Title: [228919] trunk/Source
Revision
228919
Author
cdu...@apple.com
Date
2018-02-22 08:55:53 -0800 (Thu, 22 Feb 2018)

Log Message

Add release asserts for service worker fetch and postMessage events
https://bugs.webkit.org/show_bug.cgi?id=183025
rdar://problem/37765052

Patch by Youenn Fablet <you...@apple.com> on 2018-02-22
Reviewed by Daniel Bates.

Source/WebCore:

Add release assertion so that a service worker will only dispatch a message event
for clients and service workers with the same origin.
No change of behavior.

* platform/network/ResourceRequestBase.h:
* workers/service/context/ServiceWorkerThread.cpp:
(WebCore::ServiceWorkerThread::postMessageToServiceWorker):
* workers/service/context/ServiceWorkerThreadProxy.h:

Source/WebKit:

Add assertion to protect interception of a fetch load by a service worker with
a different origin from the page.

* WebProcess/Storage/WebSWContextManagerConnection.cpp:
(WebKit::WebSWContextManagerConnection::startFetch):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (228918 => 228919)


--- trunk/Source/WebCore/ChangeLog	2018-02-22 16:43:45 UTC (rev 228918)
+++ trunk/Source/WebCore/ChangeLog	2018-02-22 16:55:53 UTC (rev 228919)
@@ -1,3 +1,20 @@
+2018-02-22  Youenn Fablet  <you...@apple.com>
+
+        Add release asserts for service worker fetch and postMessage events
+        https://bugs.webkit.org/show_bug.cgi?id=183025
+        rdar://problem/37765052
+
+        Reviewed by Daniel Bates.
+
+        Add release assertion so that a service worker will only dispatch a message event
+        for clients and service workers with the same origin.
+        No change of behavior.
+
+        * platform/network/ResourceRequestBase.h:
+        * workers/service/context/ServiceWorkerThread.cpp:
+        (WebCore::ServiceWorkerThread::postMessageToServiceWorker):
+        * workers/service/context/ServiceWorkerThreadProxy.h:
+
 2018-02-22  Miguel Gomez  <mago...@igalia.com>
 
         including both gl3.h and gl2.h when USE_OPENGL_ES is enabled

Modified: trunk/Source/WebCore/platform/network/ResourceRequestBase.h (228918 => 228919)


--- trunk/Source/WebCore/platform/network/ResourceRequestBase.h	2018-02-22 16:43:45 UTC (rev 228918)
+++ trunk/Source/WebCore/platform/network/ResourceRequestBase.h	2018-02-22 16:55:53 UTC (rev 228919)
@@ -113,7 +113,7 @@
     WEBCORE_EXPORT void setExistingHTTPReferrerToOriginString();
     WEBCORE_EXPORT void clearHTTPReferrer();
 
-    String httpOrigin() const;
+    WEBCORE_EXPORT String httpOrigin() const;
     bool hasHTTPOrigin() const;
     void setHTTPOrigin(const String&);
     WEBCORE_EXPORT void clearHTTPOrigin();

Modified: trunk/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp (228918 => 228919)


--- trunk/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp	2018-02-22 16:43:45 UTC (rev 228918)
+++ trunk/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp	2018-02-22 16:55:53 UTC (rev 228919)
@@ -119,10 +119,16 @@
         ExtendableMessageEventSource source;
         if (WTF::holds_alternative<ServiceWorkerClientData>(sourceData)) {
             RefPtr<ServiceWorkerClient> sourceClient = ServiceWorkerClient::getOrCreate(serviceWorkerGlobalScope, WTFMove(WTF::get<ServiceWorkerClientData>(sourceData)));
+
+            RELEASE_ASSERT(!sourceClient->url().protocolIsInHTTPFamily() || !serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() || protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceClient->url()));
+
             sourceOrigin = SecurityOrigin::create(sourceClient->url());
             source = WTFMove(sourceClient);
         } else {
             RefPtr<ServiceWorker> sourceWorker = ServiceWorker::getOrCreate(serviceWorkerGlobalScope, WTFMove(WTF::get<ServiceWorkerData>(sourceData)));
+
+            RELEASE_ASSERT(!sourceWorker->scriptURL().protocolIsInHTTPFamily() || !serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() || protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceWorker->scriptURL()));
+
             sourceOrigin = SecurityOrigin::create(sourceWorker->scriptURL());
             source = WTFMove(sourceWorker);
         }

Modified: trunk/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h (228918 => 228919)


--- trunk/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h	2018-02-22 16:43:45 UTC (rev 228918)
+++ trunk/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h	2018-02-22 16:55:53 UTC (rev 228919)
@@ -65,6 +65,8 @@
 
     WEBCORE_EXPORT std::unique_ptr<FetchLoader> createBlobLoader(FetchLoaderClient&, const URL&);
 
+    const URL& scriptURL() const { return m_document->url(); }
+
     // Public only for testing purposes.
     WEBCORE_TESTSUPPORT_EXPORT void notifyNetworkStateChange(bool isOnline);
 

Modified: trunk/Source/WebKit/ChangeLog (228918 => 228919)


--- trunk/Source/WebKit/ChangeLog	2018-02-22 16:43:45 UTC (rev 228918)
+++ trunk/Source/WebKit/ChangeLog	2018-02-22 16:55:53 UTC (rev 228919)
@@ -1,3 +1,17 @@
+2018-02-22  Youenn Fablet  <you...@apple.com>
+
+        Add release asserts for service worker fetch and postMessage events
+        https://bugs.webkit.org/show_bug.cgi?id=183025
+        rdar://problem/37765052
+
+        Reviewed by Daniel Bates.
+
+        Add assertion to protect interception of a fetch load by a service worker with
+        a different origin from the page.
+
+        * WebProcess/Storage/WebSWContextManagerConnection.cpp:
+        (WebKit::WebSWContextManagerConnection::startFetch):
+
 2018-02-22  Ms2ger  <ms2...@igalia.com>
 
         [GTK][WPE] Fix some build errors in service workers code

Modified: trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp (228918 => 228919)


--- trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp	2018-02-22 16:43:45 UTC (rev 228918)
+++ trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp	2018-02-22 16:55:53 UTC (rev 228919)
@@ -188,6 +188,11 @@
         return;
     }
 
+    String origin = request.httpOrigin();
+    URL url { URL(), origin.isEmpty() ? referrer : origin };
+    URL serviceWorkerURL = serviceWorkerThreadProxy->scriptURL();
+    RELEASE_ASSERT(!url.protocolIsInHTTPFamily() || !serviceWorkerURL.protocolIsInHTTPFamily() || protocolHostAndPortAreEqual(url, serviceWorkerURL));
+
     auto client = WebServiceWorkerFetchTaskClient::create(m_connectionToStorageProcess.copyRef(), serviceWorkerIdentifier, serverConnectionIdentifier, fetchIdentifier);
     std::optional<ServiceWorkerClientIdentifier> clientId;
     if (options.clientIdentifier)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to