Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2781)

Unified Diff: Source/web/WebEmbeddedWorkerImpl.cpp

Issue 714833002: [ServiceWorker] CSP support for ServiceWorker environment. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: add FIXME Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/modules/serviceworkers/FetchManager.cpp ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/web/WebEmbeddedWorkerImpl.cpp
diff --git a/Source/web/WebEmbeddedWorkerImpl.cpp b/Source/web/WebEmbeddedWorkerImpl.cpp
index dce0093f37f4d53b1ad2e563169146251ea01120..bc0eb5dd5661f6d81cdcf396d1d85ac88a65d334 100644
--- a/Source/web/WebEmbeddedWorkerImpl.cpp
+++ b/Source/web/WebEmbeddedWorkerImpl.cpp
@@ -33,6 +33,7 @@
#include "core/dom/CrossThreadTask.h"
#include "core/dom/Document.h"
+#include "core/frame/csp/ContentSecurityPolicy.h"
#include "core/inspector/InspectorInstrumentation.h"
#include "core/inspector/WorkerDebuggerAgent.h"
#include "core/inspector/WorkerInspectorController.h"
@@ -49,6 +50,7 @@
#include "platform/SharedBuffer.h"
#include "platform/heap/Handle.h"
#include "platform/network/ContentSecurityPolicyParsers.h"
+#include "platform/network/ContentSecurityPolicyResponseHeaders.h"
#include "public/platform/Platform.h"
#include "public/platform/WebURLRequest.h"
#include "public/web/WebDevToolsAgent.h"
@@ -88,6 +90,13 @@ public:
*loadingContext, scriptURL, DenyCrossOriginRequests, this);
}
+ void didReceiveResponse(unsigned long identifier, const ResourceResponse& response) override
+ {
+ m_contentSecurityPolicy = ContentSecurityPolicy::create();
+ m_contentSecurityPolicy->setOverrideURLForSelf(response.url());
+ m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response));
+ }
+
virtual void notifyFinished() override
{
(*m_callback)();
@@ -101,6 +110,7 @@ public:
bool failed() const { return m_scriptLoader->failed(); }
const KURL& url() const { return m_scriptLoader->responseURL(); }
String script() const { return m_scriptLoader->script(); }
+ PassRefPtr<ContentSecurityPolicy> releaseContentSecurityPolicy() { return m_contentSecurityPolicy.release(); }
private:
Loader() : m_scriptLoader(WorkerScriptLoader::create())
@@ -109,6 +119,7 @@ private:
RefPtr<WorkerScriptLoader> m_scriptLoader;
OwnPtr<Closure> m_callback;
+ RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy;
};
class WebEmbeddedWorkerImpl::LoaderProxy : public WorkerLoaderProxy {
@@ -407,6 +418,9 @@ void WebEmbeddedWorkerImpl::startWorkerThread()
providePermissionClientToWorker(workerClients.get(), m_permissionClient.release());
provideServiceWorkerGlobalScopeClientToWorker(workerClients.get(), ServiceWorkerGlobalScopeClientImpl::create(*m_workerContextClient));
+ // We need to set the CSP to both the shadow page's document and the ServiceWorkerGlobalScope.
+ document->initContentSecurityPolicy(m_mainScriptLoader->releaseContentSecurityPolicy());
+
KURL scriptURL = m_mainScriptLoader->url();
OwnPtrWillBeRawPtr<WorkerThreadStartupData> startupData =
WorkerThreadStartupData::create(
@@ -414,9 +428,8 @@ void WebEmbeddedWorkerImpl::startWorkerThread()
m_workerStartData.userAgent,
m_mainScriptLoader->script(),
startMode,
- // FIXME: fill appropriate CSP info and policy type.
- String(),
- ContentSecurityPolicyHeaderTypeEnforce,
+ document->contentSecurityPolicy()->deprecatedHeader(),
+ document->contentSecurityPolicy()->deprecatedHeaderType(),
starterOrigin,
workerClients.release());
« no previous file with comments | « Source/modules/serviceworkers/FetchManager.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698