[ServiceWorker] CSP support for ServiceWorker environment.

Source/web/WebEmbeddedWorkerImpl.cpp

Index: Source/web/WebEmbeddedWorkerImpl.cpp
diff --git a/Source/web/WebEmbeddedWorkerImpl.cpp b/Source/web/WebEmbeddedWorkerImpl.cpp
index 24a2327033df1285e3e2da989832efe0c811ef32..1d2ea672898545bd17d15fad5c7eb84099403c53 100644
--- a/Source/web/WebEmbeddedWorkerImpl.cpp
+++ b/Source/web/WebEmbeddedWorkerImpl.cpp
@@ -33,6 +33,7 @@
 
 #include "core/dom/CrossThreadTask.h"
 #include "core/dom/Document.h"
+#include "core/frame/csp/ContentSecurityPolicy.h"
 #include "core/inspector/InspectorInstrumentation.h"
 #include "core/inspector/WorkerDebuggerAgent.h"
 #include "core/inspector/WorkerInspectorController.h"
@@ -49,6 +50,7 @@
 #include "platform/SharedBuffer.h"
 #include "platform/heap/Handle.h"
 #include "platform/network/ContentSecurityPolicyParsers.h"
+#include "platform/network/ContentSecurityPolicyResponseHeaders.h"
 #include "public/platform/Platform.h"
 #include "public/platform/WebURLRequest.h"
 #include "public/web/WebDevToolsAgent.h"
@@ -88,6 +90,13 @@ public:
             *loadingContext, scriptURL, DenyCrossOriginRequests, this);
     }
 
+    void didReceiveResponse(unsigned long identifier, const ResourceResponse& response) override
+    {
+        m_contentSecurityPolicy = ContentSecurityPolicy::create();
+        m_contentSecurityPolicy->setOverrideURLForSelf(response.url());
+        m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response));
+    }
+
     virtual void notifyFinished() override
     {
         m_callback();
@@ -101,6 +110,7 @@ public:
     bool failed() const { return m_scriptLoader->failed(); }
     const KURL& url() const { return m_scriptLoader->responseURL(); }
     String script() const { return m_scriptLoader->script(); }
+    PassRefPtr<ContentSecurityPolicy> releaseContentSecurityPolicy() { return m_contentSecurityPolicy.release(); }
 
 private:
     Loader() : m_scriptLoader(WorkerScriptLoader::create())
@@ -108,6 +118,7 @@ private:
     }
 
     RefPtr<WorkerScriptLoader> m_scriptLoader;
+    RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy;
     Closure m_callback;
 };
 
@@ -407,6 +418,9 @@ void WebEmbeddedWorkerImpl::startWorkerThread()
     providePermissionClientToWorker(workerClients.get(), m_permissionClient.release());
     provideServiceWorkerGlobalScopeClientToWorker(workerClients.get(), ServiceWorkerGlobalScopeClientImpl::create(*m_workerContextClient));
 
+    // We need to set the CSP to both the shadow page's document and the ServiceWorkerGlobalScope.
+    document->initContentSecurityPolicy(m_mainScriptLoader->releaseContentSecurityPolicy());
+
     KURL scriptURL = m_mainScriptLoader->url();
     OwnPtrWillBeRawPtr<WorkerThreadStartupData> startupData =
         WorkerThreadStartupData::create(
@@ -414,9 +428,8 @@ void WebEmbeddedWorkerImpl::startWorkerThread()
             m_workerStartData.userAgent,
             m_mainScriptLoader->script(),
             startMode,
-            // FIXME: fill appropriate CSP info and policy type.
-            String(),
-            ContentSecurityPolicyHeaderTypeEnforce,
+            document->contentSecurityPolicy()->deprecatedHeader(),

[Mike West, 2014/11/12 12:28:36]

I don't think this is correct; it differs from the flow described in
https://w3c.github.io/webappsec/specs/content-security-policy/#processing-mod....
In short, we should only inherit a policy from the creating document if we're
creating the Worker from a `blob:` or `filesystem:` (or `data:`, I guess) URL.

If we're loading an HTTPS URL, we should set the Worker's policy to whatever is
delivered via the HTTP header.

[horo, 2014/11/13 01:09:02]

This document is not the document who created (registered) the ServiceWorker.
It is the document of the shadow page which is created in
WebEmbeddedWorkerImpl::prepareShadowPageForLoader() for handling the resource
loading.
We create ContentSecurityPolicy from the HTTP headers of the script file in
WebEmbeddedWorkerImpl::Loader::didReceiveResponse().
And set the CSP to the document (at lint 422) and the ServiceWorkerGlobalScope.

We need to set CPS to the document because it will be used while handling the
redirect responses in
DocumentThreadableLoader::isAllowedByContentSecurityPolicy().

[Mike West, 2014/11/19 10:31:49]

Hrm. Ok, then I misunderstood the implementation here. You're basically creating
a dummy document in order to handle resource requests? That seems weird, but
it's certainly not something to change in this CL.

[horo, 2014/11/19 12:35:41]

Yes.
We create the dummy document which lives in the main thread and handles the
resource requests.

In the worker thread we use WorkerThreadableLoader to load the resources.
It communicates with the dummy document using
WorkerThreadableLoader::MainThreadBridge and WorkerLoaderProxy to go across the
threads.

+            document->contentSecurityPolicy()->deprecatedHeaderType(),
             starterOrigin,
             workerClients.release());