Skip to content
  • jpfau@apple.com's avatar
    Allow blocking of Web SQL databases in third-party web workers · bcbbf661
    jpfau@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=94170
    
    Reviewed by Adam Barth.
    
    Source/WebCore:
    
    Web workers did not previously know anything about the document that
    spawned them. This is undefined for shared workers, but for dedicated
    workers, we now pipe the information through.
    
    Tests: http/tests/security/cross-origin-worker-websql-allowed.html
           http/tests/security/cross-origin-worker-websql.html
    
    * Modules/webdatabase/WorkerContextWebDatabase.cpp: Pass information about the top origin to canAccessDatabase
    (WebCore::WorkerContextWebDatabase::openDatabase):
    (WebCore::WorkerContextWebDatabase::openDatabaseSync):
    * WebCore.exp.in: Make SecurityOrigin::isolatedCopy const
    * page/SecurityOrigin.cpp:
    (WebCore::SecurityOrigin::isolatedCopy):
    (WebCore::SecurityOrigin::canAccessStorage):
    * page/SecurityOrigin.h:
    * workers/DedicatedWorkerContext.cpp: Pass topOrigin
    (WebCore::DedicatedWorkerContext::create):
    (WebCore::DedicatedWorkerContext::DedicatedWorkerContext):
    * workers/DedicatedWorkerContext.h:
    (DedicatedWorkerContext):
    * workers/DedicatedWorkerThread.cpp: Pass topOrigin
    (WebCore::DedicatedWorkerThread::create):
    (WebCore::DedicatedWorkerThread::DedicatedWorkerThread):
    (WebCore::DedicatedWorkerThread::createWorkerContext):
    * workers/DedicatedWorkerThread.h:
    (DedicatedWorkerThread):
    * workers/SharedWorkerContext.cpp: Pass topOrigin
    (WebCore::SharedWorkerContext::SharedWorkerContext):
    * workers/SharedWorkerThread.cpp:
    (WebCore::SharedWorkerThread::SharedWorkerThread):
    (WebCore::SharedWorkerThread::createWorkerContext):
    * workers/SharedWorkerThread.h:
    (SharedWorkerThread): Pass topOrigin
    * workers/WorkerContext.cpp:
    (WebCore::WorkerContext::WorkerContext):
    * workers/WorkerContext.h:
    (WebCore::WorkerContext::topOrigin):
    (WorkerContext):
    * workers/WorkerMessagingProxy.cpp: Pass topOrigin
    (WebCore::WorkerMessagingProxy::startWorkerContext):
    * workers/WorkerThread.cpp:
    (WebCore::WorkerThreadStartupData::create):
    (WorkerThreadStartupData):
    (WebCore::WorkerThreadStartupData::WorkerThreadStartupData):
    (WebCore::WorkerThread::WorkerThread):
    (WebCore::WorkerThread::workerThread):
    * workers/WorkerThread.h:
    (WorkerThread):
    
    Source/WebKit/chromium:
    
    Web workers did not previously know anything about the document that
    spawned them. This is undefined for shared workers, but for dedicated
    workers, we now pipe the information through.
    
    * src/WebWorkerClientImpl.cpp:
    (WebKit::WebWorkerClientImpl::startWorkerContext): Pass top document's origin
    
    LayoutTests:
    
    Created tests for accessing openDatabase from a third party and first party dedicated workers when third-party blocking is on and off.
    
    * http/tests/security/cross-origin-worker-websql-allowed-expected.txt: Added.
    * http/tests/security/cross-origin-worker-websql-allowed.html: Added.
    * http/tests/security/cross-origin-worker-websql-expected.txt: Added.
    * http/tests/security/cross-origin-worker-websql.html: Added.
    * http/tests/security/resources/cross-origin-iframe-for-worker-websql.html: Added.
    * http/tests/security/resources/document-for-cross-origin-worker-websql.html: Added.
    * http/tests/security/resources/worker-for-websql.js: Added.
    (self.onmessage):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126365 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    bcbbf661