[webkit-changes] [249733] trunk

[cdumez]

Title: [249733] trunk

Revision

249733

Author

cdu...@apple.com

Date

2019-09-10 14:43:41 -0700 (Tue, 10 Sep 2019)

Log Message

Add missing origin check for Service-Worker-Allowed header
https://bugs.webkit.org/show_bug.cgi?id=201653

Reviewed by Geoffrey Garen.

LayoutTests/imported/w3c:

Rebaseline WPT test that is now passing.

* web-platform-tests/service-workers/service-worker/Service-Worker-Allowed-header.https-expected.txt:

Source/WebCore:

Add missing origin check for Service-Worker-Allowed header:
- https://w3c.github.io/ServiceWorker/#update-algorithm (step 15. 2.)

* workers/service/ServiceWorkerJob.cpp:
(WebCore::ServiceWorkerJob::didReceiveResponse):

Modified Paths

• trunk/LayoutTests/imported/w3c/ChangeLog
• trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/Service-Worker-Allowed-header.https-expected.txt
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/workers/service/ServiceWorkerJob.cpp

Diff

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (249732 => 249733)

--- trunk/LayoutTests/imported/w3c/ChangeLog	2019-09-10 20:37:01 UTC (rev 249732)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2019-09-10 21:43:41 UTC (rev 249733)
@@ -1,5 +1,16 @@
 2019-09-10  Chris Dumez  <cdu...@apple.com>
 
+        Add missing origin check for Service-Worker-Allowed header
+        https://bugs.webkit.org/show_bug.cgi?id=201653
+
+        Reviewed by Geoffrey Garen.
+
+        Rebaseline WPT test that is now passing.
+
+        * web-platform-tests/service-workers/service-worker/Service-Worker-Allowed-header.https-expected.txt:
+
+2019-09-10  Chris Dumez  <cdu...@apple.com>
+
         Re-sync web-platform-tests IDL interfaces from upstream
         https://bugs.webkit.org/show_bug.cgi?id=201630
 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/Service-Worker-Allowed-header.https-expected.txt (249732 => 249733)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/Service-Worker-Allowed-header.https-expected.txt	2019-09-10 20:37:01 UTC (rev 249732)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/Service-Worker-Allowed-header.https-expected.txt	2019-09-10 21:43:41 UTC (rev 249733)
@@ -4,7 +4,7 @@
 PASS Registering within Service-Worker-Allowed path with parent reference 
 PASS Registering outside Service-Worker-Allowed path 
 PASS Registering outside Service-Worker-Allowed path with parent reference 
-FAIL Service-Worker-Allowed is cross-origin to script, registering on a normally allowed scope assert_unreached: Should have rejected: undefined Reached unreachable code
-FAIL Service-Worker-Allowed is cross-origin to script, registering on a normally disallowed scope assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Service-Worker-Allowed is cross-origin to script, registering on a normally allowed scope 
+PASS Service-Worker-Allowed is cross-origin to script, registering on a normally disallowed scope 
 PASS Service-Worker-Allowed is cross-origin to page, same-origin to script 
 

Modified: trunk/Source/WebCore/ChangeLog (249732 => 249733)

--- trunk/Source/WebCore/ChangeLog	2019-09-10 20:37:01 UTC (rev 249732)
+++ trunk/Source/WebCore/ChangeLog	2019-09-10 21:43:41 UTC (rev 249733)
@@ -1,3 +1,16 @@
+2019-09-10  Chris Dumez  <cdu...@apple.com>
+
+        Add missing origin check for Service-Worker-Allowed header
+        https://bugs.webkit.org/show_bug.cgi?id=201653
+
+        Reviewed by Geoffrey Garen.
+
+        Add missing origin check for Service-Worker-Allowed header:
+        - https://w3c.github.io/ServiceWorker/#update-algorithm (step 15. 2.)
+
+        * workers/service/ServiceWorkerJob.cpp:
+        (WebCore::ServiceWorkerJob::didReceiveResponse):
+
 2019-09-10  Sihui Liu  <sihui_...@apple.com>
 
         IndexedDB: cache prepared SQLiteStatement in SQLiteIDBCursor

Modified: trunk/Source/WebCore/workers/service/ServiceWorkerJob.cpp (249732 => 249733)

--- trunk/Source/WebCore/workers/service/ServiceWorkerJob.cpp	2019-09-10 20:37:01 UTC (rev 249732)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerJob.cpp	2019-09-10 21:43:41 UTC (rev 249733)
@@ -134,7 +134,8 @@
         maxScopeString = path.substring(0, path.reverseFind('/') + 1);
     } else {
         auto maxScope = URL(m_jobData.scriptURL, serviceWorkerAllowed);
-        maxScopeString = maxScope.path();
+        if (SecurityOrigin::create(maxScope)->isSameOriginAs(SecurityOrigin::create(m_jobData.scriptURL)))
+            maxScopeString = maxScope.path();
     }
 
     String scopeString = m_jobData.scopeURL.path();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes