Chromium Code Reviews Chromium Code Reviews
Issue 677003002:
[ServiceWorker] Introduce the directory restriction of ServiceWorker scope in chromium side. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/browser/service_worker/service_worker_dispatcher_host.cc |
| diff --git a/content/browser/service_worker/service_worker_dispatcher_host.cc b/content/browser/service_worker/service_worker_dispatcher_host.cc |
| index 802ea30c83ba4dc27301cd75e9dd7945346223aa..66993ed425012fcf0037b5d8c4648197870f67eb 100644 |
| --- a/content/browser/service_worker/service_worker_dispatcher_host.cc |
| +++ b/content/browser/service_worker/service_worker_dispatcher_host.cc |
| @@ -52,11 +52,21 @@ bool OriginCanAccessServiceWorkers(const GURL& url) { |
| return url.SchemeIsSecure() || net::IsLocalhost(url.host()); |
| } |
| +bool CheckPatternIsUnderTheScriptDirectory(const GURL& pattern, |
| + const GURL& script_url) { |
| + size_t slash_pos = script_url.spec().rfind('/'); |
| + if (slash_pos == std::string::npos) |
| + return false; |
| + return pattern.spec().compare( |
| + 0, slash_pos + 1, script_url.spec(), 0, slash_pos + 1) == 0; |
|
falken
2014/10/27 03:54:17
i think this can just be: pattern.spec().compare(0
horo
2014/10/27 09:14:12
No. We need subpos and sublen.
http://www.cplusplu
falken
2014/10/28 00:55:45
Ah, my mistake. I thought if they were the same as
|
| +} |
| + |
| bool CanRegisterServiceWorker(const GURL& document_url, |
| const GURL& pattern, |
| const GURL& script_url) { |
|
falken
2014/10/27 03:54:17
Using spec() in this CL reminds me that we should
horo
2014/10/27 09:14:12
Done.
|
| return AllOriginsMatch(document_url, pattern, script_url) && |
| - OriginCanAccessServiceWorkers(document_url); |
| + OriginCanAccessServiceWorkers(document_url) && |
| + CheckPatternIsUnderTheScriptDirectory(pattern, script_url); |
| } |
| bool CanUnregisterServiceWorker(const GURL& document_url, |
