Allow blocking of Web SQL databases in third-party web workers
authorjpfau@apple.com <jpfau@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 22 Aug 2012 22:58:59 +0000 (22:58 +0000)
committerjpfau@apple.com <jpfau@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 22 Aug 2012 22:58:59 +0000 (22:58 +0000)
https://bugs.webkit.org/show_bug.cgi?id=94170

Reviewed by Adam Barth.

Source/WebCore:

Web workers did not previously know anything about the document that
spawned them. This is undefined for shared workers, but for dedicated
workers, we now pipe the information through.

Tests: http/tests/security/cross-origin-worker-websql-allowed.html
       http/tests/security/cross-origin-worker-websql.html

* Modules/webdatabase/WorkerContextWebDatabase.cpp: Pass information about the top origin to canAccessDatabase
(WebCore::WorkerContextWebDatabase::openDatabase):
(WebCore::WorkerContextWebDatabase::openDatabaseSync):
* WebCore.exp.in: Make SecurityOrigin::isolatedCopy const
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::isolatedCopy):
(WebCore::SecurityOrigin::canAccessStorage):
* page/SecurityOrigin.h:
* workers/DedicatedWorkerContext.cpp: Pass topOrigin
(WebCore::DedicatedWorkerContext::create):
(WebCore::DedicatedWorkerContext::DedicatedWorkerContext):
* workers/DedicatedWorkerContext.h:
(DedicatedWorkerContext):
* workers/DedicatedWorkerThread.cpp: Pass topOrigin
(WebCore::DedicatedWorkerThread::create):
(WebCore::DedicatedWorkerThread::DedicatedWorkerThread):
(WebCore::DedicatedWorkerThread::createWorkerContext):
* workers/DedicatedWorkerThread.h:
(DedicatedWorkerThread):
* workers/SharedWorkerContext.cpp: Pass topOrigin
(WebCore::SharedWorkerContext::SharedWorkerContext):
* workers/SharedWorkerThread.cpp:
(WebCore::SharedWorkerThread::SharedWorkerThread):
(WebCore::SharedWorkerThread::createWorkerContext):
* workers/SharedWorkerThread.h:
(SharedWorkerThread): Pass topOrigin
* workers/WorkerContext.cpp:
(WebCore::WorkerContext::WorkerContext):
* workers/WorkerContext.h:
(WebCore::WorkerContext::topOrigin):
(WorkerContext):
* workers/WorkerMessagingProxy.cpp: Pass topOrigin
(WebCore::WorkerMessagingProxy::startWorkerContext):
* workers/WorkerThread.cpp:
(WebCore::WorkerThreadStartupData::create):
(WorkerThreadStartupData):
(WebCore::WorkerThreadStartupData::WorkerThreadStartupData):
(WebCore::WorkerThread::WorkerThread):
(WebCore::WorkerThread::workerThread):
* workers/WorkerThread.h:
(WorkerThread):

Source/WebKit/chromium:

Web workers did not previously know anything about the document that
spawned them. This is undefined for shared workers, but for dedicated
workers, we now pipe the information through.

* src/WebWorkerClientImpl.cpp:
(WebKit::WebWorkerClientImpl::startWorkerContext): Pass top document's origin

LayoutTests:

Created tests for accessing openDatabase from a third party and first party dedicated workers when third-party blocking is on and off.

* http/tests/security/cross-origin-worker-websql-allowed-expected.txt: Added.
* http/tests/security/cross-origin-worker-websql-allowed.html: Added.
* http/tests/security/cross-origin-worker-websql-expected.txt: Added.
* http/tests/security/cross-origin-worker-websql.html: Added.
* http/tests/security/resources/cross-origin-iframe-for-worker-websql.html: Added.
* http/tests/security/resources/document-for-cross-origin-worker-websql.html: Added.
* http/tests/security/resources/worker-for-websql.js: Added.
(self.onmessage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@126365 268f45cc-cd09-0410-ab3c-d52691b4dbfc

27 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-origin-worker-websql-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-worker-websql-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-worker-websql-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-worker-websql.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/cross-origin-iframe-for-worker-websql.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/document-for-cross-origin-worker-websql.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/worker-for-websql.js [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/Modules/webdatabase/WorkerContextWebDatabase.cpp
Source/WebCore/WebCore.exp.in
Source/WebCore/page/SecurityOrigin.cpp
Source/WebCore/page/SecurityOrigin.h
Source/WebCore/workers/DedicatedWorkerContext.cpp
Source/WebCore/workers/DedicatedWorkerContext.h
Source/WebCore/workers/DedicatedWorkerThread.cpp
Source/WebCore/workers/DedicatedWorkerThread.h
Source/WebCore/workers/SharedWorkerContext.cpp
Source/WebCore/workers/SharedWorkerThread.cpp
Source/WebCore/workers/SharedWorkerThread.h
Source/WebCore/workers/WorkerContext.cpp
Source/WebCore/workers/WorkerContext.h
Source/WebCore/workers/WorkerMessagingProxy.cpp
Source/WebCore/workers/WorkerThread.cpp
Source/WebCore/workers/WorkerThread.h
Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/src/WebWorkerClientImpl.cpp

index d5faed1..5abe0e3 100644 (file)
@@ -1,3 +1,21 @@
+2012-08-17  Jeffrey Pfau  <jpfau@apple.com>
+
+        Allow blocking of Web SQL databases in third-party web workers
+        https://bugs.webkit.org/show_bug.cgi?id=94170
+
+        Reviewed by Adam Barth.
+
+        Created tests for accessing openDatabase from a third party and first party dedicated workers when third-party blocking is on and off.
+
+        * http/tests/security/cross-origin-worker-websql-allowed-expected.txt: Added.
+        * http/tests/security/cross-origin-worker-websql-allowed.html: Added.
+        * http/tests/security/cross-origin-worker-websql-expected.txt: Added.
+        * http/tests/security/cross-origin-worker-websql.html: Added.
+        * http/tests/security/resources/cross-origin-iframe-for-worker-websql.html: Added.
+        * http/tests/security/resources/document-for-cross-origin-worker-websql.html: Added.
+        * http/tests/security/resources/worker-for-websql.js: Added.
+        (self.onmessage):
+
 2012-08-22  Anna Cavender  <annacc@chromium.org>
 
         [Chromium/GTK/EFL] Flaky media/track/track-mode test.
diff --git a/LayoutTests/http/tests/security/cross-origin-worker-websql-allowed-expected.txt b/LayoutTests/http/tests/security/cross-origin-worker-websql-allowed-expected.txt
new file mode 100644 (file)
index 0000000..9946bb4
--- /dev/null
@@ -0,0 +1,16 @@
+This iframe should not return any errors:
+
+
+This iframe should not return any errors:
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+No exception
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+No exception
diff --git a/LayoutTests/http/tests/security/cross-origin-worker-websql-allowed.html b/LayoutTests/http/tests/security/cross-origin-worker-websql-allowed.html
new file mode 100644 (file)
index 0000000..807880e
--- /dev/null
@@ -0,0 +1,26 @@
+<html>
+<head>
+<script>
+var frames = 2;
+if (window.testRunner) {
+       testRunner.dumpAsText();
+       testRunner.dumpChildFramesAsText();
+       testRunner.waitUntilDone();
+}
+
+function decrement() {
+       --frames;
+       if (!frames && window.testRunner)
+               testRunner.notifyDone();
+}
+
+window.onmessage = decrement;
+</script>
+</head>
+<body>
+<p>This iframe should not return any errors:</p>
+<iframe src="http://localhost:8000/security/resources/cross-origin-iframe-for-worker-websql.html"></iframe>
+<p>This iframe should not return any errors:</p>
+<iframe src="http://127.0.0.1:8000/security/resources/cross-origin-iframe-for-worker-websql.html"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/cross-origin-worker-websql-expected.txt b/LayoutTests/http/tests/security/cross-origin-worker-websql-expected.txt
new file mode 100644 (file)
index 0000000..fa7bc1c
--- /dev/null
@@ -0,0 +1,16 @@
+This iframe should return a security error:
+
+
+This iframe should not return any errors:
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+SECURITY_ERR
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+No exception
diff --git a/LayoutTests/http/tests/security/cross-origin-worker-websql.html b/LayoutTests/http/tests/security/cross-origin-worker-websql.html
new file mode 100644 (file)
index 0000000..4eb17f0
--- /dev/null
@@ -0,0 +1,19 @@
+<html>
+<head>
+<script>
+
+if (window.testRunner) {
+       testRunner.dumpAsText();
+       testRunner.dumpChildFramesAsText();
+       testRunner.waitUntilDone();
+       testRunner.setCanOpenWindows(true);
+       testRunner.setCloseRemainingWindowsWhenComplete(true);
+       internals.settings.setThirdPartyStorageBlockingEnabled(true);
+}
+
+document.location = "resources/document-for-cross-origin-worker-websql.html"
+</script>
+</head>
+<body>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/resources/cross-origin-iframe-for-worker-websql.html b/LayoutTests/http/tests/security/resources/cross-origin-iframe-for-worker-websql.html
new file mode 100644 (file)
index 0000000..e15244d
--- /dev/null
@@ -0,0 +1,21 @@
+<html>
+<head>
+<script>
+window.onload = function() {
+       var worker = new Worker('worker-for-websql.js');
+       worker.postMessage(true);
+       worker.onmessage = function(event) {
+               if (event.data) {
+                       window.parent.postMessage(event.data, '*');
+                       document.write(event.data);
+               } else {
+                       window.parent.postMessage('No exception', '*');
+                       document.write('No exception');
+               }
+       };
+}
+</script>
+</head>
+<body>
+</body>
+</head>
diff --git a/LayoutTests/http/tests/security/resources/document-for-cross-origin-worker-websql.html b/LayoutTests/http/tests/security/resources/document-for-cross-origin-worker-websql.html
new file mode 100644 (file)
index 0000000..2dc2e3d
--- /dev/null
@@ -0,0 +1,22 @@
+<html>
+<head>
+<script>
+var frames = 2;
+
+function decrement(event) {
+       --frames;
+       if (!frames && window.testRunner) {
+               internals.settings.setThirdPartyStorageBlockingEnabled(false);
+               testRunner.notifyDone();
+       }
+}
+
+window.onmessage = decrement;
+</script>
+</head>
+<body>
+<p>This iframe should return a security error:</p>
+<iframe src="http://localhost:8000/security/resources/cross-origin-iframe-for-worker-websql.html"></iframe>
+<p>This iframe should not return any errors:</p>
+<iframe src="http://127.0.0.1:8000/security/resources/cross-origin-iframe-for-worker-websql.html"></iframe>
+</body>
diff --git a/LayoutTests/http/tests/security/resources/worker-for-websql.js b/LayoutTests/http/tests/security/resources/worker-for-websql.js
new file mode 100644 (file)
index 0000000..11a9b87
--- /dev/null
@@ -0,0 +1,8 @@
+self.onmessage = function() {
+       try {
+               var db = self.openDatabase('testdb', '1.0', 'Testing database', 512 * 1024);
+               self.postMessage(null);
+       } catch (exception) {
+               self.postMessage(exception.name);
+       }
+}
index c54fb29..a37a4c1 100644 (file)
@@ -1,3 +1,59 @@
+2012-08-17  Jeffrey Pfau  <jpfau@apple.com>
+
+        Allow blocking of Web SQL databases in third-party web workers
+        https://bugs.webkit.org/show_bug.cgi?id=94170
+
+        Reviewed by Adam Barth.
+
+        Web workers did not previously know anything about the document that
+        spawned them. This is undefined for shared workers, but for dedicated
+        workers, we now pipe the information through.
+
+        Tests: http/tests/security/cross-origin-worker-websql-allowed.html
+               http/tests/security/cross-origin-worker-websql.html
+
+        * Modules/webdatabase/WorkerContextWebDatabase.cpp: Pass information about the top origin to canAccessDatabase
+        (WebCore::WorkerContextWebDatabase::openDatabase):
+        (WebCore::WorkerContextWebDatabase::openDatabaseSync):
+        * WebCore.exp.in: Make SecurityOrigin::isolatedCopy const
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::isolatedCopy):
+        (WebCore::SecurityOrigin::canAccessStorage):
+        * page/SecurityOrigin.h:
+        * workers/DedicatedWorkerContext.cpp: Pass topOrigin
+        (WebCore::DedicatedWorkerContext::create):
+        (WebCore::DedicatedWorkerContext::DedicatedWorkerContext):
+        * workers/DedicatedWorkerContext.h:
+        (DedicatedWorkerContext):
+        * workers/DedicatedWorkerThread.cpp: Pass topOrigin
+        (WebCore::DedicatedWorkerThread::create):
+        (WebCore::DedicatedWorkerThread::DedicatedWorkerThread):
+        (WebCore::DedicatedWorkerThread::createWorkerContext):
+        * workers/DedicatedWorkerThread.h:
+        (DedicatedWorkerThread):
+        * workers/SharedWorkerContext.cpp: Pass topOrigin
+        (WebCore::SharedWorkerContext::SharedWorkerContext):
+        * workers/SharedWorkerThread.cpp:
+        (WebCore::SharedWorkerThread::SharedWorkerThread):
+        (WebCore::SharedWorkerThread::createWorkerContext):
+        * workers/SharedWorkerThread.h:
+        (SharedWorkerThread): Pass topOrigin
+        * workers/WorkerContext.cpp:
+        (WebCore::WorkerContext::WorkerContext):
+        * workers/WorkerContext.h:
+        (WebCore::WorkerContext::topOrigin):
+        (WorkerContext):
+        * workers/WorkerMessagingProxy.cpp: Pass topOrigin
+        (WebCore::WorkerMessagingProxy::startWorkerContext):
+        * workers/WorkerThread.cpp:
+        (WebCore::WorkerThreadStartupData::create):
+        (WorkerThreadStartupData):
+        (WebCore::WorkerThreadStartupData::WorkerThreadStartupData):
+        (WebCore::WorkerThread::WorkerThread):
+        (WebCore::WorkerThread::workerThread):
+        * workers/WorkerThread.h:
+        (WorkerThread):
+
 2012-08-22  Kentaro Hara  <haraken@chromium.org>
 
         [V8] Move context() from V8Proxy to ScriptController
index 95efa5a..899b705 100644 (file)
@@ -43,7 +43,7 @@ namespace WebCore {
 
 PassRefPtr<Database> WorkerContextWebDatabase::openDatabase(WorkerContext* context, const String& name, const String& version, const String& displayName, unsigned long estimatedSize, PassRefPtr<DatabaseCallback> creationCallback, ExceptionCode& ec)
 {
-    if (!context->securityOrigin()->canAccessDatabase() || !AbstractDatabase::isAvailable()) {
+    if (!context->securityOrigin()->canAccessDatabase(context->topOrigin()) || !AbstractDatabase::isAvailable()) {
         ec = SECURITY_ERR;
         return 0;
     }
@@ -53,7 +53,7 @@ PassRefPtr<Database> WorkerContextWebDatabase::openDatabase(WorkerContext* conte
 
 PassRefPtr<DatabaseSync> WorkerContextWebDatabase::openDatabaseSync(WorkerContext* context, const String& name, const String& version, const String& displayName, unsigned long estimatedSize, PassRefPtr<DatabaseCallback> creationCallback, ExceptionCode& ec)
 {
-    if (!context->securityOrigin()->canAccessDatabase() || !AbstractDatabase::isAvailable()) {
+    if (!context->securityOrigin()->canAccessDatabase(context->topOrigin()) || !AbstractDatabase::isAvailable()) {
         ec = SECURITY_ERR;
         return 0;
     }
index ba62f4c..770dd85 100644 (file)
@@ -293,7 +293,6 @@ __ZN7WebCore14ScrollableArea6scrollENS_15ScrollDirectionENS_17ScrollGranularityE
 __ZN7WebCore14ScrollableAreaC2Ev
 __ZN7WebCore14ScrollableAreaD2Ev
 __ZN7WebCore14ScrollbarTheme5themeEv
-__ZN7WebCore14SecurityOrigin12isolatedCopyEv
 __ZN7WebCore14SecurityOrigin16createFromStringERKN3WTF6StringE
 __ZN7WebCore14SecurityOrigin28createFromDatabaseIdentifierERKN3WTF6StringE
 __ZN7WebCore14SecurityOrigin6createERKN3WTF6StringES4_i
@@ -1174,6 +1173,7 @@ __ZNK7WebCore14ScrollableArea23mouseEnteredContentAreaEv
 __ZNK7WebCore14ScrollableArea23mouseMovedInContentAreaEv
 __ZNK7WebCore14SecurityOrigin10canDisplayERKNS_4KURLE
 __ZNK7WebCore14SecurityOrigin11toRawStringEv
+__ZNK7WebCore14SecurityOrigin12isolatedCopyEv
 __ZNK7WebCore14SecurityOrigin18databaseIdentifierEv
 __ZNK7WebCore14SecurityOrigin5equalEPKS0_
 __ZNK7WebCore14SecurityOrigin8toStringEv
index bb79e55..f5cd1c5 100644 (file)
@@ -215,7 +215,7 @@ PassRefPtr<SecurityOrigin> SecurityOrigin::createUnique()
     return origin.release();
 }
 
-PassRefPtr<SecurityOrigin> SecurityOrigin::isolatedCopy()
+PassRefPtr<SecurityOrigin> SecurityOrigin::isolatedCopy() const
 {
     return adoptRef(new SecurityOrigin(this));
 }
@@ -400,7 +400,7 @@ bool SecurityOrigin::canAccessStorage(const SecurityOrigin* topOrigin) const
     if (!topOrigin)
         return true;
 
-    if (m_blockThirdPartyStorage && topOrigin->isThirdParty(this))
+    if ((m_blockThirdPartyStorage || topOrigin->m_blockThirdPartyStorage) && topOrigin->isThirdParty(this))
         return false;
 
     return true;
index fb8e036..2e32cfb 100644 (file)
@@ -54,7 +54,7 @@ public:
 
     // Create a deep copy of this SecurityOrigin. This method is useful
     // when marshalling a SecurityOrigin to another thread.
-    PassRefPtr<SecurityOrigin> isolatedCopy();
+    PassRefPtr<SecurityOrigin> isolatedCopy() const;
 
     // Set the domain property of this security origin to newDomain. This
     // function does not check whether newDomain is a suffix of the current
index d31da76..769de8c 100644 (file)
 namespace WebCore {
 
 // static
-PassRefPtr<DedicatedWorkerContext> DedicatedWorkerContext::create(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, DedicatedWorkerThread* thread, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
+PassRefPtr<DedicatedWorkerContext> DedicatedWorkerContext::create(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, DedicatedWorkerThread* thread, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin> topOrigin)
 {
-    RefPtr<DedicatedWorkerContext> context = adoptRef(new DedicatedWorkerContext(url, userAgent, settings, thread));
+    RefPtr<DedicatedWorkerContext> context = adoptRef(new DedicatedWorkerContext(url, userAgent, settings, thread, topOrigin));
     context->applyContentSecurityPolicyFromString(contentSecurityPolicy, contentSecurityPolicyType);
     return context.release();
 }
 
-DedicatedWorkerContext::DedicatedWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, DedicatedWorkerThread* thread)
-    : WorkerContext(url, userAgent, settings, thread)
+DedicatedWorkerContext::DedicatedWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, DedicatedWorkerThread* thread, PassRefPtr<SecurityOrigin> topOrigin)
+    : WorkerContext(url, userAgent, settings, thread, topOrigin)
 {
 }
 
index fdd1189..12f7ca2 100644 (file)
@@ -44,7 +44,7 @@ namespace WebCore {
     class DedicatedWorkerContext : public WorkerContext {
     public:
         typedef WorkerContext Base;
-        static PassRefPtr<DedicatedWorkerContext> create(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, DedicatedWorkerThread*, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType);
+        static PassRefPtr<DedicatedWorkerContext> create(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, DedicatedWorkerThread*, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin> topOrigin);
 
         virtual bool isDedicatedWorkerContext() const { return true; }
 
@@ -63,7 +63,7 @@ namespace WebCore {
 
         DedicatedWorkerThread* thread();
     private:
-        DedicatedWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, DedicatedWorkerThread*);
+        DedicatedWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, DedicatedWorkerThread*, PassRefPtr<SecurityOrigin> topOrigin);
     };
 
 } // namespace WebCore
index 81a4edf..738d2c0 100644 (file)
 
 namespace WebCore {
 
-PassRefPtr<DedicatedWorkerThread> DedicatedWorkerThread::create(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
+PassRefPtr<DedicatedWorkerThread> DedicatedWorkerThread::create(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
 {
-    return adoptRef(new DedicatedWorkerThread(scriptURL, userAgent, settings, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType));
+    return adoptRef(new DedicatedWorkerThread(scriptURL, userAgent, settings, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType, topOrigin));
 }
 
-DedicatedWorkerThread::DedicatedWorkerThread(const KURL& url, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
-    : WorkerThread(url, userAgent, settings, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType)
+DedicatedWorkerThread::DedicatedWorkerThread(const KURL& url, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
+    : WorkerThread(url, userAgent, settings, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType, topOrigin)
     , m_workerObjectProxy(workerObjectProxy)
 {
 }
@@ -54,9 +54,9 @@ DedicatedWorkerThread::~DedicatedWorkerThread()
 {
 }
 
-PassRefPtr<WorkerContext> DedicatedWorkerThread::createWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
+PassRefPtr<WorkerContext> DedicatedWorkerThread::createWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin> topOrigin)
 {
-    return DedicatedWorkerContext::create(url, userAgent, settings, this, contentSecurityPolicy, contentSecurityPolicyType);
+    return DedicatedWorkerContext::create(url, userAgent, settings, this, contentSecurityPolicy, contentSecurityPolicyType, topOrigin);
 }
 
 void DedicatedWorkerThread::runEventLoop()
index 5aa13d0..5d94072 100644 (file)
@@ -41,16 +41,16 @@ namespace WebCore {
 
     class DedicatedWorkerThread : public WorkerThread {
     public:
-        static PassRefPtr<DedicatedWorkerThread> create(const KURL& scriptURL, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
+        static PassRefPtr<DedicatedWorkerThread> create(const KURL& scriptURL, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, const SecurityOrigin* topOrigin);
         WorkerObjectProxy& workerObjectProxy() const { return m_workerObjectProxy; }
         ~DedicatedWorkerThread();
 
     protected:
-        virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
+        virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, PassRefPtr<SecurityOrigin> topOrigin);
         virtual void runEventLoop();
 
     private:
-        DedicatedWorkerThread(const KURL&, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
+        DedicatedWorkerThread(const KURL&, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, const SecurityOrigin* topOrigin);
 
         WorkerObjectProxy& m_workerObjectProxy;
     };
index cbd2a34..7997002 100644 (file)
@@ -59,7 +59,7 @@ PassRefPtr<SharedWorkerContext> SharedWorkerContext::create(const String& name,
 }
 
 SharedWorkerContext::SharedWorkerContext(const String& name, const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, SharedWorkerThread* thread)
-    : WorkerContext(url, userAgent, settings, thread)
+    : WorkerContext(url, userAgent, settings, thread, 0)
     , m_name(name)
 {
 }
index d39b335..5631587 100644 (file)
@@ -44,7 +44,7 @@ PassRefPtr<SharedWorkerThread> SharedWorkerThread::create(const String& name, co
 }
 
 SharedWorkerThread::SharedWorkerThread(const String& name, const KURL& url, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
-    : WorkerThread(url, userAgent, settings, sourceCode, workerLoaderProxy, workerReportingProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType)
+    : WorkerThread(url, userAgent, settings, sourceCode, workerLoaderProxy, workerReportingProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType, 0)
     , m_name(name.isolatedCopy())
 {
 }
@@ -53,7 +53,7 @@ SharedWorkerThread::~SharedWorkerThread()
 {
 }
 
-PassRefPtr<WorkerContext> SharedWorkerThread::createWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
+PassRefPtr<WorkerContext> SharedWorkerThread::createWorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin>)
 {
     return SharedWorkerContext::create(m_name, url, userAgent, settings, this, contentSecurityPolicy, contentSecurityPolicyType);
 }
index c343824..c383313 100644 (file)
@@ -43,7 +43,7 @@ namespace WebCore {
         ~SharedWorkerThread();
 
     protected:
-        virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
+        virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, PassRefPtr<SecurityOrigin> topOrigin);
 
     private:
         SharedWorkerThread(const String& name, const KURL&, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
index e5bd15e..d7eaf5d 100644 (file)
@@ -85,7 +85,7 @@ public:
     virtual bool isCleanupTask() const { return true; }
 };
 
-WorkerContext::WorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, WorkerThread* thread)
+WorkerContext::WorkerContext(const KURL& url, const String& userAgent, PassOwnPtr<GroupSettings> settings, WorkerThread* thread, PassRefPtr<SecurityOrigin> topOrigin)
     : m_url(url)
     , m_userAgent(userAgent)
     , m_groupSettings(settings)
@@ -96,6 +96,7 @@ WorkerContext::WorkerContext(const KURL& url, const String& userAgent, PassOwnPt
 #endif
     , m_closing(false)
     , m_eventQueue(WorkerEventQueue::create(this))
+    , m_topOrigin(topOrigin)
 {
     setSecurityOrigin(SecurityOrigin::create(url));
 }
index 34819d0..a6d60c8 100644 (file)
@@ -138,8 +138,10 @@ namespace WebCore {
         void unregisterObserver(Observer*);
         void notifyObserversOfStop();
 
+        const SecurityOrigin* topOrigin() const { return m_topOrigin.get(); }
+
     protected:
-        WorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, WorkerThread*);
+        WorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, WorkerThread*, PassRefPtr<SecurityOrigin> topOrigin);
         void applyContentSecurityPolicyFromString(const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
 
         virtual void logExceptionToConsole(const String& errorMessage, const String& sourceURL, int lineNumber, PassRefPtr<ScriptCallStack>);
@@ -183,6 +185,8 @@ namespace WebCore {
         HashSet<Observer*> m_workerObservers;
 
         OwnPtr<WorkerEventQueue> m_eventQueue;
+
+        RefPtr<SecurityOrigin> m_topOrigin;
     };
 
 } // namespace WebCore
index 6f839f0..c35d8e8 100644 (file)
@@ -280,8 +280,9 @@ void WorkerMessagingProxy::startWorkerContext(const KURL& scriptURL, const Strin
     if (document->page())
         settings = document->page()->group().groupSettings();
     RefPtr<DedicatedWorkerThread> thread = DedicatedWorkerThread::create(scriptURL, userAgent, settings, sourceCode, *this, *this, startMode,
-                                                                         m_scriptExecutionContext->contentSecurityPolicy()->deprecatedHeader(),
-                                                                         m_scriptExecutionContext->contentSecurityPolicy()->deprecatedHeaderType());
+                                                                         document->contentSecurityPolicy()->deprecatedHeader(),
+                                                                         document->contentSecurityPolicy()->deprecatedHeaderType(),
+                                                                         document->topDocument()->securityOrigin());
     workerThreadCreated(thread);
     thread->start();
     InspectorInstrumentation::didStartWorkerContext(m_scriptExecutionContext.get(), this, scriptURL);
index bd0355c..d18c90d 100644 (file)
@@ -71,9 +71,9 @@ unsigned WorkerThread::workerThreadCount()
 struct WorkerThreadStartupData {
     WTF_MAKE_NONCOPYABLE(WorkerThreadStartupData); WTF_MAKE_FAST_ALLOCATED;
 public:
-    static PassOwnPtr<WorkerThreadStartupData> create(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
+    static PassOwnPtr<WorkerThreadStartupData> create(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
     {
-        return adoptPtr(new WorkerThreadStartupData(scriptURL, userAgent, settings, sourceCode, startMode, contentSecurityPolicy, contentSecurityPolicyType));
+        return adoptPtr(new WorkerThreadStartupData(scriptURL, userAgent, settings, sourceCode, startMode, contentSecurityPolicy, contentSecurityPolicyType, topOrigin));
     }
 
     KURL m_scriptURL;
@@ -83,17 +83,19 @@ public:
     WorkerThreadStartMode m_startMode;
     String m_contentSecurityPolicy;
     ContentSecurityPolicy::HeaderType m_contentSecurityPolicyType;
+    RefPtr<SecurityOrigin> m_topOrigin;
 private:
-    WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType);
+    WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const GroupSettings*, const String& sourceCode, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin);
 };
 
-WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
+WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
     : m_scriptURL(scriptURL.copy())
     , m_userAgent(userAgent.isolatedCopy())
     , m_sourceCode(sourceCode.isolatedCopy())
     , m_startMode(startMode)
     , m_contentSecurityPolicy(contentSecurityPolicy.isolatedCopy())
     , m_contentSecurityPolicyType(contentSecurityPolicyType)
+    , m_topOrigin(topOrigin ? topOrigin->isolatedCopy() : 0)
 {
     if (!settings)
         return;
@@ -104,11 +106,11 @@ WorkerThreadStartupData::WorkerThreadStartupData(const KURL& scriptURL, const St
     m_groupSettings->setIndexedDBDatabasePath(settings->indexedDBDatabasePath().isolatedCopy());
 }
 
-WorkerThread::WorkerThread(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
+WorkerThread::WorkerThread(const KURL& scriptURL, const String& userAgent, const GroupSettings* settings, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
     : m_threadID(0)
     , m_workerLoaderProxy(workerLoaderProxy)
     , m_workerReportingProxy(workerReportingProxy)
-    , m_startupData(WorkerThreadStartupData::create(scriptURL, userAgent, settings, sourceCode, startMode, contentSecurityPolicy, contentSecurityPolicyType))
+    , m_startupData(WorkerThreadStartupData::create(scriptURL, userAgent, settings, sourceCode, startMode, contentSecurityPolicy, contentSecurityPolicyType, topOrigin))
 #if ENABLE(NOTIFICATIONS) || ENABLE(LEGACY_NOTIFICATIONS)
     , m_notificationClient(0)
 #endif
@@ -146,7 +148,7 @@ void WorkerThread::workerThread()
 {
     {
         MutexLocker lock(m_threadCreationMutex);
-        m_workerContext = createWorkerContext(m_startupData->m_scriptURL, m_startupData->m_userAgent, m_startupData->m_groupSettings.release(), m_startupData->m_contentSecurityPolicy, m_startupData->m_contentSecurityPolicyType);
+        m_workerContext = createWorkerContext(m_startupData->m_scriptURL, m_startupData->m_userAgent, m_startupData->m_groupSettings.release(), m_startupData->m_contentSecurityPolicy, m_startupData->m_contentSecurityPolicyType, m_startupData->m_topOrigin.release());
 
         if (m_runLoop.terminated()) {
             // The worker was terminated before the thread had a chance to run. Since the context didn't exist yet,
index 670e3cd..dc3072f 100644 (file)
@@ -31,6 +31,7 @@
 
 #include "ContentSecurityPolicy.h"
 #include "GroupSettings.h"
+#include "SecurityOrigin.h"
 #include "WorkerRunLoop.h"
 #include <wtf/Forward.h>
 #include <wtf/OwnPtr.h>
@@ -69,10 +70,10 @@ namespace WebCore {
 #endif
 
     protected:
-        WorkerThread(const KURL&, const String& userAgent, const GroupSettings*,  const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
+        WorkerThread(const KURL&, const String& userAgent, const GroupSettings*,  const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, const SecurityOrigin* topOrigin);
 
         // Factory method for creating a new worker context for the thread.
-        virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType) = 0;
+        virtual PassRefPtr<WorkerContext> createWorkerContext(const KURL&, const String& userAgent, PassOwnPtr<GroupSettings>, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, PassRefPtr<SecurityOrigin> topOrigin) = 0;
 
         // Executes the event loop for the worker thread. Derived classes can override to perform actions before/after entering the event loop.
         virtual void runEventLoop();
index be2fa98..141fcd1 100644 (file)
@@ -1,3 +1,18 @@
+2012-08-17  Jeffrey Pfau  <jpfau@apple.com>
+
+        Allow blocking of Web SQL databases in third-party web workers
+        https://bugs.webkit.org/show_bug.cgi?id=94170
+
+        Reviewed by Adam Barth.
+
+        Web workers did not previously know anything about the document that
+        spawned them. This is undefined for shared workers, but for dedicated
+        workers, we now pipe the information through.
+
+
+        * src/WebWorkerClientImpl.cpp:
+        (WebKit::WebWorkerClientImpl::startWorkerContext): Pass top document's origin
+
 2012-08-22  Kentaro Hara  <haraken@chromium.org>
 
         [V8] Move context() from V8Proxy to ScriptController
index c6fd505..ccf90ca 100644 (file)
@@ -93,8 +93,9 @@ void WebWorkerClientImpl::startWorkerContext(const KURL& scriptURL, const String
     if (document->page())
         settings = document->page()->group().groupSettings();
     RefPtr<DedicatedWorkerThread> thread = DedicatedWorkerThread::create(scriptURL, userAgent, settings, sourceCode, *this, *this, startMode,
-                                                                         m_scriptExecutionContext->contentSecurityPolicy()->deprecatedHeader(),
-                                                                         m_scriptExecutionContext->contentSecurityPolicy()->deprecatedHeaderType());
+                                                                         document->contentSecurityPolicy()->deprecatedHeader(),
+                                                                         document->contentSecurityPolicy()->deprecatedHeaderType(),
+                                                                         document->topDocument()->securityOrigin());
     m_proxy->workerThreadCreated(thread);
     thread->start();
     InspectorInstrumentation::didStartWorkerContext(m_scriptExecutionContext.get(), m_proxy, scriptURL);