerRegistration::From(
// static
PaymentManager* PaymentAppServiceWorkerRegistration::paymentManager(
ScriptState* script_state,
- ServiceWorkerRegistration& registration) {
+ ServiceWorkerRegistration& registration,
+ ExceptionState& exception_state) {
return PaymentAppServiceWorkerRegistration::From(registration)
- .paymentManager(script_state);
+ .paymentManager(script_state, exception_state);
}
PaymentManager* PaymentAppServiceWorkerRegistration::paymentManager(
- ScriptState* script_state) {
+ ScriptState* script_state,
+ ExceptionState& exception_state) {
+ ExecutionContext* context = ExecutionContext::From(script_state);
+ KURL origin = KURL(KURL(), context->GetSecurityOrigin()->ToString());
+ if (!origin.ProtocolIsInHTTPFamily()) {
please use gerrit instead 2017/05/15 14:46:47 Also check context->IsSecureContext().
zino 2017/05/15 18:38:12 I don't think this check is needed. because the Se
+ exception_state.ThrowSecurityError(
+ "The PaymentManger attirbute is only allowed in https://* context.");
please use gerrit instead 2017/05/15 14:46:47 PaymentManger can be used only in HTTPS scheme.
zino 2017/05/15 18:38:12 Done.
+ return nullptr;
+ }
+
if (!payment_manager_) {
payment_manager_ = PaymentManager::Create(registration_);
}
« chrome/test/data/extensions/api_test/service_worker/payments/page.html ('K') | « third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.h ('k') | third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.idl » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698