RESOLVED FIXED Bug 56063
Inline worker powered by blob URL does not work with files URL even if allowFileAccessFromFileURLs is enabled. 
https://bugs.webkit.org/show_bug.cgi?id=56063
Summary Inline worker powered by blob URL does not work with files URL even if allowF...
Jian Li
Reported 2011-03-09 17:32:10 PST
Inline worker powered by blob URL does not work with files URL even if allowFileAccessFromFileURLs is enabled. Test script: function runTest() { var blobBuilder = new BlobBuilder(); blobBuilder.append([ "onmessage = function(e) {", " postMessage('Hello from worker');", "};" ].join('\n')); var blobURL = webkitURL.createObjectURL(blobBuilder.getBlob()); var worker = new Worker(blobURL); worker.onmessage = function(event) { alert(event.data); }; worker.postMessage(); }
Attachments
Proposed Patch (7.35 KB, patch)
2011-03-09 17:46 PST, Jian Li 		jianli: commit-queue-
DetailsFormatted DiffDiff
Proposed Patch (7.35 KB, patch)
2011-03-09 17:47 PST, Jian Li 		abarth: review+
jianli: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Jian Li
Comment 1 2011-03-09 17:46:33 PST
Created attachment 85267 [details] Proposed Patch
Jian Li
Comment 2 2011-03-09 17:47:58 PST
Created attachment 85268 [details] Proposed Patch
David Levin
Comment 3 2011-03-09 17:50:05 PST
I haven't looked in depth much, but this looks like a security related change to SecurityOrigin, so I bet Mr. Barth would like to at least glance at it.
Dmitry Titov
Comment 4 2011-03-09 18:11:21 PST
Interesting. I have couple of clarifying questions: What if a shared worker is created like this, and then another page wants to connect to the same worker - should we find the worker by the blob url match? But then since blob can have more then one url which are all pointing to the same content (as a result of postMessage(blob) for example) - do all those urls match? Also, what is the origin of the Worker as a result? what resources can it load by XHR or importScripts?
Dmitry Titov
Comment 5 2011-03-10 12:02:40 PST
Jian answered my questions offline, since Blobs inherit origin from the page that calls createObjectURL(), the origin questions are clear. By the same token, I think we can add data: url support for Workers, by assigning the origin of the creating page to the worker created from the data: url - but this is outside of the scope of this bug. We still need Adam to take a look :-)
Adam Barth
Comment 6 2011-03-28 17:00:53 PDT
Comment on attachment 85268 [details] Proposed Patch View in context: https://bugs.webkit.org/attachment.cgi?id=85268&action=review This patch is amazing. I love it! > Source/WebCore/page/SecurityOrigin.cpp:83 > + bool isBlobOrFileSystemProtocol = (m_protocol == BlobURL::blobProtocol()) || (m_protocol == "filesystem"); Will this build if ENABLE(BLOB) is false? We might need some fancier ifdefing.
Adam Barth
Comment 7 2011-03-28 17:02:47 PDT
> By the same token, I think we can add data: url support for Workers, by assigning the origin of the creating page to the worker created from the data: url - but this is outside of the scope of this bug. Solving the data URL problem is harder because they don't carry around their origin inside of themselves. We'll need to track the origin separately. That's probably easier to solve for the worker case than in the general case.
Jian Li
Comment 8 2011-03-29 13:38:55 PDT
Committed as https://trac.webkit.org/changeset/82311.
Note You need to log in before you can comment on or make changes to this bug.