WebKit Bugzilla
Attachment 343850 Details for
Bug 187153
: Early return when handling fetch event in case service worker origin does not match origin of a subresource load
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-187153-20180628141333.patch (text/plain), 4.12 KB, created by
youenn fablet
on 2018-06-28 14:13:34 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-06-28 14:13:34 PDT
Size:
4.12 KB
patch
obsolete
>Subversion Revision: 233256 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 51b72c81c3e227443dacc555e0c8f5995ca72a88..3fdab7e9fc903d81f62fa7a6326b86b0afa41854 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,22 @@ >+2018-06-28 Youenn Fablet <youenn@apple.com> >+ >+ Early return when handling fetch event in case service worker origin does not match origin of a subresource load >+ https://bugs.webkit.org/show_bug.cgi?id=187153 >+ <rdar://problem/41329832> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Stop crashing the service worker process in case a subresource load origin is not matching a service worker origin. >+ Instead, just return early so that the load will be handled by the network process. >+ >+ Keep crashing in case a navigation load is not matching its service worker origin. >+ Add more logging to help with the debugging. >+ >+ * WebProcess/Storage/WebSWContextManagerConnection.cpp: >+ (WebKit::logValidFetchError): >+ (WebKit::isValidFetch): >+ (WebKit::WebSWContextManagerConnection::startFetch): >+ > 2018-06-28 Youenn Fablet <youenn@apple.com> > > Handle the case of registerMDNSNameCallback called several times >diff --git a/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp b/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp >index 2cfb3ca1d3cc2adf4f456cdce0f6477a57f204c4..e427e29470ae7a4b6eeac31759bdc45ce3c57d73 100644 >--- a/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp >+++ b/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp >@@ -189,15 +189,24 @@ static inline bool isValidFetch(const ResourceRequest& request, const FetchOptio > if (!serviceWorkerURL.protocolIsInHTTPFamily()) > return true; > >- if (options.mode == FetchOptions::Mode::Navigate) >- return protocolHostAndPortAreEqual(request.url(), serviceWorkerURL); >+ if (options.mode == FetchOptions::Mode::Navigate && !protocolHostAndPortAreEqual(request.url(), serviceWorkerURL)) { >+ RELEASE_LOG_ERROR(ServiceWorker, "Should not intercept a navigation load that is not same-origin as the service worker URL"); >+ RELEASE_ASSERT_WITH_MESSAGE(request.url().protocol() == serviceWorkerURL.protocol(), "Protocols do not match"); >+ RELEASE_ASSERT_WITH_MESSAGE(request.url().host() == serviceWorkerURL.host(), "Hosts do not match"); >+ RELEASE_ASSERT_WITH_MESSAGE(request.url().port() == serviceWorkerURL.port(), "Ports do not match"); >+ return false; >+ } > > String origin = request.httpOrigin(); > URL url { URL(), origin.isEmpty() ? referrer : origin }; >- if (!url.protocolIsInHTTPFamily()) >- return true; >- >- return protocolHostAndPortAreEqual(url, serviceWorkerURL); >+ if (url.protocolIsInHTTPFamily() && !protocolHostAndPortAreEqual(url, serviceWorkerURL)) { >+ RELEASE_LOG_ERROR(ServiceWorker, "Should not intercept a non navigation load that is not originating from a same-origin context as the service worker URL"); >+ ASSERT(url.protocol() == serviceWorkerURL.protocol()); >+ ASSERT(url.host() == serviceWorkerURL.host()); >+ ASSERT(url.port() == serviceWorkerURL.port()); >+ return false; >+ } >+ return true; > } > > void WebSWContextManagerConnection::cancelFetch(SWServerConnectionIdentifier serverConnectionIdentifier, ServiceWorkerIdentifier serviceWorkerIdentifier, FetchIdentifier fetchIdentifier) >@@ -214,7 +223,10 @@ void WebSWContextManagerConnection::startFetch(SWServerConnectionIdentifier serv > return; > } > >- RELEASE_ASSERT(isValidFetch(request, options, serviceWorkerThreadProxy->scriptURL(), referrer)); >+ if (!isValidFetch(request, options, serviceWorkerThreadProxy->scriptURL(), referrer)) { >+ m_connectionToStorageProcess->send(Messages::StorageProcess::DidNotHandleFetch { serverConnectionIdentifier, fetchIdentifier }, 0); >+ return; >+ } > > auto client = WebServiceWorkerFetchTaskClient::create(m_connectionToStorageProcess.copyRef(), serviceWorkerIdentifier, serverConnectionIdentifier, fetchIdentifier); > std::optional<ServiceWorkerClientIdentifier> clientId;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343850">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 187153
:
343841
|
343850
|
343860