diff options
| author | estark@chromium.org <estark@chromium.org> | 2015-04-16 16:11:24 +0000 |
|---|---|---|
| committer | estark@chromium.org <estark@chromium.org> | 2015-04-16 16:11:24 +0000 |
| commit | 23e6ee4425b4f13b3dac9391119df9d74a425ab9 (patch) | |
| tree | 418d4dc1b34c74d0afd90bd05d345e98ef5e813a | |
| parent | c1e76c20b2541474ab0efa1de0c282770bea0cd7 (diff) | |
| download | chromium_src-23e6ee4425b4f13b3dac9391119df9d74a425ab9.zip chromium_src-23e6ee4425b4f13b3dac9391119df9d74a425ab9.tar.gz chromium_src-23e6ee4425b4f13b3dac9391119df9d74a425ab9.tar.bz2 | |
Walk ancestor tree to decide if powerful features should be allowed
As specified in
https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged,
deciding if a powerful feature should be allowed involves walking up the
ancestor chain and deciding if each origin is "potentially trustworthy."
This CL adds a |isPrivilegedContext| method to |ExecutionContext|, which
calls |isPotentiallyTrustworthy| for each origin in the ancestor chain.
Because some sites heavily rely on the ability to use WebCrypto when the
ancestor chain includes an insecure origin, there is a flag to skip the
ancestor check, used only from WebCrypto.
This CL also factors out the layout test helper |get_host_info()| into
its own file, since it is used by many tests other than ServiceWorker
tests.
This CL does not yet implement ancestor-chain-checking for Workers
(i.e. checking if the responsible document's origin and all of its
ancestors are potentially trustworthy when a worker wants to access a
powerful feature). That will be a follow-up CL.
BUG=474710
Review URL: https://codereview.chromium.org/1077083004
git-svn-id: svn://svn.chromium.org/blink/trunk@193883 bbb929c8-8fbe-4397-9dbb-9b2b20218538
62 files changed, 453 insertions, 73 deletions
diff --git a/third_party/WebKit/LayoutTests/http/tests/local/serviceworker/fetch-request-body-file.html b/third_party/WebKit/LayoutTests/http/tests/local/serviceworker/fetch-request-body-file.html index 74c21f7..a56ac52 100644 --- a/third_party/WebKit/LayoutTests/http/tests/local/serviceworker/fetch-request-body-file.html +++ b/third_party/WebKit/LayoutTests/http/tests/local/serviceworker/fetch-request-body-file.html @@ -2,6 +2,7 @@ <script src="../../resources/testharness.js"></script> <script src="../../resources/testharnessreport.js"></script> <script src="../../serviceworker/resources/test-helpers.js"></script> +<script src="../../resources/get-host-info.js"></script> <body> <script> var ORIGIN = get_host_info()['HTTP_ORIGIN']; diff --git a/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/connect-cross-origin.html b/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/connect-cross-origin.html index be8af45..1a75736 100644 --- a/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/connect-cross-origin.html +++ b/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/connect-cross-origin.html @@ -6,6 +6,7 @@ <script src="../../resources/testharness.js"></script> <script src="../../resources/testharnessreport.js"></script> <script src="../../resources/testharness-helpers.js"></script> +<script src="../../resources/get-host-info.js"></script> <script src="../serviceworker/resources/test-helpers.js"></script> <script src="resources/test-helpers.js"></script> <script src="resources/connect-tests.js"></script> diff --git a/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/postmessage-cross-origin.html b/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/postmessage-cross-origin.html index 723a619..b83ea0d 100644 --- a/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/postmessage-cross-origin.html +++ b/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/postmessage-cross-origin.html @@ -6,6 +6,7 @@ <script src="../../resources/testharness.js"></script> <script src="../../resources/testharnessreport.js"></script> <script src="../../resources/testharness-helpers.js"></script> +<script src="../../resources/get-host-info.js"></script> <script src="../serviceworker/resources/test-helpers.js"></script> <script src="resources/test-helpers.js"></script> <script src="resources/postmessage-tests.js"></script> diff --git a/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/system-service.html b/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/system-service.html index 17717cd..b6b2f91 100644 --- a/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/system-service.html +++ b/third_party/WebKit/LayoutTests/http/tests/navigatorconnect/system-service.html @@ -6,6 +6,7 @@ <script src="../../resources/testharness.js"></script> <script src="../../resources/testharnessreport.js"></script> <script src="../../resources/testharness-helpers.js"></script> +<script src="../../resources/get-host-info.js"></script> <script src="../serviceworker/resources/test-helpers.js"></script> <script src="resources/test-helpers.js"></script> <body> diff --git a/third_party/WebKit/LayoutTests/http/tests/resources/get-host-info.js b/third_party/WebKit/LayoutTests/http/tests/resources/get-host-info.js new file mode 100644 index 0000000..2bc2af2 --- /dev/null +++ b/third_party/WebKit/LayoutTests/http/tests/resources/get-host-info.js @@ -0,0 +1,24 @@ +function get_host_info() { + var ORIGINAL_HOST = '127.0.0.1'; + var REMOTE_HOST = 'localhost'; + var UNAUTHENTICATED_HOST = 'example.test'; + var HTTP_PORT = 8000; + var HTTPS_PORT = 8443; + try { + // In W3C test, we can get the hostname and port number in config.json + // using wptserve's built-in pipe. + // http://wptserve.readthedocs.org/en/latest/pipes.html#built-in-pipes + HTTP_PORT = eval('{{ports[http][0]}}'); + HTTPS_PORT = eval('{{ports[https][0]}}'); + ORIGINAL_HOST = eval('\'{{host}}\''); + REMOTE_HOST = 'www1.' + ORIGINAL_HOST; + } catch (e) { + } + return { + HTTP_ORIGIN: 'http://' + ORIGINAL_HOST + ':' + HTTP_PORT, + HTTPS_ORIGIN: 'https://' + ORIGINAL_HOST + ':' + HTTPS_PORT, + HTTP_REMOTE_ORIGIN: 'http://' + REMOTE_HOST + ':' + HTTP_PORT, + HTTPS_REMOTE_ORIGIN: 'https://' + REMOTE_HOST + ':' + HTTPS_PORT, + UNAUTHENTICATED_ORIGIN: 'http://' + UNAUTHENTICATED_HOST + ':' + HTTP_PORT + }; +} diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-insecure-origin.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-insecure-origin.html index f20e1e4..9c99380 100644 --- a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-insecure-origin.html +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-insecure-origin.html @@ -2,8 +2,7 @@ <title>Geolocation On An Insecure Origin</title> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<!-- FIXME: We should extract the get_host_info() bits of this file out to somewhere useful. --> -<script src="/serviceworker/resources/test-helpers.js"></script> +<script src="/resources/get-host-info.js"></script> <script> if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) { window.location = get_host_info().UNAUTHENTICATED_ORIGIN + window.location.pathname; diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-sandboxed-insecure-origin.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-sandboxed-insecure-origin.html new file mode 100644 index 0000000..baeee2d --- /dev/null +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-sandboxed-insecure-origin.html @@ -0,0 +1,36 @@ +<!DOCTYPE html> +<html> +<head> +<title>Geolocation On An Insecure Sandboxed Origin</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/get-host-info.js"></script> +</head> +<body></body> +<script> + if (window.testRunner) { + testRunner.overridePreference( + "WebKitStrictPowerfulFeatureRestrictions", true); + testRunner.overridePreference( + "WebKitAllowRunningInsecureContent", true); + } + + async_test(function() { + window.addEventListener("message", this.step_func(function(event) { + assert_equals( + event.data.message, + 'Only secure origins are allowed ' + + '(see: https://goo.gl/Y0ZkNV).'); + + this.done(); + })); + + var iframe = document.createElement("iframe"); + iframe.sandbox = "allow-scripts"; + iframe.src = get_host_info().UNAUTHENTICATED_ORIGIN + + "/security/powerfulFeatureRestrictions/resources/" + + "geolocation-in-iframe.html"; + document.body.appendChild(iframe); + }, "Geolocation on an unauthenticated sandboxed origin"); +</script> +</html> diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-secure-origin-in-insecure-origin.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-secure-origin-in-insecure-origin.html new file mode 100644 index 0000000..cee7eeb --- /dev/null +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-secure-origin-in-insecure-origin.html @@ -0,0 +1,71 @@ +<!DOCTYPE html> +<html> +<head> +<title>Geolocation On An Secure Origin Embedded in an Insecure Origin</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/get-host-info.js"></script> +</head> +<body></body> +<script> + if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) { + window.location = get_host_info().UNAUTHENTICATED_ORIGIN + + window.location.pathname; + } else { + var num_received = 0; + if (window.testRunner) + testRunner.overridePreference( + "WebKitStrictPowerfulFeatureRestrictions", true); + + async_test(function () { + window.addEventListener("message", this.step_func(function (event) { + assert_equals( + event.data.message, + 'Only secure origins are allowed ' + + '(see: https://goo.gl/Y0ZkNV).'); + num_received++; + if (num_received == 4) + this.done(); + })); + + var iframe = document.createElement("iframe"); + iframe.src = get_host_info().HTTP_ORIGIN + + "/security/powerfulFeatureRestrictions/" + + "resources/geolocation.html"; + document.body.appendChild(iframe); + + // A srcdoc should be skipped in the ancestor check. + var iframe = document.createElement("iframe"); + iframe.srcdoc = "<script>" + + "window.addEventListener('message', function(evt) {" + + "window.parent.postMessage(evt.data, '*'); });" + + "</sc" + "ript>" + + "<iframe src='" + get_host_info().HTTP_ORIGIN + + "/security/powerfulFeatureRestrictions/resources" + + "/geolocation.html'>" + + "</iframe>"; + document.body.appendChild(iframe); + + // A sandboxed iframe should use the frame's URL as the origin to + // check. + var iframe = document.createElement("iframe"); + iframe.sandbox = "allow-scripts"; + iframe.src = get_host_info().HTTP_ORIGIN + + "/security/powerfulFeatureRestrictions/resources/" + + "geolocation.html"; + document.body.appendChild(iframe); + + // Insecure origin frames sandboxed secure origin frames secure + // origin. + var iframe = document.createElement("iframe"); + iframe.sandbox = "allow-scripts"; + iframe.src = get_host_info().HTTP_ORIGIN + + "/security/powerfulFeatureRestrictions/resources/" + + "geolocation-in-iframe.html"; + document.body.appendChild(iframe); + + + }, 'getCurrentPosition in iframe'); + } +</script> +</html> diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-secure-origin-in-secure-origin.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-secure-origin-in-secure-origin.html new file mode 100644 index 0000000..3be2102 --- /dev/null +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/geolocation-on-secure-origin-in-secure-origin.html @@ -0,0 +1,60 @@ +<!DOCTYPE html> +<html> +<head> +<title>Geolocation On An Secure Origin Embedded in a Secure Origin</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/get-host-info.js"></script> +</head> +<body> +</body> +<script> + var num_received = 0; + if (window.testRunner) + testRunner.overridePreference( + "WebKitStrictPowerfulFeatureRestrictions", true); + + async_test(function () { + window.addEventListener("message", this.step_func(function (event) { + assert_equals(event.data.success, true); + num_received++; + if (num_received == 4) + this.done(); + })); + + var iframe = document.createElement("iframe"); + iframe.src = "/security/powerfulFeatureRestrictions/resources/" + + "geolocation.html"; + document.body.appendChild(iframe); + + // A srcdoc should be skipped in the ancestor check. + var iframe = document.createElement("iframe"); + iframe.srcdoc = "<script>" + + "window.addEventListener('message', function (evt) {" + + "window.parent.postMessage(evt.data, '*'); });" + + "</sc" + "ript>" + + "<iframe src='" + get_host_info().HTTP_ORIGIN + + "/security/powerfulFeatureRestrictions/resources/" + + "geolocation.html'>" + + "</iframe>"; + document.body.appendChild(iframe); + + // A sandboxed iframe should use the frame's URL as the origin to check. + var iframe = document.createElement("iframe"); + iframe.sandbox = "allow-scripts"; + iframe.src = "/security/powerfulFeatureRestrictions/resources/" + + "geolocation.html"; + document.body.appendChild(iframe); + + // Insecure origin frames sandboxed secure origin frames secure + // origin. + var iframe = document.createElement("iframe"); + iframe.sandbox = "allow-scripts"; + iframe.src = get_host_info().HTTP_ORIGIN + + "/security/powerfulFeatureRestrictions/resources/" + + "geolocation-in-iframe.html"; + document.body.appendChild(iframe); + + }, 'getCurrentPosition in iframe'); +</script> +</html> diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/getUserMedia-on-insecure-origin.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/getUserMedia-on-insecure-origin.html index d6a9c3f..1d106bb 100644 --- a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/getUserMedia-on-insecure-origin.html +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/getUserMedia-on-insecure-origin.html @@ -2,8 +2,7 @@ <title>getUserMedia On An Insecure Origin</title> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<!-- FIXME: We should extract the get_host_info() bits of this file out to somewhere useful. --> -<script src="/serviceworker/resources/test-helpers.js"></script> +<script src="/resources/get-host-info.js"></script> <script> if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) { window.location = get_host_info().UNAUTHENTICATED_ORIGIN + window.location.pathname; diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/resources/geolocation-in-iframe.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/resources/geolocation-in-iframe.html new file mode 100644 index 0000000..9cfa1ea --- /dev/null +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/resources/geolocation-in-iframe.html @@ -0,0 +1,14 @@ +<!DOCTYPE html> +<html> +<head> +<title>Geolocation On A Secure Origin</title> +<script> + window.addEventListener("message", function (event) { + window.parent.postMessage(event.data, "*"); + }); +</script> +</head> +<body> +<iframe src="http://127.0.0.1:8000/security/powerfulFeatureRestrictions/resources/geolocation.html"></iframe> +</body> +</html> diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/resources/geolocation.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/resources/geolocation.html new file mode 100644 index 0000000..5b8b23b --- /dev/null +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/resources/geolocation.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<title>Geolocation On A Secure Origin</title> +<script> +var mockLatitude = 51.478; +var mockLongitude = -0.166; +var mockAccuracy = 100.0; + +if (!window.internals) + console.error('This test can not run without internals'); + +internals.setGeolocationClientMock(document); +internals.setGeolocationPermission(document, true); +internals.setGeolocationPosition(document, + mockLatitude, + mockLongitude, + mockAccuracy); + +navigator.geolocation.getCurrentPosition( + function () { + window.parent.postMessage({ success: true }, "*"); + }, + function (error) { + window.parent.postMessage({ message: error.message }, "*"); + }, { maximumAge: 10000 }); +</script> diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/resources/webcrypto.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/resources/webcrypto.html new file mode 100644 index 0000000..e62ba52 --- /dev/null +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/resources/webcrypto.html @@ -0,0 +1,20 @@ +<!DOCTYPE html> +<html> +<head> +<script> +var jwkKey = { + kty: "oct", + k: "jnOw99oOZFLIEPMrgJB55WL46tJSLGt7jnOw99oOZFI" +}; + +Promise.resolve(null).then(function (result) { + return crypto.subtle.importKey("jwk", jwkKey, {name: "AES-CBC"}, + true, ['encrypt', 'decrypt', + 'wrapKey', 'unwrapKey']); +}).then(function (result) { + window.parent.postMessage({success: true}, "*"); +}, function (result) { + window.parent.postMessage({success: false}, "*"); +}); +</script> +</html> diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/serviceworker-on-insecure-origin.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/serviceworker-on-insecure-origin.html index 0c44ee4..8fc6cbf 100644 --- a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/serviceworker-on-insecure-origin.html +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/serviceworker-on-insecure-origin.html @@ -2,8 +2,7 @@ <title>Register a ServiceWorker On An Insecure Origin</title> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> -<!-- FIXME: We should extract the get_host_info() bits of this file out to somewhere useful. --> -<script src="/serviceworker/resources/test-helpers.js"></script> +<script src="/resources/get-host-info.js"></script> <script> if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) { window.location = get_host_info().UNAUTHENTICATED_ORIGIN + window.location.pathname; diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/webcrypto-on-insecure-origin.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/webcrypto-on-insecure-origin.html new file mode 100644 index 0000000..97cbb2b --- /dev/null +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/webcrypto-on-insecure-origin.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<html> +<head> +<title>WebCrypto On An Insecure Origin</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/get-host-info.js"></script> +</head> +<body></body> +<script> + if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) { + window.location = get_host_info().UNAUTHENTICATED_ORIGIN + + window.location.pathname; + } else { + if (window.testRunner) + testRunner.overridePreference( + "WebKitStrictPowerfulFeatureRestrictions", true); + + async_test(function () { + var jwkKey = { + kty: "oct", + k: "jnOw99oOZFLIEPMrgJB55WL46tJSLGt7jnOw99oOZFI" + }; + Promise.resolve(null).then(this.step_func(function (result) { + return crypto.subtle.importKey("jwk", jwkKey, + {name: "AES-CBC"}, + true, + ['encrypt', 'decrypt', + 'wrapKey', 'unwrapKey']); + })).then(this.step_func(function (result) { + assert_unreached('crypto.subtle should fial, but succeeded.'); + this.done(); + }), this.step_func(function (result) { + assert_equals(result.message, 'Only secure origins are allowed (see: https://goo.gl/Y0ZkNV).'); + this.done(); + })); + }, "WebCrypto not allowed on insecure origin"); + } +</script> +</html> diff --git a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/webcrypto-on-secure-origin-in-insecure-origin.html b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/webcrypto-on-secure-origin-in-insecure-origin.html new file mode 100644 index 0000000..b23d74e --- /dev/null +++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/webcrypto-on-secure-origin-in-insecure-origin.html @@ -0,0 +1,32 @@ +<!DOCTYPE html> +<html> +<head> +<title>WebCrypto On A Secure Origin Embedded in an Insecure Origin</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/get-host-info.js"></script> +</head> +<body></body> +<script> + if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) { + window.location = get_host_info().UNAUTHENTICATED_ORIGIN + + window.location.pathname; + } else { + if (window.testRunner) + testRunner.overridePreference( + "WebKitStrictPowerfulFeatureRestrictions", true); + + async_test(function () { + window.addEventListener("message", this.step_func(function (event) { + assert_equals(event.data.success, true); + this.done(); + })); + var iframe = document.createElement("iframe"); + iframe.src = get_host_info().HTTP_ORIGIN + + "/security/powerfulFeatureRestrictions/resources/" + + "webcrypto.html"; + document.body.appendChild(iframe); + }, "WebCrypto allowed on secure origin in insecure origin"); + } +</script> +</html> diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium/resources/fetch-error-messages-worker.js b/third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium/resources/fetch-error-messages-worker.js index fb87ca0..e926450 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium/resources/fetch-error-messages-worker.js +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium/resources/fetch-error-messages-worker.js @@ -1,4 +1,5 @@ importScripts('../../resources/worker-testharness.js'); +importScripts('../../../resources/get-host-info.js'); importScripts('../../resources/test-helpers.js'); async_test(function(t) { diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium/resources/respond-with-body-accessed-response-worker.js b/third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium/resources/respond-with-body-accessed-response-worker.js index 4dd46dc..7ec2876 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium/resources/respond-with-body-accessed-response-worker.js +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium/resources/respond-with-body-accessed-response-worker.js @@ -1,3 +1,4 @@ +importScripts('../../../resources/get-host-info.js'); importScripts('../../resources/test-helpers.js'); function getQueryParams(url) { @@ -91,4 +92,4 @@ self.addEventListener('fetch', function(event) { response.body; return response; })); - });
\ No newline at end of file + }); diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-canvas-tainting.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-canvas-tainting.html index f2838ec..471d6a1 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-canvas-tainting.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-canvas-tainting.html @@ -2,6 +2,7 @@ <title>Service Worker: canvas tainting of the fetched image</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <body> <script> diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-cors-xhr.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-cors-xhr.html index 58b041c..58599de 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-cors-xhr.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-cors-xhr.html @@ -2,6 +2,7 @@ <title>Service Worker: CORS XHR of fetch()</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <body> <script> diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-csp.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-csp.html index ac95241..9ab8898 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-csp.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-csp.html @@ -2,6 +2,7 @@ <title>Service Worker: CSP control of fetch()</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <script> async_test(function(t) { diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-frame-resource.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-frame-resource.html index 4de0f2f..9a20223 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-frame-resource.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-frame-resource.html @@ -2,6 +2,7 @@ <title>Service Worker: Fetch for the frame loading.</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js"></script> <body> <script> diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-mixed-content-to-inscope.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-mixed-content-to-inscope.html index ad1eeed..5278202 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-mixed-content-to-inscope.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-mixed-content-to-inscope.html @@ -2,6 +2,7 @@ <title>Service Worker: Mixed content of fetch()</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <body></body> <script> diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-mixed-content-to-outscope.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-mixed-content-to-outscope.html index 6e71033..2fd0982 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-mixed-content-to-outscope.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-mixed-content-to-outscope.html @@ -2,6 +2,7 @@ <title>Service Worker: Mixed content of fetch()</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <body></body> <script> diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-css-base-url.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-css-base-url.html index f03dc2c..d734905 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-css-base-url.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-css-base-url.html @@ -2,6 +2,7 @@ <title>Service Worker: CSS's base URL must be the request URL even when fetched from other URL</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <script> async_test(function(t) { diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-fallback.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-fallback.html index 4e2a5b4..4527019 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-fallback.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-fallback.html @@ -2,6 +2,7 @@ <title>Service Worker: the fallback behavior of FetchEvent</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <script> var expected_urls = []; diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-html-imports.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-html-imports.html index 7f06c89..21e85d0 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-html-imports.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-html-imports.html @@ -2,6 +2,7 @@ <title>Service Worker: FetchEvent for HTMLImports</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <script> async_test(function(t) { diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-resources.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-resources.html index d4f8749..610aa76 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-resources.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-resources.html @@ -2,6 +2,7 @@ <title>Service Worker: FetchEvent for resources</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <script> var url_count = 0; diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-xhr.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-xhr.html index 018028f..906505a 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-xhr.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-xhr.html @@ -2,6 +2,7 @@ <title>Service Worker: the body of FetchEvent using XMLHttpRequest</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <script> async_test(function(t) { diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-xhr.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-xhr.html index 1aae731..f2efd1d 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-xhr.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-xhr.html @@ -2,6 +2,7 @@ <title>Service Worker: the response of FetchEvent using XMLHttpRequest</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <script> async_test(function(t) { diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/invalid-blobtype.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/invalid-blobtype.html index 47cbbe2..0ec28a1 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/invalid-blobtype.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/invalid-blobtype.html @@ -2,6 +2,7 @@ <title>Service Worker: respondWith with header value containing a null byte</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <script> async_test(function(t) { diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/invalid-header.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/invalid-header.html index 45a3cda..881577c 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/invalid-header.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/invalid-header.html @@ -2,6 +2,7 @@ <title>Service Worker: respondWith with header value containing a null byte</title> <script src="../resources/testharness.js"></script> <script src="../resources/testharnessreport.js"></script> +<script src="../resources/get-host-info.js"></script> <script src="resources/test-helpers.js?pipe=sub"></script> <script> async_test(function(t) { diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-canvas-tainting-iframe.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-canvas-tainting-iframe.html index 7a9b0485..c0c8810 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-canvas-tainting-iframe.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-canvas-tainting-iframe.html @@ -1,3 +1,4 @@ +<script src="../../resources/get-host-info.js"></script> <script src="test-helpers.js?pipe=sub"></script> <script> var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE'; diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-cors-xhr-iframe.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-cors-xhr-iframe.html index 37c0c62..708cf68 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-cors-xhr-iframe.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-cors-xhr-iframe.html @@ -1,3 +1,4 @@ +<script src="../../resources/get-host-info.js"></script> <script src="test-helpers.js?pipe=sub"></script> <script> var path = base_path() + 'fetch-access-control.php'; @@ -186,4 +187,4 @@ window.addEventListener('message', function(evt) { port.postMessage({results: 'failure:' + e}); }); }, false); -</script>
\ No newline at end of file +</script> diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-csp-iframe.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-csp-iframe.html index 9068cb7..0beea19 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-csp-iframe.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-csp-iframe.html @@ -1,3 +1,4 @@ +<script src="../../resources/get-host-info.js"></script> <script src="test-helpers.js?pipe=sub"></script> <script> var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE'; diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe-inscope-to-inscope.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe-inscope-to-inscope.html index 980a616..4ba9bc6 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe-inscope-to-inscope.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe-inscope-to-inscope.html @@ -1,3 +1,4 @@ +<script src="../../resources/get-host-info.js"></script> <script src="test-helpers.js?pipe=sub"></script> <script> var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE'; diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe-inscope-to-outscope.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe-inscope-to-outscope.html index b288226..3d1884d 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe-inscope-to-outscope.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe-inscope-to-outscope.html @@ -1,3 +1,4 @@ +<script src="../../resources/get-host-info.js"></script> <script src="test-helpers.js?pipe=sub"></script> <script> var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE'; diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe.html index 0df3ee6..9313ef4 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-mixed-content-iframe.html @@ -1,4 +1,5 @@ <!DOCTYPE html> +<script src="../../resources/get-host-info.js"></script> <script src="test-helpers.js?pipe=sub"></script> <script> var params = get_query_params(location.href); diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-css-base-url-worker.js b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-css-base-url-worker.js index 5405562..69269be 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-css-base-url-worker.js +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-css-base-url-worker.js @@ -1,3 +1,4 @@ +importScripts('../../resources/get-host-info.js'); importScripts('test-helpers.js'); var port = undefined; diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-xhr-iframe.html b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-xhr-iframe.html index 55ab3bc..8122392 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-xhr-iframe.html +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-xhr-iframe.html @@ -1,4 +1,5 @@ <script src="../../resources/testharness.js"></script> +<script src="../../resources/get-host-info.js"></script> <script src="test-helpers.js?pipe=sub"></script> <script> var host_info = get_host_info(); diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/test-helpers.js b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/test-helpers.js index 147ea61..1748c49 100644 --- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/test-helpers.js +++ b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/test-helpers.js @@ -156,31 +156,6 @@ function service_worker_test(url, description) { }, description); } -function get_host_info() { - var ORIGINAL_HOST = '127.0.0.1'; - var REMOTE_HOST = 'localhost'; - var UNAUTHENTICATED_HOST = 'example.test'; - var HTTP_PORT = 8000; - var HTTPS_PORT = 8443; - try { - // In W3C test, we can get the hostname and port number in config.json - // using wptserve's built-in pipe. - // http://wptserve.readthedocs.org/en/latest/pipes.html#built-in-pipes - HTTP_PORT = eval('{{ports[http][0]}}'); - HTTPS_PORT = eval('{{ports[https][0]}}'); - ORIGINAL_HOST = eval('\'{{host}}\''); - REMOTE_HOST = 'www1.' + ORIGINAL_HOST; - } catch (e) { - } - return { - HTTP_ORIGIN: 'http://' + ORIGINAL_HOST + ':' + HTTP_PORT, - HTTPS_ORIGIN: 'https://' + ORIGINAL_HOST + ':' + HTTPS_PORT, - HTTP_REMOTE_ORIGIN: 'http://' + REMOTE_HOST + ':' + HTTP_PORT, - HTTPS_REMOTE_ORIGIN: 'https://' + REMOTE_HOST + ':' + HTTPS_PORT, - UNAUTHENTICATED_ORIGIN: 'http://' + UNAUTHENTICATED_HOST + ':' + HTTP_PORT - }; -} - function base_path() { return location.pathname.replace(/\/[^\/]*$/, '/'); } diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp index f947b0e..56a553b 100644 --- a/third_party/WebKit/Source/core/dom/Document.cpp +++ b/third_party/WebKit/Source/core/dom/Document.cpp @@ -5644,6 +5644,39 @@ v8::Handle<v8::Object> Document::associateWithWrapper(v8::Isolate* isolate, cons return wrapper; } +bool Document::isPrivilegedContext(String& errorMessage, const PrivilegeContextCheck privilegeContextCheck) +{ + // TODO(estark): look at the responsible document for workers. + + if (securityContext().isSandboxed(SandboxOrigin)) { + if (!SecurityOrigin::create(url())->isPotentiallyTrustworthy(errorMessage)) + return false; + } else { + if (!securityOrigin()->isPotentiallyTrustworthy(errorMessage)) + return false; + } + + if (privilegeContextCheck == StandardPrivilegeCheck) { + Document* context = parentDocument(); + while (context) { + // Skip to the next ancestor if it's a srcdoc. + if (!isSrcdocDocument()) { + if (securityContext().isSandboxed(SandboxOrigin)) { + // For a sandboxed origin, use the document's URL. + RefPtr<SecurityOrigin> origin = SecurityOrigin::create(context->url()); + if (!origin->isPotentiallyTrustworthy(errorMessage)) + return false; + } else { + if (!context->securityOrigin()->isPotentiallyTrustworthy(errorMessage)) + return false; + } + } + context = context->parentDocument(); + } + } + return true; +} + DEFINE_TRACE(Document) { #if ENABLE(OILPAN) diff --git a/third_party/WebKit/Source/core/dom/Document.h b/third_party/WebKit/Source/core/dom/Document.h index ee0d13f..ee48989 100644 --- a/third_party/WebKit/Source/core/dom/Document.h +++ b/third_party/WebKit/Source/core/dom/Document.h @@ -1064,6 +1064,8 @@ public: NthIndexCache* nthIndexCache() const { return m_nthIndexCache; } + bool isPrivilegedContext(String& errorMessage, const PrivilegeContextCheck = StandardPrivilegeCheck) override; + protected: Document(const DocumentInit&, DocumentClassFlags = DefaultDocumentClass); diff --git a/third_party/WebKit/Source/core/dom/ExecutionContext.h b/third_party/WebKit/Source/core/dom/ExecutionContext.h index ca01233..854df0c 100644 --- a/third_party/WebKit/Source/core/dom/ExecutionContext.h +++ b/third_party/WebKit/Source/core/dom/ExecutionContext.h @@ -62,6 +62,14 @@ class CORE_EXPORT ExecutionContext public: DECLARE_VIRTUAL_TRACE(); + // Used to specify whether |isPrivilegedContext| should walk the + // ancestor tree to decide whether to restrict usage of a powerful + // feature. + enum PrivilegeContextCheck { + StandardPrivilegeCheck, + WebCryptoPrivilegeCheck + }; + virtual bool isDocument() const { return false; } virtual bool isWorkerGlobalScope() const { return false; } virtual bool isDedicatedWorkerGlobalScope() const { return false; } @@ -141,6 +149,10 @@ public: void consumeWindowInteraction(); bool isWindowInteractionAllowed() const; + // Decides whether this context is privileged, as described in + // https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged. + virtual bool isPrivilegedContext(String& errorMessage, const PrivilegeContextCheck = StandardPrivilegeCheck) = 0; + protected: ExecutionContext(); virtual ~ExecutionContext(); diff --git a/third_party/WebKit/Source/core/testing/NullExecutionContext.cpp b/third_party/WebKit/Source/core/testing/NullExecutionContext.cpp index 0ad1b73..5eeb8c8 100644 --- a/third_party/WebKit/Source/core/testing/NullExecutionContext.cpp +++ b/third_party/WebKit/Source/core/testing/NullExecutionContext.cpp @@ -39,4 +39,9 @@ double NullExecutionContext::timerAlignmentInterval() const return DOMTimer::visiblePageAlignmentInterval(); } +bool NullExecutionContext::isPrivilegedContext(String& errorMessage, const PrivilegeContextCheck privilegeContextCheck) +{ + return true; +} + } // namespace blink diff --git a/third_party/WebKit/Source/core/testing/NullExecutionContext.h b/third_party/WebKit/Source/core/testing/NullExecutionContext.h index 72053df..c310676 100644 --- a/third_party/WebKit/Source/core/testing/NullExecutionContext.h +++ b/third_party/WebKit/Source/core/testing/NullExecutionContext.h @@ -42,6 +42,8 @@ public: virtual void addConsoleMessage(PassRefPtrWillBeRawPtr<ConsoleMessage>) override { } virtual void logExceptionToConsole(const String& errorMessage, int scriptId, const String& sourceURL, int lineNumber, int columnNumber, PassRefPtrWillBeRawPtr<ScriptCallStack>) override { } + bool isPrivilegedContext(String& errorMessage, const PrivilegeContextCheck = StandardPrivilegeCheck); + DEFINE_INLINE_TRACE() { visitor->trace(m_queue); diff --git a/third_party/WebKit/Source/core/workers/WorkerGlobalScope.cpp b/third_party/WebKit/Source/core/workers/WorkerGlobalScope.cpp index 9043c6b..141c68c 100644 --- a/third_party/WebKit/Source/core/workers/WorkerGlobalScope.cpp +++ b/third_party/WebKit/Source/core/workers/WorkerGlobalScope.cpp @@ -363,6 +363,12 @@ void WorkerGlobalScope::exceptionHandled(int exceptionId, bool isHandled) addConsoleMessage(consoleMessage.release()); } +bool WorkerGlobalScope::isPrivilegedContext(String& errorMessage, const PrivilegeContextCheck privilegeContextCheck) +{ + // TODO(estark): check the responsible document at worker creation time + return true; +} + void WorkerGlobalScope::removeURLFromMemoryCache(const KURL& url) { m_thread->workerLoaderProxy()->postTaskToLoader(createCrossThreadTask(&WorkerGlobalScope::removeURLFromMemoryCacheInternal, url)); diff --git a/third_party/WebKit/Source/core/workers/WorkerGlobalScope.h b/third_party/WebKit/Source/core/workers/WorkerGlobalScope.h index a03c664..3259e3e 100644 --- a/third_party/WebKit/Source/core/workers/WorkerGlobalScope.h +++ b/third_party/WebKit/Source/core/workers/WorkerGlobalScope.h @@ -133,6 +133,8 @@ public: virtual void scriptLoaded(size_t scriptSize, size_t cachedMetadataSize) { } + bool isPrivilegedContext(String& errorMessage, const PrivilegeContextCheck = StandardPrivilegeCheck) override; + DECLARE_VIRTUAL_TRACE(); protected: diff --git a/third_party/WebKit/Source/modules/credentialmanager/CredentialsContainer.cpp b/third_party/WebKit/Source/modules/credentialmanager/CredentialsContainer.cpp index bd551d0..1b129c9 100644 --- a/third_party/WebKit/Source/modules/credentialmanager/CredentialsContainer.cpp +++ b/third_party/WebKit/Source/modules/credentialmanager/CredentialsContainer.cpp @@ -105,9 +105,8 @@ static bool checkBoilerplate(PassRefPtrWillBeRawPtr<ScriptPromiseResolver> resol return false; } - SecurityOrigin* securityOrigin = resolver->scriptState()->executionContext()->securityOrigin(); String errorMessage; - if (!securityOrigin->canAccessFeatureRequiringSecureOrigin(errorMessage)) { + if (!resolver->scriptState()->executionContext()->isPrivilegedContext(errorMessage)) { resolver->reject(DOMException::create(SecurityError, errorMessage)); return false; } diff --git a/third_party/WebKit/Source/modules/crypto/SubtleCrypto.cpp b/third_party/WebKit/Source/modules/crypto/SubtleCrypto.cpp index a780cdc..23aebdf 100644 --- a/third_party/WebKit/Source/modules/crypto/SubtleCrypto.cpp +++ b/third_party/WebKit/Source/modules/crypto/SubtleCrypto.cpp @@ -71,9 +71,8 @@ static bool parseAlgorithm(const AlgorithmIdentifier& raw, WebCryptoOperation op static bool canAccessWebCrypto(ScriptState* scriptState, CryptoResult* result) { - const SecurityOrigin* origin = scriptState->executionContext()->securityOrigin(); String errorMessage; - if (!origin->canAccessFeatureRequiringSecureOrigin(errorMessage)) { + if (!scriptState->executionContext()->isPrivilegedContext(errorMessage, ExecutionContext::WebCryptoPrivilegeCheck)) { result->completeWithError(WebCryptoErrorTypeNotSupported, errorMessage); return false; } diff --git a/third_party/WebKit/Source/modules/device_orientation/DeviceMotionController.cpp b/third_party/WebKit/Source/modules/device_orientation/DeviceMotionController.cpp index adb4532..bf1a195 100644 --- a/third_party/WebKit/Source/modules/device_orientation/DeviceMotionController.cpp +++ b/third_party/WebKit/Source/modules/device_orientation/DeviceMotionController.cpp @@ -50,7 +50,7 @@ void DeviceMotionController::didAddEventListener(LocalDOMWindow* window, const A if (document().frame()) { String errorMessage; - if (document().securityOrigin()->canAccessFeatureRequiringSecureOrigin(errorMessage)) { + if (document().isPrivilegedContext(errorMessage)) { UseCounter::count(document().frame(), UseCounter::DeviceMotionSecureOrigin); } else { UseCounter::count(document().frame(), UseCounter::DeviceMotionInsecureOrigin); diff --git a/third_party/WebKit/Source/modules/device_orientation/DeviceOrientationController.cpp b/third_party/WebKit/Source/modules/device_orientation/DeviceOrientationController.cpp index a08d7fd..a9843e9 100644 --- a/third_party/WebKit/Source/modules/device_orientation/DeviceOrientationController.cpp +++ b/third_party/WebKit/Source/modules/device_orientation/DeviceOrientationController.cpp @@ -57,7 +57,7 @@ void DeviceOrientationController::didAddEventListener(LocalDOMWindow* window, co if (document().frame()) { String errorMessage; - if (document().securityOrigin()->canAccessFeatureRequiringSecureOrigin(errorMessage)) { + if (document().isPrivilegedContext(errorMessage)) { UseCounter::count(document().frame(), UseCounter::DeviceOrientationSecureOrigin); } else { UseCounter::count(document().frame(), UseCounter::DeviceOrientationInsecureOrigin); diff --git a/third_party/WebKit/Source/modules/geolocation/Geolocation.cpp b/third_party/WebKit/Source/modules/geolocation/Geolocation.cpp index b85a982..315053d 100644 --- a/third_party/WebKit/Source/modules/geolocation/Geolocation.cpp +++ b/third_party/WebKit/Source/modules/geolocation/Geolocation.cpp @@ -148,12 +148,13 @@ void Geolocation::recordOriginTypeAccess() const Document* document = this->document(); ASSERT(document); - // It is required by canAccessFeatureRequiringSecureOrigin() but isn't + // It is required by isPrivilegedContext() but isn't // actually used. This could be used later if a warning is shown in the // developer console. String insecureOriginMsg; - UseCounter::Feature counter = document->securityOrigin()->canAccessFeatureRequiringSecureOrigin(insecureOriginMsg) - ? UseCounter::GeolocationSecureOrigin : UseCounter::GeolocationInsecureOrigin; + UseCounter::Feature counter = document->isPrivilegedContext(insecureOriginMsg) + ? UseCounter::GeolocationSecureOrigin + : UseCounter::GeolocationInsecureOrigin; UseCounter::count(document, counter); } @@ -192,7 +193,7 @@ void Geolocation::startRequest(GeoNotifier *notifier) { if (frame()->settings()->strictPowerfulFeatureRestrictions()) { String errorMessage; - if (!executionContext()->securityOrigin()->canAccessFeatureRequiringSecureOrigin(errorMessage)) { + if (!executionContext()->isPrivilegedContext(errorMessage)) { notifier->setFatalError(PositionError::create(PositionError::POSITION_UNAVAILABLE, errorMessage)); return; } diff --git a/third_party/WebKit/Source/modules/mediastream/NavigatorMediaStream.cpp b/third_party/WebKit/Source/modules/mediastream/NavigatorMediaStream.cpp index a453721..be29a1d 100644 --- a/third_party/WebKit/Source/modules/mediastream/NavigatorMediaStream.cpp +++ b/third_party/WebKit/Source/modules/mediastream/NavigatorMediaStream.cpp @@ -62,7 +62,7 @@ void NavigatorMediaStream::webkitGetUserMedia(Navigator& navigator, const Dictio } String errorMessage; - if (navigator.frame()->document()->securityOrigin()->canAccessFeatureRequiringSecureOrigin(errorMessage)) { + if (navigator.frame()->document()->isPrivilegedContext(errorMessage)) { UseCounter::count(navigator.frame(), UseCounter::GetUserMediaSecureOrigin); } else { UseCounter::count(navigator.frame(), UseCounter::GetUserMediaInsecureOrigin); diff --git a/third_party/WebKit/Source/modules/notifications/Notification.cpp b/third_party/WebKit/Source/modules/notifications/Notification.cpp index 867e438..4e1fe58 100644 --- a/third_party/WebKit/Source/modules/notifications/Notification.cpp +++ b/third_party/WebKit/Source/modules/notifications/Notification.cpp @@ -101,8 +101,9 @@ Notification* Notification::create(ExecutionContext* context, const String& titl } String insecureOriginMessage; - UseCounter::Feature feature = context->securityOrigin()->canAccessFeatureRequiringSecureOrigin(insecureOriginMessage) - ? UseCounter::NotificationSecureOrigin : UseCounter::NotificationInsecureOrigin; + UseCounter::Feature feature = context->isPrivilegedContext(insecureOriginMessage) + ? UseCounter::NotificationSecureOrigin + : UseCounter::NotificationInsecureOrigin; UseCounter::count(context, feature); notification->scheduleShow(); diff --git a/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp b/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp index 4d423ac..612d37b 100644 --- a/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp +++ b/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp @@ -136,7 +136,7 @@ ScriptPromise ServiceWorkerContainer::registerServiceWorker(ScriptState* scriptS ExecutionContext* executionContext = scriptState->executionContext(); RefPtr<SecurityOrigin> documentOrigin = executionContext->securityOrigin(); String errorMessage; - if (!documentOrigin->canAccessFeatureRequiringSecureOrigin(errorMessage)) { + if (!executionContext->isPrivilegedContext(errorMessage)) { resolver->reject(DOMException::create(NotSupportedError, errorMessage)); return promise; } @@ -195,7 +195,7 @@ ScriptPromise ServiceWorkerContainer::getRegistration(ScriptState* scriptState, ExecutionContext* executionContext = scriptState->executionContext(); RefPtr<SecurityOrigin> documentOrigin = executionContext->securityOrigin(); String errorMessage; - if (!documentOrigin->canAccessFeatureRequiringSecureOrigin(errorMessage)) { + if (!executionContext->isPrivilegedContext(errorMessage)) { resolver->reject(DOMException::create(NotSupportedError, errorMessage)); return promise; } diff --git a/third_party/WebKit/Source/platform/exported/WebSecurityOrigin.cpp b/third_party/WebKit/Source/platform/exported/WebSecurityOrigin.cpp index d6c08fa..adff509 100644 --- a/third_party/WebKit/Source/platform/exported/WebSecurityOrigin.cpp +++ b/third_party/WebKit/Source/platform/exported/WebSecurityOrigin.cpp @@ -108,11 +108,11 @@ bool WebSecurityOrigin::canRequest(const WebURL& url) const return m_private->canRequest(url); } -bool WebSecurityOrigin::canAccessFeatureRequiringSecureOrigin(WebString& errorMessage) const +bool WebSecurityOrigin::isPotentiallyTrustworthy(WebString& errorMessage) const { ASSERT(m_private); WTF::String message(errorMessage); - bool result = m_private->canAccessFeatureRequiringSecureOrigin(message); + bool result = m_private->isPotentiallyTrustworthy(message); errorMessage = message; return result; } diff --git a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp index 5328378..8446181 100644 --- a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp +++ b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp @@ -375,7 +375,7 @@ bool SecurityOrigin::canDisplay(const KURL& url) const return true; } -bool SecurityOrigin::canAccessFeatureRequiringSecureOrigin(String& errorMessage) const +bool SecurityOrigin::isPotentiallyTrustworthy(String& errorMessage) const { ASSERT(m_protocol != "data"); if (SchemeRegistry::shouldTreatURLSchemeAsSecure(m_protocol) || isLocal() || isLocalhost()) diff --git a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h index c2d5b59..be0c070 100644 --- a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h +++ b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h @@ -113,12 +113,11 @@ public: // display content from the user's files system. bool canDisplay(const KURL&) const; - // A "secure origin" as defined by [1] are those that load resources either - // from the local machine (necessarily trusted) or over the network from a - // cryptographically-authenticated server. - // - // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure- - bool canAccessFeatureRequiringSecureOrigin(String& errorMessage) const; + // Returns true if the origin loads resources either from the local + // machine or over the network from a + // cryptographically-authenticated origin, as described in + // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustworthy. + bool isPotentiallyTrustworthy(String& errorMessage) const; // Returns true if this SecurityOrigin can load local resources, such // as images, iframes, and style sheets, and can link to local URLs. diff --git a/third_party/WebKit/Source/platform/weborigin/SecurityOriginTest.cpp b/third_party/WebKit/Source/platform/weborigin/SecurityOriginTest.cpp index 7b0218d..2e99b5b 100644 --- a/third_party/WebKit/Source/platform/weborigin/SecurityOriginTest.cpp +++ b/third_party/WebKit/Source/platform/weborigin/SecurityOriginTest.cpp @@ -60,7 +60,7 @@ TEST(SecurityOriginTest, ValidPortsCreateNonUniqueOrigins) } } -TEST(SecurityOriginTest, CanAccessFeatureRequringSecureOrigin) +TEST(SecurityOriginTest, IsPotentiallyTrustworthy) { struct TestCase { bool accessGranted; @@ -128,14 +128,14 @@ TEST(SecurityOriginTest, CanAccessFeatureRequringSecureOrigin) SCOPED_TRACE(i); RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(inputs[i].url); String errorMessage; - EXPECT_EQ(inputs[i].accessGranted, origin->canAccessFeatureRequiringSecureOrigin(errorMessage)); + EXPECT_EQ(inputs[i].accessGranted, origin->isPotentiallyTrustworthy(errorMessage)); EXPECT_EQ(inputs[i].accessGranted, errorMessage.isEmpty()); } // Unique origins are not considered secure. RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique(); String errorMessage; - EXPECT_FALSE(uniqueOrigin->canAccessFeatureRequiringSecureOrigin(errorMessage)); + EXPECT_FALSE(uniqueOrigin->isPotentiallyTrustworthy(errorMessage)); EXPECT_EQ("Only secure origins are allowed (see: https://goo.gl/Y0ZkNV).", errorMessage); } @@ -167,4 +167,3 @@ TEST(SecurityOriginTest, IsSecure) } } // namespace - diff --git a/third_party/WebKit/public/platform/WebSecurityOrigin.h b/third_party/WebKit/public/platform/WebSecurityOrigin.h index 573fb03..973ed7e 100644 --- a/third_party/WebKit/public/platform/WebSecurityOrigin.h +++ b/third_party/WebKit/public/platform/WebSecurityOrigin.h @@ -83,12 +83,11 @@ public: // from a given security origin to receive contents from a given URL. BLINK_PLATFORM_EXPORT bool canRequest(const WebURL&) const; - // A "secure origin" as defined by [1] are those that load resources either - // from the local machine (necessarily trusted) or over the network from a - // cryptographically-authenticated server. - // - // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure- - BLINK_PLATFORM_EXPORT bool canAccessFeatureRequiringSecureOrigin(WebString& errorMessage) const; + // Returns true if the origin loads resources either from the local + // machine or over the network from a + // cryptographically-authenticated origin, as described in + // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustworthy. + BLINK_PLATFORM_EXPORT bool isPotentiallyTrustworthy(WebString& errorMessage) const; // Returns a string representation of the WebSecurityOrigin. The empty // WebSecurityOrigin is represented by "null". The representation of a diff --git a/third_party/WebKit/public/web/WebSecurityOrigin.h b/third_party/WebKit/public/web/WebSecurityOrigin.h index 3ba25b4..3930f65 100644 --- a/third_party/WebKit/public/web/WebSecurityOrigin.h +++ b/third_party/WebKit/public/web/WebSecurityOrigin.h @@ -92,12 +92,11 @@ public: // from a given security origin to receive contents from a given URL. BLINK_PLATFORM_EXPORT bool canRequest(const WebURL&) const; - // A "secure origin" as defined by [1] are those that load resources either - // from the local machine (necessarily trusted) or over the network from a - // cryptographically-authenticated server. - // - // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure- - BLINK_PLATFORM_EXPORT bool canAccessFeatureRequiringSecureOrigin(WebString& errorMessage) const; + // Returns true if the origin loads resources either from the local + // machine or over the network from a + // cryptographically-authenticated origin, as described in + // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustworthy. + BLINK_PLATFORM_EXPORT bool isPotentiallyTrustworthy(WebString& errorMessage) const; // Returns a string representation of the WebSecurityOrigin. The empty // WebSecurityOrigin is represented by "null". The representation of a |