diff options
| author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-05-26 11:47:42 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2016-05-26 13:53:44 +0000 |
| commit | e5cd5a93ad3c127610e3f3279189174386c2e9ec (patch) | |
| tree | dbc5ef01d75461e60d367d1143befdab612c5dfe | |
| parent | 7d6738d45cc229ccd0c82e83a168beff19972e3d (diff) | |
[Backport] Check CSP before registering ServiceWorkers
Service Worker registrations should be subject to the same CSP checks as
other workers. The spec doesn't say this explicitly
(https://www.w3.org/TR/CSP2/#directive-child-src-workers says "Worker or
SharedWorker constructors"), but it seems to be in the spirit of things,
and it matches Firefox's behavior.
BUG=579801
Review URL: https://codereview.chromium.org/1861253004
(CVE-2016-1682)
Change-Id: I7a44ce1c39c91e743d1f2c74ae12b982abd7d7da
Reviewed-by: Michael BrĂ¼ning <michael.bruning@theqtcompany.com>
| -rw-r--r-- | chromium/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/chromium/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp b/chromium/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp index 0cff3c6417a..1c72860e091 100644 --- a/chromium/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp +++ b/chromium/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp @@ -42,6 +42,7 @@ #include "core/dom/MessagePort.h" #include "core/frame/LocalDOMWindow.h" #include "core/frame/UseCounter.h" +#include "core/frame/csp/ContentSecurityPolicy.h" #include "modules/EventTargetModules.h" #include "modules/serviceworkers/ServiceWorker.h" #include "modules/serviceworkers/ServiceWorkerContainerClient.h" @@ -254,6 +255,14 @@ ScriptPromise ServiceWorkerContainer::registerServiceWorker(ScriptState* scriptS return promise; } + ContentSecurityPolicy* csp = executionContext->contentSecurityPolicy(); + if (csp) { + if (!csp->allowWorkerContextFromSource(scriptURL, ContentSecurityPolicy::DidNotRedirect, ContentSecurityPolicy::SendReport)) { + resolver->reject(DOMException::create(SecurityError, "Failed to register a ServiceWorker: The provided scriptURL ('" + scriptURL.string() + "') violates the Content Security Policy.")); + return promise; + } + } + m_provider->registerServiceWorker(patternURL, scriptURL, new RegistrationCallback(resolver)); return promise; |