WebKit Bugzilla
Attachment 343841 Details for
Bug 187153
: Early return when handling fetch event in case service worker origin does not match origin of a subresource load
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-187153-20180628132111.patch (text/plain), 4.58 KB, created by
youenn fablet
on 2018-06-28 13:21:12 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-06-28 13:21:12 PDT
Size:
4.58 KB
patch
obsolete
>Subversion Revision: 233256 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 51b72c81c3e227443dacc555e0c8f5995ca72a88..3fdab7e9fc903d81f62fa7a6326b86b0afa41854 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,22 @@ >+2018-06-28 Youenn Fablet <youenn@apple.com> >+ >+ Early return when handling fetch event in case service worker origin does not match origin of a subresource load >+ https://bugs.webkit.org/show_bug.cgi?id=187153 >+ <rdar://problem/41329832> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Stop crashing the service worker process in case a subresource load origin is not matching a service worker origin. >+ Instead, just return early so that the load will be handled by the network process. >+ >+ Keep crashing in case a navigation load is not matching its service worker origin. >+ Add more logging to help with the debugging. >+ >+ * WebProcess/Storage/WebSWContextManagerConnection.cpp: >+ (WebKit::logValidFetchError): >+ (WebKit::isValidFetch): >+ (WebKit::WebSWContextManagerConnection::startFetch): >+ > 2018-06-28 Youenn Fablet <youenn@apple.com> > > Handle the case of registerMDNSNameCallback called several times >diff --git a/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp b/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp >index 2cfb3ca1d3cc2adf4f456cdce0f6477a57f204c4..c515a503e65c0d67972f56504f7d905f6bdb42d1 100644 >--- a/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp >+++ b/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp >@@ -183,21 +183,32 @@ void WebSWContextManagerConnection::serviceWorkerStartedWithMessage(std::optiona > m_connectionToStorageProcess->send(Messages::WebSWServerToContextConnection::ScriptContextFailedToStart(jobDataIdentifier, serviceWorkerIdentifier, exceptionMessage), 0); > } > >+static inline void logValidFetchError(const char* message, const URL& serviceWorkerURL, const URL& requestOriginURL) >+{ >+ auto serviceWorkerPort = serviceWorkerURL.port() ? *serviceWorkerURL.port() : 0; >+ auto requestOriginURLPort = requestOriginURL.port() ? *requestOriginURL.port() : 0; >+ RELEASE_LOG_ERROR(ServiceWorker, "%{public}s: service worker is %{public}s://...:%d, request URL is %{public}s://...:%d", message, serviceWorkerURL.protocol().utf8().data(), serviceWorkerPort, requestOriginURL.protocol().utf8().data(), requestOriginURLPort); >+} >+ > static inline bool isValidFetch(const ResourceRequest& request, const FetchOptions& options, const URL& serviceWorkerURL, const String& referrer) > { > // For exotic service workers, do not enforce checks. > if (!serviceWorkerURL.protocolIsInHTTPFamily()) > return true; > >- if (options.mode == FetchOptions::Mode::Navigate) >- return protocolHostAndPortAreEqual(request.url(), serviceWorkerURL); >+ if (options.mode == FetchOptions::Mode::Navigate && !protocolHostAndPortAreEqual(request.url(), serviceWorkerURL)) { >+ logValidFetchError("Cannot intercept a navigation load that is not same-origin as the service worker URL", serviceWorkerURL, request.url()); >+ CRASH(); >+ } > > String origin = request.httpOrigin(); > URL url { URL(), origin.isEmpty() ? referrer : origin }; >- if (!url.protocolIsInHTTPFamily()) >- return true; >+ if (url.protocolIsInHTTPFamily() && !protocolHostAndPortAreEqual(url, serviceWorkerURL)) { >+ logValidFetchError("Trying to intercept a non navigation load that is not originating from a same-origin context as the service worker URL", serviceWorkerURL, url); >+ return false; >+ } > >- return protocolHostAndPortAreEqual(url, serviceWorkerURL); >+ return true; > } > > void WebSWContextManagerConnection::cancelFetch(SWServerConnectionIdentifier serverConnectionIdentifier, ServiceWorkerIdentifier serviceWorkerIdentifier, FetchIdentifier fetchIdentifier) >@@ -214,7 +225,10 @@ void WebSWContextManagerConnection::startFetch(SWServerConnectionIdentifier serv > return; > } > >- RELEASE_ASSERT(isValidFetch(request, options, serviceWorkerThreadProxy->scriptURL(), referrer)); >+ if (!isValidFetch(request, options, serviceWorkerThreadProxy->scriptURL(), referrer)) { >+ m_connectionToStorageProcess->send(Messages::StorageProcess::DidNotHandleFetch { serverConnectionIdentifier, fetchIdentifier }, 0); >+ return; >+ } > > auto client = WebServiceWorkerFetchTaskClient::create(m_connectionToStorageProcess.copyRef(), serviceWorkerIdentifier, serverConnectionIdentifier, fetchIdentifier); > std::optional<ServiceWorkerClientIdentifier> clientId;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343841">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 187153
:
343841
|
343850
|
343860