Bug 94559

Summary: Make shared workers respect third-party storage blocking setting
Product: WebKit Reporter: Vicki Pfau <jeffrey+webkit>
Component: WebCore Misc.Assignee: Vicki Pfau <jeffrey+webkit>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, atwilson, dbates, dglazkov, webkit.review.bot
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from gce-cr-linux-06
none
Patch abarth: review+

Vicki Pfau
Reported 2012-08-20 18:27:34 PDT
When the third-party storage blocking setting is enabled, shared workers should not be allowed to leak information across origins.
Attachments
Patch (9.17 KB, patch)
2012-08-27 11:28 PDT, Vicki Pfau 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from gce-cr-linux-06 (524.69 KB, application/zip)
2012-08-27 12:38 PDT, WebKit Review Bot 		no flags
Details
Patch (10.25 KB, patch)
2012-08-27 15:20 PDT, Vicki Pfau 		abarth: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Vicki Pfau
Comment 1 2012-08-21 15:41:05 PDT
<rdar://problem/12145188>
Vicki Pfau
Comment 2 2012-08-27 11:28:59 PDT
Created attachment 160756 [details] Patch
Adam Barth
Comment 3 2012-08-27 12:06:59 PDT
Comment on attachment 160756 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=160756&action=review > Source/WebCore/workers/SharedWorker.cpp:68 > + // We don't currently support nested workers, so workers can only be created from documents. Should we have an ASSERT here so we remember to look at this code when we do start supporting nested workers? > Source/WebCore/workers/SharedWorker.cpp:71 > + ec = SECURITY_ERR; Is SECURITY_ERR the right error to through here? Is this what we throw in other circumstances?
Adam Barth
Comment 4 2012-08-27 12:08:12 PDT
I wanted to mark this r+/cq-, but when I've done that in the past, you've ignored some of my comments. It doesn't seem right to mark this r- since I'm just asking for ASSERTs and about the types of exceptions, so I'm going to leave it r?. I'm happy to mark an updated patch r+ if you address my comments above.
Adam Barth
Comment 5 2012-08-27 12:22:12 PDT
Comment on attachment 160756 [details] Patch jpfau and I talked through our miscommunication on #webkit and joy was restored throughout the land.
WebKit Review Bot
Comment 6 2012-08-27 12:38:16 PDT
Comment on attachment 160756 [details] Patch Attachment 160756 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/13609478 New failing tests: http/tests/security/cross-origin-shared-worker.html http/tests/security/cross-origin-shared-worker-allowed.html
WebKit Review Bot
Comment 7 2012-08-27 12:38:19 PDT
Created attachment 160779 [details] Archive of layout-test-results from gce-cr-linux-06 The attached test failures were seen while running run-webkit-tests on the chromium-ews. Bot: gce-cr-linux-06 Port: <class 'webkitpy.common.config.ports.ChromiumXVFBPort'> Platform: Linux-2.6.39-gcg-201203291735-x86_64-with-Ubuntu-10.04-lucid
Vicki Pfau
Comment 8 2012-08-27 15:20:26 PDT
Created attachment 160823 [details] Patch
Adam Barth
Comment 9 2012-08-27 15:21:07 PDT
Comment on attachment 160823 [details] Patch Thanks!
Vicki Pfau
Comment 10 2012-08-28 12:26:26 PDT
Committed r126912: <http://trac.webkit.org/changeset/126912>
Note You need to log in before you can comment on or make changes to this bug.