Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1034)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/modules/serviceworkers/ServiceWorkerContainer.cpp

Issue 400903002: Check that Service Workers are registered from secure origins. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Do not open testing namespace for Windows build. Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« Source/modules/serviceworkers/MockWebServiceWorkerProvider.h ('K') | « Source/modules/serviceworkers/MockWebServiceWorkerProvider.h ('k') | Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/modules/serviceworkers/ServiceWorkerContainer.cpp
diff --git a/Source/modules/serviceworkers/ServiceWorkerContainer.cpp b/Source/modules/serviceworkers/ServiceWorkerContainer.cpp
index 1d0f3fc1a2e01ae55f4380f0c9fde5e414398dc3..84fbabb63c2d45bace87ecb23f240d4bb4ebca19 100644
--- a/Source/modules/serviceworkers/ServiceWorkerContainer.cpp
+++ b/Source/modules/serviceworkers/ServiceWorkerContainer.cpp
@@ -94,19 +94,26 @@ ScriptPromise ServiceWorkerContainer::registerServiceWorker(ScriptState* scriptS
return promise;
}
+ // FIXME: This should use the container's execution context, not
+ // the callers.
ExecutionContext* executionContext = scriptState->executionContext();
RefPtr<SecurityOrigin> documentOrigin = executionContext->securityOrigin();
+ if (!documentOrigin->canAccessFeatureRequiringSecureOrigin()) {
+ resolver->reject(DOMException::create(SecurityError, "Service Workers are only supported over secure origins."));
+ return promise;
+ }
+
KURL patternURL = executionContext->completeURL(options.scope);
patternURL.removeFragmentIdentifier();
if (!documentOrigin->canRequest(patternURL)) {
- resolver->reject(DOMException::create(SecurityError, "Can only register for patterns in the document's origin."));
+ resolver->reject(DOMException::create(SecurityError, "The scope must match the current origin."));
return promise;
}
KURL scriptURL = executionContext->completeURL(url);
scriptURL.removeFragmentIdentifier();
if (!documentOrigin->canRequest(scriptURL)) {
- resolver->reject(DOMException::create(SecurityError, "Script must be in document's origin."));
+ resolver->reject(DOMException::create(SecurityError, "The origin of the script must match the current origin."));
return promise;
}
@@ -138,11 +145,18 @@ ScriptPromise ServiceWorkerContainer::unregisterServiceWorker(ScriptState* scrip
return promise;
}
+ // FIXME: This should use the container's execution context, not
+ // the callers.
RefPtr<SecurityOrigin> documentOrigin = scriptState->executionContext()->securityOrigin();
+ if (!documentOrigin->canAccessFeatureRequiringSecureOrigin()) {
+ resolver->reject(DOMException::create(SecurityError, "Service Workers are only supported over secure origins."));
+ return promise;
+ }
+
KURL patternURL = scriptState->executionContext()->completeURL(pattern);
patternURL.removeFragmentIdentifier();
if (!pattern.isEmpty() && !documentOrigin->canRequest(patternURL)) {
- resolver->reject(DOMException::create(SecurityError, "Can only unregister for patterns in the document's origin."));
+ resolver->reject(DOMException::create(SecurityError, "The scope must match the current origin."));
return promise;
}
« Source/modules/serviceworkers/MockWebServiceWorkerProvider.h ('K') | « Source/modules/serviceworkers/MockWebServiceWorkerProvider.h ('k') | Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698