Skip to content
This repository has been archived by the owner on Apr 3, 2020. It is now read-only.

Commit

Permalink
Revert "Merge to M41 branch 2272: Allow SW registration only if it's …
Browse files Browse the repository at this point in the history 
…secure AND it's HTTP or HTTPS"

This reverts commit 909dea0.

Revert "Omnibox: BookmarksProvider: Make Multiple Prefix Matches Work"

This reverts commit b6fb515.

BUG=

Review URL: https://codereview.chromium.org/898593003

Cr-Commit-Position: refs/branch-heads/2272@{#191}
Cr-Branched-From: 827a380-refs/heads/master@{#310958}
  • Loading branch information
Penny MacNeil committed Feb 2, 2015
1 parent 38fe09e commit 74b3bc9
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 114 deletions.
36 changes: 7 additions & 29 deletions content/browser/service_worker/service_worker_dispatcher_host.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,6 @@ namespace {

const char kNoDocumentURLErrorMessage[] =
"No URL is associated with the caller's document.";
const char kDisallowedURLErrorMessage[] =
"The URL is not supported.";
const char kShutdownErrorMessage[] =
"The Service Worker system has shutdown.";
const char kUserDeniedPermissionMessage[] =
Expand All @@ -54,8 +52,7 @@ bool AllOriginsMatch(const GURL& url_a, const GURL& url_b, const GURL& url_c) {
// consistent with Blink's
// SecurityOrigin::canAccessFeatureRequiringSecureOrigin.
bool OriginCanAccessServiceWorkers(const GURL& url) {
return url.SchemeIsHTTPOrHTTPS() &&
(url.SchemeIsSecure() || net::IsLocalhost(url.host()));
return url.SchemeIsSecure() || net::IsLocalhost(url.host());
}

bool CanRegisterServiceWorker(const GURL& document_url,
Expand All @@ -65,27 +62,23 @@ bool CanRegisterServiceWorker(const GURL& document_url,
DCHECK(pattern.is_valid());
DCHECK(script_url.is_valid());
return AllOriginsMatch(document_url, pattern, script_url) &&
OriginCanAccessServiceWorkers(document_url) &&
OriginCanAccessServiceWorkers(pattern) &&
OriginCanAccessServiceWorkers(script_url);
OriginCanAccessServiceWorkers(document_url);
}

bool CanUnregisterServiceWorker(const GURL& document_url,
const GURL& pattern) {
DCHECK(document_url.is_valid());
DCHECK(pattern.is_valid());
return document_url.GetOrigin() == pattern.GetOrigin() &&
OriginCanAccessServiceWorkers(document_url) &&
OriginCanAccessServiceWorkers(pattern);
OriginCanAccessServiceWorkers(document_url);
}

bool CanGetRegistration(const GURL& document_url,
const GURL& given_document_url) {
DCHECK(document_url.is_valid());
DCHECK(given_document_url.is_valid());
return document_url.GetOrigin() == given_document_url.GetOrigin() &&
OriginCanAccessServiceWorkers(document_url) &&
OriginCanAccessServiceWorkers(given_document_url);
OriginCanAccessServiceWorkers(document_url);
}

} // namespace
Expand Down Expand Up @@ -303,12 +296,7 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker(

if (!CanRegisterServiceWorker(
provider_host->document_url(), pattern, script_url)) {
// TODO(kinuko): Change this back to BadMessageReceived() once we start
// to check these in the renderer too. (http://crbug.com/453982)
Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity,
base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) +
base::ASCIIToUTF16(kDisallowedURLErrorMessage)));
BadMessageReceived();
return;
}

Expand Down Expand Up @@ -395,12 +383,7 @@ void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker(
}

if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) {
// TODO(kinuko): Change this back to BadMessageReceived() once we start
// to check these in the renderer too. (http://crbug.com/453982)
Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError(
thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity,
base::ASCIIToUTF16(kServiceWorkerUnregisterErrorPrefix) +
base::ASCIIToUTF16(kDisallowedURLErrorMessage)));
BadMessageReceived();
return;
}

Expand Down Expand Up @@ -473,12 +456,7 @@ void ServiceWorkerDispatcherHost::OnGetRegistration(
}

if (!CanGetRegistration(provider_host->document_url(), document_url)) {
// TODO(kinuko): Change this back to BadMessageReceived() once we start
// to check these in the renderer too. (http://crbug.com/453982)
Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError(
thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity,
base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) +
base::ASCIIToUTF16(kDisallowedURLErrorMessage)));
BadMessageReceived();
return;
}

Expand Down
118 changes: 33 additions & 85 deletions content/browser/service_worker/service_worker_dispatcher_host_unittest.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,10 +234,10 @@ TEST_F(ServiceWorkerDispatcherHostTest, Register_NonSecureOriginShouldFail) {
host->SetDocumentUrl(GURL("http://www.example.com/foo"));
context()->AddProviderHost(host.Pass());

Register(kProviderId,
GURL("http://www.example.com/"),
GURL("http://www.example.com/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
SendRegister(kProviderId,
GURL("http://www.example.com/"),
GURL("http://www.example.com/bar"));
EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
}

TEST_F(ServiceWorkerDispatcherHostTest, Register_CrossOriginShouldFail) {
Expand All @@ -248,88 +248,40 @@ TEST_F(ServiceWorkerDispatcherHostTest, Register_CrossOriginShouldFail) {
context()->AddProviderHost(host.Pass());

// Script has a different host
Register(kProviderId,
GURL("https://www.example.com/"),
GURL("https://foo.example.com/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
SendRegister(kProviderId,
GURL("https://www.example.com/"),
GURL("https://foo.example.com/bar"));
EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);

// Scope has a different host
Register(kProviderId,
GURL("https://foo.example.com/"),
GURL("https://www.example.com/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
SendRegister(kProviderId,
GURL("https://foo.example.com/"),
GURL("https://www.example.com/bar"));
EXPECT_EQ(2, dispatcher_host_->bad_messages_received_count_);

// Script has a different port
Register(kProviderId,
GURL("https://www.example.com/"),
GURL("https://www.example.com:8080/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
SendRegister(kProviderId,
GURL("https://www.example.com/"),
GURL("https://www.example.com:8080/bar"));
EXPECT_EQ(3, dispatcher_host_->bad_messages_received_count_);

// Scope has a different transport
Register(kProviderId,
GURL("wss://www.example.com/"),
GURL("https://www.example.com/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
SendRegister(kProviderId,
GURL("wss://www.example.com/"),
GURL("https://www.example.com/bar"));
EXPECT_EQ(4, dispatcher_host_->bad_messages_received_count_);

// Script and scope have a different host but match each other
Register(kProviderId,
GURL("https://foo.example.com/"),
GURL("https://foo.example.com/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
SendRegister(kProviderId,
GURL("https://foo.example.com/"),
GURL("https://foo.example.com/bar"));
EXPECT_EQ(5, dispatcher_host_->bad_messages_received_count_);

// Script and scope URLs are invalid
SendRegister(kProviderId,
GURL(),
GURL("h@ttps://@"));
EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
}

TEST_F(ServiceWorkerDispatcherHostTest,
Register_FileSystemDocumentShouldFail) {
const int64 kProviderId = 99; // Dummy value
scoped_ptr<ServiceWorkerProviderHost> host(
CreateServiceWorkerProviderHost(kProviderId));
host->SetDocumentUrl(GURL("filesystem:https://www.example.com/temporary/a"));
context()->AddProviderHost(host.Pass());

Register(kProviderId,
GURL("filesystem:https://www.example.com/temporary/"),
GURL("https://www.example.com/temporary/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);

Register(kProviderId,
GURL("https://www.example.com/temporary/"),
GURL("filesystem:https://www.example.com/temporary/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);

Register(kProviderId,
GURL("filesystem:https://www.example.com/temporary/"),
GURL("filesystem:https://www.example.com/temporary/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
}

TEST_F(ServiceWorkerDispatcherHostTest,
Register_FileSystemScriptOrScopeShouldFail) {
const int64 kProviderId = 99; // Dummy value
scoped_ptr<ServiceWorkerProviderHost> host(
CreateServiceWorkerProviderHost(kProviderId));
host->SetDocumentUrl(GURL("https://www.example.com/temporary/"));
context()->AddProviderHost(host.Pass());

Register(kProviderId,
GURL("filesystem:https://www.example.com/temporary/"),
GURL("https://www.example.com/temporary/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);

Register(kProviderId,
GURL("https://www.example.com/temporary/"),
GURL("filesystem:https://www.example.com/temporary/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);

Register(kProviderId,
GURL("filesystem:https://www.example.com/temporary/"),
GURL("filesystem:https://www.example.com/temporary/bar"),
ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
EXPECT_EQ(6, dispatcher_host_->bad_messages_received_count_);
}

TEST_F(ServiceWorkerDispatcherHostTest, Unregister_HTTPS) {
Expand Down Expand Up @@ -364,9 +316,8 @@ TEST_F(ServiceWorkerDispatcherHostTest, Unregister_CrossOriginShouldFail) {
host->SetDocumentUrl(GURL("https://www.example.com/foo"));
context()->AddProviderHost(host.Pass());

Unregister(kProviderId,
GURL("https://foo.example.com/"),
ServiceWorkerMsg_ServiceWorkerUnregistrationError::ID);
SendUnregister(kProviderId, GURL("https://foo.example.com/"));
EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
}

TEST_F(ServiceWorkerDispatcherHostTest, Unregister_InvalidScopeShouldFail) {
Expand All @@ -387,9 +338,8 @@ TEST_F(ServiceWorkerDispatcherHostTest, Unregister_NonSecureOriginShouldFail) {
host->SetDocumentUrl(GURL("http://www.example.com/foo"));
context()->AddProviderHost(host.Pass());

Unregister(kProviderId,
GURL("http://www.example.com/"),
ServiceWorkerMsg_ServiceWorkerUnregistrationError::ID);
SendUnregister(kProviderId, GURL("http://www.example.com/"));
EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
}

TEST_F(ServiceWorkerDispatcherHostTest, EarlyContextDeletion) {
Expand Down Expand Up @@ -454,9 +404,8 @@ TEST_F(ServiceWorkerDispatcherHostTest, GetRegistration_CrossOriginShouldFail) {
host->SetDocumentUrl(GURL("https://www.example.com/foo"));
context()->AddProviderHost(host.Pass());

GetRegistration(kProviderId,
GURL("https://foo.example.com/"),
ServiceWorkerMsg_ServiceWorkerGetRegistrationError::ID);
SendGetRegistration(kProviderId, GURL("https://foo.example.com/"));
EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
}

TEST_F(ServiceWorkerDispatcherHostTest,
Expand All @@ -479,9 +428,8 @@ TEST_F(ServiceWorkerDispatcherHostTest,
host->SetDocumentUrl(GURL("http://www.example.com/foo"));
context()->AddProviderHost(host.Pass());

GetRegistration(kProviderId,
GURL("http://www.example.com/"),
ServiceWorkerMsg_ServiceWorkerGetRegistrationError::ID);
SendGetRegistration(kProviderId, GURL("http://www.example.com/"));
EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
}

TEST_F(ServiceWorkerDispatcherHostTest, GetRegistration_EarlyContextDeletion) {
Expand Down

0 comments on commit 74b3bc9

Please sign in to comment.