-
mkwst@chromium.org authored
https://bugs.webkit.org/show_bug.cgi?id=94171 Reviewed by Jochen Eisinger. Source/WebCore: This patch ensures that the origin of the top window is passed into SecurityOrigin::canAccessDatabase when working with IndexedDB. Giving SecurityOrigin access to this data means that it can properly check whether the database is being opened in a third-party context, and therefore properly enforce the third-party access checks that were added in http://trac.webkit.org/changeset/125736. Third-party checks are added to IDBFactory::open, IDBFactory::deleteDatabase, and IDBFactory::getDatabaseNames; each will now throw a SECURITY_ERR exception when access in a third-party context if third-party access checks are enabled. To make this process slightly more clear, and avoid some ugly casting logic, this patch adds a 'topOrigin' method to ScriptExecutionContext, and implements it on both WorkerContext and Document. Tests: http/tests/security/cross-origin-indexeddb-allowed.html http/tests/security/cross-origin-indexeddb.html http/tests/security/cross-origin-worker-indexeddb-allowed.html http/tests/security/cross-origin-worker-indexeddb.html * Modules/indexeddb/IDBFactory.cpp: (WebCore::IDBFactory::getDatabaseNames): (WebCore::IDBFactory::openInternal): (WebCore::IDBFactory::deleteDatabase): Grab the SecurityOrigin of the current context's top-level origin, and pass it to SecurityOrigin::canAccessDatabase to ensure that access checks are properly applied to these three methods. * dom/Document.cpp: (WebCore::Document::topOrigin): (WebCore): * dom/Document.h: (Document): * dom/ScriptExecutionContext.h: (ScriptExecutionContext): Add a topOrigin() method to ScriptExecutionContext, and implement it on Document in order to give callers access to the top document's SecurityOrigin without casting ScriptExecutionContext. * workers/WorkerContext.h: Change the existing topOrigin() method to override the new method on ScriptExecutionContext. LayoutTests: Add tests to ensure that IndexedDB can be blocked in a third-party context in both normal documents and in workers. These tests are modeled after the existing cross-origin-websql* tests; it might be possible to reuse some code in the future. * http/tests/security/cross-origin-indexeddb-allowed-expected.txt: Added. * http/tests/security/cross-origin-indexeddb-allowed.html: Added. * http/tests/security/cross-origin-indexeddb-expected.txt: Added. * http/tests/security/cross-origin-indexeddb.html: Added. * http/tests/security/cross-origin-worker-indexeddb-allowed-expected.txt: Added. * http/tests/security/cross-origin-worker-indexeddb-allowed.html: Added. * http/tests/security/cross-origin-worker-indexeddb-expected.txt: Added. * http/tests/security/cross-origin-worker-indexeddb.html: Added. * http/tests/security/resources/cross-origin-iframe-for-indexeddb.html: Added. * http/tests/security/resources/cross-origin-iframe-for-worker-indexeddb.html: Added. * http/tests/security/resources/document-for-cross-origin-worker-indexeddb.html: Added. * http/tests/security/resources/worker-for-indexeddb.js: Added. (self.onmessage): Add exciting new tests, with more boilerplate than I expected! * platform/efl/TestExpectations: * platform/mac-snowleopard/TestExpectations: * platform/mac/TestExpectations: * platform/qt/TestExpectations: * platform/win/TestExpectations: * platform/wincairo/TestExpectations: Skip these IndexedDB tests on platforms where the feature isn't enabled. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141418 268f45cc-cd09-0410-ab3c-d52691b4dbfc
8d2090c9