| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/service_worker/service_worker_dispatcher_host.h" | 5 #include "content/browser/service_worker/service_worker_dispatcher_host.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/strings/utf_string_conversions.h" | 8 #include "base/strings/utf_string_conversions.h" |
| 9 #include "content/browser/child_process_security_policy_impl.h" |
| 9 #include "content/browser/message_port_message_filter.h" | 10 #include "content/browser/message_port_message_filter.h" |
| 10 #include "content/browser/message_port_service.h" | 11 #include "content/browser/message_port_service.h" |
| 11 #include "content/browser/service_worker/embedded_worker_registry.h" | 12 #include "content/browser/service_worker/embedded_worker_registry.h" |
| 12 #include "content/browser/service_worker/service_worker_context_core.h" | 13 #include "content/browser/service_worker/service_worker_context_core.h" |
| 13 #include "content/browser/service_worker/service_worker_context_wrapper.h" | 14 #include "content/browser/service_worker/service_worker_context_wrapper.h" |
| 14 #include "content/browser/service_worker/service_worker_handle.h" | 15 #include "content/browser/service_worker/service_worker_handle.h" |
| 15 #include "content/browser/service_worker/service_worker_registration.h" | 16 #include "content/browser/service_worker/service_worker_registration.h" |
| 16 #include "content/browser/service_worker/service_worker_utils.h" | 17 #include "content/browser/service_worker/service_worker_utils.h" |
| 17 #include "content/common/service_worker/embedded_worker_messages.h" | 18 #include "content/common/service_worker/embedded_worker_messages.h" |
| 18 #include "content/common/service_worker/service_worker_messages.h" | 19 #include "content/common/service_worker/service_worker_messages.h" |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 154 const GURL& script_url) { | 155 const GURL& script_url) { |
| 155 if (!GetContext() || !ServiceWorkerUtils::IsFeatureEnabled()) { | 156 if (!GetContext() || !ServiceWorkerUtils::IsFeatureEnabled()) { |
| 156 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( | 157 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
| 157 thread_id, | 158 thread_id, |
| 158 request_id, | 159 request_id, |
| 159 WebServiceWorkerError::ErrorTypeDisabled, | 160 WebServiceWorkerError::ErrorTypeDisabled, |
| 160 base::ASCIIToUTF16(kDisabledErrorMessage))); | 161 base::ASCIIToUTF16(kDisabledErrorMessage))); |
| 161 return; | 162 return; |
| 162 } | 163 } |
| 163 | 164 |
| 164 // TODO(alecflett): This check is insufficient for release. Add a | |
| 165 // ServiceWorker-specific policy query in | |
| 166 // ChildProcessSecurityImpl. See http://crbug.com/311631. | |
| 167 if (pattern.GetOrigin() != script_url.GetOrigin()) { | |
| 168 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( | |
| 169 thread_id, | |
| 170 request_id, | |
| 171 WebServiceWorkerError::ErrorTypeSecurity, | |
| 172 base::ASCIIToUTF16(kDomainMismatchErrorMessage))); | |
| 173 return; | |
| 174 } | |
| 175 | |
| 176 ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost( | 165 ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost( |
| 177 render_process_id_, provider_id); | 166 render_process_id_, provider_id); |
| 178 if (!provider_host) { | 167 if (!provider_host) { |
| 179 BadMessageReceived(); | 168 BadMessageReceived(); |
| 180 return; | 169 return; |
| 181 } | 170 } |
| 182 | 171 |
| 172 if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRegisterServiceWorker( |
| 173 provider_host->document_url(), pattern, script_url)) { |
| 174 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
| 175 thread_id, |
| 176 request_id, |
| 177 WebServiceWorkerError::ErrorTypeSecurity, |
| 178 base::ASCIIToUTF16(kDomainMismatchErrorMessage))); |
| 179 return; |
| 180 } |
| 183 GetContext()->RegisterServiceWorker( | 181 GetContext()->RegisterServiceWorker( |
| 184 pattern, | 182 pattern, |
| 185 script_url, | 183 script_url, |
| 186 render_process_id_, | 184 render_process_id_, |
| 187 provider_host, | 185 provider_host, |
| 188 base::Bind(&ServiceWorkerDispatcherHost::RegistrationComplete, | 186 base::Bind(&ServiceWorkerDispatcherHost::RegistrationComplete, |
| 189 this, | 187 this, |
| 190 thread_id, | 188 thread_id, |
| 191 request_id)); | 189 request_id)); |
| 192 } | 190 } |
| 193 | 191 |
| 194 void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker( | 192 void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker( |
| 195 int thread_id, | 193 int thread_id, |
| 196 int request_id, | 194 int request_id, |
| 197 int provider_id, | 195 int provider_id, |
| 198 const GURL& pattern) { | 196 const GURL& pattern) { |
| 199 // TODO(alecflett): This check is insufficient for release. Add a | |
| 200 // ServiceWorker-specific policy query in | |
| 201 // ChildProcessSecurityImpl. See http://crbug.com/311631. | |
| 202 if (!GetContext() || !ServiceWorkerUtils::IsFeatureEnabled()) { | 197 if (!GetContext() || !ServiceWorkerUtils::IsFeatureEnabled()) { |
| 203 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( | 198 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
| 204 thread_id, | 199 thread_id, |
| 205 request_id, | 200 request_id, |
| 206 blink::WebServiceWorkerError::ErrorTypeDisabled, | 201 blink::WebServiceWorkerError::ErrorTypeDisabled, |
| 207 base::ASCIIToUTF16(kDisabledErrorMessage))); | 202 base::ASCIIToUTF16(kDisabledErrorMessage))); |
| 208 return; | 203 return; |
| 209 } | 204 } |
| 210 | 205 |
| 211 ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost( | 206 ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost( |
| 212 render_process_id_, provider_id); | 207 render_process_id_, provider_id); |
| 213 if (!provider_host) { | 208 if (!provider_host) { |
| 214 BadMessageReceived(); | 209 BadMessageReceived(); |
| 215 return; | 210 return; |
| 216 } | 211 } |
| 217 | 212 |
| 213 if (!ChildProcessSecurityPolicyImpl::GetInstance()-> |
| 214 CanUnregisterServiceWorker(provider_host->document_url(), pattern)) { |
| 215 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
| 216 thread_id, |
| 217 request_id, |
| 218 WebServiceWorkerError::ErrorTypeSecurity, |
| 219 base::ASCIIToUTF16(kDomainMismatchErrorMessage))); |
| 220 return; |
| 221 } |
| 222 |
| 218 GetContext()->UnregisterServiceWorker( | 223 GetContext()->UnregisterServiceWorker( |
| 219 pattern, | 224 pattern, |
| 220 base::Bind(&ServiceWorkerDispatcherHost::UnregistrationComplete, | 225 base::Bind(&ServiceWorkerDispatcherHost::UnregistrationComplete, |
| 221 this, | 226 this, |
| 222 thread_id, | 227 thread_id, |
| 223 request_id)); | 228 request_id)); |
| 224 } | 229 } |
| 225 | 230 |
| 226 void ServiceWorkerDispatcherHost::OnPostMessageToWorker( | 231 void ServiceWorkerDispatcherHost::OnPostMessageToWorker( |
| 227 int handle_id, | 232 int handle_id, |
| (...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 410 status, &error_type, &error_message); | 415 status, &error_type, &error_message); |
| 411 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( | 416 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
| 412 thread_id, request_id, error_type, error_message)); | 417 thread_id, request_id, error_type, error_message)); |
| 413 } | 418 } |
| 414 | 419 |
| 415 ServiceWorkerContextCore* ServiceWorkerDispatcherHost::GetContext() { | 420 ServiceWorkerContextCore* ServiceWorkerDispatcherHost::GetContext() { |
| 416 return context_wrapper_->context(); | 421 return context_wrapper_->context(); |
| 417 } | 422 } |
| 418 | 423 |
| 419 } // namespace content | 424 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 334413004:
Add URL origin checks for Service Worker (un)registration (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src