| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/service_worker/service_worker_dispatcher_host.h" | 5 #include "content/browser/service_worker/service_worker_dispatcher_host.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/strings/utf_string_conversions.h" | 8 #include "base/strings/utf_string_conversions.h" |
| 9 #include "base/trace_event/trace_event.h" | 9 #include "base/trace_event/trace_event.h" |
| 10 #include "content/browser/message_port_message_filter.h" | 10 #include "content/browser/message_port_message_filter.h" |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 #include "url/gurl.h" | 27 #include "url/gurl.h" |
| 28 | 28 |
| 29 using blink::WebServiceWorkerError; | 29 using blink::WebServiceWorkerError; |
| 30 | 30 |
| 31 namespace content { | 31 namespace content { |
| 32 | 32 |
| 33 namespace { | 33 namespace { |
| 34 | 34 |
| 35 const char kNoDocumentURLErrorMessage[] = | 35 const char kNoDocumentURLErrorMessage[] = |
| 36 "No URL is associated with the caller's document."; | 36 "No URL is associated with the caller's document."; |
| 37 const char kDisallowedURLErrorMessage[] = | |
| 38 "The URL is not supported."; | |
| 39 const char kShutdownErrorMessage[] = | 37 const char kShutdownErrorMessage[] = |
| 40 "The Service Worker system has shutdown."; | 38 "The Service Worker system has shutdown."; |
| 41 const char kUserDeniedPermissionMessage[] = | 39 const char kUserDeniedPermissionMessage[] = |
| 42 "The user denied permission to use Service Worker."; | 40 "The user denied permission to use Service Worker."; |
| 43 | 41 |
| 44 const uint32 kFilteredMessageClasses[] = { | 42 const uint32 kFilteredMessageClasses[] = { |
| 45 ServiceWorkerMsgStart, | 43 ServiceWorkerMsgStart, |
| 46 EmbeddedWorkerMsgStart, | 44 EmbeddedWorkerMsgStart, |
| 47 }; | 45 }; |
| 48 | 46 |
| (...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 294 if (provider_host->document_url().is_empty()) { | 292 if (provider_host->document_url().is_empty()) { |
| 295 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( | 293 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
| 296 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, | 294 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
| 297 base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + | 295 base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + |
| 298 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); | 296 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); |
| 299 return; | 297 return; |
| 300 } | 298 } |
| 301 | 299 |
| 302 if (!CanRegisterServiceWorker( | 300 if (!CanRegisterServiceWorker( |
| 303 provider_host->document_url(), pattern, script_url)) { | 301 provider_host->document_url(), pattern, script_url)) { |
| 304 // TODO(kinuko): Change this back to BadMessageReceived() once we start | 302 BadMessageReceived(); |
| 305 // to check these in the renderer too. (http://crbug.com/453982) | |
| 306 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( | |
| 307 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, | |
| 308 base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + | |
| 309 base::ASCIIToUTF16(kDisallowedURLErrorMessage))); | |
| 310 return; | 303 return; |
| 311 } | 304 } |
| 312 | 305 |
| 313 std::string error_message; | 306 std::string error_message; |
| 314 if (ServiceWorkerUtils::ContainsDisallowedCharacter(pattern, script_url, | 307 if (ServiceWorkerUtils::ContainsDisallowedCharacter(pattern, script_url, |
| 315 &error_message)) { | 308 &error_message)) { |
| 316 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( | 309 Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( |
| 317 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, | 310 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
| 318 base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + | 311 base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + |
| 319 base::UTF8ToUTF16(error_message))); | 312 base::UTF8ToUTF16(error_message))); |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 384 if (provider_host->document_url().is_empty()) { | 377 if (provider_host->document_url().is_empty()) { |
| 385 Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError( | 378 Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError( |
| 386 thread_id, | 379 thread_id, |
| 387 request_id, | 380 request_id, |
| 388 WebServiceWorkerError::ErrorTypeSecurity, | 381 WebServiceWorkerError::ErrorTypeSecurity, |
| 389 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); | 382 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); |
| 390 return; | 383 return; |
| 391 } | 384 } |
| 392 | 385 |
| 393 if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) { | 386 if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) { |
| 394 // TODO(kinuko): Change this back to BadMessageReceived() once we start | 387 BadMessageReceived(); |
| 395 // to check these in the renderer too. (http://crbug.com/453982) | |
| 396 Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError( | |
| 397 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, | |
| 398 base::ASCIIToUTF16(kServiceWorkerUnregisterErrorPrefix) + | |
| 399 base::ASCIIToUTF16(kDisallowedURLErrorMessage))); | |
| 400 return; | 388 return; |
| 401 } | 389 } |
| 402 | 390 |
| 403 if (!GetContentClient()->browser()->AllowServiceWorker( | 391 if (!GetContentClient()->browser()->AllowServiceWorker( |
| 404 pattern, provider_host->topmost_frame_url(), resource_context_)) { | 392 pattern, provider_host->topmost_frame_url(), resource_context_)) { |
| 405 Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError( | 393 Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError( |
| 406 thread_id, | 394 thread_id, |
| 407 request_id, | 395 request_id, |
| 408 WebServiceWorkerError::ErrorTypeUnknown, | 396 WebServiceWorkerError::ErrorTypeUnknown, |
| 409 base::ASCIIToUTF16(kUserDeniedPermissionMessage))); | 397 base::ASCIIToUTF16(kUserDeniedPermissionMessage))); |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 459 // TODO(ksakamoto): This check can be removed once crbug.com/439697 is fixed. | 447 // TODO(ksakamoto): This check can be removed once crbug.com/439697 is fixed. |
| 460 if (provider_host->document_url().is_empty()) { | 448 if (provider_host->document_url().is_empty()) { |
| 461 Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError( | 449 Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError( |
| 462 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, | 450 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, |
| 463 base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) + | 451 base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) + |
| 464 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); | 452 base::ASCIIToUTF16(kNoDocumentURLErrorMessage))); |
| 465 return; | 453 return; |
| 466 } | 454 } |
| 467 | 455 |
| 468 if (!CanGetRegistration(provider_host->document_url(), document_url)) { | 456 if (!CanGetRegistration(provider_host->document_url(), document_url)) { |
| 469 // TODO(kinuko): Change this back to BadMessageReceived() once we start | 457 BadMessageReceived(); |
| 470 // to check these in the renderer too. (http://crbug.com/453982) | |
| 471 Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError( | |
| 472 thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, | |
| 473 base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) + | |
| 474 base::ASCIIToUTF16(kDisallowedURLErrorMessage))); | |
| 475 return; | 458 return; |
| 476 } | 459 } |
| 477 | 460 |
| 478 if (!GetContentClient()->browser()->AllowServiceWorker( | 461 if (!GetContentClient()->browser()->AllowServiceWorker( |
| 479 provider_host->document_url(), | 462 provider_host->document_url(), |
| 480 provider_host->topmost_frame_url(), | 463 provider_host->topmost_frame_url(), |
| 481 resource_context_)) { | 464 resource_context_)) { |
| 482 Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError( | 465 Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError( |
| 483 thread_id, request_id, WebServiceWorkerError::ErrorTypeUnknown, | 466 thread_id, request_id, WebServiceWorkerError::ErrorTypeUnknown, |
| 484 base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) + | 467 base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) + |
| (...skipping 483 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 968 ServiceWorkerHandle* handle = handles_.Lookup(handle_id); | 951 ServiceWorkerHandle* handle = handles_.Lookup(handle_id); |
| 969 if (!handle) { | 952 if (!handle) { |
| 970 BadMessageReceived(); | 953 BadMessageReceived(); |
| 971 return; | 954 return; |
| 972 } | 955 } |
| 973 handle->version()->StopWorker( | 956 handle->version()->StopWorker( |
| 974 base::Bind(&ServiceWorkerUtils::NoOpStatusCallback)); | 957 base::Bind(&ServiceWorkerUtils::NoOpStatusCallback)); |
| 975 } | 958 } |
| 976 | 959 |
| 977 } // namespace content | 960 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 906453002:
ServiceWorker: Make browser-side check stricter for non-HTTP(s) schemes (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master