| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/service_worker/service_worker_dispatcher_host.h" | 5 #include "content/browser/service_worker/service_worker_dispatcher_host.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/strings/utf_string_conversions.h" | 8 #include "base/strings/utf_string_conversions.h" |
| 9 #include "base/trace_event/trace_event.h" | 9 #include "base/trace_event/trace_event.h" |
| 10 #include "content/browser/message_port_message_filter.h" | 10 #include "content/browser/message_port_message_filter.h" |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 #include "url/gurl.h" | 27 #include "url/gurl.h" |
| 28 | 28 |
| 29 using blink::WebServiceWorkerError; | 29 using blink::WebServiceWorkerError; |
| 30 | 30 |
| 31 namespace content { | 31 namespace content { |
| 32 | 32 |
| 33 namespace { | 33 namespace { |
| 34 | 34 |
| 35 const char kNoDocumentURLErrorMessage[] = | 35 const char kNoDocumentURLErrorMessage[] = |
| 36 "No URL is associated with the caller's document."; | 36 "No URL is associated with the caller's document."; |
| 37 const char kDisallowedURLErrorMessage[] = |
| 38 "The URL is not supported."; |
| 37 const char kShutdownErrorMessage[] = | 39 const char kShutdownErrorMessage[] = |
| 38 "The Service Worker system has shutdown."; | 40 "The Service Worker system has shutdown."; |
| 39 const char kUserDeniedPermissionMessage[] = | 41 const char kUserDeniedPermissionMessage[] = |
| 40 "The user denied permission to use Service Worker."; | 42 "The user denied permission to use Service Worker."; |
| 41 | 43 |
| 42 const uint32 kFilteredMessageClasses[] = { | 44 const uint32 kFilteredMessageClasses[] = { |
| 43 ServiceWorkerMsgStart, | 45 ServiceWorkerMsgStart, |
| 44 EmbeddedWorkerMsgStart, | 46 EmbeddedWorkerMsgStart, |
| 45 }; | 47 }; |
| 46 | 48 |
| 47 bool AllOriginsMatch(const GURL& url_a, const GURL& url_b, const GURL& url_c) { | 49 bool AllOriginsMatch(const GURL& url_a, const GURL& url_b, const GURL& url_c) { |
| 48 return url_a.GetOrigin() == url_b.GetOrigin() && | 50 return url_a.GetOrigin() == url_b.GetOrigin() && |
| 49 url_a.GetOrigin() == url_c.GetOrigin(); | 51 url_a.GetOrigin() == url_c.GetOrigin(); |
| 50 } | 52 } |
| 51 | 53 |
| 52 // TODO(dominicc): When crbug.com/362214 is fixed use that to be | 54 // TODO(dominicc): When crbug.com/362214 is fixed use that to be |
| 53 // consistent with Blink's | 55 // consistent with Blink's |
| 54 // SecurityOrigin::canAccessFeatureRequiringSecureOrigin. | 56 // SecurityOrigin::canAccessFeatureRequiringSecureOrigin. |
| 55 bool OriginCanAccessServiceWorkers(const GURL& url) { | 57 bool OriginCanAccessServiceWorkers(const GURL& url) { |
| 56 return url.SchemeIsSecure() || net::IsLocalhost(url.host()); | 58 return url.SchemeIsHTTPOrHTTPS() && |
| 59 (url.SchemeIsSecure() || net::IsLocalhost(url.host())); |
| 57 } | 60 } |
| 58 | 61 |
| 59 bool CanRegisterServiceWorker(const GURL& document_url, | 62 bool CanRegisterServiceWorker(const GURL& document_url, |
| 60 const GURL& pattern, | 63 const GURL& pattern, |
| 61 const GURL& script_url) { | 64 const GURL& script_url) { |
| 62 DCHECK(document_url.is_valid()); | 65 DCHECK(document_url.is_valid()); |
| 63 DCHECK(pattern.is_valid()); | 66 DCHECK(pattern.is_valid()); |
| 64 DCHECK(script_url.is_valid()); | 67 DCHECK(script_url.is_valid()); |
| 65 return AllOriginsMatch(document_url, pattern, script_url) && | 68 return AllOriginsMatch(document_url, pattern, script_url) && |
| 66 OriginCanAccessServiceWorkers(document_url); | 69 OriginCanAccessServiceWorkers(document_url) && |
| 70 OriginCanAccessServiceWorkers(pattern) && |
| 71 OriginCanAccessServiceWorkers(script_url); |
| 67 } | 72 } |
| 68 | 73 |
| 69 bool CanUnregisterServiceWorker(const GURL& document_url, | 74 bool CanUnregisterServiceWorker(const GURL& document_url, |
| 70 const GURL& pattern) { | 75 const GURL& pattern) { |
| 71 DCHECK(document_url.is_valid()); | 76 DCHECK(document_url.is_valid()); |
| 72 DCHECK(pattern.is_valid()); | 77 DCHECK(pattern.is_valid()); |
| 73 return document_url.GetOrigin() == pattern.GetOrigin() && | 78 return document_url.GetOrigin() == pattern.GetOrigin() && |
| 74 OriginCanAccessServiceWorkers(document_url); | 79 OriginCanAccessServiceWorkers(document_url) && |
| 80 OriginCanAccessServiceWorkers(pattern); |
| 75 } | 81 } |
| 76 | 82 |
| 77 bool CanGetRegistration(const GURL& document_url, | 83 bool CanGetRegistration(const GURL& document_url, |
| 78 const GURL& given_document_url) { | 84 const GURL& given_document_url) { |
| 79 DCHECK(document_url.is_valid()); | 85 DCHECK(document_url.is_valid()); |
| 80 DCHECK(given_document_url.is_valid()); | 86 DCHECK(given_document_url.is_valid()); |
| 81 return document_url.GetOrigin() == given_document_url.GetOrigin() && | 87 return document_url.GetOrigin() == given_document_url.GetOrigin() && |
| 82 OriginCanAccessServiceWorkers(document_url); | 88 OriginCanAccessServiceWorkers(document_url) && |
| 89 OriginCanAccessServiceWorkers(given_document_url); |
| 83 } | 90 } |
| 84 | 91 |
| 85 } // namespace | 92 } // namespace |
| 86 | 93 |
| 87 ServiceWorkerDispatcherHost::ServiceWorkerDispatcherHost( | 94 ServiceWorkerDispatcherHost::ServiceWorkerDispatcherHost( |
| 88 int render_process_id, | 95 int render_process_id, |
| 89 MessagePortMessageFilter* message_port_message_filter, | 96 MessagePortMessageFilter* message_port_message_filter, |
| 90 ResourceContext* resource_context) | 97 ResourceContext* resource_context) |
| 91 : BrowserMessageFilter(kFilteredMessageClasses, | 98 : BrowserMessageFilter(kFilteredMessageClasses, |
| 92 arraysize(kFilteredMessageClasses)), | 99 arraysize(kFilteredMessageClasses)), |
| (...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 287 if (provider_host->document_url().is_empty()) { | 294 if (provider_host->document_url().is_empty()) { |
| 288 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( | 295 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
| 289 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, | 296 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
| 290 base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + | 297 base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + |
| 291 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); | 298 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); |
| 292 return; | 299 return; |
| 293 } | 300 } |
| 294 | 301 |
| 295 if (!CanRegisterServiceWorker( | 302 if (!CanRegisterServiceWorker( |
| 296 provider_host->document_url(), pattern, script_url)) { | 303 provider_host->document_url(), pattern, script_url)) { |
| 297 BadMessageReceived(); | 304 // TODO(kinuko): Change this back to BadMessageReceived() once we start |
| 305 // to check these in the renderer too. (http://crbug.com/453982) |
| 306 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
| 307 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
| 308 base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + |
| 309 base::ASCIIToUTF16(kDisallowedURLErrorMessage))); |
| 298 return; | 310 return; |
| 299 } | 311 } |
| 300 | 312 |
| 301 std::string error_message; | 313 std::string error_message; |
| 302 if (ServiceWorkerUtils::ContainsDisallowedCharacter(pattern, script_url, | 314 if (ServiceWorkerUtils::ContainsDisallowedCharacter(pattern, script_url, |
| 303 &error_message)) { | 315 &error_message)) { |
| 304 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( | 316 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
| 305 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, | 317 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
| 306 base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + | 318 base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + |
| 307 base::UTF8ToUTF16(error_message))); | 319 base::UTF8ToUTF16(error_message))); |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 372 if (provider_host->document_url().is_empty()) { | 384 if (provider_host->document_url().is_empty()) { |
| 373 Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError( | 385 Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError( |
| 374 thread_id, | 386 thread_id, |
| 375 request_id, | 387 request_id, |
| 376 WebServiceWorkerError::ErrorTypeSecurity, | 388 WebServiceWorkerError::ErrorTypeSecurity, |
| 377 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); | 389 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); |
| 378 return; | 390 return; |
| 379 } | 391 } |
| 380 | 392 |
| 381 if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) { | 393 if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) { |
| 382 BadMessageReceived(); | 394 // TODO(kinuko): Change this back to BadMessageReceived() once we start |
| 395 // to check these in the renderer too. (http://crbug.com/453982) |
| 396 Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError( |
| 397 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
| 398 base::ASCIIToUTF16(kServiceWorkerUnregisterErrorPrefix) + |
| 399 base::ASCIIToUTF16(kDisallowedURLErrorMessage))); |
| 383 return; | 400 return; |
| 384 } | 401 } |
| 385 | 402 |
| 386 if (!GetContentClient()->browser()->AllowServiceWorker( | 403 if (!GetContentClient()->browser()->AllowServiceWorker( |
| 387 pattern, provider_host->topmost_frame_url(), resource_context_)) { | 404 pattern, provider_host->topmost_frame_url(), resource_context_)) { |
| 388 Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError( | 405 Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError( |
| 389 thread_id, | 406 thread_id, |
| 390 request_id, | 407 request_id, |
| 391 WebServiceWorkerError::ErrorTypeUnknown, | 408 WebServiceWorkerError::ErrorTypeUnknown, |
| 392 base::ASCIIToUTF16(kUserDeniedPermissionMessage))); | 409 base::ASCIIToUTF16(kUserDeniedPermissionMessage))); |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 442 // TODO(ksakamoto): This check can be removed once crbug.com/439697 is fixed. | 459 // TODO(ksakamoto): This check can be removed once crbug.com/439697 is fixed. |
| 443 if (provider_host->document_url().is_empty()) { | 460 if (provider_host->document_url().is_empty()) { |
| 444 Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError( | 461 Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError( |
| 445 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, | 462 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
| 446 base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) + | 463 base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) + |
| 447 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); | 464 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); |
| 448 return; | 465 return; |
| 449 } | 466 } |
| 450 | 467 |
| 451 if (!CanGetRegistration(provider_host->document_url(), document_url)) { | 468 if (!CanGetRegistration(provider_host->document_url(), document_url)) { |
| 452 BadMessageReceived(); | 469 // TODO(kinuko): Change this back to BadMessageReceived() once we start |
| 470 // to check these in the renderer too. (http://crbug.com/453982) |
| 471 Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError( |
| 472 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
| 473 base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) + |
| 474 base::ASCIIToUTF16(kDisallowedURLErrorMessage))); |
| 453 return; | 475 return; |
| 454 } | 476 } |
| 455 | 477 |
| 456 if (!GetContentClient()->browser()->AllowServiceWorker( | 478 if (!GetContentClient()->browser()->AllowServiceWorker( |
| 457 provider_host->document_url(), | 479 provider_host->document_url(), |
| 458 provider_host->topmost_frame_url(), | 480 provider_host->topmost_frame_url(), |
| 459 resource_context_)) { | 481 resource_context_)) { |
| 460 Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError( | 482 Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError( |
| 461 thread_id, request_id, WebServiceWorkerError::ErrorTypeUnknown, | 483 thread_id, request_id, WebServiceWorkerError::ErrorTypeUnknown, |
| 462 base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) + | 484 base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) + |
| (...skipping 475 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 938 ServiceWorkerHandle* handle = handles_.Lookup(handle_id); | 960 ServiceWorkerHandle* handle = handles_.Lookup(handle_id); |
| 939 if (!handle) { | 961 if (!handle) { |
| 940 BadMessageReceived(); | 962 BadMessageReceived(); |
| 941 return; | 963 return; |
| 942 } | 964 } |
| 943 handle->version()->StopWorker( | 965 handle->version()->StopWorker( |
| 944 base::Bind(&ServiceWorkerUtils::NoOpStatusCallback)); | 966 base::Bind(&ServiceWorkerUtils::NoOpStatusCallback)); |
| 945 } | 967 } |
| 946 | 968 |
| 947 } // namespace content | 969 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 889323002:
Allow SW registration only if it's secure AND it's HTTP or HTTPS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master