Clients.get(id) should only returns clients in the service worker's origin
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Jan 2018 23:08:23 +0000 (23:08 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Jan 2018 23:08:23 +0000 (23:08 +0000)
https://bugs.webkit.org/show_bug.cgi?id=182149
<rdar://problem/36882310>

Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Rebase WPT test that is now passing.

* web-platform-tests/service-workers/service-worker/clients-get-cross-origin.https-expected.txt:

Source/WebCore:

When looking for SW clients with a given identifier, only look in the list of
clients that have the same origin as the service worker.

No new tests, rebaselined existing test.

* workers/service/server/SWServer.cpp:
(WebCore::SWServer::serviceWorkerClientWithOriginByID const):
(WebCore::SWServer::serviceWorkerClientByID const): Deleted.
* workers/service/server/SWServer.h:
* workers/service/server/SWServerWorker.cpp:
(WebCore::SWServerWorker::findClientByIdentifier const):
* workers/service/server/SWServerWorker.h:

Source/WebKit:

* StorageProcess/ServiceWorker/WebSWServerConnection.cpp:
(WebKit::WebSWServerConnection::postMessageToServiceWorker):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227638 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/clients-get-cross-origin.https-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/workers/service/server/SWServer.cpp
Source/WebCore/workers/service/server/SWServer.h
Source/WebCore/workers/service/server/SWServerWorker.cpp
Source/WebCore/workers/service/server/SWServerWorker.h
Source/WebKit/ChangeLog
Source/WebKit/StorageProcess/ServiceWorker/WebSWServerConnection.cpp

index d4d5057..7a9227d 100644 (file)
@@ -1,3 +1,15 @@
+2018-01-25  Chris Dumez  <cdumez@apple.com>
+
+        Clients.get(id) should only returns clients in the service worker's origin
+        https://bugs.webkit.org/show_bug.cgi?id=182149
+        <rdar://problem/36882310>
+
+        Reviewed by Youenn Fablet.
+
+        Rebase WPT test that is now passing.
+
+        * web-platform-tests/service-workers/service-worker/clients-get-cross-origin.https-expected.txt:
+
 2018-01-25  Youenn Fablet  <youenn@apple.com>
 
         ShapeOutside should use same origin credentials mode
index f81017a..8b7493a 100644 (file)
@@ -1,3 +1,3 @@
 
-FAIL Test Clients.get() cross origin assert_equals: iframe client ID expected (undefined) undefined but got (object) [["visible", true, "https://localhost:9443/service-workers/service-worker/resources/clients-get-frame.html", "window", "nested"]]
+PASS Test Clients.get() cross origin 
 
index 4cdc702..4274882 100644 (file)
@@ -1,3 +1,24 @@
+2018-01-25  Chris Dumez  <cdumez@apple.com>
+
+        Clients.get(id) should only returns clients in the service worker's origin
+        https://bugs.webkit.org/show_bug.cgi?id=182149
+        <rdar://problem/36882310>
+
+        Reviewed by Youenn Fablet.
+
+        When looking for SW clients with a given identifier, only look in the list of
+        clients that have the same origin as the service worker.
+
+        No new tests, rebaselined existing test.
+
+        * workers/service/server/SWServer.cpp:
+        (WebCore::SWServer::serviceWorkerClientWithOriginByID const):
+        (WebCore::SWServer::serviceWorkerClientByID const): Deleted.
+        * workers/service/server/SWServer.h:
+        * workers/service/server/SWServerWorker.cpp:
+        (WebCore::SWServerWorker::findClientByIdentifier const):
+        * workers/service/server/SWServerWorker.h:
+
 2018-01-25  Youenn Fablet  <youenn@apple.com>
 
         WebPluginInfoProvider should handle null host queries
index 86ab2fb..8447396 100644 (file)
@@ -93,12 +93,18 @@ SWServerWorker* SWServer::workerByID(ServiceWorkerIdentifier identifier) const
     return worker;
 }
 
-std::optional<ServiceWorkerClientData> SWServer::serviceWorkerClientByID(const ServiceWorkerClientIdentifier& clientIdentifier) const
+std::optional<ServiceWorkerClientData> SWServer::serviceWorkerClientWithOriginByID(const ClientOrigin& clientOrigin, const ServiceWorkerClientIdentifier& clientIdentifier) const
 {
-    auto iterator = m_clientsById.find(clientIdentifier);
-    if (iterator == m_clientsById.end())
+    auto iterator = m_clientIdentifiersPerOrigin.find(clientOrigin);
+    if (iterator == m_clientIdentifiersPerOrigin.end())
         return std::nullopt;
-    return iterator->value;
+
+    if (!iterator->value.identifiers.contains(clientIdentifier))
+        return std::nullopt;
+
+    auto clientIterator = m_clientsById.find(clientIdentifier);
+    ASSERT(clientIterator != m_clientsById.end());
+    return clientIterator->value;
 }
 
 SWServerWorker* SWServer::activeWorkerFromRegistrationID(ServiceWorkerRegistrationIdentifier identifier)
index 732d502..ffc1e59 100644 (file)
@@ -147,7 +147,7 @@ public:
     void fireActivateEvent(SWServerWorker&);
 
     WEBCORE_EXPORT SWServerWorker* workerByID(ServiceWorkerIdentifier) const;
-    WEBCORE_EXPORT std::optional<ServiceWorkerClientData> serviceWorkerClientByID(const ServiceWorkerClientIdentifier&) const;
+    std::optional<ServiceWorkerClientData> serviceWorkerClientWithOriginByID(const ClientOrigin&, const ServiceWorkerClientIdentifier&) const;
     WEBCORE_EXPORT SWServerWorker* activeWorkerFromRegistrationID(ServiceWorkerRegistrationIdentifier);
 
     WEBCORE_EXPORT void markAllWorkersAsTerminated();
index 0af7db5..666162c 100644 (file)
@@ -117,7 +117,7 @@ void SWServerWorker::contextTerminated()
 
 std::optional<ServiceWorkerClientData> SWServerWorker::findClientByIdentifier(const ServiceWorkerClientIdentifier& clientId) const
 {
-    return m_server.serviceWorkerClientByID(clientId);
+    return m_server.serviceWorkerClientWithOriginByID(origin(), clientId);
 }
 
 void SWServerWorker::matchAll(const ServiceWorkerClientQueryOptions& options, ServiceWorkerClientsMatchAllCallback&& callback)
index cc71399..f7c04ec 100644 (file)
@@ -92,7 +92,7 @@ public:
     void didFinishInstall(const std::optional<ServiceWorkerJobDataIdentifier>&, bool wasSuccessful);
     void didFinishActivation();
     void contextTerminated();
-    std::optional<ServiceWorkerClientData> findClientByIdentifier(const ServiceWorkerClientIdentifier&) const;
+    WEBCORE_EXPORT std::optional<ServiceWorkerClientData> findClientByIdentifier(const ServiceWorkerClientIdentifier&) const;
     void matchAll(const ServiceWorkerClientQueryOptions&, ServiceWorkerClientsMatchAllCallback&&);
     void claim();
 
index f4f4d31..45286c0 100644 (file)
@@ -1,3 +1,14 @@
+2018-01-25  Chris Dumez  <cdumez@apple.com>
+
+        Clients.get(id) should only returns clients in the service worker's origin
+        https://bugs.webkit.org/show_bug.cgi?id=182149
+        <rdar://problem/36882310>
+
+        Reviewed by Youenn Fablet.
+
+        * StorageProcess/ServiceWorker/WebSWServerConnection.cpp:
+        (WebKit::WebSWServerConnection::postMessageToServiceWorker):
+
 2018-01-25  Youenn Fablet  <youenn@apple.com>
 
         WebPluginInfoProvider should handle null host queries
index 1a31698..ad08f1d 100644 (file)
@@ -178,7 +178,11 @@ void WebSWServerConnection::postMessageToServiceWorker(ServiceWorkerIdentifier d
         if (auto* sourceWorker = server().workerByID(identifier))
             sourceData = ServiceWorkerOrClientData { sourceWorker->data() };
     }, [&](ServiceWorkerClientIdentifier identifier) {
-        if (auto clientData = server().serviceWorkerClientByID(identifier))
+        auto* destinationWorker = server().workerByID(destinationIdentifier);
+        if (!destinationWorker)
+            return;
+
+        if (auto clientData = destinationWorker->findClientByIdentifier(identifier))
             sourceData = ServiceWorkerOrClientData { *clientData };
     });