Bug 182140

Summary: Access to service workers / Cache API should be disabled in sandboxed frames without allow-same-origin flag
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Service WorkersAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: beidson, commit-queue, esprehn+autocc, ews-watchlist, ggaren, kondapallykalyan, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2018-01-25 13:07:23 PST
Access to service workers / Cache API should be disabled in sandboxed frames without allow-same-origin flag.
Attachments
Patch (9.11 KB, patch)
2018-01-25 13:41 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-01-25 13:08:31 PST
<rdar://problem/36879952>
Chris Dumez
Comment 2 2018-01-25 13:41:55 PST
Created attachment 332308 [details] Patch
youenn fablet
Comment 3 2018-01-25 14:57:08 PST
Comment on attachment 332308 [details] Patch r=me. Let's check in a follow-up whether workers in a sandboxed iframes are an issue for Cache as well.
Chris Dumez
Comment 4 2018-01-25 15:09:43 PST
Comment on attachment 332308 [details] Patch Clearing flags on attachment: 332308 Committed r227639: <https://trac.webkit.org/changeset/227639>
Chris Dumez
Comment 5 2018-01-25 15:09:47 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.