OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/service_worker/service_worker_version.h" | 5 #include "content/browser/service_worker/service_worker_version.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
11 #include "base/strings/string16.h" | 11 #include "base/strings/string16.h" |
12 #include "base/strings/utf_string_conversions.h" | 12 #include "base/strings/utf_string_conversions.h" |
13 #include "base/time/time.h" | 13 #include "base/time/time.h" |
14 #include "content/browser/child_process_security_policy_impl.h" | |
14 #include "content/browser/message_port_message_filter.h" | 15 #include "content/browser/message_port_message_filter.h" |
15 #include "content/browser/message_port_service.h" | 16 #include "content/browser/message_port_service.h" |
16 #include "content/browser/service_worker/embedded_worker_instance.h" | 17 #include "content/browser/service_worker/embedded_worker_instance.h" |
17 #include "content/browser/service_worker/embedded_worker_registry.h" | 18 #include "content/browser/service_worker/embedded_worker_registry.h" |
18 #include "content/browser/service_worker/service_worker_context_core.h" | 19 #include "content/browser/service_worker/service_worker_context_core.h" |
19 #include "content/browser/service_worker/service_worker_context_wrapper.h" | 20 #include "content/browser/service_worker/service_worker_context_wrapper.h" |
20 #include "content/browser/service_worker/service_worker_registration.h" | 21 #include "content/browser/service_worker/service_worker_registration.h" |
21 #include "content/browser/service_worker/service_worker_utils.h" | 22 #include "content/browser/service_worker/service_worker_utils.h" |
22 #include "content/browser/storage_partition_impl.h" | 23 #include "content/browser/storage_partition_impl.h" |
23 #include "content/common/service_worker/service_worker_messages.h" | 24 #include "content/common/service_worker/service_worker_messages.h" |
(...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
269 url, Referrer::SanitizeForRequest( | 270 url, Referrer::SanitizeForRequest( |
270 url, Referrer(script_url, blink::WebReferrerPolicyDefault)), | 271 url, Referrer(script_url, blink::WebReferrerPolicyDefault)), |
271 NEW_FOREGROUND_TAB, ui::PAGE_TRANSITION_AUTO_TOPLEVEL, | 272 NEW_FOREGROUND_TAB, ui::PAGE_TRANSITION_AUTO_TOPLEVEL, |
272 true /* is_renderer_initiated */); | 273 true /* is_renderer_initiated */); |
273 | 274 |
274 GetContentClient()->browser()->OpenURL( | 275 GetContentClient()->browser()->OpenURL( |
275 browser_context, params, | 276 browser_context, params, |
276 base::Bind(&DidOpenURL, callback)); | 277 base::Bind(&DidOpenURL, callback)); |
277 } | 278 } |
278 | 279 |
279 void KillEmbeddedWorkerProcess(int process_id, ResultCode code) { | |
280 DCHECK_CURRENTLY_ON(BrowserThread::UI); | |
281 | |
282 RenderProcessHost* render_process_host = | |
283 RenderProcessHost::FromID(process_id); | |
284 if (render_process_host->GetHandle() != base::kNullProcessHandle) | |
285 render_process_host->ReceivedBadMessage(); | |
286 } | |
287 | |
288 } // namespace | 280 } // namespace |
289 | 281 |
290 ServiceWorkerVersion::ServiceWorkerVersion( | 282 ServiceWorkerVersion::ServiceWorkerVersion( |
291 ServiceWorkerRegistration* registration, | 283 ServiceWorkerRegistration* registration, |
292 const GURL& script_url, | 284 const GURL& script_url, |
293 int64 version_id, | 285 int64 version_id, |
294 base::WeakPtr<ServiceWorkerContextCore> context) | 286 base::WeakPtr<ServiceWorkerContextCore> context) |
295 : version_id_(version_id), | 287 : version_id_(version_id), |
296 registration_id_(kInvalidServiceWorkerVersionId), | 288 registration_id_(kInvalidServiceWorkerVersionId), |
297 script_url_(script_url), | 289 script_url_(script_url), |
(...skipping 864 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1162 scoped_refptr<ServiceWorkerVersion> protect(this); | 1154 scoped_refptr<ServiceWorkerVersion> protect(this); |
1163 callback->Run(SERVICE_WORKER_OK, accept_connection); | 1155 callback->Run(SERVICE_WORKER_OK, accept_connection); |
1164 RemoveCallbackAndStopIfDoomed(&cross_origin_connect_callbacks_, request_id); | 1156 RemoveCallbackAndStopIfDoomed(&cross_origin_connect_callbacks_, request_id); |
1165 } | 1157 } |
1166 | 1158 |
1167 void ServiceWorkerVersion::OnOpenWindow(int request_id, const GURL& url) { | 1159 void ServiceWorkerVersion::OnOpenWindow(int request_id, const GURL& url) { |
1168 // Just abort if we are shutting down. | 1160 // Just abort if we are shutting down. |
1169 if (!context_) | 1161 if (!context_) |
1170 return; | 1162 return; |
1171 | 1163 |
1172 if (url.GetOrigin() != script_url_.GetOrigin()) { | 1164 GURL sanitized_url = url; |
1173 // There should be a same origin check by Blink, if the request is still not | 1165 |
1174 // same origin, the process might be compromised and should be eliminated. | 1166 // Blink consider all about: scheme URLs as about:blank. We need to sanitize |
1175 DVLOG(1) << "Received a cross origin openWindow() request from a service " | 1167 // them accordingly to prevent CanRequestURL() call below to fail on them. |
1176 "worker. Killing associated process."; | 1168 if (sanitized_url.SchemeIs(url::kAboutScheme)) |
1177 BrowserThread::PostTask(BrowserThread::UI, FROM_HERE, | 1169 sanitized_url = GURL(url::kAboutBlankURL); |
1178 base::Bind(&KillEmbeddedWorkerProcess, | 1170 |
1179 embedded_worker_->process_id(), | 1171 // This call will check whether the process should be able to access the given |
1180 RESULT_CODE_KILLED_BAD_MESSAGE)); | 1172 // URL. It is possible to receive requests to open such URLs because the |
falken
2015/03/06 16:03:08
nit: "receive requests to open disallowed URLs"?
| |
1181 return; | 1173 // renderer side checks are slightly different. For example, view-source |
1174 // scheme will not be filtered out by Blink. | |
1175 if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL( | |
1176 embedded_worker_->process_id(), sanitized_url)) { | |
1177 sanitized_url = GURL(url::kAboutBlankURL); | |
falken
2015/03/06 16:03:08
Maybe I'm missing something... why open about:blan
mlamouri (slow - plz ping)
2015/03/06 16:17:19
Hmm, actually, I should have left a comment about
mlamouri (slow - plz ping)
2015/03/06 16:17:19
Hmm, actually, I should have left a comment about
mlamouri (slow - plz ping)
2015/03/06 16:17:19
Hmm, actually, I should have left a comment about
falken
2015/03/06 16:43:32
Ah that's interesting, I didn't know window.open('
| |
1182 } | 1178 } |
1183 | 1179 |
1184 BrowserThread::PostTask( | 1180 BrowserThread::PostTask( |
1185 BrowserThread::UI, FROM_HERE, | 1181 BrowserThread::UI, FROM_HERE, |
1186 base::Bind(&OpenWindowOnUI, | 1182 base::Bind(&OpenWindowOnUI, |
1187 url, | 1183 sanitized_url, |
1188 script_url_, | 1184 script_url_, |
1189 embedded_worker_->process_id(), | 1185 embedded_worker_->process_id(), |
1190 make_scoped_refptr(context_->wrapper()), | 1186 make_scoped_refptr(context_->wrapper()), |
1191 base::Bind(&ServiceWorkerVersion::DidOpenWindow, | 1187 base::Bind(&ServiceWorkerVersion::DidOpenWindow, |
1192 weak_factory_.GetWeakPtr(), | 1188 weak_factory_.GetWeakPtr(), |
1193 request_id))); | 1189 request_id))); |
1194 } | 1190 } |
1195 | 1191 |
1196 void ServiceWorkerVersion::DidOpenWindow(int request_id, | 1192 void ServiceWorkerVersion::DidOpenWindow(int request_id, |
1197 int render_process_id, | 1193 int render_process_id, |
(...skipping 386 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1584 int request_id) { | 1580 int request_id) { |
1585 callbacks->Remove(request_id); | 1581 callbacks->Remove(request_id); |
1586 if (is_doomed_) { | 1582 if (is_doomed_) { |
1587 // The stop should be already scheduled, but try to stop immediately, in | 1583 // The stop should be already scheduled, but try to stop immediately, in |
1588 // order to release worker resources soon. | 1584 // order to release worker resources soon. |
1589 StopWorkerIfIdle(); | 1585 StopWorkerIfIdle(); |
1590 } | 1586 } |
1591 } | 1587 } |
1592 | 1588 |
1593 } // namespace content | 1589 } // namespace content |
OLD | NEW |