Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(293)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 672383003: [ServiceWorker] Don't allow registration of the ServiceWorker scope outside the script directory. (Closed)

Created:
6 years, 2 months ago by horo
Modified:
6 years, 2 months ago
Reviewers:
falken
CC:
blink-reviews, michaeln, jsbell+serviceworker_chromium.org, kenjibaheux+watch_chromium.org, tzik, serviceworker-reviews, nhiroki, falken, kinuko+serviceworker, horo+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

[ServiceWorker] Don't allow registration of the ServiceWorker scope outside the script directory. As per discussion on https://github.com/slightlyoff/ServiceWorker/issues/468 BUG=423983 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=184336

Patch Set 1 : #

Patch Set 2 : geofencing/apis_not_implemented.html #

Total comments: 4

Patch Set 3 : incorporated falken's comment #

Total comments: 2

Patch Set 4 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+117 lines, -56 lines) Patch
M LayoutTests/http/tests/geofencing/apis_not_implemented.html View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/ServiceWorkerGlobalScope/scope-absolute-url.html View 1 chunk +3 lines, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/ServiceWorkerGlobalScope/scope-default.html View 1 2 1 chunk +9 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/serviceworker/ServiceWorkerGlobalScope/scope-relative-path.html View 1 chunk +2 lines, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/chromium/force-refresh-registration.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/chromium/registration-stress.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/chromium/service-worker-gc.html View 1 chunk +2 lines, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/extendable-event-waituntil.html View 6 chunks +6 lines, -6 lines 0 comments Download
M LayoutTests/http/tests/serviceworker/getregistration.html View 2 chunks +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/serviceworker/interfaces.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/multiple-register.html View 3 chunks +3 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/serviceworker/register-same-scope-different-script-url.html View 5 chunks +5 lines, -5 lines 0 comments Download
M LayoutTests/http/tests/serviceworker/registration.html View 4 chunks +45 lines, -8 lines 0 comments Download
M LayoutTests/http/tests/serviceworker/registration-end-to-end.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/registration-events.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/registration-on-insecure-origin.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/registration-service-worker-attributes.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/resources/test-helpers.js View 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/serviceworker/serviceworkerobject-scripturl.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/state.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/uncontrolled-page.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/unregister.html View 2 chunks +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/serviceworker/unregister-controller.html View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/serviceworker/unregister-then-register.html View 4 chunks +4 lines, -4 lines 0 comments Download
M LayoutTests/http/tests/serviceworker/unregister-then-register-new-script.html View 4 chunks +4 lines, -4 lines 0 comments Download
M Source/modules/serviceworkers/ServiceWorkerContainer.cpp View 1 chunk +5 lines, -0 lines 0 comments Download
M Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp View 1 2 3 2 chunks +11 lines, -2 lines 0 comments Download

Messages

Total messages: 11 (3 generated)
horo
falken@ Could you please review this?
6 years, 2 months ago (2014-10-24 06:08:43 UTC) #3
falken
looks good... 1. Can you add a note like "As per discussion on https://github.com/slightlyoff/ServiceWorker/issues/468" in ...
6 years, 2 months ago (2014-10-24 06:50:44 UTC) #4
horo
> 1. Can you add a note like "As per discussion on > https://github.com/slightlyoff/ServiceWorker/issues/468" in ...
6 years, 2 months ago (2014-10-24 07:21:43 UTC) #5
falken
LGTM https://codereview.chromium.org/672383003/diff/50001/Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp File Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp (right): https://codereview.chromium.org/672383003/diff/50001/Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp#newcode231 Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp:231: TEST_F(ServiceWorkerContainerTest, Register_DiffentDirectryThanScript) spelling: Different and Directory
6 years, 2 months ago (2014-10-24 07:30:36 UTC) #6
horo
https://codereview.chromium.org/672383003/diff/50001/Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp File Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp (right): https://codereview.chromium.org/672383003/diff/50001/Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp#newcode231 Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp:231: TEST_F(ServiceWorkerContainerTest, Register_DiffentDirectryThanScript) On 2014/10/24 07:30:36, falken wrote: > spelling: ...
6 years, 2 months ago (2014-10-24 07:46:38 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/672383003/70001
6 years, 2 months ago (2014-10-24 07:48:33 UTC) #9
commit-bot: I haz the power
Committed patchset #4 (id:70001) as 184336
6 years, 2 months ago (2014-10-24 08:48:29 UTC) #10
Peter Beverloo
6 years, 2 months ago (2014-10-24 15:32:36 UTC) #11
Message was sent while issue was closed. 
A revert of this CL (patchset #4 id:70001) has been created in
https://codereview.chromium.org/672353003/ by peter@chromium.org.

The reason for reverting is: This patch seems to have broken the following two
browser_tests on all platforms, as can be seen on the non-layout bots on the
Blink waterfall. We won't be able to roll Blink in Chromium until this is
resolved.

PushMessagingBrowserTest.RegisterFailureNoPermission
PushMessagingBrowserTest.RegisterSuccess

Example output:
http://build.chromium.org/p/chromium.webkit/builders/Linux%20Tests%20%28dbg%2...

[INFO:CONSOLE(7)] "SecurityError - The scope must be under the directory of the
script URL.", source: https://127.0.0.1:39935/files/push_messaging/test.html (7)
../../chrome/browser/services/gcm/push_messaging_browsertest.cc:142: Failure
Value of: register_worker_result
  Actual: "SecurityError - The scope must be under the directory of the script
URL."
Expected: "ok".

Powered by Google App Engine
This is Rietveld 408576698