Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(207)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/service_worker/service_worker_dispatcher_host.cc

Issue 889323002: Allow SW registration only if it's secure AND it's HTTP or HTTPS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: remove LOG(ERROR) Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/browser/service_worker/service_worker_dispatcher_host_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/service_worker/service_worker_dispatcher_host.cc
diff --git a/content/browser/service_worker/service_worker_dispatcher_host.cc b/content/browser/service_worker/service_worker_dispatcher_host.cc
index aa954ee1dd0f34a158417c8675def8e9efc585cb..a210b51d89a7f319f3a21285903b2541bd72edda 100644
--- a/content/browser/service_worker/service_worker_dispatcher_host.cc
+++ b/content/browser/service_worker/service_worker_dispatcher_host.cc
@@ -34,6 +34,8 @@ namespace {
const char kNoDocumentURLErrorMessage[] =
"No URL is associated with the caller's document.";
+const char kDisallowedURLErrorMessage[] =
+ "The URL is not supported.";
const char kShutdownErrorMessage[] =
"The Service Worker system has shutdown.";
const char kUserDeniedPermissionMessage[] =
@@ -53,7 +55,8 @@ bool AllOriginsMatch(const GURL& url_a, const GURL& url_b, const GURL& url_c) {
// consistent with Blink's
// SecurityOrigin::canAccessFeatureRequiringSecureOrigin.
bool OriginCanAccessServiceWorkers(const GURL& url) {
- return url.SchemeIsSecure() || net::IsLocalhost(url.host());
+ return url.SchemeIsHTTPOrHTTPS() &&
+ (url.SchemeIsSecure() || net::IsLocalhost(url.host()));
}
bool CanRegisterServiceWorker(const GURL& document_url,
@@ -63,7 +66,9 @@ bool CanRegisterServiceWorker(const GURL& document_url,
DCHECK(pattern.is_valid());
DCHECK(script_url.is_valid());
return AllOriginsMatch(document_url, pattern, script_url) &&
- OriginCanAccessServiceWorkers(document_url);
+ OriginCanAccessServiceWorkers(document_url) &&
+ OriginCanAccessServiceWorkers(pattern) &&
+ OriginCanAccessServiceWorkers(script_url);
}
bool CanUnregisterServiceWorker(const GURL& document_url,
@@ -71,7 +76,8 @@ bool CanUnregisterServiceWorker(const GURL& document_url,
DCHECK(document_url.is_valid());
DCHECK(pattern.is_valid());
return document_url.GetOrigin() == pattern.GetOrigin() &&
- OriginCanAccessServiceWorkers(document_url);
+ OriginCanAccessServiceWorkers(document_url) &&
+ OriginCanAccessServiceWorkers(pattern);
}
bool CanGetRegistration(const GURL& document_url,
@@ -79,7 +85,8 @@ bool CanGetRegistration(const GURL& document_url,
DCHECK(document_url.is_valid());
DCHECK(given_document_url.is_valid());
return document_url.GetOrigin() == given_document_url.GetOrigin() &&
- OriginCanAccessServiceWorkers(document_url);
+ OriginCanAccessServiceWorkers(document_url) &&
+ OriginCanAccessServiceWorkers(given_document_url);
}
} // namespace
@@ -294,7 +301,12 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker(
if (!CanRegisterServiceWorker(
provider_host->document_url(), pattern, script_url)) {
- BadMessageReceived();
+ // TODO(kinuko): Change this back to BadMessageReceived() once we start
+ // to check these in the renderer too. (http://crbug.com/453982)
+ Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
+ thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity,
+ base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) +
+ base::ASCIIToUTF16(kDisallowedURLErrorMessage)));
return;
}
@@ -379,7 +391,12 @@ void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker(
}
if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) {
- BadMessageReceived();
+ // TODO(kinuko): Change this back to BadMessageReceived() once we start
+ // to check these in the renderer too. (http://crbug.com/453982)
+ Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError(
+ thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity,
+ base::ASCIIToUTF16(kServiceWorkerUnregisterErrorPrefix) +
+ base::ASCIIToUTF16(kDisallowedURLErrorMessage)));
return;
}
@@ -449,7 +466,12 @@ void ServiceWorkerDispatcherHost::OnGetRegistration(
}
if (!CanGetRegistration(provider_host->document_url(), document_url)) {
- BadMessageReceived();
+ // TODO(kinuko): Change this back to BadMessageReceived() once we start
+ // to check these in the renderer too. (http://crbug.com/453982)
+ Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError(
+ thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity,
+ base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) +
+ base::ASCIIToUTF16(kDisallowedURLErrorMessage)));
return;
}
« no previous file with comments | « no previous file | content/browser/service_worker/service_worker_dispatcher_host_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698