- Revision
- 256381
- Author
- you...@apple.com
- Date
- 2020-02-11 15:32:10 -0800 (Tue, 11 Feb 2020)
Log Message
Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
https://bugs.webkit.org/show_bug.cgi?id=207506
Reviewed by Darin Adler.
LayoutTests/imported/w3c:
* web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt:
Source/WebCore:
Instead of checking document URL protocol, implement the rules as per spec, in particular:
- If http/https, do not reuse controller
- If iframe has a unique origin, do not reuse controller
- If iframe does not have same origin as parent, do not reuse controller.
Covered by rebased test.
* loader/DocumentLoader.cpp:
(WebCore::isInheritingControllerFromParent):
(WebCore::DocumentLoader::commitData):
(WebCore::isLocalURL): Deleted.
LayoutTests:
* http/tests/workers/service/serviceworkerclients-claim.https-expected.txt:
Rebased test since now the frame is doing a fetch that is no longer intercepted by the service worker,
and is thus failing due to CORS.
* http/tests/workers/service/serviceworkerclients-claim.https.html:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (256380 => 256381)
--- trunk/LayoutTests/ChangeLog 2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/LayoutTests/ChangeLog 2020-02-11 23:32:10 UTC (rev 256381)
@@ -1,3 +1,15 @@
+2020-02-11 Youenn Fablet <you...@apple.com>
+
+ Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+ https://bugs.webkit.org/show_bug.cgi?id=207506
+
+ Reviewed by Darin Adler.
+
+ * http/tests/workers/service/serviceworkerclients-claim.https-expected.txt:
+ Rebased test since now the frame is doing a fetch that is no longer intercepted by the service worker,
+ and is thus failing due to CORS.
+ * http/tests/workers/service/serviceworkerclients-claim.https.html:
+
2020-02-11 Jason Lawrence <lawrenc...@apple.com>
[ iOS wk2 ] http/wpt/service-workers/service-worker-spinning-fetch.https.html is flaky failing.
Modified: trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https-expected.txt (256380 => 256381)
--- trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https-expected.txt 2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https-expected.txt 2020-02-11 23:32:10 UTC (rev 256381)
@@ -1,3 +1,6 @@
+CONSOLE MESSAGE: Origin null is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Fetch API cannot load https://127.0.0.1:8443/pinkelephant due to access control checks.
+CONSOLE MESSAGE: line 1: Unhandled Promise Rejection: TypeError: Origin null is not allowed by Access-Control-Allow-Origin.
PASS Setup worker
Modified: trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https.html (256380 => 256381)
--- trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https.html 2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/LayoutTests/http/tests/workers/service/serviceworkerclients-claim.https.html 2020-02-11 23:32:10 UTC (rev 256381)
@@ -60,13 +60,12 @@
promise_test(async (test) => {
var promise = new Promise((resolve, reject) => {
window.addEventListener("message", (event) => {
- resolve(event.data);
+ reject("Received a message from iframe:" + event.data);
}, false);
- setTimeout(() => { reject("Did not receive any message from iframe"); }, 5000);
+ setTimeout(resolve, 100);
});
var frame = await withFrame("data:text/html," + htmlString);
- var result = await promise;
- assert_equals(result, "PASS");
+ return promise;
}, "Test data URL frame");
promise_test(async (test) => {
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (256380 => 256381)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2020-02-11 23:32:10 UTC (rev 256381)
@@ -1,3 +1,12 @@
+2020-02-11 Youenn Fablet <you...@apple.com>
+
+ Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+ https://bugs.webkit.org/show_bug.cgi?id=207506
+
+ Reviewed by Darin Adler.
+
+ * web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt:
+
2020-02-07 Ryosuke Niwa <rn...@webkit.org>
Don't update selection when calling setSelectionRange on a disconnected input element
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt (256380 => 256381)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt 2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/local-url-inherit-controller.https-expected.txt 2020-02-11 23:32:10 UTC (rev 256381)
@@ -3,7 +3,7 @@
PASS Same-origin blob URL iframe should intercept fetch().
FAIL Same-origin blob URL worker should inherit service worker controller. assert_equals: blob URL worker should inherit controller expected (string) "https://localhost:9443/service-workers/service-worker/resources/local-url-inherit-controller-worker.js" but got (object) null
PASS Same-origin blob URL worker should intercept fetch().
-FAIL Data URL iframe should not intercept fetch(). assert_equals: data URL iframe should not intercept fetch expected "" but got "intercepted"
+PASS Data URL iframe should not intercept fetch().
FAIL Data URL worker should not inherit service worker controller. promise_test: Unhandled rejection with value: object "SecurityError: The operation is insecure."
FAIL Data URL worker should not intercept fetch(). promise_test: Unhandled rejection with value: object "SecurityError: The operation is insecure."
Modified: trunk/Source/WebCore/ChangeLog (256380 => 256381)
--- trunk/Source/WebCore/ChangeLog 2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/Source/WebCore/ChangeLog 2020-02-11 23:32:10 UTC (rev 256381)
@@ -1,3 +1,22 @@
+2020-02-11 Youenn Fablet <you...@apple.com>
+
+ Parent service worker controller should be used for child iframe as per https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+ https://bugs.webkit.org/show_bug.cgi?id=207506
+
+ Reviewed by Darin Adler.
+
+ Instead of checking document URL protocol, implement the rules as per spec, in particular:
+ - If http/https, do not reuse controller
+ - If iframe has a unique origin, do not reuse controller
+ - If iframe does not have same origin as parent, do not reuse controller.
+
+ Covered by rebased test.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::isInheritingControllerFromParent):
+ (WebCore::DocumentLoader::commitData):
+ (WebCore::isLocalURL): Deleted.
+
2020-02-11 Zalan Bujtas <za...@apple.com>
[LFC] Introduce Layout::ReplacedBox
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (256380 => 256381)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2020-02-11 23:13:00 UTC (rev 256380)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2020-02-11 23:32:10 UTC (rev 256381)
@@ -1057,11 +1057,10 @@
}
#if ENABLE(SERVICE_WORKER)
-static inline bool isLocalURL(const URL& url)
+// https://w3c.github.io/ServiceWorker/#control-and-use-window-client
+static inline bool shouldUseActiveServiceWorkerFromParent(const Document& document, const Document& parent)
{
- // https://fetch.spec.whatwg.org/#is-local
- auto protocol = url.protocol().toStringWithoutCopying();
- return equalLettersIgnoringASCIICase(protocol, "data") || equalLettersIgnoringASCIICase(protocol, "blob") || equalLettersIgnoringASCIICase(protocol, "about");
+ return !document.url().protocolIsInHTTPFamily() && !document.securityOrigin().isUnique() && parent.securityOrigin().canAccess(document.securityOrigin());
}
#endif
@@ -1092,8 +1091,8 @@
if (m_serviceWorkerRegistrationData && m_serviceWorkerRegistrationData->activeWorker) {
m_frame->document()->setActiveServiceWorker(ServiceWorker::getOrCreate(*m_frame->document(), WTFMove(m_serviceWorkerRegistrationData->activeWorker.value())));
m_serviceWorkerRegistrationData = { };
- } else if (isLocalURL(m_frame->document()->url())) {
- if (auto* parent = m_frame->document()->parentDocument())
+ } else if (auto* parent = m_frame->document()->parentDocument()) {
+ if (shouldUseActiveServiceWorkerFromParent(*m_frame->document(), *parent))
m_frame->document()->setActiveServiceWorker(parent->activeServiceWorker());
}