Changeset 228919 in webkit
- Timestamp:
- Feb 22, 2018 8:55:53 AM (6 years ago)
- Location:
- trunk/Source
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r228917 r228919 1 2018-02-22 Youenn Fablet <youenn@apple.com> 2 3 Add release asserts for service worker fetch and postMessage events 4 https://bugs.webkit.org/show_bug.cgi?id=183025 5 rdar://problem/37765052 6 7 Reviewed by Daniel Bates. 8 9 Add release assertion so that a service worker will only dispatch a message event 10 for clients and service workers with the same origin. 11 No change of behavior. 12 13 * platform/network/ResourceRequestBase.h: 14 * workers/service/context/ServiceWorkerThread.cpp: 15 (WebCore::ServiceWorkerThread::postMessageToServiceWorker): 16 * workers/service/context/ServiceWorkerThreadProxy.h: 17 1 18 2018-02-22 Miguel Gomez <magomez@igalia.com> 2 19 -
trunk/Source/WebCore/platform/network/ResourceRequestBase.h
r228239 r228919 114 114 WEBCORE_EXPORT void clearHTTPReferrer(); 115 115 116 String httpOrigin() const;116 WEBCORE_EXPORT String httpOrigin() const; 117 117 bool hasHTTPOrigin() const; 118 118 void setHTTPOrigin(const String&); -
trunk/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp
r228218 r228919 120 120 if (WTF::holds_alternative<ServiceWorkerClientData>(sourceData)) { 121 121 RefPtr<ServiceWorkerClient> sourceClient = ServiceWorkerClient::getOrCreate(serviceWorkerGlobalScope, WTFMove(WTF::get<ServiceWorkerClientData>(sourceData))); 122 123 RELEASE_ASSERT(!sourceClient->url().protocolIsInHTTPFamily() || !serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() || protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceClient->url())); 124 122 125 sourceOrigin = SecurityOrigin::create(sourceClient->url()); 123 126 source = WTFMove(sourceClient); 124 127 } else { 125 128 RefPtr<ServiceWorker> sourceWorker = ServiceWorker::getOrCreate(serviceWorkerGlobalScope, WTFMove(WTF::get<ServiceWorkerData>(sourceData))); 129 130 RELEASE_ASSERT(!sourceWorker->scriptURL().protocolIsInHTTPFamily() || !serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() || protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceWorker->scriptURL())); 131 126 132 sourceOrigin = SecurityOrigin::create(sourceWorker->scriptURL()); 127 133 source = WTFMove(sourceWorker); -
trunk/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h
r226510 r228919 66 66 WEBCORE_EXPORT std::unique_ptr<FetchLoader> createBlobLoader(FetchLoaderClient&, const URL&); 67 67 68 const URL& scriptURL() const { return m_document->url(); } 69 68 70 // Public only for testing purposes. 69 71 WEBCORE_TESTSUPPORT_EXPORT void notifyNetworkStateChange(bool isOnline); -
trunk/Source/WebKit/ChangeLog
r228915 r228919 1 2018-02-22 Youenn Fablet <youenn@apple.com> 2 3 Add release asserts for service worker fetch and postMessage events 4 https://bugs.webkit.org/show_bug.cgi?id=183025 5 rdar://problem/37765052 6 7 Reviewed by Daniel Bates. 8 9 Add assertion to protect interception of a fetch load by a service worker with 10 a different origin from the page. 11 12 * WebProcess/Storage/WebSWContextManagerConnection.cpp: 13 (WebKit::WebSWContextManagerConnection::startFetch): 14 1 15 2018-02-22 Ms2ger <Ms2ger@igalia.com> 2 16 -
trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp
r228915 r228919 189 189 } 190 190 191 String origin = request.httpOrigin(); 192 URL url { URL(), origin.isEmpty() ? referrer : origin }; 193 URL serviceWorkerURL = serviceWorkerThreadProxy->scriptURL(); 194 RELEASE_ASSERT(!url.protocolIsInHTTPFamily() || !serviceWorkerURL.protocolIsInHTTPFamily() || protocolHostAndPortAreEqual(url, serviceWorkerURL)); 195 191 196 auto client = WebServiceWorkerFetchTaskClient::create(m_connectionToStorageProcess.copyRef(), serviceWorkerIdentifier, serverConnectionIdentifier, fetchIdentifier); 192 197 std::optional<ServiceWorkerClientIdentifier> clientId;
Note: See TracChangeset
for help on using the changeset viewer.