content/browser/service_worker/service_worker_dispatcher_host.cc - Issue 334413004: Add URL origin checks for Service Worker (un)registration

Side by Side Diff: content/browser/service_worker/service_worker_dispatcher_host.cc

Issue 334413004: Add URL origin checks for Service Worker (un)registration (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: move out of CPSP Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/service_worker/service_worker_dispatcher_host.h"	5 #include "content/browser/service_worker/service_worker_dispatcher_host.h"

6	6

7 #include "base/logging.h"	7 #include "base/logging.h"

8 #include "base/strings/utf_string_conversions.h"	8 #include "base/strings/utf_string_conversions.h"

9 #include "content/browser/message_port_message_filter.h"	9 #include "content/browser/message_port_message_filter.h"

10 #include "content/browser/message_port_service.h"	10 #include "content/browser/message_port_service.h"

(...skipping 18 matching lines...) Expand all Loading...
29 const char kDisabledErrorMessage[] =	29 const char kDisabledErrorMessage[] =

30 "ServiceWorker is disabled";	30 "ServiceWorker is disabled";

31 const char kDomainMismatchErrorMessage[] =	31 const char kDomainMismatchErrorMessage[] =

32 "Scope and scripts do not have the same origin";	32 "Scope and scripts do not have the same origin";

33	33

34 const uint32 kFilteredMessageClasses[] = {	34 const uint32 kFilteredMessageClasses[] = {

35 ServiceWorkerMsgStart,	35 ServiceWorkerMsgStart,

36 EmbeddedWorkerMsgStart,	36 EmbeddedWorkerMsgStart,

37 };	37 };

38	38

	39 bool CanRegisterServiceWorker(const GURL& document_url,

	40 const GURL& pattern,

	41 const GURL& script_url) {

	42 return document_url.GetOrigin() == pattern.GetOrigin() &&

	43 document_url.GetOrigin() == script_url.GetOrigin();
	michaeln 2014/06/19 00:04:50 can you add a todo to respect chrome's content set can you add a todo to respect chrome's content settings falken 2014/06/19 00:23:34 Just to make sure I understand, this means we plan Show quoted text On 2014/06/19 00:04:50, michaeln wrote: > can you add a todo to respect chrome's content settings Just to make sure I understand, this means we plan in the future to add something like AllowServiceWorker to content settings, like we have for appcache? Geniune/naive question, why would we do this for SW and not other web platform features? I guess, it's just too powerful (installed state, network intercept, etc...)? michaeln 2014/06/19 00:35:46 Yes, something like AllowServiceWorker(). And we d Show quoted text On 2014/06/19 00:23:34, falken wrote: > On 2014/06/19 00:04:50, michaeln wrote: > > can you add a todo to respect chrome's content settings > > Just to make sure I understand, this means we plan in the future to add > something like AllowServiceWorker to content settings, like we have for > appcache? Geniune/naive question, why would we do this for SW and not other web > platform features? I guess, it's just too powerful (installed state, network > intercept, etc...)? Yes, something like AllowServiceWorker(). And we do do this for lots of other storage related platform features, its important for privacy.
	44 }

	45

	46 bool CanUnregisterServiceWorker(const GURL& document_url,

	47 const GURL& pattern) {

	48 return document_url.GetOrigin() == pattern.GetOrigin();

	49 }

	50

39 } // namespace	51 } // namespace

40	52

41 ServiceWorkerDispatcherHost::ServiceWorkerDispatcherHost(	53 ServiceWorkerDispatcherHost::ServiceWorkerDispatcherHost(

42 int render_process_id,	54 int render_process_id,

43 MessagePortMessageFilter* message_port_message_filter)	55 MessagePortMessageFilter* message_port_message_filter)

44 : BrowserMessageFilter(kFilteredMessageClasses,	56 : BrowserMessageFilter(kFilteredMessageClasses,

45 arraysize(kFilteredMessageClasses)),	57 arraysize(kFilteredMessageClasses)),

46 render_process_id_(render_process_id),	58 render_process_id_(render_process_id),

47 message_port_message_filter_(message_port_message_filter),	59 message_port_message_filter_(message_port_message_filter),

48 channel_ready_(false) {	60 channel_ready_(false) {

(...skipping 105 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
154 const GURL& script_url) {	166 const GURL& script_url) {

155 if (!GetContext() \|\| !ServiceWorkerUtils::IsFeatureEnabled()) {	167 if (!GetContext() \|\| !ServiceWorkerUtils::IsFeatureEnabled()) {

156 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(	168 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(

157 thread_id,	169 thread_id,

158 request_id,	170 request_id,

159 WebServiceWorkerError::ErrorTypeDisabled,	171 WebServiceWorkerError::ErrorTypeDisabled,

160 base::ASCIIToUTF16(kDisabledErrorMessage)));	172 base::ASCIIToUTF16(kDisabledErrorMessage)));

161 return;	173 return;

162 }	174 }

163	175

164 // TODO(alecflett): This check is insufficient for release. Add a

165 // ServiceWorker-specific policy query in

166 // ChildProcessSecurityImpl. See http://crbug.com/311631.

167 if (pattern.GetOrigin() != script_url.GetOrigin()) {

168 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(

169 thread_id,

170 request_id,

171 WebServiceWorkerError::ErrorTypeSecurity,

172 base::ASCIIToUTF16(kDomainMismatchErrorMessage)));

173 return;

174 }

175

176 ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost(	176 ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost(

177 render_process_id_, provider_id);	177 render_process_id_, provider_id);

178 if (!provider_host) {	178 if (!provider_host) {

179 BadMessageReceived();	179 BadMessageReceived();

180 return;	180 return;

181 }	181 }

182 if (!provider_host->IsContextAlive()) {	182 if (!provider_host->IsContextAlive()) {

183 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(	183 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(

184 thread_id,	184 thread_id,

185 request_id,	185 request_id,

186 WebServiceWorkerError::ErrorTypeDisabled,	186 WebServiceWorkerError::ErrorTypeDisabled,

187 base::ASCIIToUTF16(kDisabledErrorMessage)));	187 base::ASCIIToUTF16(kDisabledErrorMessage)));

188 return;	188 return;

189 }	189 }

190	190

	191 if (!CanRegisterServiceWorker(

	192 provider_host->document_url(), pattern, script_url)) {

	193 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(

	194 thread_id,

	195 request_id,

	196 WebServiceWorkerError::ErrorTypeSecurity,

	197 base::ASCIIToUTF16(kDomainMismatchErrorMessage)));

	198 return;

	199 }

191 GetContext()->RegisterServiceWorker(	200 GetContext()->RegisterServiceWorker(

192 pattern,	201 pattern,

193 script_url,	202 script_url,

194 render_process_id_,	203 render_process_id_,

195 provider_host,	204 provider_host,

196 base::Bind(&ServiceWorkerDispatcherHost::RegistrationComplete,	205 base::Bind(&ServiceWorkerDispatcherHost::RegistrationComplete,

197 this,	206 this,

198 thread_id,	207 thread_id,

199 request_id));	208 request_id));

200 }	209 }

201	210

202 void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker(	211 void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker(

203 int thread_id,	212 int thread_id,

204 int request_id,	213 int request_id,

205 int provider_id,	214 int provider_id,

206 const GURL& pattern) {	215 const GURL& pattern) {

207 // TODO(alecflett): This check is insufficient for release. Add a

208 // ServiceWorker-specific policy query in

209 // ChildProcessSecurityImpl. See http://crbug.com/311631.

210 if (!GetContext() \|\| !ServiceWorkerUtils::IsFeatureEnabled()) {	216 if (!GetContext() \|\| !ServiceWorkerUtils::IsFeatureEnabled()) {

211 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(	217 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(

212 thread_id,	218 thread_id,

213 request_id,	219 request_id,

214 blink::WebServiceWorkerError::ErrorTypeDisabled,	220 blink::WebServiceWorkerError::ErrorTypeDisabled,

215 base::ASCIIToUTF16(kDisabledErrorMessage)));	221 base::ASCIIToUTF16(kDisabledErrorMessage)));

216 return;	222 return;

217 }	223 }

218	224

219 ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost(	225 ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost(

220 render_process_id_, provider_id);	226 render_process_id_, provider_id);

221 if (!provider_host) {	227 if (!provider_host) {

222 BadMessageReceived();	228 BadMessageReceived();

223 return;	229 return;

224 }	230 }

225 if (!provider_host->IsContextAlive()) {	231 if (!provider_host->IsContextAlive()) {

226 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(	232 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(

227 thread_id,	233 thread_id,

228 request_id,	234 request_id,

229 blink::WebServiceWorkerError::ErrorTypeDisabled,	235 blink::WebServiceWorkerError::ErrorTypeDisabled,

230 base::ASCIIToUTF16(kDisabledErrorMessage)));	236 base::ASCIIToUTF16(kDisabledErrorMessage)));

231 return;	237 return;

232 }	238 }

233	239

	240 if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) {

	241 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(

	242 thread_id,

	243 request_id,

	244 WebServiceWorkerError::ErrorTypeSecurity,

	245 base::ASCIIToUTF16(kDomainMismatchErrorMessage)));

	246 return;

	247 }

	248

234 GetContext()->UnregisterServiceWorker(	249 GetContext()->UnregisterServiceWorker(

235 pattern,	250 pattern,

236 base::Bind(&ServiceWorkerDispatcherHost::UnregistrationComplete,	251 base::Bind(&ServiceWorkerDispatcherHost::UnregistrationComplete,

237 this,	252 this,

238 thread_id,	253 thread_id,

239 request_id));	254 request_id));

240 }	255 }

241	256

242 void ServiceWorkerDispatcherHost::OnPostMessageToWorker(	257 void ServiceWorkerDispatcherHost::OnPostMessageToWorker(

243 int handle_id,	258 int handle_id,

(...skipping 189 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
433 status, &error_type, &error_message);	448 status, &error_type, &error_message);

434 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(	449 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(

435 thread_id, request_id, error_type, error_message));	450 thread_id, request_id, error_type, error_message));

436 }	451 }

437	452

438 ServiceWorkerContextCore* ServiceWorkerDispatcherHost::GetContext() {	453 ServiceWorkerContextCore* ServiceWorkerDispatcherHost::GetContext() {

439 return context_wrapper_->context();	454 return context_wrapper_->context();

440 }	455 }

441	456

442 } // namespace content	457 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | content/browser/service_worker/service_worker_dispatcher_host_unittest.cc » ('j') | no next file with comments »