[webkit-changes] [256381] trunk

[youenn]

Title: [256381] trunk

Revision

256381

Author

you...@apple.com

Date

2020-02-11 15:32:10 -0800 (Tue, 11 Feb 2020)

Log Message

Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
https://bugs.webkit.org/show_bug.cgi?id=207506

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

* web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt:

Source/WebCore:

Instead of checking document URL protocol, implement the rules as per spec, in particular:
- If http/https, do not reuse controller
- If iframe has a unique origin, do not reuse controller
- If iframe does not have same origin as parent, do not reuse controller.

Covered by rebased test.

* loader/DocumentLoader.cpp:
(WebCore::isInheritingControllerFromParent):
(WebCore::DocumentLoader::commitData):
(WebCore::isLocalURL): Deleted.

LayoutTests:

* http/tests/workers/service/serviceworkerclients-claim.https-expected.txt:
Rebased test since now the frame is doing a fetch that is no longer intercepted by the service worker,
and is thus failing due to CORS.
* http/tests/workers/service/serviceworkerclients-claim.https.html:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https-expected.txt
• trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https.html
• trunk/LayoutTests/imported/w3c/ChangeLog
• trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/DocumentLoader.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (256380 => 256381)

--- trunk/LayoutTests/ChangeLog	2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/LayoutTests/ChangeLog	2020-02-11 23:32:10 UTC (rev 256381)
@@ -1,3 +1,15 @@
+2020-02-11  Youenn Fablet  <you...@apple.com>
+
+        Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+        https://bugs.webkit.org/show_bug.cgi?id=207506
+
+        Reviewed by Darin Adler.
+
+        * http/tests/workers/service/serviceworkerclients-claim.https-expected.txt:
+        Rebased test since now the frame is doing a fetch that is no longer intercepted by the service worker,
+        and is thus failing due to CORS.
+        * http/tests/workers/service/serviceworkerclients-claim.https.html:
+
 2020-02-11  Jason Lawrence  <lawrenc...@apple.com>
 
         [ iOS wk2 ] http/wpt/service-workers/service-worker-spinning-fetch.https.html is flaky failing.

Modified: trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https-expected.txt (256380 => 256381)

--- trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https-expected.txt	2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https-expected.txt	2020-02-11 23:32:10 UTC (rev 256381)
@@ -1,3 +1,6 @@
+CONSOLE MESSAGE: Origin null is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:8443/pinkelephant due to access control checks.
+CONSOLE MESSAGE: line 1: Unhandled Promise Rejection: TypeError: Origin null is not allowed by Access-Control-Allow-Origin.
 
 
 PASS Setup worker 

Modified: trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https.html (256380 => 256381)

--- trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https.html	2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https.html	2020-02-11 23:32:10 UTC (rev 256381)
@@ -60,13 +60,12 @@
 promise_test(async (test) => {
     var promise = new Promise((resolve, reject) => {
         window.addEventListener("message", (event) => {
-            resolve(event.data);
+            reject("Received a message from iframe:" + event.data);
         }, false);
-        setTimeout(() => {  reject("Did not receive any message from iframe"); }, 5000);
+        setTimeout(resolve, 100);
     });
     var frame = await withFrame("data:text/html," + htmlString);
-    var result = await promise;
-    assert_equals(result, "PASS");
+    return promise;
 }, "Test data URL frame");
 
 promise_test(async (test) => {

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (256380 => 256381)

--- trunk/LayoutTests/imported/w3c/ChangeLog	2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2020-02-11 23:32:10 UTC (rev 256381)
@@ -1,3 +1,12 @@
+2020-02-11  Youenn Fablet  <you...@apple.com>
+
+        Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+        https://bugs.webkit.org/show_bug.cgi?id=207506
+
+        Reviewed by Darin Adler.
+
+        * web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt:
+
 2020-02-07  Ryosuke Niwa  <rn...@webkit.org>
 
         Don't update selection when calling setSelectionRange on a disconnected input element

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt (256380 => 256381)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt	2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt	2020-02-11 23:32:10 UTC (rev 256381)
@@ -3,7 +3,7 @@
 PASS Same-origin blob URL iframe should intercept fetch(). 
 FAIL Same-origin blob URL worker should inherit service worker controller. assert_equals: blob URL worker should inherit controller expected (string) "https://localhost:9443/service-workers/service-worker/resources/local-url-inherit-controller-worker.js" but got (object) null
 PASS Same-origin blob URL worker should intercept fetch(). 
-FAIL Data URL iframe should not intercept fetch(). assert_equals: data URL iframe should not intercept fetch expected "" but got "intercepted"
+PASS Data URL iframe should not intercept fetch(). 
 FAIL Data URL worker should not inherit service worker controller. promise_test: Unhandled rejection with value: object "SecurityError: The operation is insecure."
 FAIL Data URL worker should not intercept fetch(). promise_test: Unhandled rejection with value: object "SecurityError: The operation is insecure."
 

Modified: trunk/Source/WebCore/ChangeLog (256380 => 256381)

--- trunk/Source/WebCore/ChangeLog	2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/Source/WebCore/ChangeLog	2020-02-11 23:32:10 UTC (rev 256381)
@@ -1,3 +1,22 @@
+2020-02-11  Youenn Fablet  <you...@apple.com>
+
+        Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+        https://bugs.webkit.org/show_bug.cgi?id=207506
+
+        Reviewed by Darin Adler.
+
+        Instead of checking document URL protocol, implement the rules as per spec, in particular:
+        - If http/https, do not reuse controller
+        - If iframe has a unique origin, do not reuse controller
+        - If iframe does not have same origin as parent, do not reuse controller.
+
+        Covered by rebased test.
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::isInheritingControllerFromParent):
+        (WebCore::DocumentLoader::commitData):
+        (WebCore::isLocalURL): Deleted.
+
 2020-02-11  Zalan Bujtas  <za...@apple.com>
 
         [LFC] Introduce Layout::ReplacedBox

Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (256380 => 256381)

--- trunk/Source/WebCore/loader/DocumentLoader.cpp	2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp	2020-02-11 23:32:10 UTC (rev 256381)
@@ -1057,11 +1057,10 @@
 }
 
 #if ENABLE(SERVICE_WORKER)
-static inline bool isLocalURL(const URL& url)
+// https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+static inline bool shouldUseActiveServiceWorkerFromParent(const Document& document, const Document& parent)
 {
-    // https://fetch.spec.whatwg.org/#is-local
-    auto protocol = url.protocol().toStringWithoutCopying();
-    return equalLettersIgnoringASCIICase(protocol, "data") || equalLettersIgnoringASCIICase(protocol, "blob") || equalLettersIgnoringASCIICase(protocol, "about");
+    return !document.url().protocolIsInHTTPFamily() && !document.securityOrigin().isUnique() && parent.securityOrigin().canAccess(document.securityOrigin());
 }
 #endif
 
@@ -1092,8 +1091,8 @@
             if (m_serviceWorkerRegistrationData && m_serviceWorkerRegistrationData->activeWorker) {
                 m_frame->document()->setActiveServiceWorker(ServiceWorker::getOrCreate(*m_frame->document(), WTFMove(m_serviceWorkerRegistrationData->activeWorker.value())));
                 m_serviceWorkerRegistrationData = { };
-            } else if (isLocalURL(m_frame->document()->url())) {
-                if (auto* parent = m_frame->document()->parentDocument())
+            } else if (auto* parent = m_frame->document()->parentDocument()) {
+                if (shouldUseActiveServiceWorkerFromParent(*m_frame->document(), *parent))
                     m_frame->document()->setActiveServiceWorker(parent->activeServiceWorker());
             }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes