Skip to site navigation (Press enter)

[webkit-changes] [262026] trunk

youenn Thu, 21 May 2020 13:40:53 -0700

Title: [262026] trunk

Revision: 262026
Author: you...@apple.com
Date: 2020-05-21 13:40:03 -0700 (Thu, 21 May 2020)

Log Message

Incorrect location.origin in blob workers
https://bugs.webkit.org/show_bug.cgi?id=211876
<rdar://problem/63284717>


Reviewed by Sihui Liu.

Source/WebCore:

Instead of computing the origin from the location URL in worker, get it directly from the WorkerGlobalScope origin.
This ensures we unwrap properly blob URLs.

Test: http/tests/security/contentSecurityPolicy/worker-blob-location.html

* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::location const):
* workers/WorkerLocation.cpp:
(WebCore::WorkerLocation::origin const):
* workers/WorkerLocation.h:
(WebCore::WorkerLocation::create):
(WebCore::WorkerLocation::url const):
(WebCore::WorkerLocation::WorkerLocation):

LayoutTests:

* http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-blob-location.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/workers/WorkerGlobalScope.cpp
trunk/Source/WebCore/workers/WorkerLocation.cpp
trunk/Source/WebCore/workers/WorkerLocation.h

Added Paths

trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location.html

Diff

Modified: trunk/LayoutTests/ChangeLog (262025 => 262026)


--- trunk/LayoutTests/ChangeLog	2020-05-21 20:27:36 UTC (rev 262025)
+++ trunk/LayoutTests/ChangeLog	2020-05-21 20:40:03 UTC (rev 262026)
@@ -1,3 +1,14 @@
+2020-05-21  Youenn Fablet  <you...@apple.com>
+
+        Incorrect location.origin in blob workers
+        https://bugs.webkit.org/show_bug.cgi?id=211876
+        <rdar://problem/63284717>
+
+        Reviewed by Sihui Liu.
+
+        * http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/worker-blob-location.html: Added.
+
 2020-05-21  Ryan Haddad  <ryanhad...@apple.com>
 
         Unreviewed test gardening, remove expectations for tests that are consistently passing.

Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt (0 => 262026)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location-expected.txt	2020-05-21 20:40:03 UTC (rev 262026)
@@ -0,0 +1,3 @@
+
+PASS Blob worker location 
+

Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location.html (0 => 262026)


--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-location.html	2020-05-21 20:40:03 UTC (rev 262026)
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src=""
+  <script src=""
+</head>
+<body>
+  <script>
+  async_test(function () {
+      var blob = new Blob([
+          "postMessage({ origin: location.origin, href: location.href, protocol: location.protocol, host: location.host, hostname: location.hostname, pathname: location.pathname });"
+      ]);
+      var worker = new Worker(window.URL.createObjectURL(blob));
+      worker._onmessage_ = this.step_func(function (evt) {
+          assert_equals(evt.data.origin, "http://127.0.0.1:8000");
+          assert_true(evt.data.href.startsWith("blob:http://127.0.0.1:8000/"));
+          assert_equals(evt.data.protocol, "blob:");
+          assert_equals(evt.data.host, "");
+          assert_equals(evt.data.hostname, "");
+          assert_true(evt.data.pathname.startsWith("http://127.0.0.1:8000/"));
+
+          this.done();
+      });
+  }, "Blob worker location");
+  </script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (262025 => 262026)


--- trunk/Source/WebCore/ChangeLog	2020-05-21 20:27:36 UTC (rev 262025)
+++ trunk/Source/WebCore/ChangeLog	2020-05-21 20:40:03 UTC (rev 262026)
@@ -1,3 +1,25 @@
+2020-05-21  Youenn Fablet  <you...@apple.com>
+
+        Incorrect location.origin in blob workers
+        https://bugs.webkit.org/show_bug.cgi?id=211876
+        <rdar://problem/63284717>
+
+        Reviewed by Sihui Liu.
+
+        Instead of computing the origin from the location URL in worker, get it directly from the WorkerGlobalScope origin.
+        This ensures we unwrap properly blob URLs.
+
+        Test: http/tests/security/contentSecurityPolicy/worker-blob-location.html
+
+        * workers/WorkerGlobalScope.cpp:
+        (WebCore::WorkerGlobalScope::location const):
+        * workers/WorkerLocation.cpp:
+        (WebCore::WorkerLocation::origin const):
+        * workers/WorkerLocation.h:
+        (WebCore::WorkerLocation::create):
+        (WebCore::WorkerLocation::url const):
+        (WebCore::WorkerLocation::WorkerLocation):
+
 2020-05-21  John Wilander  <wilan...@apple.com>
 
         Storage Access API: Allow configurable storage access scope

Modified: trunk/Source/WebCore/workers/WorkerGlobalScope.cpp (262025 => 262026)


--- trunk/Source/WebCore/workers/WorkerGlobalScope.cpp	2020-05-21 20:27:36 UTC (rev 262025)
+++ trunk/Source/WebCore/workers/WorkerGlobalScope.cpp	2020-05-21 20:40:03 UTC (rev 262026)
@@ -239,7 +239,7 @@
 WorkerLocation& WorkerGlobalScope::location() const
 {
     if (!m_location)
-        m_location = WorkerLocation::create(m_url);
+        m_location = WorkerLocation::create(URL { m_url }, origin());
     return *m_location;
 }

Modified: trunk/Source/WebCore/workers/WorkerLocation.cpp (262025 => 262026)


--- trunk/Source/WebCore/workers/WorkerLocation.cpp	2020-05-21 20:27:36 UTC (rev 262025)
+++ trunk/Source/WebCore/workers/WorkerLocation.cpp	2020-05-21 20:40:03 UTC (rev 262026)
@@ -75,7 +75,7 @@
 
 String WorkerLocation::origin() const
 {
-    return SecurityOriginData::fromURL(m_url).toString();
+    return m_origin;
 }
 
 } // namespace WebCore

Modified: trunk/Source/WebCore/workers/WorkerLocation.h (262025 => 262026)


--- trunk/Source/WebCore/workers/WorkerLocation.h	2020-05-21 20:27:36 UTC (rev 262025)
+++ trunk/Source/WebCore/workers/WorkerLocation.h	2020-05-21 20:40:03 UTC (rev 262026)
@@ -33,13 +33,9 @@
 
     class WorkerLocation : public RefCounted<WorkerLocation> {
     public:
-        static Ref<WorkerLocation> create(const URL& url)
-        {
-            return adoptRef(*new WorkerLocation(url));
-        }
+        static Ref<WorkerLocation> create(URL&& url, String&& origin) { return adoptRef(*new WorkerLocation(WTFMove(url), WTFMove(origin))); }
 
         const URL& url() const { return m_url; }
-
         String href() const;
 
         // URI decomposition attributes
@@ -53,9 +49,14 @@
         String origin() const;
 
     private:
-        explicit WorkerLocation(const URL& url) : m_url(url) { }
+        WorkerLocation(URL&& url, String&& origin)
+            : m_url(WTFMove(url))
+            , m_origin(WTFMove(origin))
+        {
+        }
 
         URL m_url;
+        String m_origin;
     };
 
 } // namespace WebCore

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes