Bug 67978

Summary: WebWorkers fail with document.domain set when accessing from subdomain
Product: WebKit Reporter: Dylan <dylan.sproule>
Component: WebCore JavaScriptAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, ap, atwilson, dslomov, joshvermaire, levin, sam, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: All   
Attachments:
Description Flags
Patch none

Dylan
Reported 2011-09-12 18:42:14 PDT
I am currently running into issues with running WebWorkers on Chrome when document.domain is set, this is not failing in Firefox. I am receiving the following error: "SECURITY_ERR: DOM Exception 18" DOMException, code: 18 in Chrome I am currently running Chrome v13.0.782.220. Repro: - Set document.domain="domain.com" while visiting a "subdomain.domain.com" - Init web worker ER: - Worker is initialized AR: "SECURITY_ERR: DOM Exception 18" DOMException, code: 18 in Chrome
Attachments
Patch (3.87 KB, patch)
2011-11-07 15:06 PST, Adam Barth 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-09-12 23:06:49 PDT
Does this also happen in Safari? Can you provide a test case to reproduce this?
Andrew Wilson
Comment 2 2011-09-12 23:45:20 PDT
According to an email conversation with the reporter, this happens in both Chromium and Safari. I'm guessing our logic in AbstractWorker::resolveUrl() is to blame - specifically: if (!scriptExecutionContext()->securityOrigin()->canAccess(SecurityOrigin::create(scriptURL).get())) { ec = SECURITY_ERR; return KURL(); } Not sure why securityOrigin()->canAccess() would return false in this case. Agreed that it'd be nice to have source code for a fail case.
Adam Barth
Comment 3 2011-09-13 13:38:49 PDT
> if (!scriptExecutionContext()->securityOrigin()->canAccess(SecurityOrigin::create(scriptURL).get())) { Whenever you see this sort of code, you probably want to call canRequest instead.
Josh Vermaire
Comment 4 2011-11-07 11:44:53 PST
We are having the same issue. Use case is as follows: We're on a subdomain of domain.com We set: document.domain = "domain.com" Later create any new worker: worker = new Worker('worker.js') Error returns in both Chrome and Safari: SECURITY_ERR: DOM Exception 18 Works as expected for www.domain.com.
Adam Barth
Comment 5 2011-11-07 12:54:12 PST
Will fix.
Adam Barth
Comment 6 2011-11-07 15:06:01 PST
Created attachment 113936 [details] Patch
Josh Vermaire
Comment 7 2011-11-07 16:04:00 PST
(In reply to comment #6) > Created an attachment (id=113936) [details] > Patch Thanks Adam. Is there any way to implement this into our app so that users get the functionality today?
Adam Barth
Comment 8 2011-11-07 16:06:54 PST
> Thanks Adam. Is there any way to implement this into our app so that users get the functionality today? I'm not 100% sure I understand your question, but you'll likely need to wait until whatever kind of WebKit you're using updates past the revision when this patch lands. If you're providing your own version of WebKit, you can control when that happens. If someone else is providing the WebKit (e.g., iOS), then you'll need to wait for your provider to update.
WebKit Review Bot
Comment 9 2011-11-07 16:51:45 PST
Comment on attachment 113936 [details] Patch Clearing flags on attachment: 113936 Committed r99505: <http://trac.webkit.org/changeset/99505>
WebKit Review Bot
Comment 10 2011-11-07 16:51:50 PST
All reviewed patches have been landed. Closing bug.
Dylan
Comment 11 2011-11-13 13:24:48 PST
Just an FYI, I was able to workaround this in the mean time by initializing my worker before setting document.domain. (In reply to comment #7) > (In reply to comment #6) > > Created an attachment (id=113936) [details] [details] > > Patch > > Thanks Adam. Is there any way to implement this into our app so that users get the functionality today?
Note You need to log in before you can comment on or make changes to this bug.