-
jpfau@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=94559 Reviewed by Adam Barth. Source/WebCore: Shared workers can fundamentally leak information between pages in different contexts if the workers can be accessed from a third-party context. Thus, if third-party storage blocking is enabled, shared workers should be disallowed in third-party contexts. Tests: http/tests/security/cross-origin-shared-worker-allowed.html http/tests/security/cross-origin-shared-worker.html * page/SecurityOrigin.h: Add canAccessSharedWorkers function (WebCore::SecurityOrigin::canAccessSharedWorkers): * workers/SharedWorker.cpp: (WebCore::SharedWorker::create): Ensure that we can access shared workers before creating the worker. LayoutTests: Created tests for accessing shared workers from a third party and first party when third-party blocking is on and off. * http/tests/security/cross-origin-shared-worker-allowed-expected.txt: Added. * http/tests/security/cross-origin-shared-worker-allowed.html: Added. * http/tests/security/cross-origin-shared-worker-expected.txt: Added. * http/tests/security/cross-origin-shared-worker.html: Added. * http/tests/security/resources/cross-origin-iframe-for-shared-worker.html: Added. * http/tests/security/resources/shared-worker.js: Added. (self.addEventListener): * platform/chromium/TestExpectations: Shared workers are not supported in chromium DRT git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126912 268f45cc-cd09-0410-ab3c-d52691b4dbfc
215fa47f