Changeset 256381 in webkit

Timestamp:

Feb 11, 2020 3:32:10 PM (4 years ago)

Author:

youenn@apple.com

Message:

Parent service worker controller should be used for child iframe as per ​https://w3c.github.io/ServiceWorker/#control-and-use-window-client
​https://bugs.webkit.org/show_bug.cgi?id=207506

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

• web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt:

Source/WebCore:

Instead of checking document URL protocol, implement the rules as per spec, in particular:

• If http/https, do not reuse controller
• If iframe has a unique origin, do not reuse controller
• If iframe does not have same origin as parent, do not reuse controller.

Covered by rebased test.

• loader/DocumentLoader.cpp:

(WebCore::isInheritingControllerFromParent):
(WebCore::DocumentLoader::commitData):
(WebCore::isLocalURL): Deleted.

LayoutTests:

• http/tests/workers/service/serviceworkerclients-claim.https-expected.txt:

Rebased test since now the frame is doing a fetch that is no longer intercepted by the service worker,
and is thus failing due to CORS.

• http/tests/workers/service/serviceworkerclients-claim.https.html:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https.html (modified) (1 diff)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/DocumentLoader.cpp (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2020-02-11  Youenn Fablet  <youenn@apple.com>
+
+        Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+        https://bugs.webkit.org/show_bug.cgi?id=207506
+
+        Reviewed by Darin Adler.
+
+        * http/tests/workers/service/serviceworkerclients-claim.https-expected.txt:
+        Rebased test since now the frame is doing a fetch that is no longer intercepted by the service worker,
+        and is thus failing due to CORS.
+        * http/tests/workers/service/serviceworkerclients-claim.https.html:
+
 2020-02-11  Jason Lawrence  <lawrence.j@apple.com>
 

trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Origin null is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:8443/pinkelephant due to access control checks.
+CONSOLE MESSAGE: line 1: Unhandled Promise Rejection: TypeError: Origin null is not allowed by Access-Control-Allow-Origin.
 
 

trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https.html

@@ -61 +61 @@
     var promise = new Promise((resolve, reject) => {
         window.addEventListener("message", (event) => {
-            resolve(event.data);
+            reject("Received a message from iframe:" + event.data);
         }, false);
-        setTimeout(() => {  reject("Did not receive any message from iframe"); }, 5000);
+        setTimeout(resolve, 100);
     });
     var frame = await withFrame("data:text/html," + htmlString);
-    var result = await promise;
-    assert_equals(result, "PASS");
+    return promise;
 }, "Test data URL frame");
 

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2020-02-11  Youenn Fablet  <youenn@apple.com>
+
+        Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+        https://bugs.webkit.org/show_bug.cgi?id=207506
+
+        Reviewed by Darin Adler.
+
+        * web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt:
+
 2020-02-07  Ryosuke Niwa  <rniwa@webkit.org>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt

@@ -4 +4 @@
 FAIL Same-origin blob URL worker should inherit service worker controller. assert_equals: blob URL worker should inherit controller expected (string) "https://localhost:9443/service-workers/service-worker/resources/local-url-inherit-controller-worker.js" but got (object) null
 PASS Same-origin blob URL worker should intercept fetch(). 
-FAIL Data URL iframe should not intercept fetch(). assert_equals: data URL iframe should not intercept fetch expected "" but got "intercepted"
+PASS Data URL iframe should not intercept fetch(). 
 FAIL Data URL worker should not inherit service worker controller. promise_test: Unhandled rejection with value: object "SecurityError: The operation is insecure."
 FAIL Data URL worker should not intercept fetch(). promise_test: Unhandled rejection with value: object "SecurityError: The operation is insecure."

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-02-11  Youenn Fablet  <youenn@apple.com>
+
+        Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+        https://bugs.webkit.org/show_bug.cgi?id=207506
+
+        Reviewed by Darin Adler.
+
+        Instead of checking document URL protocol, implement the rules as per spec, in particular:
+        - If http/https, do not reuse controller
+        - If iframe has a unique origin, do not reuse controller
+        - If iframe does not have same origin as parent, do not reuse controller.
+
+        Covered by rebased test.
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::isInheritingControllerFromParent):
+        (WebCore::DocumentLoader::commitData):
+        (WebCore::isLocalURL): Deleted.
+
 2020-02-11  Zalan Bujtas  <zalan@apple.com>
 

trunk/Source/WebCore/loader/DocumentLoader.cpp

@@ -1058 +1058 @@
 
 #if ENABLE(SERVICE_WORKER)
-static inline bool isLocalURL(const URL& url)
-{
-    // https://fetch.spec.whatwg.org/#is-local
-    auto protocol = url.protocol().toStringWithoutCopying();
-    return equalLettersIgnoringASCIICase(protocol, "data") || equalLettersIgnoringASCIICase(protocol, "blob") || equalLettersIgnoringASCIICase(protocol, "about");
+// https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+static inline bool shouldUseActiveServiceWorkerFromParent(const Document& document, const Document& parent)
+{
+    return !document.url().protocolIsInHTTPFamily() && !document.securityOrigin().isUnique() && parent.securityOrigin().canAccess(document.securityOrigin());
 }
 #endif
@@ -1093 +1092 @@
                 m_frame->document()->setActiveServiceWorker(ServiceWorker::getOrCreate(*m_frame->document(), WTFMove(m_serviceWorkerRegistrationData->activeWorker.value())));
                 m_serviceWorkerRegistrationData = { };
-            } else if (isLocalURL(m_frame->document()->url())) {
-                if (auto* parent = m_frame->document()->parentDocument())
+            } else if (auto* parent = m_frame->document()->parentDocument()) {
+                if (shouldUseActiveServiceWorkerFromParent(*m_frame->document(), *parent))
                     m_frame->document()->setActiveServiceWorker(parent->activeServiceWorker());
             }