Respect content settings for Service Worker registration

content/browser/service_worker/service_worker_dispatcher_host.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/service_worker/service_worker_dispatcher_host.h"

[michaeln, 2014/10/02 20:32:51]

This class covers the script accessible reg/unreg/getreg methods. We also need
to poke at where a registered sw is identified during navigation, fired up, and
used.

See ServiceWorkerControlleeRequestHandler::DidLookupRegistrationForMainResource,
at that point we have the docurl and the reg.scope which is enough info to make
the Allow query.

[falken, 2014/10/03 08:30:42]

Right, I'll try to handle that in a next patch. The bug for this patch is about
poking at SW registrations in JavaScript.

 
 #include "base/debug/trace_event.h"
 #include "base/logging.h"
 #include "base/strings/utf_string_conversions.h"
 #include "content/browser/message_port_message_filter.h"
 #include "content/browser/message_port_service.h"
 #include "content/browser/service_worker/embedded_worker_registry.h"
 #include "content/browser/service_worker/service_worker_context_core.h"
 #include "content/browser/service_worker/service_worker_context_wrapper.h"
 #include "content/browser/service_worker/service_worker_handle.h"
 #include "content/browser/service_worker/service_worker_registration.h"
 #include "content/browser/service_worker/service_worker_registration_handle.h"
 #include "content/browser/service_worker/service_worker_utils.h"
 #include "content/common/service_worker/embedded_worker_messages.h"
 #include "content/common/service_worker/service_worker_messages.h"
+#include "content/public/browser/content_browser_client.h"
+#include "content/public/common/content_client.h"
 #include "ipc/ipc_message_macros.h"
 #include "third_party/WebKit/public/platform/WebServiceWorkerError.h"
 #include "url/gurl.h"
 
 using blink::WebServiceWorkerError;
 
 namespace content {
 
 namespace {
 
 const char kShutdownErrorMessage[] =
     "The Service Worker system has shutdown.";
+const char kDisabledErrorMessage[] = "The browser has disabled Service Worker.";
 
 const uint32 kFilteredMessageClasses[] = {
   ServiceWorkerMsgStart,
   EmbeddedWorkerMsgStart,
 };
 
 // TODO(dominicc): When crbug.com/362214 is fixed, make
 // Can(R|Unr)egisterServiceWorker also check that these are secure
 // origins to defend against compromised renderers.
 bool CanRegisterServiceWorker(const GURL& document_url,
                               const GURL& pattern,
                               const GURL& script_url) {
-  // TODO: Respect Chrome's content settings, if we add a setting for
-  // controlling whether Service Worker is allowed.

[falken, 2014/10/02 09:51:42]

Doing the check here would kill the renderer if the content settings disabled
service worker, which isn't appropriate here.

[michaeln, 2014/10/02 20:32:51]

i remember when these methods were originally added, they were intended to be
place holders for these 'allow' browser policy checks as opposed to origin
checking for spec compliance... c'est le vie :)

CanDoThisOrThat is a very cryptic way of saying IsSameOrigin.

[falken, 2014/10/03 08:30:42]

Acknowledged. Now it's doing a bit more, checking same and secure origin. I
can't think of a good name now, so leaving it as is.

   return document_url.GetOrigin() == pattern.GetOrigin() &&
          document_url.GetOrigin() == script_url.GetOrigin();
 }
 
 bool CanUnregisterServiceWorker(const GURL& document_url,
                                 const GURL& pattern) {
-  // TODO: Respect Chrome's content settings, if we add a setting for
-  // controlling whether Service Worker is allowed.
   return document_url.GetOrigin() == pattern.GetOrigin();
 }
 
 bool CanGetRegistration(const GURL& document_url,
                         const GURL& given_document_url) {
-  // TODO: Respect Chrome's content settings, if we add a setting for
-  // controlling whether Service Worker is allowed.

[falken, 2014/10/02 09:51:42]

Even if cookies are blocked/service worker is disabled, GetRegistration probably
should return no service workers (or a service worker that was registered before
the blocking and still exists), so it doesn't check content settings below.

[michaeln, 2014/10/02 20:32:51]

That's not consistent with how cookies or other things work. When blocking is
enabled, no reading/writing (no soup for) you. Pre-existing values are not
accessible. To be consistent everywhere, when blocked is turned on, content
should see no signs of sw's anywhere.

[falken, 2014/10/03 08:30:42]

OK, makes sense. Done.

   return document_url.GetOrigin() == given_document_url.GetOrigin();
 }
 
 }  // namespace
 
 ServiceWorkerDispatcherHost::ServiceWorkerDispatcherHost(
     int render_process_id,
-    MessagePortMessageFilter* message_port_message_filter)
+    MessagePortMessageFilter* message_port_message_filter,
+    ResourceContext* resource_context)
     : BrowserMessageFilter(kFilteredMessageClasses,
                            arraysize(kFilteredMessageClasses)),
       render_process_id_(render_process_id),
       message_port_message_filter_(message_port_message_filter),
+      resource_context_(resource_context),
       channel_ready_(false) {
 }
 
 ServiceWorkerDispatcherHost::~ServiceWorkerDispatcherHost() {
   if (GetContext()) {
     GetContext()->RemoveAllProviderHostsForProcess(render_process_id_);
     GetContext()->embedded_worker_registry()->RemoveChildProcessSender(
         render_process_id_);
   }
 }
@@ skipping 155 matching lines @@
         WebServiceWorkerError::ErrorTypeAbort,
         base::ASCIIToUTF16(kShutdownErrorMessage)));
     return;
   }
 
   if (!CanRegisterServiceWorker(
       provider_host->document_url(), pattern, script_url)) {
     BadMessageReceived();
     return;
   }
+
+  if (!GetContentClient()->browser()->AllowServiceWorker(
+          pattern, provider_host->document_url(), resource_context_)) {
+    Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
+        thread_id,
+        request_id,
+        WebServiceWorkerError::ErrorTypeDisabled,
+        base::ASCIIToUTF16(kDisabledErrorMessage)));
+    return;
+  }
+
   TRACE_EVENT_ASYNC_BEGIN2("ServiceWorker",
                            "ServiceWorkerDispatcherHost::RegisterServiceWorker",
                            request_id,
                            "Pattern", pattern.spec(),
                            "Script URL", script_url.spec());
   GetContext()->RegisterServiceWorker(
       pattern,
       script_url,
       provider_host,
       base::Bind(&ServiceWorkerDispatcherHost::RegistrationComplete,
@@ skipping 32 matching lines @@
         blink::WebServiceWorkerError::ErrorTypeAbort,
         base::ASCIIToUTF16(kShutdownErrorMessage)));
     return;
   }
 
   if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) {
     BadMessageReceived();
     return;
   }
 
+  if (!GetContentClient()->browser()->AllowServiceWorker(
+          pattern, provider_host->document_url(), resource_context_)) {
+    Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError(
+        thread_id,
+        request_id,
+        WebServiceWorkerError::ErrorTypeDisabled,
+        base::ASCIIToUTF16(kDisabledErrorMessage)));
+    return;
+  }
+
   TRACE_EVENT_ASYNC_BEGIN1(
       "ServiceWorker",
       "ServiceWorkerDispatcherHost::UnregisterServiceWorker",
       request_id,
       "Pattern", pattern.spec());
   GetContext()->UnregisterServiceWorker(
       pattern,
       base::Bind(&ServiceWorkerDispatcherHost::UnregistrationComplete,
                  this,
                  thread_id,
@@ skipping 439 matching lines @@
       status, &error_type, &error_message);
   Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError(
       thread_id, request_id, error_type, error_message));
 }
 
 ServiceWorkerContextCore* ServiceWorkerDispatcherHost::GetContext() {
   return context_wrapper_->context();
 }
 
 }  // namespace content