diff options
| author | mkwst <mkwst@chromium.org> | 2016-03-09 05:06:19 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-09 13:07:57 +0000 |
| commit | cfa9893483f1c8b83d9e93c188c4c18f552bb1ba (patch) | |
| tree | 91bd51b847734f70a9c7c2f939e2fedd4c1f6d4d /content/browser/shared_worker | |
| parent | aea0d270c480410ad8764473797bbf5b5f6c6189 (diff) | |
| download | chromium_src-cfa9893483f1c8b83d9e93c188c4c18f552bb1ba.zip chromium_src-cfa9893483f1c8b83d9e93c188c4c18f552bb1ba.tar.gz chromium_src-cfa9893483f1c8b83d9e93c188c4c18f552bb1ba.tar.bz2 | |
CORS-RFC1918: Pipe creator address space through SharedWorker creation.
SharedWorkers are created in a fairly arcane process whereby the renderer
IPCs up to the browser to look for existing workers, and then the browser
IPCs back down to the renderer to kick off a request if a new worker needs
to spin up. https://codereview.chromium.org/1760523004 took care of some
of the work necessary to ensure that the worker that spins up is correctly
marked as "external" if relevant, but didn't deal with the request for the
worker itself.
"Why do we care?", you ask, "Surely SharedWorkers are same-origin with the
requesting page!" True, but part of the goal is to deal with DNS poisoning
attacks, which means that we really do need to tag the request itself.
Ugh.
The CL is large enough, but got even larger when I realized that I needed
to split the AddressSpace enum out of WebURLRequest in order to make it
includable from //content/{browser,common}. Sorry for the mess!
As kinuko@ noted in the previous patch, unit tests that generate a request
I could verify are hard to put together with the current infrastructure.
There's an upcoming patch (https://codereview.chromium.org/1745083002)
which breaks the existing //security/cors-rfc1918/* layout tests without
this patch, however.
BUG=591052
Review URL: https://codereview.chromium.org/1775933002
Cr-Commit-Position: refs/heads/master@{#380126}
Diffstat (limited to 'content/browser/shared_worker')
5 files changed, 28 insertions, 5 deletions
diff --git a/content/browser/shared_worker/shared_worker_host.cc b/content/browser/shared_worker/shared_worker_host.cc index 07d988f..ec51351 100644 --- a/content/browser/shared_worker/shared_worker_host.cc +++ b/content/browser/shared_worker/shared_worker_host.cc @@ -89,6 +89,7 @@ void SharedWorkerHost::Start(bool pause_on_start) { params.name = instance_->name(); params.content_security_policy = instance_->content_security_policy(); params.security_policy_type = instance_->security_policy_type(); + params.creation_address_space = instance_->creation_address_space(); params.pause_on_start = pause_on_start; params.route_id = worker_route_id_; Send(new WorkerProcessMsg_CreateWorker(params)); diff --git a/content/browser/shared_worker/shared_worker_instance.cc b/content/browser/shared_worker/shared_worker_instance.cc index caa3876..282cf19 100644 --- a/content/browser/shared_worker/shared_worker_instance.cc +++ b/content/browser/shared_worker/shared_worker_instance.cc @@ -13,6 +13,7 @@ SharedWorkerInstance::SharedWorkerInstance( const base::string16& name, const base::string16& content_security_policy, blink::WebContentSecurityPolicyType security_policy_type, + blink::WebAddressSpace creation_address_space, ResourceContext* resource_context, const WorkerStoragePartitionId& partition_id, blink::WebSharedWorkerCreationContextType creation_context_type) @@ -20,6 +21,7 @@ SharedWorkerInstance::SharedWorkerInstance( name_(name), content_security_policy_(content_security_policy), security_policy_type_(security_policy_type), + creation_address_space_(creation_address_space), resource_context_(resource_context), partition_id_(partition_id), creation_context_type_(creation_context_type) { @@ -31,6 +33,7 @@ SharedWorkerInstance::SharedWorkerInstance(const SharedWorkerInstance& other) name_(other.name_), content_security_policy_(other.content_security_policy_), security_policy_type_(other.security_policy_type_), + creation_address_space_(other.creation_address_space_), resource_context_(other.resource_context_), partition_id_(other.partition_id_), creation_context_type_(other.creation_context_type_) {} diff --git a/content/browser/shared_worker/shared_worker_instance.h b/content/browser/shared_worker/shared_worker_instance.h index 025da9b..947621e 100644 --- a/content/browser/shared_worker/shared_worker_instance.h +++ b/content/browser/shared_worker/shared_worker_instance.h @@ -9,6 +9,7 @@ #include "content/browser/shared_worker/worker_storage_partition.h" #include "content/common/content_export.h" +#include "third_party/WebKit/public/platform/WebAddressSpace.h" #include "third_party/WebKit/public/web/WebContentSecurityPolicy.h" #include "third_party/WebKit/public/web/WebSharedWorkerCreationContextType.h" #include "url/gurl.h" @@ -25,6 +26,7 @@ class CONTENT_EXPORT SharedWorkerInstance { const base::string16& name, const base::string16& content_security_policy, blink::WebContentSecurityPolicyType security_policy_type, + blink::WebAddressSpace creation_address_space, ResourceContext* resource_context, const WorkerStoragePartitionId& partition_id, blink::WebSharedWorkerCreationContextType creation_context_type); @@ -52,6 +54,9 @@ class CONTENT_EXPORT SharedWorkerInstance { blink::WebContentSecurityPolicyType security_policy_type() const { return security_policy_type_; } + blink::WebAddressSpace creation_address_space() const { + return creation_address_space_; + } ResourceContext* resource_context() const { return resource_context_; } @@ -65,6 +70,7 @@ class CONTENT_EXPORT SharedWorkerInstance { const base::string16 name_; const base::string16 content_security_policy_; const blink::WebContentSecurityPolicyType security_policy_type_; + const blink::WebAddressSpace creation_address_space_; ResourceContext* const resource_context_; const WorkerStoragePartitionId partition_id_; const blink::WebSharedWorkerCreationContextType creation_context_type_; diff --git a/content/browser/shared_worker/shared_worker_instance_unittest.cc b/content/browser/shared_worker/shared_worker_instance_unittest.cc index c78cb1f..9e773f7 100644 --- a/content/browser/shared_worker/shared_worker_instance_unittest.cc +++ b/content/browser/shared_worker/shared_worker_instance_unittest.cc @@ -49,7 +49,7 @@ class SharedWorkerInstanceTest : public testing::Test { TEST_F(SharedWorkerInstanceTest, MatchesTest) { SharedWorkerInstance instance1( GURL("http://example.com/w.js"), base::string16(), base::string16(), - blink::WebContentSecurityPolicyTypeReport, + blink::WebContentSecurityPolicyTypeReport, blink::WebAddressSpacePublic, browser_context_->GetResourceContext(), partition_id_, blink::WebSharedWorkerCreationContextTypeNonsecure); EXPECT_TRUE(Matches(instance1, "http://example.com/w.js", "")); @@ -64,8 +64,8 @@ TEST_F(SharedWorkerInstanceTest, MatchesTest) { SharedWorkerInstance instance2( GURL("http://example.com/w.js"), base::ASCIIToUTF16("name"), base::string16(), blink::WebContentSecurityPolicyTypeReport, - browser_context_->GetResourceContext(), partition_id_, - blink::WebSharedWorkerCreationContextTypeNonsecure); + blink::WebAddressSpacePublic, browser_context_->GetResourceContext(), + partition_id_, blink::WebSharedWorkerCreationContextTypeNonsecure); EXPECT_FALSE(Matches(instance2, "http://example.com/w.js", "")); EXPECT_FALSE(Matches(instance2, "http://example.com/w2.js", "")); EXPECT_FALSE(Matches(instance2, "http://example.net/w.js", "")); @@ -80,4 +80,17 @@ TEST_F(SharedWorkerInstanceTest, MatchesTest) { EXPECT_FALSE(Matches(instance2, "http://example.net/w2.js", "name2")); } +TEST_F(SharedWorkerInstanceTest, AddressSpace) { + for (int i = 0; i < static_cast<int>(blink::WebAddressSpaceLast); i++) { + SharedWorkerInstance instance( + GURL("http://example.com/w.js"), base::ASCIIToUTF16("name"), + base::string16(), blink::WebContentSecurityPolicyTypeReport, + static_cast<blink::WebAddressSpace>(i), + browser_context_->GetResourceContext(), partition_id_, + blink::WebSharedWorkerCreationContextTypeNonsecure); + EXPECT_EQ(static_cast<blink::WebAddressSpace>(i), + instance.creation_address_space()); + } +} + } // namespace content diff --git a/content/browser/shared_worker/shared_worker_service_impl.cc b/content/browser/shared_worker/shared_worker_service_impl.cc index b36187f..76c6487 100644 --- a/content/browser/shared_worker/shared_worker_service_impl.cc +++ b/content/browser/shared_worker/shared_worker_service_impl.cc @@ -292,8 +292,8 @@ void SharedWorkerServiceImpl::CreateWorker( *creation_error = blink::WebWorkerCreationErrorNone; scoped_ptr<SharedWorkerInstance> instance(new SharedWorkerInstance( params.url, params.name, params.content_security_policy, - params.security_policy_type, resource_context, partition_id, - params.creation_context_type)); + params.security_policy_type, params.creation_address_space, + resource_context, partition_id, params.creation_context_type)); scoped_ptr<SharedWorkerPendingInstance::SharedWorkerPendingRequest> request( new SharedWorkerPendingInstance::SharedWorkerPendingRequest( filter, |