67978 2011-09-12 18:42:14 -0700 WebWorkers fail with document.domain set when accessing from subdomain 2011-11-13 13:24:48 -0800 1 1 1 Unclassified WebKit WebCore JavaScript 528+ (Nightly build) Mac All RESOLVED FIXED P2 Normal --- 0 dylan.sproule abarth abarth ap atwilson dslomov joshvermaire levin sam webkit.review.bot oldest_to_newest 466021 0 dylan.sproule 2011-09-12 18:42:14 -0700 I am currently running into issues with running WebWorkers on Chrome when document.domain is set, this is not failing in Firefox. I am receiving the following error: "SECURITY_ERR: DOM Exception 18" DOMException, code: 18 in Chrome I am currently running Chrome v13.0.782.220. Repro: - Set document.domain="domain.com" while visiting a "subdomain.domain.com" - Init web worker ER: - Worker is initialized AR: "SECURITY_ERR: DOM Exception 18" DOMException, code: 18 in Chrome 466152 1 ap 2011-09-12 23:06:49 -0700 Does this also happen in Safari? Can you provide a test case to reproduce this? 466165 2 atwilson 2011-09-12 23:45:20 -0700 According to an email conversation with the reporter, this happens in both Chromium and Safari. I'm guessing our logic in AbstractWorker::resolveUrl() is to blame - specifically: if (!scriptExecutionContext()->securityOrigin()->canAccess(SecurityOrigin::create(scriptURL).get())) { ec = SECURITY_ERR; return KURL(); } Not sure why securityOrigin()->canAccess() would return false in this case. Agreed that it'd be nice to have source code for a fail case. 466510 3 abarth 2011-09-13 13:38:49 -0700 > if (!scriptExecutionContext()->securityOrigin()->canAccess(SecurityOrigin::create(scriptURL).get())) { Whenever you see this sort of code, you probably want to call canRequest instead. 497344 4 joshvermaire 2011-11-07 11:44:53 -0800 We are having the same issue. Use case is as follows: We're on a subdomain of domain.com We set: document.domain = "domain.com" Later create any new worker: worker = new Worker('worker.js') Error returns in both Chrome and Safari: SECURITY_ERR: DOM Exception 18 Works as expected for www.domain.com. 497395 5 abarth 2011-11-07 12:54:12 -0800 Will fix. 497509 6 113936 abarth 2011-11-07 15:06:01 -0800 Created attachment 113936 Patch 497559 7 joshvermaire 2011-11-07 16:04:00 -0800 (In reply to comment #6) > Created an attachment (id=113936) [details] > Patch Thanks Adam. Is there any way to implement this into our app so that users get the functionality today? 497560 8 abarth 2011-11-07 16:06:54 -0800 > Thanks Adam. Is there any way to implement this into our app so that users get the functionality today? I'm not 100% sure I understand your question, but you'll likely need to wait until whatever kind of WebKit you're using updates past the revision when this patch lands. If you're providing your own version of WebKit, you can control when that happens. If someone else is providing the WebKit (e.g., iOS), then you'll need to wait for your provider to update. 497596 9 113936 webkit.review.bot 2011-11-07 16:51:45 -0800 Comment on attachment 113936 Patch Clearing flags on attachment: 113936 Committed r99505: <http://trac.webkit.org/changeset/99505> 497597 10 webkit.review.bot 2011-11-07 16:51:50 -0800 All reviewed patches have been landed. Closing bug. 501539 11 dylan.sproule 2011-11-13 13:24:48 -0800 Just an FYI, I was able to workaround this in the mean time by initializing my worker before setting document.domain. (In reply to comment #7) > (In reply to comment #6) > > Created an attachment (id=113936) [details] [details] > > Patch > > Thanks Adam. Is there any way to implement this into our app so that users get the functionality today? 113936 2011-11-07 15:06:01 -0800 2011-11-07 16:51:45 -0800 Patch bug-67978-20111107150600.patch text/plain 3967 abarth SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDk5NDg1KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTggQEAKKzIwMTEtMTEtMDcgIEFkYW0gQmFy dGggIDxhYmFydGhAd2Via2l0Lm9yZz4KKworICAgICAgICBXZWJXb3JrZXJzIGZhaWwgd2l0aCBk b2N1bWVudC5kb21haW4gc2V0IHdoZW4gYWNjZXNzaW5nIGZyb20gc3ViZG9tYWluCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD02Nzk3OAorCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFdvcmtlcnMgc2hvdWxkIGln bm9yZSBkb2N1bWVudC5kb21haW4gd2hlbiBkZWNpZGluZyB3aGljaCBVUkxzIGEKKyAgICAgICAg ZG9jdW1lbnQgY2FuIHJlcXVlc3QsIGp1c3QgbGlrZSBYTUxIdHRwUmVxdWVzdCBhbmQgZXZlcnkg b3RoZXIgQVBJLgorCisgICAgICAgIFRlc3Q6IGh0dHAvdGVzdHMvd29ya2Vycy93b3JrZXItZG9j dW1lbnQtZG9tYWluLXNlY3VyaXR5Lmh0bWwKKworICAgICAgICAqIHdvcmtlcnMvQWJzdHJhY3RX b3JrZXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6QWJzdHJhY3RXb3JrZXI6OnJlc29sdmVVUkwp OgorCiAyMDExLTExLTA3ICBWYW5nZWxpcyBLb2trZXZpcyAgPHZhbmdlbGlzQGNocm9taXVtLm9y Zz4KIAogICAgICAgICBDcmVhdGUgYSBzZXBhcmF0ZSBzZXR0aW5nIGZvciBjb21wb3NpdGluZyBv ZiBmb3Igc2Nyb2xsYWJsZSBbaV1mcmFtZXMKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL3dvcmtlcnMv QWJzdHJhY3RXb3JrZXIuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL3dvcmtlcnMv QWJzdHJhY3RXb3JrZXIuY3BwCShyZXZpc2lvbiA5OTQ3NykKKysrIFNvdXJjZS9XZWJDb3JlL3dv cmtlcnMvQWJzdHJhY3RXb3JrZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC04MCwxMCArODAsMTEg QEAgS1VSTCBBYnN0cmFjdFdvcmtlcjo6cmVzb2x2ZVVSTChjb25zdCBTdAogICAgICAgICByZXR1 cm4gS1VSTCgpOwogICAgIH0KIAotICAgIGlmICghc2NyaXB0RXhlY3V0aW9uQ29udGV4dCgpLT5z ZWN1cml0eU9yaWdpbigpLT5jYW5BY2Nlc3MoU2VjdXJpdHlPcmlnaW46OmNyZWF0ZShzY3JpcHRV UkwpLmdldCgpKSkgeworICAgIGlmICghc2NyaXB0RXhlY3V0aW9uQ29udGV4dCgpLT5zZWN1cml0 eU9yaWdpbigpLT5jYW5SZXF1ZXN0KHNjcmlwdFVSTCkpIHsKICAgICAgICAgZWMgPSBTRUNVUklU WV9FUlI7CiAgICAgICAgIHJldHVybiBLVVJMKCk7CiAgICAgfQorCiAgICAgcmV0dXJuIHNjcmlw dFVSTDsKIH0KIApJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExh eW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gOTk0ODUpCisrKyBMYXlvdXRUZXN0cy9DaGFu Z2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxNiBAQAorMjAxMS0xMS0wNyAgQWRhbSBC YXJ0aCAgPGFiYXJ0aEB3ZWJraXQub3JnPgorCisgICAgICAgIFdlYldvcmtlcnMgZmFpbCB3aXRo IGRvY3VtZW50LmRvbWFpbiBzZXQgd2hlbiBhY2Nlc3NpbmcgZnJvbSBzdWJkb21haW4KKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTY3OTc4CisKKyAgICAg ICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVGVzdCB0aGF0IGEgZG9j dW1lbnQgY2FuIHN0aWxsIGNyZWF0ZSBzYW1lLW9yaWdpbiB3b3JrZXJzIGFmdGVyIHNldHRpbmcK KyAgICAgICAgZG9jdW1lbnQuZG9tYWluLgorCisgICAgICAgICogaHR0cC90ZXN0cy93b3JrZXJz L3dvcmtlci1kb2N1bWVudC1kb21haW4tc2VjdXJpdHktZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAg ICAgICAgKiBodHRwL3Rlc3RzL3dvcmtlcnMvd29ya2VyLWRvY3VtZW50LWRvbWFpbi1zZWN1cml0 eS5odG1sOiBBZGRlZC4KKwogMjAxMS0xMS0wNyAgVmFuZ2VsaXMgS29ra2V2aXMgIDx2YW5nZWxp c0BjaHJvbWl1bS5vcmc+CiAKICAgICAgICAgW2Nocm9taXVtXSBNYWtlIGNvbXBvc2l0aW5nIGZv ciBzY3JvbGxhYmxlIFtpXWZyYW1lcyBhIHNldHRpbmcgc2VwYXJhdGUgZnJvbQpJbmRleDogTGF5 b3V0VGVzdHMvaHR0cC90ZXN0cy93b3JrZXJzL3dvcmtlci1kb2N1bWVudC1kb21haW4tc2VjdXJp dHktZXhwZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2h0dHAvdGVzdHMvd29y a2Vycy93b3JrZXItZG9jdW1lbnQtZG9tYWluLXNlY3VyaXR5LWV4cGVjdGVkLnR4dAkocmV2aXNp b24gMCkKKysrIExheW91dFRlc3RzL2h0dHAvdGVzdHMvd29ya2Vycy93b3JrZXItZG9jdW1lbnQt ZG9tYWluLXNlY3VyaXR5LWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwzIEBA CitQQVNTOiBHb3Qgc2VjdXJpdHkgZXJyb3IuCitQQVNTOiBObyBleGNlcHRpb24gdGhyb3cgd2hl biBhY2Nlc3NpbmcgYSBzYW1lLW9yaWdpbiBVUkwgYWZ0ZXIgc2V0dGluZyBkb2N1bWVudC5kb21h aW4uCisKSW5kZXg6IExheW91dFRlc3RzL2h0dHAvdGVzdHMvd29ya2Vycy93b3JrZXItZG9jdW1l bnQtZG9tYWluLXNlY3VyaXR5Lmh0bWwKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvaHR0cC90 ZXN0cy93b3JrZXJzL3dvcmtlci1kb2N1bWVudC1kb21haW4tc2VjdXJpdHkuaHRtbAkocmV2aXNp b24gMCkKKysrIExheW91dFRlc3RzL2h0dHAvdGVzdHMvd29ya2Vycy93b3JrZXItZG9jdW1lbnQt ZG9tYWluLXNlY3VyaXR5Lmh0bWwJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMzQgQEAKKzxodG1s PgorPGJvZHk+Cis8ZGl2IGlkPXJlc3VsdD48L2Rpdj4KKzxzY3JpcHQ+CitpZiAod2luZG93Lmxh eW91dFRlc3RDb250cm9sbGVyKQorICAgIGxheW91dFRlc3RDb250cm9sbGVyLmR1bXBBc1RleHQo KTsKKworZnVuY3Rpb24gbG9nKG1lc3NhZ2UpCit7CisgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5 SWQoInJlc3VsdCIpLmlubmVySFRNTCArPSBtZXNzYWdlICsgIjxicj4iOworfQorCitkb2N1bWVu dC5kb21haW4gPSAiMC4wLjEiOworCit0cnkgeworICAgIG5ldyBXb3JrZXIoImh0dHA6Ly8wLjAu MS93b3JrZXIuanMiKTsKKyAgICBsb2coIkZBSUw6IE5vIGV4Y2VwdGlvbiB0aHJvd24gd2hlbiBh Y2Nlc3NpbmcgYSB3b3JrZXIgZnJvbSBhbm90aGVyIGRvbWFpbi4iKTsKK30gY2F0Y2ggKGVycm9y KSB7CisgICAgaWYgKGVycm9yLmNvZGUgPT0gMTgpCisgICAgICAgIGxvZygiUEFTUzogR290IHNl Y3VyaXR5IGVycm9yLiIpOworICAgIGVsc2UKKyAgICAgICAgbG9nKCJGQUlMOiBHb3QgZXJyb3Ig Y29kZSAiICsgZXJyb3IuY29kZSArICIuIEV4cGVjdGVkIGVycm9yIGNvZGUgMTguIik7Cit9CisK K3RyeSB7CisgICAgbmV3IFdvcmtlcigicmVzb3VyY2VzL25vbi1leGlzdGVudC5qcyIpOworICAg IGxvZygiUEFTUzogTm8gZXhjZXB0aW9uIHRocm93IHdoZW4gYWNjZXNzaW5nIGEgc2FtZS1vcmln aW4gVVJMIGFmdGVyIHNldHRpbmcgZG9jdW1lbnQuZG9tYWluLiIpOworfSBjYXRjaCAoZXJyb3Ip IHsKKyAgICBsb2coIkZBSUw6IEdvdCBlcnJvciBjb2RlICIgKyBlcnJvci5jb2RlICsgIi4iKTsK K30KKworPC9zY3JpcHQ+Cis8L2JvZHk+Cis8L2h0bWw+Cg==