Index: content/browser/service_worker/service_worker_dispatcher_host.cc |
diff --git a/content/browser/service_worker/service_worker_dispatcher_host.cc b/content/browser/service_worker/service_worker_dispatcher_host.cc |
index aa954ee1dd0f34a158417c8675def8e9efc585cb..83b9430adea50532d44b2d5d8bf0143846db2c21 100644 |
--- a/content/browser/service_worker/service_worker_dispatcher_host.cc |
+++ b/content/browser/service_worker/service_worker_dispatcher_host.cc |
@@ -34,6 +34,8 @@ namespace { |
const char kNoDocumentURLErrorMessage[] = |
"No URL is associated with the caller's document."; |
+const char kDisallowedURLErrorMessage[] = |
+ "The URL is not supported."; |
nhiroki
2015/02/02 08:37:43
Ideally we should show more descriptive message sp
|
const char kShutdownErrorMessage[] = |
"The Service Worker system has shutdown."; |
const char kUserDeniedPermissionMessage[] = |
@@ -53,7 +55,8 @@ bool AllOriginsMatch(const GURL& url_a, const GURL& url_b, const GURL& url_c) { |
// consistent with Blink's |
// SecurityOrigin::canAccessFeatureRequiringSecureOrigin. |
bool OriginCanAccessServiceWorkers(const GURL& url) { |
- return url.SchemeIsSecure() || net::IsLocalhost(url.host()); |
+ return url.SchemeIsHTTPOrHTTPS() && |
+ (url.SchemeIsSecure() || net::IsLocalhost(url.host())); |
} |
bool CanRegisterServiceWorker(const GURL& document_url, |
@@ -63,7 +66,9 @@ bool CanRegisterServiceWorker(const GURL& document_url, |
DCHECK(pattern.is_valid()); |
DCHECK(script_url.is_valid()); |
return AllOriginsMatch(document_url, pattern, script_url) && |
- OriginCanAccessServiceWorkers(document_url); |
+ OriginCanAccessServiceWorkers(document_url) && |
+ OriginCanAccessServiceWorkers(pattern) && |
falken
2015/02/02 08:44:04
Actually, doesn't AllOriginsMatch mean you only ne
|
+ OriginCanAccessServiceWorkers(script_url); |
} |
bool CanUnregisterServiceWorker(const GURL& document_url, |
@@ -71,7 +76,8 @@ bool CanUnregisterServiceWorker(const GURL& document_url, |
DCHECK(document_url.is_valid()); |
DCHECK(pattern.is_valid()); |
return document_url.GetOrigin() == pattern.GetOrigin() && |
- OriginCanAccessServiceWorkers(document_url); |
+ OriginCanAccessServiceWorkers(document_url) && |
+ OriginCanAccessServiceWorkers(pattern); |
} |
bool CanGetRegistration(const GURL& document_url, |
@@ -294,7 +300,12 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker( |
if (!CanRegisterServiceWorker( |
provider_host->document_url(), pattern, script_url)) { |
- BadMessageReceived(); |
+ // TODO(kinuko): Change this back to BadMessageReceived() once we start |
+ // to check these in the renderer too. (http://crbug.com/453982) |
+ Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
+ thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
+ base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + |
+ base::ASCIIToUTF16(kDisallowedURLErrorMessage))); |
return; |
} |
@@ -379,7 +390,12 @@ void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker( |
} |
if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) { |
- BadMessageReceived(); |
+ // TODO(kinuko): Change this back to BadMessageReceived() once we start |
+ // to check these in the renderer too. (http://crbug.com/453982) |
+ Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
+ thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
+ base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + |
falken
2015/02/02 08:44:04
kServiceWorkerUnregisterErrorPrefix
kinuko
2015/02/02 09:43:24
Done.
Also fixed the error msg type (Registration
|
+ base::ASCIIToUTF16(kDisallowedURLErrorMessage))); |
return; |
} |