DescriptionKill renderers that register Service Workers from non-secure origins
Service Workers are only available on "secure origins" per
[1]. There's an API-level check in
ServiceWorkerContainer::registerServiceWorker,
unregisterServiceWorker. To defend against a compromised renderer
circumventing the policy, this adds a check that the origin is secure
in browser, where the registration takes place.
[1] http://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features
BUG=394213
Patch Set 1 #
Total comments: 4
Messages
Total messages: 9 (0 generated)
|