| Index: content/browser/service_worker/service_worker_dispatcher_host.cc
|
| diff --git a/content/browser/service_worker/service_worker_dispatcher_host.cc b/content/browser/service_worker/service_worker_dispatcher_host.cc
|
| index 802ea30c83ba4dc27301cd75e9dd7945346223aa..cfce1a8a871fee3d6e8b2511730aa603edbc324c 100644
|
| --- a/content/browser/service_worker/service_worker_dispatcher_host.cc
|
| +++ b/content/browser/service_worker/service_worker_dispatcher_host.cc
|
| @@ -52,21 +52,38 @@ bool OriginCanAccessServiceWorkers(const GURL& url) {
|
| return url.SchemeIsSecure() || net::IsLocalhost(url.host());
|
| }
|
|
|
| +bool CheckPatternIsUnderTheScriptDirectory(const GURL& pattern,
|
| + const GURL& script_url) {
|
| + size_t slash_pos = script_url.spec().rfind('/');
|
| + if (slash_pos == std::string::npos)
|
| + return false;
|
| + return pattern.spec().compare(
|
| + 0, slash_pos + 1, script_url.spec(), 0, slash_pos + 1) == 0;
|
| +}
|
| +
|
| bool CanRegisterServiceWorker(const GURL& document_url,
|
| const GURL& pattern,
|
| const GURL& script_url) {
|
| + DCHECK(document_url.is_valid());
|
| + DCHECK(pattern.is_valid());
|
| + DCHECK(script_url.is_valid());
|
| return AllOriginsMatch(document_url, pattern, script_url) &&
|
| - OriginCanAccessServiceWorkers(document_url);
|
| + OriginCanAccessServiceWorkers(document_url) &&
|
| + CheckPatternIsUnderTheScriptDirectory(pattern, script_url);
|
| }
|
|
|
| bool CanUnregisterServiceWorker(const GURL& document_url,
|
| const GURL& pattern) {
|
| + DCHECK(document_url.is_valid());
|
| + DCHECK(pattern.is_valid());
|
| return document_url.GetOrigin() == pattern.GetOrigin() &&
|
| OriginCanAccessServiceWorkers(document_url);
|
| }
|
|
|
| bool CanGetRegistration(const GURL& document_url,
|
| const GURL& given_document_url) {
|
| + DCHECK(document_url.is_valid());
|
| + DCHECK(given_document_url.is_valid());
|
| return document_url.GetOrigin() == given_document_url.GetOrigin() &&
|
| OriginCanAccessServiceWorkers(document_url);
|
| }
|
| @@ -236,6 +253,10 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker(
|
| base::ASCIIToUTF16(kShutdownErrorMessage)));
|
| return;
|
| }
|
| + if (!pattern.is_valid() || !script_url.is_valid()) {
|
| + BadMessageReceived();
|
| + return;
|
| + }
|
|
|
| ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost(
|
| render_process_id_, provider_id);
|
| @@ -299,6 +320,10 @@ void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker(
|
| base::ASCIIToUTF16(kShutdownErrorMessage)));
|
| return;
|
| }
|
| + if (!pattern.is_valid()) {
|
| + BadMessageReceived();
|
| + return;
|
| + }
|
|
|
| ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost(
|
| render_process_id_, provider_id);
|
| @@ -358,6 +383,10 @@ void ServiceWorkerDispatcherHost::OnGetRegistration(
|
| base::ASCIIToUTF16(kShutdownErrorMessage)));
|
| return;
|
| }
|
| + if (!document_url.is_valid()) {
|
| + BadMessageReceived();
|
| + return;
|
| + }
|
|
|
| ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost(
|
| render_process_id_, provider_id);
|
|
|
Chromium Code Reviews
Issue 677003002:
[ServiceWorker] Introduce the directory restriction of ServiceWorker scope in chromium side. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master