OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/service_worker/service_worker_version.h" | 5 #include "content/browser/service_worker/service_worker_version.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
11 #include "base/strings/string16.h" | 11 #include "base/strings/string16.h" |
12 #include "base/strings/utf_string_conversions.h" | 12 #include "base/strings/utf_string_conversions.h" |
13 #include "base/time/time.h" | 13 #include "base/time/time.h" |
| 14 #include "content/browser/child_process_security_policy_impl.h" |
14 #include "content/browser/message_port_message_filter.h" | 15 #include "content/browser/message_port_message_filter.h" |
15 #include "content/browser/message_port_service.h" | 16 #include "content/browser/message_port_service.h" |
16 #include "content/browser/service_worker/embedded_worker_instance.h" | 17 #include "content/browser/service_worker/embedded_worker_instance.h" |
17 #include "content/browser/service_worker/embedded_worker_registry.h" | 18 #include "content/browser/service_worker/embedded_worker_registry.h" |
18 #include "content/browser/service_worker/service_worker_context_core.h" | 19 #include "content/browser/service_worker/service_worker_context_core.h" |
19 #include "content/browser/service_worker/service_worker_context_wrapper.h" | 20 #include "content/browser/service_worker/service_worker_context_wrapper.h" |
20 #include "content/browser/service_worker/service_worker_registration.h" | 21 #include "content/browser/service_worker/service_worker_registration.h" |
21 #include "content/browser/service_worker/service_worker_utils.h" | 22 #include "content/browser/service_worker/service_worker_utils.h" |
22 #include "content/browser/storage_partition_impl.h" | 23 #include "content/browser/storage_partition_impl.h" |
23 #include "content/common/service_worker/service_worker_messages.h" | 24 #include "content/common/service_worker/service_worker_messages.h" |
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
234 NEW_FOREGROUND_TAB, ui::PAGE_TRANSITION_AUTO_TOPLEVEL, | 235 NEW_FOREGROUND_TAB, ui::PAGE_TRANSITION_AUTO_TOPLEVEL, |
235 true /* is_renderer_initiated */); | 236 true /* is_renderer_initiated */); |
236 | 237 |
237 GetContentClient()->browser()->OpenURL( | 238 GetContentClient()->browser()->OpenURL( |
238 browser_context, params, | 239 browser_context, params, |
239 base::Bind(&DidOpenURL, callback)); | 240 base::Bind(&DidOpenURL, callback)); |
240 } | 241 } |
241 | 242 |
242 void KillEmbeddedWorkerProcess(int process_id, ResultCode code) { | 243 void KillEmbeddedWorkerProcess(int process_id, ResultCode code) { |
243 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 244 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
244 | |
245 RenderProcessHost* render_process_host = | 245 RenderProcessHost* render_process_host = |
246 RenderProcessHost::FromID(process_id); | 246 RenderProcessHost::FromID(process_id); |
247 if (render_process_host->GetHandle() != base::kNullProcessHandle) | 247 if (render_process_host->GetHandle() != base::kNullProcessHandle) |
248 render_process_host->ReceivedBadMessage(); | 248 render_process_host->ReceivedBadMessage(); |
249 } | 249 } |
250 | 250 |
251 void ClearTick(base::TimeTicks* time) { | 251 void ClearTick(base::TimeTicks* time) { |
252 *time = base::TimeTicks(); | 252 *time = base::TimeTicks(); |
253 } | 253 } |
254 | 254 |
(...skipping 916 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1171 if (!callback) { | 1171 if (!callback) { |
1172 NOTREACHED() << "Got unexpected message: " << request_id; | 1172 NOTREACHED() << "Got unexpected message: " << request_id; |
1173 return; | 1173 return; |
1174 } | 1174 } |
1175 | 1175 |
1176 scoped_refptr<ServiceWorkerVersion> protect(this); | 1176 scoped_refptr<ServiceWorkerVersion> protect(this); |
1177 callback->Run(SERVICE_WORKER_OK, accept_connection); | 1177 callback->Run(SERVICE_WORKER_OK, accept_connection); |
1178 RemoveCallbackAndStopIfDoomed(&cross_origin_connect_callbacks_, request_id); | 1178 RemoveCallbackAndStopIfDoomed(&cross_origin_connect_callbacks_, request_id); |
1179 } | 1179 } |
1180 | 1180 |
1181 void ServiceWorkerVersion::OnOpenWindow(int request_id, const GURL& url) { | 1181 void ServiceWorkerVersion::OnOpenWindow(int request_id, GURL url) { |
1182 // Just abort if we are shutting down. | 1182 // Just abort if we are shutting down. |
1183 if (!context_) | 1183 if (!context_) |
1184 return; | 1184 return; |
1185 | 1185 |
1186 if (url.GetOrigin() != script_url_.GetOrigin()) { | 1186 if (!url.is_valid()) { |
1187 // There should be a same origin check by Blink, if the request is still not | 1187 DVLOG(1) << "Received unexpected invalid URL from renderer process."; |
1188 // same origin, the process might be compromised and should be eliminated. | |
1189 DVLOG(1) << "Received a cross origin openWindow() request from a service " | |
1190 "worker. Killing associated process."; | |
1191 BrowserThread::PostTask(BrowserThread::UI, FROM_HERE, | 1188 BrowserThread::PostTask(BrowserThread::UI, FROM_HERE, |
1192 base::Bind(&KillEmbeddedWorkerProcess, | 1189 base::Bind(&KillEmbeddedWorkerProcess, |
1193 embedded_worker_->process_id(), | 1190 embedded_worker_->process_id(), |
1194 RESULT_CODE_KILLED_BAD_MESSAGE)); | 1191 RESULT_CODE_KILLED_BAD_MESSAGE)); |
1195 return; | 1192 return; |
1196 } | 1193 } |
1197 | 1194 |
| 1195 // The renderer treats all URLs in the about: scheme as being about:blank. |
| 1196 // Canonicalize about: URLs to about:blank. |
| 1197 if (url.SchemeIs(url::kAboutScheme)) |
| 1198 url = GURL(url::kAboutBlankURL); |
| 1199 |
| 1200 // Reject requests for URLs that the process is not allowed to access. It's |
| 1201 // possible to receive such requests since the renderer-side checks are |
| 1202 // slightly different. For example, the view-source scheme will not be |
| 1203 // filtered out by Blink. |
| 1204 if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL( |
| 1205 embedded_worker_->process_id(), url)) { |
| 1206 embedded_worker_->SendMessage(ServiceWorkerMsg_OpenWindowError( |
| 1207 request_id, url.spec() + " cannot be opened.")); |
| 1208 return; |
| 1209 } |
| 1210 |
1198 BrowserThread::PostTask( | 1211 BrowserThread::PostTask( |
1199 BrowserThread::UI, FROM_HERE, | 1212 BrowserThread::UI, FROM_HERE, |
1200 base::Bind(&OpenWindowOnUI, | 1213 base::Bind(&OpenWindowOnUI, |
1201 url, | 1214 url, |
1202 script_url_, | 1215 script_url_, |
1203 embedded_worker_->process_id(), | 1216 embedded_worker_->process_id(), |
1204 make_scoped_refptr(context_->wrapper()), | 1217 make_scoped_refptr(context_->wrapper()), |
1205 base::Bind(&ServiceWorkerVersion::DidOpenWindow, | 1218 base::Bind(&ServiceWorkerVersion::DidOpenWindow, |
1206 weak_factory_.GetWeakPtr(), | 1219 weak_factory_.GetWeakPtr(), |
1207 request_id))); | 1220 request_id))); |
1208 } | 1221 } |
1209 | 1222 |
1210 void ServiceWorkerVersion::DidOpenWindow(int request_id, | 1223 void ServiceWorkerVersion::DidOpenWindow(int request_id, |
1211 int render_process_id, | 1224 int render_process_id, |
1212 int render_frame_id) { | 1225 int render_frame_id) { |
1213 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 1226 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
1214 | 1227 |
1215 if (running_status() != RUNNING) | 1228 if (running_status() != RUNNING) |
1216 return; | 1229 return; |
1217 | 1230 |
1218 if (render_process_id == ChildProcessHost::kInvalidUniqueID && | 1231 if (render_process_id == ChildProcessHost::kInvalidUniqueID && |
1219 render_frame_id == MSG_ROUTING_NONE) { | 1232 render_frame_id == MSG_ROUTING_NONE) { |
1220 embedded_worker_->SendMessage(ServiceWorkerMsg_OpenWindowError(request_id)); | 1233 embedded_worker_->SendMessage(ServiceWorkerMsg_OpenWindowError( |
| 1234 request_id, "Something went wrong while trying to open the window.")); |
1221 return; | 1235 return; |
1222 } | 1236 } |
1223 | 1237 |
1224 for (const auto& it : controllee_map_) { | 1238 for (const auto& it : controllee_map_) { |
1225 const ServiceWorkerProviderHost* provider_host = it.first; | 1239 const ServiceWorkerProviderHost* provider_host = it.first; |
1226 if (provider_host->process_id() != render_process_id || | 1240 if (provider_host->process_id() != render_process_id || |
1227 provider_host->frame_id() != render_frame_id) { | 1241 provider_host->frame_id() != render_frame_id) { |
1228 continue; | 1242 continue; |
1229 } | 1243 } |
1230 | 1244 |
(...skipping 359 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1590 int request_id) { | 1604 int request_id) { |
1591 callbacks->Remove(request_id); | 1605 callbacks->Remove(request_id); |
1592 if (is_doomed_) { | 1606 if (is_doomed_) { |
1593 // The stop should be already scheduled, but try to stop immediately, in | 1607 // The stop should be already scheduled, but try to stop immediately, in |
1594 // order to release worker resources soon. | 1608 // order to release worker resources soon. |
1595 StopWorkerIfIdle(); | 1609 StopWorkerIfIdle(); |
1596 } | 1610 } |
1597 } | 1611 } |
1598 | 1612 |
1599 } // namespace content | 1613 } // namespace content |
OLD | NEW |