Commit bcbbf661 authored by jpfau@apple.com's avatar jpfau@apple.com

Allow blocking of Web SQL databases in third-party web workers

https://bugs.webkit.org/show_bug.cgi?id=94170

Reviewed by Adam Barth.

Source/WebCore:

Web workers did not previously know anything about the document that
spawned them. This is undefined for shared workers, but for dedicated
workers, we now pipe the information through.

Tests: http/tests/security/cross-origin-worker-websql-allowed.html
       http/tests/security/cross-origin-worker-websql.html

* Modules/webdatabase/WorkerContextWebDatabase.cpp: Pass information about the top origin to canAccessDatabase
(WebCore::WorkerContextWebDatabase::openDatabase):
(WebCore::WorkerContextWebDatabase::openDatabaseSync):
* WebCore.exp.in: Make SecurityOrigin::isolatedCopy const
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::isolatedCopy):
(WebCore::SecurityOrigin::canAccessStorage):
* page/SecurityOrigin.h:
* workers/DedicatedWorkerContext.cpp: Pass topOrigin
(WebCore::DedicatedWorkerContext::create):
(WebCore::DedicatedWorkerContext::DedicatedWorkerContext):
* workers/DedicatedWorkerContext.h:
(DedicatedWorkerContext):
* workers/DedicatedWorkerThread.cpp: Pass topOrigin
(WebCore::DedicatedWorkerThread::create):
(WebCore::DedicatedWorkerThread::DedicatedWorkerThread):
(WebCore::DedicatedWorkerThread::createWorkerContext):
* workers/DedicatedWorkerThread.h:
(DedicatedWorkerThread):
* workers/SharedWorkerContext.cpp: Pass topOrigin
(WebCore::SharedWorkerContext::SharedWorkerContext):
* workers/SharedWorkerThread.cpp:
(WebCore::SharedWorkerThread::SharedWorkerThread):
(WebCore::SharedWorkerThread::createWorkerContext):
* workers/SharedWorkerThread.h:
(SharedWorkerThread): Pass topOrigin
* workers/WorkerContext.cpp:
(WebCore::WorkerContext::WorkerContext):
* workers/WorkerContext.h:
(WebCore::WorkerContext::topOrigin):
(WorkerContext):
* workers/WorkerMessagingProxy.cpp: Pass topOrigin
(WebCore::WorkerMessagingProxy::startWorkerContext):
* workers/WorkerThread.cpp:
(WebCore::WorkerThreadStartupData::create):
(WorkerThreadStartupData):
(WebCore::WorkerThreadStartupData::WorkerThreadStartupData):
(WebCore::WorkerThread::WorkerThread):
(WebCore::WorkerThread::workerThread):
* workers/WorkerThread.h:
(WorkerThread):

Source/WebKit/chromium:

Web workers did not previously know anything about the document that
spawned them. This is undefined for shared workers, but for dedicated
workers, we now pipe the information through.

* src/WebWorkerClientImpl.cpp:
(WebKit::WebWorkerClientImpl::startWorkerContext): Pass top document's origin

LayoutTests:

Created tests for accessing openDatabase from a third party and first party dedicated workers when third-party blocking is on and off.

* http/tests/security/cross-origin-worker-websql-allowed-expected.txt: Added.
* http/tests/security/cross-origin-worker-websql-allowed.html: Added.
* http/tests/security/cross-origin-worker-websql-expected.txt: Added.
* http/tests/security/cross-origin-worker-websql.html: Added.
* http/tests/security/resources/cross-origin-iframe-for-worker-websql.html: Added.
* http/tests/security/resources/document-for-cross-origin-worker-websql.html: Added.
* http/tests/security/resources/worker-for-websql.js: Added.
(self.onmessage):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126365 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 8a159092
2012-08-17 Jeffrey Pfau <jpfau@apple.com>
Allow blocking of Web SQL databases in third-party web workers
https://bugs.webkit.org/show_bug.cgi?id=94170
Reviewed by Adam Barth.
Created tests for accessing openDatabase from a third party and first party dedicated workers when third-party blocking is on and off.
* http/tests/security/cross-origin-worker-websql-allowed-expected.txt: Added.
* http/tests/security/cross-origin-worker-websql-allowed.html: Added.
* http/tests/security/cross-origin-worker-websql-expected.txt: Added.
* http/tests/security/cross-origin-worker-websql.html: Added.
* http/tests/security/resources/cross-origin-iframe-for-worker-websql.html: Added.
* http/tests/security/resources/document-for-cross-origin-worker-websql.html: Added.
* http/tests/security/resources/worker-for-websql.js: Added.
(self.onmessage):
2012-08-22 Anna Cavender <annacc@chromium.org>
[Chromium/GTK/EFL] Flaky media/track/track-mode test.
This iframe should not return any errors:
This iframe should not return any errors:
--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
No exception
--------
Frame: '<!--framePath //<!--frame1-->-->'
--------
No exception
<html>
<head>
<script>
var frames = 2;
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.dumpChildFramesAsText();
testRunner.waitUntilDone();
}
function decrement() {
--frames;
if (!frames && window.testRunner)
testRunner.notifyDone();
}
window.onmessage = decrement;
</script>
</head>
<body>
<p>This iframe should not return any errors:</p>
<iframe src="http://localhost:8000/security/resources/cross-origin-iframe-for-worker-websql.html"></iframe>
<p>This iframe should not return any errors:</p>
<iframe src="http://127.0.0.1:8000/security/resources/cross-origin-iframe-for-worker-websql.html"></iframe>
</body>
</html>
This iframe should return a security error:
This iframe should not return any errors:
--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
SECURITY_ERR
--------
Frame: '<!--framePath //<!--frame1-->-->'
--------
No exception
<html>
<head>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.dumpChildFramesAsText();
testRunner.waitUntilDone();
testRunner.setCanOpenWindows(true);
testRunner.setCloseRemainingWindowsWhenComplete(true);
internals.settings.setThirdPartyStorageBlockingEnabled(true);
}
document.location = "resources/document-for-cross-origin-worker-websql.html"
</script>
</head>
<body>
</body>
</html>
<html>
<head>
<script>
window.onload = function() {
var worker = new Worker('worker-for-websql.js');
worker.postMessage(true);
worker.onmessage = function(event) {
if (event.data) {
window.parent.postMessage(event.data, '*');
document.write(event.data);
} else {
window.parent.postMessage('No exception', '*');
document.write('No exception');
}
};
}
</script>
</head>
<body>
</body>
</head>
<html>
<head>
<script>
var frames = 2;
function decrement(event) {
--frames;
if (!frames && window.testRunner) {
internals.settings.setThirdPartyStorageBlockingEnabled(false);
testRunner.notifyDone();
}
}
window.onmessage = decrement;
</script>
</head>
<body>
<p>This iframe should return a security error:</p>
<iframe src="http://localhost:8000/security/resources/cross-origin-iframe-for-worker-websql.html"></iframe>
<p>This iframe should not return any errors:</p>
<iframe src="http://127.0.0.1:8000/security/resources/cross-origin-iframe-for-worker-websql.html"></iframe>
</body>
self.onmessage = function() {
try {
var db = self.openDatabase('testdb', '1.0', 'Testing database', 512 * 1024);
self.postMessage(null);
} catch (exception) {
self.postMessage(exception.name);
}
}
2012-08-17 Jeffrey Pfau <jpfau@apple.com>
Allow blocking of Web SQL databases in third-party web workers
https://bugs.webkit.org/show_bug.cgi?id=94170
Reviewed by Adam Barth.
Web workers did not previously know anything about the document that
spawned them. This is undefined for shared workers, but for dedicated
workers, we now pipe the information through.
Tests: http/tests/security/cross-origin-worker-websql-allowed.html
http/tests/security/cross-origin-worker-websql.html
* Modules/webdatabase/WorkerContextWebDatabase.cpp: Pass information about the top origin to canAccessDatabase
(WebCore::WorkerContextWebDatabase::openDatabase):
(WebCore::WorkerContextWebDatabase::openDatabaseSync):
* WebCore.exp.in: Make SecurityOrigin::isolatedCopy const
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::isolatedCopy):
(WebCore::SecurityOrigin::canAccessStorage):
* page/SecurityOrigin.h:
* workers/DedicatedWorkerContext.cpp: Pass topOrigin
(WebCore::DedicatedWorkerContext::create):
(WebCore::DedicatedWorkerContext::DedicatedWorkerContext):
* workers/DedicatedWorkerContext.h:
(DedicatedWorkerContext):
* workers/DedicatedWorkerThread.cpp: Pass topOrigin
(WebCore::DedicatedWorkerThread::create):
(WebCore::DedicatedWorkerThread::DedicatedWorkerThread):
(WebCore::DedicatedWorkerThread::createWorkerContext):
* workers/DedicatedWorkerThread.h:
(DedicatedWorkerThread):
* workers/SharedWorkerContext.cpp: Pass topOrigin
(WebCore::SharedWorkerContext::SharedWorkerContext):
* workers/SharedWorkerThread.cpp:
(WebCore::SharedWorkerThread::SharedWorkerThread):
(WebCore::SharedWorkerThread::createWorkerContext):
* workers/SharedWorkerThread.h:
(SharedWorkerThread): Pass topOrigin
* workers/WorkerContext.cpp:
(WebCore::WorkerContext::WorkerContext):
* workers/WorkerContext.h:
(WebCore::WorkerContext::topOrigin):
(WorkerContext):
* workers/WorkerMessagingProxy.cpp: Pass topOrigin
(WebCore::WorkerMessagingProxy::startWorkerContext):
* workers/WorkerThread.cpp:
(WebCore::WorkerThreadStartupData::create):
(WorkerThreadStartupData):
(WebCore::WorkerThreadStartupData::WorkerThreadStartupData):
(WebCore::WorkerThread::WorkerThread):
(WebCore::WorkerThread::workerThread):
* workers/WorkerThread.h:
(WorkerThread):
2012-08-22 Kentaro Hara <haraken@chromium.org>
[V8] Move context() from V8Proxy to ScriptController
......@@ -43,7 +43,7 @@ namespace WebCore {
PassRefPtr<Database> WorkerContextWebDatabase::openDatabase(WorkerContext* context, const String& name, const String& version, const String& displayName, unsigned long estimatedSize, PassRefPtr<DatabaseCallback> creationCallback, ExceptionCode& ec)
{
if (!context->securityOrigin()->canAccessDatabase() || !AbstractDatabase::isAvailable()) {
if (!context->securityOrigin()->canAccessDatabase(context->topOrigin()) || !AbstractDatabase::isAvailable()) {
ec = SECURITY_ERR;
return 0;
}
......@@ -53,7 +53,7 @@ PassRefPtr<Database> WorkerContextWebDatabase::openDatabase(WorkerContext* conte
PassRefPtr<DatabaseSync> WorkerContextWebDatabase::openDatabaseSync(WorkerContext* context, const String& name, const String& version, const String& displayName, unsigned long estimatedSize, PassRefPtr<DatabaseCallback> creationCallback, ExceptionCode& ec)
{
if (!context->securityOrigin()->canAccessDatabase() || !AbstractDatabase::isAvailable()) {
if (!context->securityOrigin()->canAccessDatabase(context->topOrigin()) || !AbstractDatabase::isAvailable()) {
ec = SECURITY_ERR;
return 0;
}
......
......@@ -293,7 +293,6 @@ __ZN7WebCore14ScrollableArea6scrollENS_15ScrollDirectionENS_17ScrollGranularityE
__ZN7WebCore14ScrollableAreaC2Ev
__ZN7WebCore14ScrollableAreaD2Ev
__ZN7WebCore14ScrollbarTheme5themeEv
__ZN7WebCore14SecurityOrigin12isolatedCopyEv
__ZN7WebCore14SecurityOrigin16createFromStringERKN3WTF6StringE
__ZN7WebCore14SecurityOrigin28createFromDatabaseIdentifierERKN3WTF6StringE
__ZN7WebCore14SecurityOrigin6createERKN3WTF6StringES4_i
......@@ -1174,6 +1173,7 @@ __ZNK7WebCore14ScrollableArea23mouseEnteredContentAreaEv
__ZNK7WebCore14ScrollableArea23mouseMovedInContentAreaEv
__ZNK7WebCore14SecurityOrigin10canDisplayERKNS_4KURLE
__ZNK7WebCore14SecurityOrigin11toRawStringEv
__ZNK7WebCore14SecurityOrigin12isolatedCopyEv
__ZNK7WebCore14SecurityOrigin18databaseIdentifierEv
__ZNK7WebCore14SecurityOrigin5equalEPKS0_
__ZNK7WebCore14SecurityOrigin8toStringEv
......
......@@ -215,7 +215,7 @@ PassRefPtr<SecurityOrigin> SecurityOrigin::createUnique()
return origin.release();
}
PassRefPtr<SecurityOrigin> SecurityOrigin::isolatedCopy()
PassRefPtr<SecurityOrigin> SecurityOrigin::isolatedCopy() const
{
return adoptRef(new SecurityOrigin(this));
}
......@@ -400,7 +400,7 @@ bool SecurityOrigin::canAccessStorage(const SecurityOrigin* topOrigin) const
if (!topOrigin)
return true;
if (m_blockThirdPartyStorage && topOrigin->isThirdParty(this))
if ((m_blockThirdPartyStorage || topOrigin->m_blockThirdPartyStorage) && topOrigin->isThirdParty(this))
return false;
return true;
......
......@@ -54,7 +54,7 @@ public:
// Create a deep copy of this SecurityOrigin. This method is useful
// when marshalling a SecurityOrigin to another thread.
PassRefPtr<SecurityOrigin> isolatedCopy();
PassRefPtr<SecurityOrigin> isolatedCopy() const;
// Set the domain property of this security origin to newDomain. This
// function does not check whether newDomain is a suffix of the current
......
......@@ -42,15 +42,15 @@
namespace WebCore {
// static
PassRefPtr<DedicatedWorkerContext> DedicatedWorkerContext::create(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, DedicatedWorkerThread* thread, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
PassRefPtr<DedicatedWorkerContext> DedicatedWorkerContext::create(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, DedicatedWorkerThread* thread, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin> topOrigin)
{
RefPtr<DedicatedWorkerContext> context = adoptRef(new DedicatedWorkerContext(url, userAgent, settings, thread));
RefPtr<DedicatedWorkerContext> context = adoptRef(new DedicatedWorkerContext(url, userAgent, settings, thread, topOrigin));
context->applyContentSecurityPolicyFromString(contentSecurityPolicy, contentSecurityPolicyType);
return context.release();
}
DedicatedWorkerContext::DedicatedWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, DedicatedWorkerThread* thread)
: WorkerContext(url, userAgent, settings, thread)
DedicatedWorkerContext::DedicatedWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, DedicatedWorkerThread* thread, PassRefPtr<SecurityOrigin> topOrigin)
: WorkerContext(url, userAgent, settings, thread, topOrigin)
{
}
......
......@@ -44,7 +44,7 @@ namespace WebCore {
class DedicatedWorkerContext : public WorkerContext {
public:
typedef WorkerContext Base;
static PassRefPtr<DedicatedWorkerContext> create(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, DedicatedWorkerThread*, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType);
static PassRefPtr<DedicatedWorkerContext> create(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, DedicatedWorkerThread*, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin> topOrigin);
virtual bool isDedicatedWorkerContext() const { return true; }
......@@ -63,7 +63,7 @@ namespace WebCore {
DedicatedWorkerThread* thread();
private:
DedicatedWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, DedicatedWorkerThread*);
DedicatedWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, DedicatedWorkerThread*, PassRefPtr<SecurityOrigin> topOrigin);
};
} // namespace WebCore
......
......@@ -39,13 +39,13 @@
namespace WebCore {
PassRefPtr<DedicatedWorkerThread> DedicatedWorkerThread::create(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
PassRefPtr<DedicatedWorkerThread> DedicatedWorkerThread::create(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
{
return adoptRef(new DedicatedWorkerThread(scriptURL, userAgent, settings, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType));
return adoptRef(new DedicatedWorkerThread(scriptURL, userAgent, settings, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType, topOrigin));
}
DedicatedWorkerThread::DedicatedWorkerThread(const KURL& url, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
: WorkerThread(url, userAgent, settings, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType)
DedicatedWorkerThread::DedicatedWorkerThread(const KURL& url, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
: WorkerThread(url, userAgent, settings, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType, topOrigin)
, m_workerObjectProxy(workerObjectProxy)
{
}
......@@ -54,9 +54,9 @@ DedicatedWorkerThread::~DedicatedWorkerThread()
{
}
PassRefPtr<WorkerContext> DedicatedWorkerThread::createWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
PassRefPtr<WorkerContext> DedicatedWorkerThread::createWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin> topOrigin)
{
return DedicatedWorkerContext::create(url, userAgent, settings, this, contentSecurityPolicy, contentSecurityPolicyType);
return DedicatedWorkerContext::create(url, userAgent, settings, this, contentSecurityPolicy, contentSecurityPolicyType, topOrigin);
}
void DedicatedWorkerThread::runEventLoop()
......
......@@ -41,16 +41,16 @@ namespace WebCore {
class DedicatedWorkerThread : public WorkerThread {
public:
static PassRefPtr<DedicatedWorkerThread> create(const KURL& scriptURL, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
static PassRefPtr<DedicatedWorkerThread> create(const KURL& scriptURL, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, const SecurityOrigin* topOrigin);
WorkerObjectProxy& workerObjectProxy() const { return m_workerObjectProxy; }
~DedicatedWorkerThread();
protected:
virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, PassRefPtr<SecurityOrigin> topOrigin);
virtual void runEventLoop();
private:
DedicatedWorkerThread(const KURL&, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
DedicatedWorkerThread(const KURL&, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, const SecurityOrigin* topOrigin);
WorkerObjectProxy& m_workerObjectProxy;
};
......
......@@ -59,7 +59,7 @@ PassRefPtr<SharedWorkerContext> SharedWorkerContext::create(const String& name,
}
SharedWorkerContext::SharedWorkerContext(const String& name, const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, SharedWorkerThread* thread)
: WorkerContext(url, userAgent, settings, thread)
: WorkerContext(url, userAgent, settings, thread, 0)
, m_name(name)
{
}
......
......@@ -44,7 +44,7 @@ PassRefPtr<SharedWorkerThread> SharedWorkerThread::create(const String& name, co
}
SharedWorkerThread::SharedWorkerThread(const String& name, const KURL& url, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
: WorkerThread(url, userAgent, settings, sourceCode, workerLoaderProxy, workerReportingProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType)
: WorkerThread(url, userAgent, settings, sourceCode, workerLoaderProxy, workerReportingProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType, 0)
, m_name(name.isolatedCopy())
{
}
......@@ -53,7 +53,7 @@ SharedWorkerThread::~SharedWorkerThread()
{
}
PassRefPtr<WorkerContext> SharedWorkerThread::createWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
PassRefPtr<WorkerContext> SharedWorkerThread::createWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin>)
{
return SharedWorkerContext::create(m_name, url, userAgent, settings, this, contentSecurityPolicy, contentSecurityPolicyType);
}
......
......@@ -43,7 +43,7 @@ namespace WebCore {
~SharedWorkerThread();
protected:
virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, PassRefPtr<SecurityOrigin> topOrigin);
private:
SharedWorkerThread(const String& name, const KURL&, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
......
......@@ -85,7 +85,7 @@ public:
virtual bool isCleanupTask() const { return true; }
};
WorkerContext::WorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, WorkerThread* thread)
WorkerContext::WorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, WorkerThread* thread, PassRefPtr<SecurityOrigin> topOrigin)
: m_url(url)
, m_userAgent(userAgent)
, m_groupSettings(settings)
......@@ -96,6 +96,7 @@ WorkerContext::WorkerContext(const KURL& url, const String& userAgent, PassOwnPt
#endif
, m_closing(false)
, m_eventQueue(WorkerEventQueue::create(this))
, m_topOrigin(topOrigin)
{
setSecurityOrigin(SecurityOrigin::create(url));
}
......
......@@ -138,8 +138,10 @@ namespace WebCore {
void unregisterObserver(Observer*);
void notifyObserversOfStop();
const SecurityOrigin* topOrigin() const { return m_topOrigin.get(); }
protected:
WorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, WorkerThread*);
WorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, WorkerThread*, PassRefPtr<SecurityOrigin> topOrigin);
void applyContentSecurityPolicyFromString(const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
virtual void logExceptionToConsole(const String& errorMessage, const String& sourceURL, int lineNumber, PassRefPtr<ScriptCallStack>);
......@@ -183,6 +185,8 @@ namespace WebCore {
HashSet<Observer*> m_workerObservers;
OwnPtr<WorkerEventQueue> m_eventQueue;
RefPtr<SecurityOrigin> m_topOrigin;
};
} // namespace WebCore
......
......@@ -280,8 +280,9 @@ void WorkerMessagingProxy::startWorkerContext(const KURL& scriptURL, const Strin
if (document->page())
settings = document->page()->group().groupSettings();
RefPtr<DedicatedWorkerThread> thread = DedicatedWorkerThread::create(scriptURL, userAgent, settings, sourceCode, *this, *this, startMode,
m_scriptExecutionContext->contentSecurityPolicy()->deprecatedHeader(),
m_scriptExecutionContext->contentSecurityPolicy()->deprecatedHeaderType());
document->contentSecurityPolicy()->deprecatedHeader(),
document->contentSecurityPolicy()->deprecatedHeaderType(),
document->topDocument()->securityOrigin());
workerThreadCreated(thread);
thread->start();
InspectorInstrumentation::didStartWorkerContext(m_scriptExecutionContext.get(), this, scriptURL);
......
......@@ -71,9 +71,9 @@ unsigned WorkerThread::workerThreadCount()
struct WorkerThreadStartupData {
WTF_MAKE_NONCOPYABLE(WorkerThreadStartupData); WTF_MAKE_FAST_ALLOCATED;
public:
static PassOwnPtr<WorkerThreadStartupData> create(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
static PassOwnPtr<WorkerThreadStartupData> create(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
{
return adoptPtr(new WorkerThreadStartupData(scriptURL, userAgent, settings, sourceCode, startMode, contentSecurityPolicy, contentSecurityPolicyType));
return adoptPtr(new WorkerThreadStartupData(scriptURL, userAgent, settings, sourceCode, startMode, contentSecurityPolicy, contentSecurityPolicyType, topOrigin));
}
KURL m_scriptURL;
......@@ -83,17 +83,19 @@ public:
WorkerThreadStartMode m_startMode;
String m_contentSecurityPolicy;
ContentSecurityPolicy::HeaderType m_contentSecurityPolicyType;
RefPtr<SecurityOrigin> m_topOrigin;
private:
WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType);
WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin);
};
WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
: m_scriptURL(scriptURL.copy())
, m_userAgent(userAgent.isolatedCopy())
, m_sourceCode(sourceCode.isolatedCopy())
, m_startMode(startMode)
, m_contentSecurityPolicy(contentSecurityPolicy.isolatedCopy())
, m_contentSecurityPolicyType(contentSecurityPolicyType)
, m_topOrigin(topOrigin ? topOrigin->isolatedCopy() : 0)
{
if (!settings)
return;
......@@ -104,11 +106,11 @@ WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const St
m_groupSettings->setIndexedDBDatabasePath(settings->indexedDBDatabasePath().isolatedCopy());
}
WorkerThread::WorkerThread(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
WorkerThread::WorkerThread(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
: m_threadID(0)
, m_workerLoaderProxy(workerLoaderProxy)
, m_workerReportingProxy(workerReportingProxy)
, m_startupData(WorkerThreadStartupData::create(scriptURL, userAgent, settings, sourceCode, startMode, contentSecurityPolicy, contentSecurityPolicyType))
, m_startupData(WorkerThreadStartupData::create(scriptURL, userAgent, settings, sourceCode, startMode, contentSecurityPolicy, contentSecurityPolicyType, topOrigin))
#if ENABLE(NOTIFICATIONS) || ENABLE(LEGACY_NOTIFICATIONS)
, m_notificationClient(0)
#endif
......@@ -146,7 +148,7 @@ void WorkerThread::workerThread()
{
{
MutexLocker lock(m_threadCreationMutex);
m_workerContext = createWorkerContext(m_startupData->m_scriptURL, m_startupData->m_userAgent, m_startupData->m_groupSettings.release(), m_startupData->m_contentSecurityPolicy, m_startupData->m_contentSecurityPolicyType);
m_workerContext = createWorkerContext(m_startupData->m_scriptURL, m_startupData->m_userAgent, m_startupData->m_groupSettings.release(), m_startupData->m_contentSecurityPolicy, m_startupData->m_contentSecurityPolicyType, m_startupData->m_topOrigin.release());
if (m_runLoop.terminated()) {
// The worker was terminated before the thread had a chance to run. Since the context didn't exist yet,
......
......@@ -31,6 +31,7 @@
#include "ContentSecurityPolicy.h"
#include "GroupSettings.h"
#include "SecurityOrigin.h"
#include "WorkerRunLoop.h"
#include <wtf/Forward.h>
#include <wtf/OwnPtr.h>
......@@ -69,10 +70,10 @@ namespace WebCore {
#endif
protected:
WorkerThread(const KURL&, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
WorkerThread(const KURL&, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, const SecurityOrigin* topOrigin);
// Factory method for creating a new worker context for the thread.
virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType) = 0;
virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, PassRefPtr<SecurityOrigin> topOrigin) = 0;
// Executes the event loop for the worker thread. Derived classes can override to perform actions before/after entering the event loop.
virtual void runEventLoop();
......
2012-08-17 Jeffrey Pfau <jpfau@apple.com>
Allow blocking of Web SQL databases in third-party web workers
https://bugs.webkit.org/show_bug.cgi?id=94170
Reviewed by Adam Barth.
Web workers did not previously know anything about the document that
spawned them. This is undefined for shared workers, but for dedicated
workers, we now pipe the information through.
* src/WebWorkerClientImpl.cpp:
(WebKit::WebWorkerClientImpl::startWorkerContext): Pass top document's origin
2012-08-22 Kentaro Hara <haraken@chromium.org>
[V8] Move context() from V8Proxy to ScriptController
......
......@@ -93,8 +93,9 @@ void WebWorkerClientImpl::startWorkerContext(const KURL& scriptURL, const String
if (document->page())
settings = document->page()->group().groupSettings();
RefPtr<DedicatedWorkerThread> thread = DedicatedWorkerThread::create(scriptURL, userAgent, settings, sourceCode, *this, *this, startMode,
m_scriptExecutionContext->contentSecurityPolicy()->deprecatedHeader(),
m_scriptExecutionContext->contentSecurityPolicy()->deprecatedHeaderType());
document->contentSecurityPolicy()->deprecatedHeader(),
document->contentSecurityPolicy()->deprecatedHeaderType(),
document->topDocument()->securityOrigin());
m_proxy->workerThreadCreated(thread);
thread->start();
InspectorInstrumentation::didStartWorkerContext(m_scriptExecutionContext.get(), m_proxy, scriptURL);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment