Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1702)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/modules/serviceworkers/ServiceWorkerContainer.cpp

Issue 400903002: Check that Service Workers are registered from secure origins. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: using namespace blink. Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/modules/modules.gypi ('k') | Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/modules/serviceworkers/ServiceWorkerContainer.cpp
diff --git a/Source/modules/serviceworkers/ServiceWorkerContainer.cpp b/Source/modules/serviceworkers/ServiceWorkerContainer.cpp
index 20fbb0e2c45ddfaa25e0a8baf266025fe0bb9bb3..8f50e9ac932cd792c887c3e4d541bd65127a0658 100644
--- a/Source/modules/serviceworkers/ServiceWorkerContainer.cpp
+++ b/Source/modules/serviceworkers/ServiceWorkerContainer.cpp
@@ -94,19 +94,26 @@ ScriptPromise ServiceWorkerContainer::registerServiceWorker(ScriptState* scriptS
return promise;
}
+ // FIXME: This should use the container's execution context, not
+ // the callers.
ExecutionContext* executionContext = scriptState->executionContext();
RefPtr<SecurityOrigin> documentOrigin = executionContext->securityOrigin();
+ if (!documentOrigin->canAccessFeatureRequiringSecureOrigin()) {
+ resolver->reject(DOMException::create(SecurityError, "Service Workers are only supported over secure origins."));
+ return promise;
+ }
+
KURL patternURL = executionContext->completeURL(options.scope);
patternURL.removeFragmentIdentifier();
if (!documentOrigin->canRequest(patternURL)) {
- resolver->reject(DOMException::create(SecurityError, "Can only register for patterns in the document's origin."));
+ resolver->reject(DOMException::create(SecurityError, "The scope must match the current origin."));
return promise;
}
KURL scriptURL = executionContext->completeURL(url);
scriptURL.removeFragmentIdentifier();
if (!documentOrigin->canRequest(scriptURL)) {
- resolver->reject(DOMException::create(SecurityError, "Script must be in document's origin."));
+ resolver->reject(DOMException::create(SecurityError, "The origin of the script must match the current origin."));
return promise;
}
@@ -138,11 +145,18 @@ ScriptPromise ServiceWorkerContainer::unregisterServiceWorker(ScriptState* scrip
return promise;
}
+ // FIXME: This should use the container's execution context, not
+ // the callers.
RefPtr<SecurityOrigin> documentOrigin = scriptState->executionContext()->securityOrigin();
+ if (!documentOrigin->canAccessFeatureRequiringSecureOrigin()) {
+ resolver->reject(DOMException::create(SecurityError, "Service Workers are only supported over secure origins."));
+ return promise;
+ }
+
KURL patternURL = scriptState->executionContext()->completeURL(pattern);
patternURL.removeFragmentIdentifier();
if (!pattern.isEmpty() && !documentOrigin->canRequest(patternURL)) {
- resolver->reject(DOMException::create(SecurityError, "Can only unregister for patterns in the document's origin."));
+ resolver->reject(DOMException::create(SecurityError, "The scope must match the current origin."));
return promise;
}
« no previous file with comments | « Source/modules/modules.gypi ('k') | Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698