Allow blocking of IndexedDB in third-party contexts
authormkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 31 Jan 2013 14:57:55 +0000 (14:57 +0000)
committermkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 31 Jan 2013 14:57:55 +0000 (14:57 +0000)
commitcfba0f301a98fd216b95f46646cf7d6f775ad6c2
tree95d329bb5f90d3a1332431fc3c865fad07d798d1
parent3ecf6801dd7c33aebad8fbba9ba52ed07e3a064e
Allow blocking of IndexedDB in third-party contexts
https://bugs.webkit.org/show_bug.cgi?id=94171

Reviewed by Jochen Eisinger.

Source/WebCore:

This patch ensures that the origin of the top window is passed into
SecurityOrigin::canAccessDatabase when working with IndexedDB. Giving
SecurityOrigin access to this data means that it can properly check
whether the database is being opened in a third-party context, and
therefore properly enforce the third-party access checks that were
added in http://trac.webkit.org/changeset/125736.

Third-party checks are added to IDBFactory::open,
IDBFactory::deleteDatabase, and IDBFactory::getDatabaseNames; each will
now throw a SECURITY_ERR exception when access in a third-party context
if third-party access checks are enabled.

To make this process slightly more clear, and avoid some ugly casting
logic, this patch adds a 'topOrigin'  method to ScriptExecutionContext,
and implements it on both WorkerContext and Document.

Tests: http/tests/security/cross-origin-indexeddb-allowed.html
       http/tests/security/cross-origin-indexeddb.html
       http/tests/security/cross-origin-worker-indexeddb-allowed.html
       http/tests/security/cross-origin-worker-indexeddb.html

* Modules/indexeddb/IDBFactory.cpp:
(WebCore::IDBFactory::getDatabaseNames):
(WebCore::IDBFactory::openInternal):
(WebCore::IDBFactory::deleteDatabase):
    Grab the SecurityOrigin of the current context's top-level origin,
    and pass it to SecurityOrigin::canAccessDatabase to ensure that
    access checks are properly applied to these three methods.
* dom/Document.cpp:
(WebCore::Document::topOrigin):
(WebCore):
* dom/Document.h:
(Document):
* dom/ScriptExecutionContext.h:
(ScriptExecutionContext):
    Add a topOrigin() method to ScriptExecutionContext, and implement it
    on Document in order to give callers access to the top document's
    SecurityOrigin without casting ScriptExecutionContext.
* workers/WorkerContext.h:
    Change the existing topOrigin() method to override the new method
    on ScriptExecutionContext.

LayoutTests:

Add tests to ensure that IndexedDB can be blocked in a third-party
context in both normal documents and in workers. These tests are
modeled after the existing cross-origin-websql* tests; it might be
possible to reuse some code in the future.

* http/tests/security/cross-origin-indexeddb-allowed-expected.txt: Added.
* http/tests/security/cross-origin-indexeddb-allowed.html: Added.
* http/tests/security/cross-origin-indexeddb-expected.txt: Added.
* http/tests/security/cross-origin-indexeddb.html: Added.
* http/tests/security/cross-origin-worker-indexeddb-allowed-expected.txt: Added.
* http/tests/security/cross-origin-worker-indexeddb-allowed.html: Added.
* http/tests/security/cross-origin-worker-indexeddb-expected.txt: Added.
* http/tests/security/cross-origin-worker-indexeddb.html: Added.
* http/tests/security/resources/cross-origin-iframe-for-indexeddb.html: Added.
* http/tests/security/resources/cross-origin-iframe-for-worker-indexeddb.html: Added.
* http/tests/security/resources/document-for-cross-origin-worker-indexeddb.html: Added.
* http/tests/security/resources/worker-for-indexeddb.js: Added.
(self.onmessage):
    Add exciting new tests, with more boilerplate than I expected!
* platform/efl/TestExpectations:
* platform/mac-snowleopard/TestExpectations:
* platform/mac/TestExpectations:
* platform/qt/TestExpectations:
* platform/win/TestExpectations:
* platform/wincairo/TestExpectations:
    Skip these IndexedDB tests on platforms where the feature isn't
    enabled.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@141418 268f45cc-cd09-0410-ab3c-d52691b4dbfc
25 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-origin-indexeddb-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-indexeddb-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-indexeddb-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-indexeddb.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-worker-indexeddb-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-worker-indexeddb-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-worker-indexeddb-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-worker-indexeddb.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/cross-origin-iframe-for-indexeddb.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/cross-origin-iframe-for-worker-indexeddb.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/document-for-cross-origin-worker-indexeddb.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/worker-for-indexeddb.js [new file with mode: 0644]
LayoutTests/platform/efl/TestExpectations
LayoutTests/platform/mac-snowleopard/TestExpectations
LayoutTests/platform/mac/TestExpectations
LayoutTests/platform/qt/TestExpectations
LayoutTests/platform/win/TestExpectations
LayoutTests/platform/wincairo/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/Modules/indexeddb/IDBFactory.cpp
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/dom/ScriptExecutionContext.h
Source/WebCore/workers/WorkerContext.h