Modified: trunk/Source/WebKit/ChangeLog (233334 => 233335)
--- trunk/Source/WebKit/ChangeLog 2018-06-28 22:38:41 UTC (rev 233334)
+++ trunk/Source/WebKit/ChangeLog 2018-06-28 22:45:20 UTC (rev 233335)
@@ -1,3 +1,22 @@
+2018-06-28 Youenn Fablet <[email protected]>
+
+ Early return when handling fetch event in case service worker origin does not match origin of a subresource load
+ https://bugs.webkit.org/show_bug.cgi?id=187153
+ <rdar://problem/41329832>
+
+ Reviewed by Chris Dumez.
+
+ Stop crashing the service worker process in case a subresource load origin is not matching a service worker origin.
+ Instead, just return early so that the load will be handled by the network process.
+
+ Keep crashing in case a navigation load is not matching its service worker origin.
+ Add more logging to help with the debugging.
+
+ * WebProcess/Storage/WebSWContextManagerConnection.cpp:
+ (WebKit::logValidFetchError):
+ (WebKit::isValidFetch):
+ (WebKit::WebSWContextManagerConnection::startFetch):
+
2018-06-28 Jeremy Jones <[email protected]>
Fullscreen exits when placeholder is removed then added during a single runloop.
Modified: trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp (233334 => 233335)
--- trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp 2018-06-28 22:38:41 UTC (rev 233334)
+++ trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp 2018-06-28 22:45:20 UTC (rev 233335)
@@ -189,15 +189,24 @@
if (!serviceWorkerURL.protocolIsInHTTPFamily())
return true;
- if (options.mode == FetchOptions::Mode::Navigate)
- return protocolHostAndPortAreEqual(request.url(), serviceWorkerURL);
+ if (options.mode == FetchOptions::Mode::Navigate && !protocolHostAndPortAreEqual(request.url(), serviceWorkerURL)) {
+ RELEASE_LOG_ERROR(ServiceWorker, "Should not intercept a navigation load that is not same-origin as the service worker URL");
+ RELEASE_ASSERT_WITH_MESSAGE(request.url().host() == serviceWorkerURL.host(), "Hosts do not match");
+ RELEASE_ASSERT_WITH_MESSAGE(request.url().protocol() == serviceWorkerURL.protocol(), "Protocols do not match");
+ RELEASE_ASSERT_WITH_MESSAGE(request.url().port() == serviceWorkerURL.port(), "Ports do not match");
+ return false;
+ }
String origin = request.httpOrigin();
URL url { URL(), origin.isEmpty() ? referrer : origin };
- if (!url.protocolIsInHTTPFamily())
- return true;
-
- return protocolHostAndPortAreEqual(url, serviceWorkerURL);
+ if (url.protocolIsInHTTPFamily() && !protocolHostAndPortAreEqual(url, serviceWorkerURL)) {
+ RELEASE_LOG_ERROR(ServiceWorker, "Should not intercept a non navigation load that is not originating from a same-origin context as the service worker URL");
+ ASSERT(url.host() == serviceWorkerURL.host());
+ ASSERT(url.protocol() == serviceWorkerURL.protocol());
+ ASSERT(url.port() == serviceWorkerURL.port());
+ return false;
+ }
+ return true;
}
void WebSWContextManagerConnection::cancelFetch(SWServerConnectionIdentifier serverConnectionIdentifier, ServiceWorkerIdentifier serviceWorkerIdentifier, FetchIdentifier fetchIdentifier)
@@ -214,7 +223,10 @@
return;
}
- RELEASE_ASSERT(isValidFetch(request, options, serviceWorkerThreadProxy->scriptURL(), referrer));
+ if (!isValidFetch(request, options, serviceWorkerThreadProxy->scriptURL(), referrer)) {
+ m_connectionToStorageProcess->send(Messages::StorageProcess::DidNotHandleFetch { serverConnectionIdentifier, fetchIdentifier }, 0);
+ return;
+ }
auto client = WebServiceWorkerFetchTaskClient::create(m_connectionToStorageProcess.copyRef(), serviceWorkerIdentifier, serverConnectionIdentifier, fetchIdentifier);
std::optional<ServiceWorkerClientIdentifier> clientId;
