| Index: content/browser/service_worker/service_worker_dispatcher_host.cc
|
| diff --git a/content/browser/service_worker/service_worker_dispatcher_host.cc b/content/browser/service_worker/service_worker_dispatcher_host.cc
|
| index 8cacc3460831bed5e0754ba7636308a1bcdb6b3f..9efbd21b094bbbb97a10e8ea46d6b79033277afd 100644
|
| --- a/content/browser/service_worker/service_worker_dispatcher_host.cc
|
| +++ b/content/browser/service_worker/service_worker_dispatcher_host.cc
|
| @@ -6,6 +6,7 @@
|
|
|
| #include "base/logging.h"
|
| #include "base/strings/utf_string_conversions.h"
|
| +#include "content/browser/child_process_security_policy_impl.h"
|
| #include "content/browser/message_port_message_filter.h"
|
| #include "content/browser/message_port_service.h"
|
| #include "content/browser/service_worker/embedded_worker_registry.h"
|
| @@ -161,18 +162,6 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker(
|
| return;
|
| }
|
|
|
| - // TODO(alecflett): This check is insufficient for release. Add a
|
| - // ServiceWorker-specific policy query in
|
| - // ChildProcessSecurityImpl. See http://crbug.com/311631.
|
| - if (pattern.GetOrigin() != script_url.GetOrigin()) {
|
| - Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
|
| - thread_id,
|
| - request_id,
|
| - WebServiceWorkerError::ErrorTypeSecurity,
|
| - base::ASCIIToUTF16(kDomainMismatchErrorMessage)));
|
| - return;
|
| - }
|
| -
|
| ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost(
|
| render_process_id_, provider_id);
|
| if (!provider_host) {
|
| @@ -180,6 +169,15 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker(
|
| return;
|
| }
|
|
|
| + if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRegisterServiceWorker(
|
| + provider_host->document_url(), pattern, script_url)) {
|
| + Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
|
| + thread_id,
|
| + request_id,
|
| + WebServiceWorkerError::ErrorTypeSecurity,
|
| + base::ASCIIToUTF16(kDomainMismatchErrorMessage)));
|
| + return;
|
| + }
|
| GetContext()->RegisterServiceWorker(
|
| pattern,
|
| script_url,
|
| @@ -196,9 +194,6 @@ void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker(
|
| int request_id,
|
| int provider_id,
|
| const GURL& pattern) {
|
| - // TODO(alecflett): This check is insufficient for release. Add a
|
| - // ServiceWorker-specific policy query in
|
| - // ChildProcessSecurityImpl. See http://crbug.com/311631.
|
| if (!GetContext() || !ServiceWorkerUtils::IsFeatureEnabled()) {
|
| Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
|
| thread_id,
|
| @@ -215,6 +210,16 @@ void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker(
|
| return;
|
| }
|
|
|
| + if (!ChildProcessSecurityPolicyImpl::GetInstance()->
|
| + CanUnregisterServiceWorker(provider_host->document_url(), pattern)) {
|
| + Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
|
| + thread_id,
|
| + request_id,
|
| + WebServiceWorkerError::ErrorTypeSecurity,
|
| + base::ASCIIToUTF16(kDomainMismatchErrorMessage)));
|
| + return;
|
| + }
|
| +
|
| GetContext()->UnregisterServiceWorker(
|
| pattern,
|
| base::Bind(&ServiceWorkerDispatcherHost::UnregistrationComplete,
|
|
|
Chromium Code Reviews
Issue 334413004:
Add URL origin checks for Service Worker (un)registration (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src