Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1688)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/modules/serviceworkers/FetchManager.cpp

Issue 714833002: [ServiceWorker] CSP support for ServiceWorker environment. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« LayoutTests/http/tests/serviceworker/resources/service-worker-csp-worker.php ('K') | « LayoutTests/http/tests/serviceworker/service-worker-csp.html ('k') | Source/web/WebEmbeddedWorkerImpl.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/modules/serviceworkers/FetchManager.cpp
diff --git a/Source/modules/serviceworkers/FetchManager.cpp b/Source/modules/serviceworkers/FetchManager.cpp
index 60d36c97f7501562cdd2aad5c4d613fce7b9263d..006264d615b5b07a437af41be6e894bb14ecf6a5 100644
--- a/Source/modules/serviceworkers/FetchManager.cpp
+++ b/Source/modules/serviceworkers/FetchManager.cpp
@@ -12,6 +12,7 @@
#include "core/dom/ExceptionCode.h"
#include "core/fetch/FetchUtils.h"
#include "core/fileapi/Blob.h"
+#include "core/frame/csp/ContentSecurityPolicy.h"
#include "core/loader/ThreadableLoader.h"
#include "core/loader/ThreadableLoaderClient.h"
#include "modules/serviceworkers/FetchRequestData.h"
@@ -157,11 +158,16 @@ void FetchManager::Loader::start()
// "4. Let response be the value corresponding to the first matching
// statement:"
- // "- should fetching |request| be blocked as mixed content returns blocked
- // - should fetching |request| be blocked as content security returns
- // blocked
- // A network error."
- // We do mixed content checking and CSP checking in ResourceFetcher.
+ // "- should fetching |request| be blocked as mixed content returns blocked"
+ // We do mixed content checking in ResourceFetcher.
+
+ // "- should fetching |request| be blocked as content security returns
+ // blocked"
+ if (!ContentSecurityPolicy::shouldBypassMainWorld(m_executionContext) && !m_executionContext->contentSecurityPolicy()->allowConnectToSource(m_request->url())) {
+ // "A network error."
nhiroki 2014/11/12 07:43:14 This comment seems meaningless.
horo 2014/11/12 08:25:41 I want to keep this. The comments are the copy fro
+ performNetworkError();
+ return;
+ }
// "- |request|'s url's origin is |request|'s origin and the |CORS flag| is
// unset"
@@ -311,6 +317,7 @@ void FetchManager::Loader::performHTTPFetch()
}
ThreadableLoaderOptions threadableLoaderOptions;
+ threadableLoaderOptions.contentSecurityPolicyEnforcement = ContentSecurityPolicy::shouldBypassMainWorld(m_executionContext) ? DoNotEnforceContentSecurityPolicy : EnforceConnectSrcDirective;
if (m_corsPreflightFlag)
threadableLoaderOptions.preflightPolicy = ForcePreflight;
if (m_corsFlag)
@@ -318,7 +325,6 @@ void FetchManager::Loader::performHTTPFetch()
else
threadableLoaderOptions.crossOriginRequestPolicy = AllowCrossOriginRequests;
-
m_loader = ThreadableLoader::create(*m_executionContext, this, request, threadableLoaderOptions, resourceLoaderOptions);
}
« LayoutTests/http/tests/serviceworker/resources/service-worker-csp-worker.php ('K') | « LayoutTests/http/tests/serviceworker/service-worker-csp.html ('k') | Source/web/WebEmbeddedWorkerImpl.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698