When the third-party storage blocking setting is enabled, shared workers should not be allowed to leak information across origins.
<rdar://problem/12145188>
Created attachment 160756 [details] Patch
Comment on attachment 160756 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=160756&action=review > Source/WebCore/workers/SharedWorker.cpp:68 > + // We don't currently support nested workers, so workers can only be created from documents. Should we have an ASSERT here so we remember to look at this code when we do start supporting nested workers? > Source/WebCore/workers/SharedWorker.cpp:71 > + ec = SECURITY_ERR; Is SECURITY_ERR the right error to through here? Is this what we throw in other circumstances?
I wanted to mark this r+/cq-, but when I've done that in the past, you've ignored some of my comments. It doesn't seem right to mark this r- since I'm just asking for ASSERTs and about the types of exceptions, so I'm going to leave it r?. I'm happy to mark an updated patch r+ if you address my comments above.
Comment on attachment 160756 [details] Patch jpfau and I talked through our miscommunication on #webkit and joy was restored throughout the land.
Comment on attachment 160756 [details] Patch Attachment 160756 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/13609478 New failing tests: http/tests/security/cross-origin-shared-worker.html http/tests/security/cross-origin-shared-worker-allowed.html
Created attachment 160779 [details] Archive of layout-test-results from gce-cr-linux-06 The attached test failures were seen while running run-webkit-tests on the chromium-ews. Bot: gce-cr-linux-06 Port: <class 'webkitpy.common.config.ports.ChromiumXVFBPort'> Platform: Linux-2.6.39-gcg-201203291735-x86_64-with-Ubuntu-10.04-lucid
Created attachment 160823 [details] Patch
Comment on attachment 160823 [details] Patch Thanks!
Committed r126912: <http://trac.webkit.org/changeset/126912>