Changeset 289532 in webkit
- Timestamp:
- Feb 10, 2022 7:33:42 AM (5 months ago)
- Location:
- trunk
- Files:
-
- 5 edited
-
LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
-
LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin-expected.txt (modified) (1 diff)
-
LayoutTests/imported/w3c/web-platform-tests/workers/shared-worker-in-data-url-context.window-expected.txt (modified) (1 diff)
-
Source/WebCore/ChangeLog (modified) (1 diff)
-
Source/WebCore/workers/shared/SharedWorker.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/imported/w3c/ChangeLog
r289527 r289532 1 2022-02-10 Chris Dumez <cdumez@apple.com> 2 3 Fail synchronously when constructing a SharedWorker with an URL that is not same-origin 4 https://bugs.webkit.org/show_bug.cgi?id=236419 5 6 Reviewed by Darin Adler. 7 8 * web-platform-tests/workers/constructors/SharedWorker/same-origin-expected.txt: 9 Rebaseline test that is now fully passing. I have verified that it is passing in both 10 Blink and Gecko too. 11 12 * web-platform-tests/workers/shared-worker-in-data-url-context.window-expected.txt: 13 Even though this looks like a regression, this actually aligns our behavior with both 14 Blink & Gecko (who also fail this check). Note that the load fails no matter what. 15 However, the test expects it to fail asynchronously instead of synchronously in this 16 case. 17 1 18 2022-02-10 Rob Buis <rbuis@igalia.com> 2 19 -
trunk/LayoutTests/imported/w3c/web-platform-tests/workers/constructors/SharedWorker/same-origin-expected.txt
r289116 r289532 1 CONSOLE MESSAGE: Cannot load unsupported:.2 CONSOLE MESSAGE: Cannot load javascript:"".3 CONSOLE MESSAGE: Cannot load about:blank.4 CONSOLE MESSAGE: Cannot load http://www.opera.com/.5 CONSOLE MESSAGE: Cannot load http://localhost:81/.6 CONSOLE MESSAGE: Cannot load https://localhost:80/.7 CONSOLE MESSAGE: Cannot load https://localhost:8000/.8 CONSOLE MESSAGE: Cannot load http://localhost:8012/.9 1 10 FAIL unsupported_scheme assert_throws_dom: function "() => { new SharedWorker('unsupported:', ''); }" did not throw 2 PASS unsupported_scheme 11 3 PASS data_url 12 4 PASS javascript_url -
trunk/LayoutTests/imported/w3c/web-platform-tests/workers/shared-worker-in-data-url-context.window-expected.txt
r289247 r289532 1 CONSOLE MESSAGE: Cannot load http://localhost:8800/workers/support/post-message-on-load-worker.js.2 1 3 PASS Create a shared worker in a data url frame 2 FAIL Create a shared worker in a data url frame assert_equals: expected "PASS" but got "SharedWorker construction unexpectedly synchronously failed" 4 3 PASS Create a data url shared worker in a data url frame 5 4 -
trunk/Source/WebCore/ChangeLog
r289531 r289532 1 2022-02-10 Chris Dumez <cdumez@apple.com> 2 3 Fail synchronously when constructing a SharedWorker with an URL that is not same-origin 4 https://bugs.webkit.org/show_bug.cgi?id=236419 5 6 Reviewed by Darin Adler. 7 8 Fail synchronously when constructing a SharedWorker with an URL that is not same-origin. 9 This aligns our behavior with Chrome and matches the language in the specification. 10 11 No new tests, rebaselined existing test. 12 13 * workers/shared/SharedWorker.cpp: 14 (WebCore::SharedWorker::create): 15 1 16 2022-02-10 Gavin Phillips <gavin.p@apple.com> 2 17 -
trunk/Source/WebCore/workers/shared/SharedWorker.cpp
r289247 r289532 75 75 return Exception { SyntaxError, "Invalid script URL"_s }; 76 76 77 if (url.isLocalFile()) 78 return Exception { SecurityError, "Cannot construct a shared worker with a file:// URL"_s }; 77 // Per the specification, any same-origin URL (including blob: URLs) can be used. data: URLs can also be used, but they create a worker with an opaque origin. 78 if (!document.securityOrigin().canRequest(url) && !url.protocolIsData()) 79 return Exception { SecurityError, "URL of the shared worker is cross-origin"_s }; 79 80 80 81 if (auto* contentSecurityPolicy = document.contentSecurityPolicy()) {
Note: See TracChangeset
for help on using the changeset viewer.
