- Revision
- 262026
- Author
- you...@apple.com
- Date
- 2020-05-21 13:40:03 -0700 (Thu, 21 May 2020)
Log Message
Incorrect location.origin in blob workers
https://bugs.webkit.org/show_bug.cgi?id=211876
<rdar://problem/63284717>
Reviewed by Sihui Liu.
Source/WebCore:
Instead of computing the origin from the location URL in worker, get it directly from the WorkerGlobalScope origin.
This ensures we unwrap properly blob URLs.
Test: http/tests/security/contentSecurityPolicy/worker-blob-location.html
* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::location const):
* workers/WorkerLocation.cpp:
(WebCore::WorkerLocation::origin const):
* workers/WorkerLocation.h:
(WebCore::WorkerLocation::create):
(WebCore::WorkerLocation::url const):
(WebCore::WorkerLocation::WorkerLocation):
LayoutTests:
* http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-blob-location.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (262025 => 262026)
--- trunk/LayoutTests/ChangeLog 2020-05-21 20:27:36 UTC (rev 262025)
+++ trunk/LayoutTests/ChangeLog 2020-05-21 20:40:03 UTC (rev 262026)
@@ -1,3 +1,14 @@
+2020-05-21 Youenn Fablet <you...@apple.com>
+
+ Incorrect location.origin in blob workers
+ https://bugs.webkit.org/show_bug.cgi?id=211876
+ <rdar://problem/63284717>
+
+ Reviewed by Sihui Liu.
+
+ * http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/worker-blob-location.html: Added.
+
2020-05-21 Ryan Haddad <ryanhad...@apple.com>
Unreviewed test gardening, remove expectations for tests that are consistently passing.
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt (0 => 262026)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt 2020-05-21 20:40:03 UTC (rev 262026)
@@ -0,0 +1,3 @@
+
+PASS Blob worker location
+
Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location.html (0 => 262026)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location.html 2020-05-21 20:40:03 UTC (rev 262026)
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script src=""
+ <script src=""
+</head>
+<body>
+ <script>
+ async_test(function () {
+ var blob = new Blob([
+ "postMessage({ origin: location.origin, href: location.href, protocol: location.protocol, host: location.host, hostname: location.hostname, pathname: location.pathname });"
+ ]);
+ var worker = new Worker(window.URL.createObjectURL(blob));
+ worker._onmessage_ = this.step_func(function (evt) {
+ assert_equals(evt.data.origin, "http://127.0.0.1:8000");
+ assert_true(evt.data.href.startsWith("blob:http://127.0.0.1:8000/"));
+ assert_equals(evt.data.protocol, "blob:");
+ assert_equals(evt.data.host, "");
+ assert_equals(evt.data.hostname, "");
+ assert_true(evt.data.pathname.startsWith("http://127.0.0.1:8000/"));
+
+ this.done();
+ });
+ }, "Blob worker location");
+ </script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (262025 => 262026)
--- trunk/Source/WebCore/ChangeLog 2020-05-21 20:27:36 UTC (rev 262025)
+++ trunk/Source/WebCore/ChangeLog 2020-05-21 20:40:03 UTC (rev 262026)
@@ -1,3 +1,25 @@
+2020-05-21 Youenn Fablet <you...@apple.com>
+
+ Incorrect location.origin in blob workers
+ https://bugs.webkit.org/show_bug.cgi?id=211876
+ <rdar://problem/63284717>
+
+ Reviewed by Sihui Liu.
+
+ Instead of computing the origin from the location URL in worker, get it directly from the WorkerGlobalScope origin.
+ This ensures we unwrap properly blob URLs.
+
+ Test: http/tests/security/contentSecurityPolicy/worker-blob-location.html
+
+ * workers/WorkerGlobalScope.cpp:
+ (WebCore::WorkerGlobalScope::location const):
+ * workers/WorkerLocation.cpp:
+ (WebCore::WorkerLocation::origin const):
+ * workers/WorkerLocation.h:
+ (WebCore::WorkerLocation::create):
+ (WebCore::WorkerLocation::url const):
+ (WebCore::WorkerLocation::WorkerLocation):
+
2020-05-21 John Wilander <wilan...@apple.com>
Storage Access API: Allow configurable storage access scope
Modified: trunk/Source/WebCore/workers/WorkerGlobalScope.cpp (262025 => 262026)
--- trunk/Source/WebCore/workers/WorkerGlobalScope.cpp 2020-05-21 20:27:36 UTC (rev 262025)
+++ trunk/Source/WebCore/workers/WorkerGlobalScope.cpp 2020-05-21 20:40:03 UTC (rev 262026)
@@ -239,7 +239,7 @@
WorkerLocation& WorkerGlobalScope::location() const
{
if (!m_location)
- m_location = WorkerLocation::create(m_url);
+ m_location = WorkerLocation::create(URL { m_url }, origin());
return *m_location;
}
Modified: trunk/Source/WebCore/workers/WorkerLocation.cpp (262025 => 262026)
--- trunk/Source/WebCore/workers/WorkerLocation.cpp 2020-05-21 20:27:36 UTC (rev 262025)
+++ trunk/Source/WebCore/workers/WorkerLocation.cpp 2020-05-21 20:40:03 UTC (rev 262026)
@@ -75,7 +75,7 @@
String WorkerLocation::origin() const
{
- return SecurityOriginData::fromURL(m_url).toString();
+ return m_origin;
}
} // namespace WebCore
Modified: trunk/Source/WebCore/workers/WorkerLocation.h (262025 => 262026)
--- trunk/Source/WebCore/workers/WorkerLocation.h 2020-05-21 20:27:36 UTC (rev 262025)
+++ trunk/Source/WebCore/workers/WorkerLocation.h 2020-05-21 20:40:03 UTC (rev 262026)
@@ -33,13 +33,9 @@
class WorkerLocation : public RefCounted<WorkerLocation> {
public:
- static Ref<WorkerLocation> create(const URL& url)
- {
- return adoptRef(*new WorkerLocation(url));
- }
+ static Ref<WorkerLocation> create(URL&& url, String&& origin) { return adoptRef(*new WorkerLocation(WTFMove(url), WTFMove(origin))); }
const URL& url() const { return m_url; }
-
String href() const;
// URI decomposition attributes
@@ -53,9 +49,14 @@
String origin() const;
private:
- explicit WorkerLocation(const URL& url) : m_url(url) { }
+ WorkerLocation(URL&& url, String&& origin)
+ : m_url(WTFMove(url))
+ , m_origin(WTFMove(origin))
+ {
+ }
URL m_url;
+ String m_origin;
};
} // namespace WebCore