Changeset 196242 in webkit


Ignore:
Timestamp:
Feb 7, 2016 2:26:46 PM (8 years ago)
Author:
dbates@webkit.org
Message:

CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy
https://bugs.webkit.org/show_bug.cgi?id=153622
<rdar://problem/24400023>

Source/WebCore:

Reviewed by Gavin Barraclough.

Fixes an issue where Web Workers initiated from an isolated world (say, a Safari Content Script Extension)
would be subject to the Content Security Policy of the page.

Currently code in an isolated world that does not execute in a Web Worker is exempt from the CSP of
the page. However, code that runs inside a Web Worker that was initiated from an isolated world is
subject to the CSP of the page. Instead, such Web Worker code should also be exempt from the CSP of
the page.

Tests: http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html

http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html
http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html

  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::connect): Modified to ask the script execution context whether to bypass the
main world Content Security Policy now that script execution context knows this information.

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy): Deleted; moved logic from here...

  • bindings/js/ScriptController.h:
  • dom/Document.cpp:

(WebCore::Document::shouldBypassMainWorldContentSecurityPolicy): ...to here.

  • dom/Document.h:
  • dom/ScriptExecutionContext.h:

(WebCore::ScriptExecutionContext::shouldBypassMainWorldContentSecurityPolicy): Added; defaults to false -
do not bypass the main world Content Security Policy.

  • page/EventSource.cpp:

(WebCore::EventSource::create): Modified to ask the script execution context whether to bypass the
main world Content Security Policy now that script execution context knows this information.

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy): Deleted.

  • page/csp/ContentSecurityPolicy.h:
  • workers/AbstractWorker.cpp:

(WebCore::AbstractWorker::resolveURL): Bypass the main world Content Security Policy if applicable.
Added FIXME comment to enforce the child-src directive of the document's CSP (as opposed to the script-src
directive) on the worker's script URL. Also, scriptExecutionContext()->contentSecurityPolicy() should
always be non-null just as we expect scriptExecutionContext()->securityOrigin() to be non-null. Assert
this invariant to catch cases where a ScriptExecutionContext is not properly initialized.

  • workers/DedicatedWorkerGlobalScope.cpp:

(WebCore::DedicatedWorkerGlobalScope::create): Modified to take boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy and only apply the Content Security
Policy headers when shouldBypassMainWorldContentSecurityPolicy is false.
(WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy.

  • workers/DedicatedWorkerGlobalScope.h:
  • workers/DedicatedWorkerThread.cpp:

(WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
(WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.

  • workers/DedicatedWorkerThread.h:
  • workers/Worker.cpp:

(WebCore::Worker::create): Store whether we should bypass the main world Content Security Policy so
that we can pass it to WorkerMessagingProxy::startWorkerGlobalScope() in Worker::notifyFinished().
We need to store this decision here as opposed to determining it at any later time (say, in Worker::notifyFinished())
because it is dependent on the current JavaScript program stack at the time this function is invoked.
(WebCore::Worker::notifyFinished): Pass whether to bypass the main world Content Security Policy.

  • workers/Worker.h:
  • workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::WorkerGlobalScope): Modified to take a boolean as to whether to bypass the
main world Content Security Policy and store it in a member field. Also, always instantiate a Content
Security Policy object as our current code assumes that one is always created.

  • workers/WorkerGlobalScope.h:
  • workers/WorkerGlobalScopeProxy.h:
  • workers/WorkerMessagingProxy.cpp:

(WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy.

  • workers/WorkerMessagingProxy.h:
  • workers/WorkerThread.cpp:

(WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Modified to take a boolean argument as to
whether to bypass the main world Content Security Policy and store it in a member field.
(WebCore::WorkerThread::WorkerThread): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy.
(WebCore::WorkerThread::workerThread): Ditto.

  • workers/WorkerThread.h:
  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::open): Modified to ask the script execution context whether to bypass the
main world Content Security Policy now that script execution context knows this information.

LayoutTests:

Reviewed by Gavin Barraclough and Andy Estes.

Add tests to ensure that a Web Worker initiated from an isolated world can bypass the main world
Content Security Policy.

  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker-expected.txt: Added.
  • http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html: Added.
Location:
trunk
Files:
6 added
26 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r196238 r196242  
     12016-02-07  Daniel Bates  <dabates@apple.com>
     2
     3        CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy
     4        https://bugs.webkit.org/show_bug.cgi?id=153622
     5        <rdar://problem/24400023>
     6
     7        Reviewed by Gavin Barraclough and Andy Estes.
     8
     9        Add tests to ensure that a Web Worker initiated from an isolated world can bypass the main world
     10        Content Security Policy.
     11
     12        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval-expected.txt: Added.
     13        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html: Added.
     14        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr-expected.txt: Added.
     15        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html: Added.
     16        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker-expected.txt: Added.
     17        * http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html: Added.
     18
    1192016-02-07  Carlos Garcia Campos  <cgarcia@igalia.com>
    220
  • trunk/Source/WebCore/ChangeLog

    r196239 r196242  
     12016-02-07  Daniel Bates  <dabates@apple.com>
     2
     3        CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy
     4        https://bugs.webkit.org/show_bug.cgi?id=153622
     5        <rdar://problem/24400023>
     6
     7        Reviewed by Gavin Barraclough.
     8
     9        Fixes an issue where Web Workers initiated from an isolated world (say, a Safari Content Script Extension)
     10        would be subject to the Content Security Policy of the page.
     11
     12        Currently code in an isolated world that does not execute in a Web Worker is exempt from the CSP of
     13        the page. However, code that runs inside a Web Worker that was initiated from an isolated world is
     14        subject to the CSP of the page. Instead, such Web Worker code should also be exempt from the CSP of
     15        the page.
     16
     17        Tests: http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html
     18               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html
     19               http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html
     20
     21        * Modules/websockets/WebSocket.cpp:
     22        (WebCore::WebSocket::connect): Modified to ask the script execution context whether to bypass the
     23        main world Content Security Policy now that script execution context knows this information.
     24        * bindings/js/ScriptController.cpp:
     25        (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy): Deleted; moved logic from here...
     26        * bindings/js/ScriptController.h:
     27        * dom/Document.cpp:
     28        (WebCore::Document::shouldBypassMainWorldContentSecurityPolicy): ...to here.
     29        * dom/Document.h:
     30        * dom/ScriptExecutionContext.h:
     31        (WebCore::ScriptExecutionContext::shouldBypassMainWorldContentSecurityPolicy): Added; defaults to false -
     32        do not bypass the main world Content Security Policy.
     33        * page/EventSource.cpp:
     34        (WebCore::EventSource::create): Modified to ask the script execution context whether to bypass the
     35        main world Content Security Policy now that script execution context knows this information.
     36        * page/csp/ContentSecurityPolicy.cpp:
     37        (WebCore::ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy): Deleted.
     38        * page/csp/ContentSecurityPolicy.h:
     39        * workers/AbstractWorker.cpp:
     40        (WebCore::AbstractWorker::resolveURL): Bypass the main world Content Security Policy if applicable.
     41        Added FIXME comment to enforce the child-src directive of the document's CSP (as opposed to the script-src
     42        directive) on the worker's script URL. Also, scriptExecutionContext()->contentSecurityPolicy() should
     43        always be non-null just as we expect scriptExecutionContext()->securityOrigin() to be non-null. Assert
     44        this invariant to catch cases where a ScriptExecutionContext is not properly initialized.
     45        * workers/DedicatedWorkerGlobalScope.cpp:
     46        (WebCore::DedicatedWorkerGlobalScope::create): Modified to take boolean argument shouldBypassMainWorldContentSecurityPolicy
     47        as to whether to bypass the main world Content Security Policy and only apply the Content Security
     48        Policy headers when shouldBypassMainWorldContentSecurityPolicy is false.
     49        (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
     50        as to whether to bypass the main world Content Security Policy.
     51        * workers/DedicatedWorkerGlobalScope.h:
     52        * workers/DedicatedWorkerThread.cpp:
     53        (WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
     54        (WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.
     55        * workers/DedicatedWorkerThread.h:
     56        * workers/Worker.cpp:
     57        (WebCore::Worker::create): Store whether we should bypass the main world Content Security Policy so
     58        that we can pass it to WorkerMessagingProxy::startWorkerGlobalScope() in Worker::notifyFinished().
     59        We need to store this decision here as opposed to determining it at any later time (say, in Worker::notifyFinished())
     60        because it is dependent on the current JavaScript program stack at the time this function is invoked.
     61        (WebCore::Worker::notifyFinished): Pass whether to bypass the main world Content Security Policy.
     62        * workers/Worker.h:
     63        * workers/WorkerGlobalScope.cpp:
     64        (WebCore::WorkerGlobalScope::WorkerGlobalScope): Modified to take a boolean as to whether to bypass the
     65        main world Content Security Policy and store it in a member field. Also, always instantiate a Content
     66        Security Policy object as our current code assumes that one is always created.
     67        * workers/WorkerGlobalScope.h:
     68        * workers/WorkerGlobalScopeProxy.h:
     69        * workers/WorkerMessagingProxy.cpp:
     70        (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
     71        as to whether to bypass the main world Content Security Policy.
     72        * workers/WorkerMessagingProxy.h:
     73        * workers/WorkerThread.cpp:
     74        (WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Modified to take a boolean argument as to
     75        whether to bypass the main world Content Security Policy and store it in a member field.
     76        (WebCore::WorkerThread::WorkerThread): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
     77        as to whether to bypass the main world Content Security Policy.
     78        (WebCore::WorkerThread::workerThread): Ditto.
     79        * workers/WorkerThread.h:
     80        * xml/XMLHttpRequest.cpp:
     81        (WebCore::XMLHttpRequest::open): Modified to ask the script execution context whether to bypass the
     82        main world Content Security Policy now that script execution context knows this information.
     83
    1842016-02-07  Dan Bernstein  <mitz@apple.com>
    285
  • trunk/Source/WebCore/Modules/websockets/WebSocket.cpp

    r194496 r196242  
    239239
    240240    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
    241     bool shouldBypassMainWorldContentSecurityPolicy = ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy(*scriptExecutionContext());
    242     if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url, shouldBypassMainWorldContentSecurityPolicy)) {
     241    if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url, scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy())) {
    243242        m_state = CLOSED;
    244243
  • trunk/Source/WebCore/bindings/js/ScriptController.cpp

    r194871 r196242  
    520520}
    521521
    522 bool ScriptController::shouldBypassMainWorldContentSecurityPolicy()
    523 {
    524     CallFrame* callFrame = JSDOMWindow::commonVM().topCallFrame;
    525     if (callFrame == CallFrame::noCaller())
    526         return false;
    527     DOMWrapperWorld& domWrapperWorld = currentWorld(callFrame);
    528     if (domWrapperWorld.isNormal())
    529         return false;
    530     return true;
    531 }
    532 
    533522bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason)
    534523{
  • trunk/Source/WebCore/bindings/js/ScriptController.h

    r191543 r196242  
    167167#endif
    168168
    169     bool shouldBypassMainWorldContentSecurityPolicy();
    170 
    171169private:
    172170    WEBCORE_EXPORT JSDOMWindowShell* initScript(DOMWrapperWorld&);
  • trunk/Source/WebCore/dom/Document.cpp

    r196223 r196242  
    24322432}
    24332433
     2434bool Document::shouldBypassMainWorldContentSecurityPolicy() const
     2435{
     2436    JSC::CallFrame* callFrame = JSDOMWindow::commonVM().topCallFrame;
     2437    if (callFrame == JSC::CallFrame::noCaller())
     2438        return false;
     2439    DOMWrapperWorld& domWrapperWorld = currentWorld(callFrame);
     2440    if (domWrapperWorld.isNormal())
     2441        return false;
     2442    return true;
     2443}
     2444
    24342445void Document::platformSuspendOrStopActiveDOMObjects()
    24352446{
  • trunk/Source/WebCore/dom/Document.h

    r196223 r196242  
    604604
    605605    // Override ScriptExecutionContext methods to do additional work
     606    bool shouldBypassMainWorldContentSecurityPolicy() const override final;
    606607    virtual void suspendActiveDOMObjects(ActiveDOMObject::ReasonForSuspension) override final;
    607608    virtual void resumeActiveDOMObjects(ActiveDOMObject::ReasonForSuspension) override final;
  • trunk/Source/WebCore/dom/ScriptExecutionContext.h

    r194496 r196242  
    8383    virtual SecurityOrigin* topOrigin() const = 0;
    8484
     85    virtual bool shouldBypassMainWorldContentSecurityPolicy() const { return false; }
     86
    8587    PublicURLManager& publicURLManager();
    8688
  • trunk/Source/WebCore/page/EventSource.cpp

    r195452 r196242  
    8686
    8787    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
    88     bool shouldBypassMainWorldContentSecurityPolicy = ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy(context);
    89     if (!context.contentSecurityPolicy()->allowConnectToSource(fullURL, shouldBypassMainWorldContentSecurityPolicy)) {
     88    if (!context.contentSecurityPolicy()->allowConnectToSource(fullURL, context.shouldBypassMainWorldContentSecurityPolicy())) {
    9089        // FIXME: Should this be throwing an exception?
    9190        ec = SECURITY_ERR;
  • trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp

    r196012 r196242  
    17761776#endif
    17771777}
    1778 
    1779 bool ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy(ScriptExecutionContext& context)
    1780 {
    1781     if (is<Document>(context)) {
    1782         auto& document = downcast<Document>(context);
    1783         return document.frame() && document.frame()->script().shouldBypassMainWorldContentSecurityPolicy();
    1784     }
    17851778   
    1786     return false;
    1787 }
    1788    
    1789 }
     1779}
  • trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h

    r196012 r196242  
    103103    bool experimentalFeaturesEnabled() const;
    104104
    105     static bool shouldBypassMainWorldContentSecurityPolicy(ScriptExecutionContext&);
    106 
    107105    // The following functions are used by internal data structures to call back into this object when parsing, validating,
    108106    // and applying a Content Security Policy.
  • trunk/Source/WebCore/workers/AbstractWorker.cpp

    r191531 r196242  
    6363    }
    6464
    65     if (scriptExecutionContext()->contentSecurityPolicy() && !scriptExecutionContext()->contentSecurityPolicy()->allowScriptFromSource(scriptURL)) {
     65    // FIXME: Enforce the child-src directive instead of script-src per <https://w3c.github.io/webappsec-csp/2/#directive-child-src-workers> (29 August 2015).
     66    // See <https://bugs.webkit.org/show_bug.cgi?id=153562>.
     67    ASSERT(scriptExecutionContext()->contentSecurityPolicy());
     68    if (!scriptExecutionContext()->contentSecurityPolicy()->allowScriptFromSource(scriptURL, scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy())) {
    6669        ec = SECURITY_ERR;
    6770        return URL();
  • trunk/Source/WebCore/workers/DedicatedWorkerGlobalScope.cpp

    r195948 r196242  
    4141namespace WebCore {
    4242
    43 Ref<DedicatedWorkerGlobalScope> DedicatedWorkerGlobalScope::create(const URL& url, const String& userAgent, DedicatedWorkerThread& thread, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, PassRefPtr<SecurityOrigin> topOrigin)
     43Ref<DedicatedWorkerGlobalScope> DedicatedWorkerGlobalScope::create(const URL& url, const String& userAgent, DedicatedWorkerThread& thread, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, PassRefPtr<SecurityOrigin> topOrigin)
    4444{
    45     Ref<DedicatedWorkerGlobalScope> context = adoptRef(*new DedicatedWorkerGlobalScope(url, userAgent, thread, topOrigin));
    46     context->applyContentSecurityPolicyResponseHeaders(contentSecurityPolicyResponseHeaders);
     45    Ref<DedicatedWorkerGlobalScope> context = adoptRef(*new DedicatedWorkerGlobalScope(url, userAgent, thread, shouldBypassMainWorldContentSecurityPolicy, topOrigin));
     46    if (!shouldBypassMainWorldContentSecurityPolicy)
     47        context->applyContentSecurityPolicyResponseHeaders(contentSecurityPolicyResponseHeaders);
    4748    return context;
    4849}
    4950
    50 DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope(const URL& url, const String& userAgent, DedicatedWorkerThread& thread, PassRefPtr<SecurityOrigin> topOrigin)
    51     : WorkerGlobalScope(url, userAgent, thread, topOrigin)
     51DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope(const URL& url, const String& userAgent, DedicatedWorkerThread& thread, bool shouldBypassMainWorldContentSecurityPolicy, PassRefPtr<SecurityOrigin> topOrigin)
     52    : WorkerGlobalScope(url, userAgent, thread, shouldBypassMainWorldContentSecurityPolicy, topOrigin)
    5253{
    5354}
  • trunk/Source/WebCore/workers/DedicatedWorkerGlobalScope.h

    r195948 r196242  
    4343    public:
    4444        typedef WorkerGlobalScope Base;
    45         static Ref<DedicatedWorkerGlobalScope> create(const URL&, const String& userAgent, DedicatedWorkerThread&, const ContentSecurityPolicyResponseHeaders&, PassRefPtr<SecurityOrigin> topOrigin);
     45        static Ref<DedicatedWorkerGlobalScope> create(const URL&, const String& userAgent, DedicatedWorkerThread&, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, PassRefPtr<SecurityOrigin> topOrigin);
    4646        virtual ~DedicatedWorkerGlobalScope();
    4747
     
    6161
    6262    private:
    63         DedicatedWorkerGlobalScope(const URL&, const String& userAgent, DedicatedWorkerThread&, PassRefPtr<SecurityOrigin> topOrigin);
     63        DedicatedWorkerGlobalScope(const URL&, const String& userAgent, DedicatedWorkerThread&, bool shouldBypassMainWorldContentSecurityPolicy, PassRefPtr<SecurityOrigin> topOrigin);
    6464    };
    6565
  • trunk/Source/WebCore/workers/DedicatedWorkerThread.cpp

    r195948 r196242  
    3939namespace WebCore {
    4040
    41 DedicatedWorkerThread::DedicatedWorkerThread(const URL& url, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, const SecurityOrigin* topOrigin)
    42     : WorkerThread(url, userAgent, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicyResponseHeaders, topOrigin)
     41DedicatedWorkerThread::DedicatedWorkerThread(const URL& url, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin)
     42    : WorkerThread(url, userAgent, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, topOrigin)
    4343    , m_workerObjectProxy(workerObjectProxy)
    4444{
     
    4949}
    5050
    51 Ref<WorkerGlobalScope> DedicatedWorkerThread::createWorkerGlobalScope(const URL& url, const String& userAgent, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, PassRefPtr<SecurityOrigin> topOrigin)
     51Ref<WorkerGlobalScope> DedicatedWorkerThread::createWorkerGlobalScope(const URL& url, const String& userAgent, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, PassRefPtr<SecurityOrigin> topOrigin)
    5252{
    53     return DedicatedWorkerGlobalScope::create(url, userAgent, *this, contentSecurityPolicyResponseHeaders, topOrigin);
     53    return DedicatedWorkerGlobalScope::create(url, userAgent, *this, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, topOrigin);
    5454}
    5555
  • trunk/Source/WebCore/workers/DedicatedWorkerThread.h

    r195948 r196242  
    4949
    5050    protected:
    51         virtual Ref<WorkerGlobalScope> createWorkerGlobalScope(const URL&, const String& userAgent, const ContentSecurityPolicyResponseHeaders&, PassRefPtr<SecurityOrigin> topOrigin) override;
     51        virtual Ref<WorkerGlobalScope> createWorkerGlobalScope(const URL&, const String& userAgent, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, PassRefPtr<SecurityOrigin> topOrigin) override;
    5252        virtual void runEventLoop() override;
    5353
    5454    private:
    55         DedicatedWorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, const SecurityOrigin* topOrigin);
     55        DedicatedWorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin);
    5656
    5757        WorkerObjectProxy& m_workerObjectProxy;
  • trunk/Source/WebCore/workers/Worker.cpp

    r195948 r196242  
    8888        return nullptr;
    8989
     90    worker->m_shouldBypassMainWorldContentSecurityPolicy = context.shouldBypassMainWorldContentSecurityPolicy();
     91
    9092    // The worker context does not exist while loading, so we must ensure that the worker object is not collected, nor are its event listeners.
    9193    worker->setPendingActivity(worker.ptr());
     
    167169    else {
    168170        const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders = m_contentSecurityPolicyResponseHeaders ? m_contentSecurityPolicyResponseHeaders.value() : scriptExecutionContext()->contentSecurityPolicy()->responseHeaders();
    169         m_contextProxy->startWorkerGlobalScope(m_scriptLoader->url(), scriptExecutionContext()->userAgent(m_scriptLoader->url()), m_scriptLoader->script(), contentSecurityPolicyResponseHeaders, DontPauseWorkerGlobalScopeOnStart);
     171        m_contextProxy->startWorkerGlobalScope(m_scriptLoader->url(), scriptExecutionContext()->userAgent(m_scriptLoader->url()), m_scriptLoader->script(), contentSecurityPolicyResponseHeaders, m_shouldBypassMainWorldContentSecurityPolicy, DontPauseWorkerGlobalScopeOnStart);
    170172        InspectorInstrumentation::scriptImported(scriptExecutionContext(), m_scriptLoader->identifier(), m_scriptLoader->script());
    171173    }
  • trunk/Source/WebCore/workers/Worker.h

    r195948 r196242  
    8787        WorkerGlobalScopeProxy* m_contextProxy; // The proxy outlives the worker to perform thread shutdown.
    8888        Optional<ContentSecurityPolicyResponseHeaders> m_contentSecurityPolicyResponseHeaders;
     89        bool m_shouldBypassMainWorldContentSecurityPolicy { false };
    8990    };
    9091
  • trunk/Source/WebCore/workers/WorkerGlobalScope.cpp

    r196012 r196242  
    6363namespace WebCore {
    6464
    65 WorkerGlobalScope::WorkerGlobalScope(const URL& url, const String& userAgent, WorkerThread& thread, PassRefPtr<SecurityOrigin> topOrigin)
     65WorkerGlobalScope::WorkerGlobalScope(const URL& url, const String& userAgent, WorkerThread& thread, bool shouldBypassMainWorldContentSecurityPolicy, PassRefPtr<SecurityOrigin> topOrigin)
    6666    : m_url(url)
    6767    , m_userAgent(userAgent)
     
    6969    , m_thread(thread)
    7070    , m_closing(false)
     71    , m_shouldBypassMainWorldContentSecurityPolicy(shouldBypassMainWorldContentSecurityPolicy)
    7172    , m_eventQueue(*this)
    7273    , m_topOrigin(topOrigin)
  • trunk/Source/WebCore/workers/WorkerGlobalScope.h

    r195948 r196242  
    6868        virtual void disableEval(const String& errorMessage) override;
    6969
     70        bool shouldBypassMainWorldContentSecurityPolicy() const override final { return m_shouldBypassMainWorldContentSecurityPolicy; }
     71
    7072        WorkerScriptController* script() { return m_script.get(); }
    7173        void clearScript() { m_script = nullptr; }
     
    131133
    132134    protected:
    133         WorkerGlobalScope(const URL&, const String& userAgent, WorkerThread&, PassRefPtr<SecurityOrigin> topOrigin);
     135        WorkerGlobalScope(const URL&, const String& userAgent, WorkerThread&, bool shouldBypassMainWorldContentSecurityPolicy, PassRefPtr<SecurityOrigin> topOrigin);
    134136        void applyContentSecurityPolicyResponseHeaders(const ContentSecurityPolicyResponseHeaders&);
    135137
     
    160162
    161163        bool m_closing;
     164        bool m_shouldBypassMainWorldContentSecurityPolicy;
    162165
    163166        HashSet<Observer*> m_workerObservers;
  • trunk/Source/WebCore/workers/WorkerGlobalScopeProxy.h

    r195948 r196242  
    5050        virtual ~WorkerGlobalScopeProxy() { }
    5151
    52         virtual void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, WorkerThreadStartMode) = 0;
     52        virtual void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, WorkerThreadStartMode) = 0;
    5353
    5454        virtual void terminateWorkerGlobalScope() = 0;
  • trunk/Source/WebCore/workers/WorkerMessagingProxy.cpp

    r195948 r196242  
    7373}
    7474
    75 void WorkerMessagingProxy::startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, WorkerThreadStartMode startMode)
     75void WorkerMessagingProxy::startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, WorkerThreadStartMode startMode)
    7676{
    7777    // FIXME: This need to be revisited when we support nested worker one day
    7878    ASSERT(m_scriptExecutionContext);
    7979    Document& document = downcast<Document>(*m_scriptExecutionContext);
    80     RefPtr<DedicatedWorkerThread> thread = DedicatedWorkerThread::create(scriptURL, userAgent, sourceCode, *this, *this, startMode, contentSecurityPolicyResponseHeaders, document.topOrigin());
     80    RefPtr<DedicatedWorkerThread> thread = DedicatedWorkerThread::create(scriptURL, userAgent, sourceCode, *this, *this, startMode, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, document.topOrigin());
    8181    workerThreadCreated(thread);
    8282    thread->start();
  • trunk/Source/WebCore/workers/WorkerMessagingProxy.h

    r195948 r196242  
    5353        // Implementations of WorkerGlobalScopeProxy.
    5454        // (Only use these methods in the worker object thread.)
    55         virtual void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, WorkerThreadStartMode) override;
     55        virtual void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, WorkerThreadStartMode) override;
    5656        virtual void terminateWorkerGlobalScope() override;
    5757        virtual void postMessageToWorkerGlobalScope(PassRefPtr<SerializedScriptValue>, std::unique_ptr<MessagePortChannelArray>) override;
  • trunk/Source/WebCore/workers/WorkerThread.cpp

    r195948 r196242  
    7171    WTF_MAKE_NONCOPYABLE(WorkerThreadStartupData); WTF_MAKE_FAST_ALLOCATED;
    7272public:
    73     WorkerThreadStartupData(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, const SecurityOrigin* topOrigin);
     73    WorkerThreadStartupData(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin);
    7474
    7575    URL m_scriptURL;
     
    7878    WorkerThreadStartMode m_startMode;
    7979    ContentSecurityPolicyResponseHeaders m_contentSecurityPolicyResponseHeaders;
     80    bool m_shouldBypassMainWorldContentSecurityPolicy;
    8081    RefPtr<SecurityOrigin> m_topOrigin;
    8182};
    8283
    83 WorkerThreadStartupData::WorkerThreadStartupData(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, const SecurityOrigin* topOrigin)
     84WorkerThreadStartupData::WorkerThreadStartupData(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin)
    8485    : m_scriptURL(scriptURL.isolatedCopy())
    8586    , m_userAgent(userAgent.isolatedCopy())
     
    8788    , m_startMode(startMode)
    8889    , m_contentSecurityPolicyResponseHeaders(contentSecurityPolicyResponseHeaders.isolatedCopy())
     90    , m_shouldBypassMainWorldContentSecurityPolicy(shouldBypassMainWorldContentSecurityPolicy)
    8991    , m_topOrigin(topOrigin ? &topOrigin->isolatedCopy().get() : nullptr)
    9092{
    9193}
    9294
    93 WorkerThread::WorkerThread(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, const SecurityOrigin* topOrigin)
     95WorkerThread::WorkerThread(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin)
    9496    : m_threadID(0)
    9597    , m_workerLoaderProxy(workerLoaderProxy)
    9698    , m_workerReportingProxy(workerReportingProxy)
    97     , m_startupData(std::make_unique<WorkerThreadStartupData>(scriptURL, userAgent, sourceCode, startMode, contentSecurityPolicyResponseHeaders, topOrigin))
     99    , m_startupData(std::make_unique<WorkerThreadStartupData>(scriptURL, userAgent, sourceCode, startMode, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, topOrigin))
    98100#if ENABLE(NOTIFICATIONS) || ENABLE(LEGACY_NOTIFICATIONS)
    99101    , m_notificationClient(0)
     
    145147    {
    146148        LockHolder lock(m_threadCreationMutex);
    147         m_workerGlobalScope = createWorkerGlobalScope(m_startupData->m_scriptURL, m_startupData->m_userAgent, m_startupData->m_contentSecurityPolicyResponseHeaders, m_startupData->m_topOrigin.release());
     149        m_workerGlobalScope = createWorkerGlobalScope(m_startupData->m_scriptURL, m_startupData->m_userAgent, m_startupData->m_contentSecurityPolicyResponseHeaders, m_startupData->m_shouldBypassMainWorldContentSecurityPolicy, m_startupData->m_topOrigin.release());
    148150
    149151        if (m_runLoop.terminated()) {
  • trunk/Source/WebCore/workers/WorkerThread.h

    r195948 r196242  
    6969
    7070    protected:
    71         WorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, const SecurityOrigin* topOrigin);
     71        WorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin);
    7272
    7373        // Factory method for creating a new worker context for the thread.
    74         virtual Ref<WorkerGlobalScope> createWorkerGlobalScope(const URL&, const String& userAgent, const ContentSecurityPolicyResponseHeaders&, PassRefPtr<SecurityOrigin> topOrigin) = 0;
     74        virtual Ref<WorkerGlobalScope> createWorkerGlobalScope(const URL&, const String& userAgent, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, PassRefPtr<SecurityOrigin> topOrigin) = 0;
    7575
    7676        // Executes the event loop for the worker thread. Derived classes can override to perform actions before/after entering the event loop.
  • trunk/Source/WebCore/xml/XMLHttpRequest.cpp

    r196223 r196242  
    499499
    500500    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
    501     bool shouldBypassMainWorldContentSecurityPolicy = ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy(*scriptExecutionContext());
    502     if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url, shouldBypassMainWorldContentSecurityPolicy)) {
     501    if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url, scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy())) {
    503502        // FIXME: Should this be throwing an exception?
    504503        ec = SECURITY_ERR;
Note: See TracChangeset for help on using the changeset viewer.