Add URL origin checks for Service Worker (un)registration

content/browser/service_worker/service_worker_dispatcher_host.cc

Index: content/browser/service_worker/service_worker_dispatcher_host.cc
diff --git a/content/browser/service_worker/service_worker_dispatcher_host.cc b/content/browser/service_worker/service_worker_dispatcher_host.cc
index 7e216d29a262433f0deb874c29dcca0b50e95b3f..4311d4b523a090a614ba2139d0761d9c571473d8 100644
--- a/content/browser/service_worker/service_worker_dispatcher_host.cc
+++ b/content/browser/service_worker/service_worker_dispatcher_host.cc
@@ -36,6 +36,18 @@ const uint32 kFilteredMessageClasses[] = {
   EmbeddedWorkerMsgStart,
 };
 
+bool CanRegisterServiceWorker(const GURL& document_url,
+                              const GURL& pattern,
+                              const GURL& script_url) {
+  return document_url.GetOrigin() == pattern.GetOrigin() &&
+         document_url.GetOrigin() == script_url.GetOrigin();

[michaeln, 2014/06/19 00:04:50]

can you add a todo to respect chrome's content settings

[falken, 2014/06/19 00:23:34]

Just to make sure I understand, this means we plan in the future to add
something like AllowServiceWorker to content settings, like we have for
appcache? Geniune/naive question, why would we do this for SW and not other web
platform features? I guess, it's just too powerful (installed state, network
intercept, etc...)?

[michaeln, 2014/06/19 00:35:46]

Yes, something like AllowServiceWorker(). And we do do this for lots of other
storage related platform features, its important for privacy.

+}
+
+bool CanUnregisterServiceWorker(const GURL& document_url,
+                                const GURL& pattern) {
+  return document_url.GetOrigin() == pattern.GetOrigin();
+}
+
 }  // namespace
 
 ServiceWorkerDispatcherHost::ServiceWorkerDispatcherHost(
@@ -161,18 +173,6 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker(
     return;
   }
 
-  // TODO(alecflett): This check is insufficient for release. Add a
-  // ServiceWorker-specific policy query in
-  // ChildProcessSecurityImpl. See http://crbug.com/311631.
-  if (pattern.GetOrigin() != script_url.GetOrigin()) {
-    Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
-        thread_id,
-        request_id,
-        WebServiceWorkerError::ErrorTypeSecurity,
-        base::ASCIIToUTF16(kDomainMismatchErrorMessage)));
-    return;
-  }
-
   ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost(
       render_process_id_, provider_id);
   if (!provider_host) {
@@ -188,6 +188,15 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker(
     return;
   }
 
+  if (!CanRegisterServiceWorker(
+      provider_host->document_url(), pattern, script_url)) {
+    Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
+        thread_id,
+        request_id,
+        WebServiceWorkerError::ErrorTypeSecurity,
+        base::ASCIIToUTF16(kDomainMismatchErrorMessage)));
+    return;
+  }
   GetContext()->RegisterServiceWorker(
       pattern,
       script_url,
@@ -204,9 +213,6 @@ void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker(
     int request_id,
     int provider_id,
     const GURL& pattern) {
-  // TODO(alecflett): This check is insufficient for release. Add a
-  // ServiceWorker-specific policy query in
-  // ChildProcessSecurityImpl. See http://crbug.com/311631.
   if (!GetContext() || !ServiceWorkerUtils::IsFeatureEnabled()) {
     Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
         thread_id,
@@ -231,6 +237,15 @@ void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker(
     return;
   }
 
+  if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) {
+    Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
+        thread_id,
+        request_id,
+        WebServiceWorkerError::ErrorTypeSecurity,
+        base::ASCIIToUTF16(kDomainMismatchErrorMessage)));
+    return;
+  }
+
   GetContext()->UnregisterServiceWorker(
       pattern,
       base::Bind(&ServiceWorkerDispatcherHost::UnregistrationComplete,