https://bugs.webkit.org/show_bug.cgi?id=181385
Patch by Youenn Fablet <youenn@apple.com> on 2018-01-08
Reviewed by Chris Dumez.
LayoutTests/imported/w3c:
* web-platform-tests/service-workers/service-worker/service-worker-csp-connect.https-expected.txt:
* web-platform-tests/service-workers/service-worker/service-worker-csp-default.https-expected.txt:
* web-platform-tests/service-workers/service-worker/service-worker-csp-script.https-expected.txt:
Source/WebCore:
Covered by rebased tests.
Added recovery of CSP information from WorkerScriptLoader.
Added plumbing to pass the CSP information to Service Workers.
Added persistency support for the CSP information.
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadAsynchronously):
(WebCore::WorkerScriptLoader::didReceiveResponse):
* workers/WorkerScriptLoader.h:
(WebCore::WorkerScriptLoader::contentSecurityPolicy const):
* workers/service/SWClientConnection.cpp:
(WebCore::SWClientConnection::finishedFetchingScript):
(WebCore::SWClientConnection::failedFetchingScript):
* workers/service/SWClientConnection.h:
* workers/service/ServiceWorkerContainer.cpp:
(WebCore::ServiceWorkerContainer::addRegistration):
(WebCore::ServiceWorkerContainer::jobFailedWithException):
(WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
(WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
* workers/service/ServiceWorkerContainer.h:
* workers/service/ServiceWorkerContextData.cpp:
(WebCore::ServiceWorkerContextData::isolatedCopy const):
* workers/service/ServiceWorkerContextData.h:
(WebCore::ServiceWorkerContextData::encode const):
(WebCore::ServiceWorkerContextData::decode):
* workers/service/ServiceWorkerFetchResult.h:
(WebCore::ServiceWorkerFetchResult::encode const):
(WebCore::ServiceWorkerFetchResult::decode):
* workers/service/ServiceWorkerGlobalScope.cpp:
(WebCore::ServiceWorkerGlobalScope::create):
* workers/service/ServiceWorkerGlobalScope.h:
* workers/service/ServiceWorkerJob.cpp:
(WebCore::ServiceWorkerJob::notifyFinished):
* workers/service/ServiceWorkerJobClient.h:
* workers/service/context/ServiceWorkerThread.cpp:
(WebCore::ServiceWorkerThread::ServiceWorkerThread):
(WebCore::ServiceWorkerThread::createWorkerGlobalScope):
* workers/service/server/RegistrationDatabase.cpp:
(WebCore::v1RecordsTableSchema):
(WebCore::RegistrationDatabase::openSQLiteDatabase):
(WebCore::RegistrationDatabase::doPushChanges):
(WebCore::RegistrationDatabase::importRecords):
* workers/service/server/SWServer.cpp:
(WebCore::SWServer::updateWorker):
(WebCore::SWServer::installContextData):
* workers/service/server/SWServer.h:
* workers/service/server/SWServerJobQueue.cpp:
(WebCore::SWServerJobQueue::scriptFetchFinished):
* workers/service/server/SWServerWorker.cpp:
(WebCore::SWServerWorker::SWServerWorker):
(WebCore::m_contentSecurityPolicy):
(WebCore::SWServerWorker::contextData const):
* workers/service/server/SWServerWorker.h:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226532
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
2018-01-08 Youenn Fablet <youenn@apple.com>
+ Add CSP support to service workers
+ https://bugs.webkit.org/show_bug.cgi?id=181385
+
+ Reviewed by Chris Dumez.
+
+ * web-platform-tests/service-workers/service-worker/service-worker-csp-connect.https-expected.txt:
+ * web-platform-tests/service-workers/service-worker/service-worker-csp-default.https-expected.txt:
+ * web-platform-tests/service-workers/service-worker/service-worker-csp-script.https-expected.txt:
+
+2018-01-08 Youenn Fablet <youenn@apple.com>
+
Use no-cache fetch mode when loading main documents with location.reload()
https://bugs.webkit.org/show_bug.cgi?id=181285
PASS CSP test for connect-src in ServiceWorkerGlobalScope
PASS importScripts test for connect-src
-FAIL Fetch test for connect-src assert_unreached: unexpected rejection: assert_unreached: fetch should fail. Reached unreachable code Reached unreachable code
-FAIL Redirected fetch test for connect-src assert_unreached: unexpected rejection: assert_unreached: Redirected fetch should fail. Reached unreachable code Reached unreachable code
+PASS Fetch test for connect-src
+PASS Redirected fetch test for connect-src
PASS CSP test for default-src in ServiceWorkerGlobalScope
-FAIL importScripts test for default-src assert_true: Importing the other origins script should fail. expected true got false
-FAIL Fetch test for default-src assert_unreached: unexpected rejection: assert_unreached: fetch should fail. Reached unreachable code Reached unreachable code
-FAIL Redirected fetch test for default-src assert_unreached: unexpected rejection: assert_unreached: Redirected fetch should fail. Reached unreachable code Reached unreachable code
+PASS importScripts test for default-src
+PASS Fetch test for default-src
+PASS Redirected fetch test for default-src
PASS CSP test for script-src in ServiceWorkerGlobalScope
-FAIL importScripts test for script-src assert_true: Importing the other origins script should fail. expected true got false
+PASS importScripts test for script-src
PASS Fetch test for script-src
PASS Redirected fetch test for script-src
2018-01-08 Youenn Fablet <youenn@apple.com>
+ Add CSP support to service workers
+ https://bugs.webkit.org/show_bug.cgi?id=181385
+
+ Reviewed by Chris Dumez.
+
+ Covered by rebased tests.
+
+ Added recovery of CSP information from WorkerScriptLoader.
+ Added plumbing to pass the CSP information to Service Workers.
+ Added persistency support for the CSP information.
+
+ * workers/WorkerScriptLoader.cpp:
+ (WebCore::WorkerScriptLoader::loadAsynchronously):
+ (WebCore::WorkerScriptLoader::didReceiveResponse):
+ * workers/WorkerScriptLoader.h:
+ (WebCore::WorkerScriptLoader::contentSecurityPolicy const):
+ * workers/service/SWClientConnection.cpp:
+ (WebCore::SWClientConnection::finishedFetchingScript):
+ (WebCore::SWClientConnection::failedFetchingScript):
+ * workers/service/SWClientConnection.h:
+ * workers/service/ServiceWorkerContainer.cpp:
+ (WebCore::ServiceWorkerContainer::addRegistration):
+ (WebCore::ServiceWorkerContainer::jobFailedWithException):
+ (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
+ (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
+ * workers/service/ServiceWorkerContainer.h:
+ * workers/service/ServiceWorkerContextData.cpp:
+ (WebCore::ServiceWorkerContextData::isolatedCopy const):
+ * workers/service/ServiceWorkerContextData.h:
+ (WebCore::ServiceWorkerContextData::encode const):
+ (WebCore::ServiceWorkerContextData::decode):
+ * workers/service/ServiceWorkerFetchResult.h:
+ (WebCore::ServiceWorkerFetchResult::encode const):
+ (WebCore::ServiceWorkerFetchResult::decode):
+ * workers/service/ServiceWorkerGlobalScope.cpp:
+ (WebCore::ServiceWorkerGlobalScope::create):
+ * workers/service/ServiceWorkerGlobalScope.h:
+ * workers/service/ServiceWorkerJob.cpp:
+ (WebCore::ServiceWorkerJob::notifyFinished):
+ * workers/service/ServiceWorkerJobClient.h:
+ * workers/service/context/ServiceWorkerThread.cpp:
+ (WebCore::ServiceWorkerThread::ServiceWorkerThread):
+ (WebCore::ServiceWorkerThread::createWorkerGlobalScope):
+ * workers/service/server/RegistrationDatabase.cpp:
+ (WebCore::v1RecordsTableSchema):
+ (WebCore::RegistrationDatabase::openSQLiteDatabase):
+ (WebCore::RegistrationDatabase::doPushChanges):
+ (WebCore::RegistrationDatabase::importRecords):
+ * workers/service/server/SWServer.cpp:
+ (WebCore::SWServer::updateWorker):
+ (WebCore::SWServer::installContextData):
+ * workers/service/server/SWServer.h:
+ * workers/service/server/SWServerJobQueue.cpp:
+ (WebCore::SWServerJobQueue::scriptFetchFinished):
+ * workers/service/server/SWServerWorker.cpp:
+ (WebCore::SWServerWorker::SWServerWorker):
+ (WebCore::m_contentSecurityPolicy):
+ (WebCore::SWServerWorker::contextData const):
+ * workers/service/server/SWServerWorker.h:
+
+2018-01-08 Youenn Fablet <youenn@apple.com>
+
Use no-cache fetch mode when loading main documents with location.reload()
https://bugs.webkit.org/show_bug.cgi?id=181285
m_responseURL = response.url();
m_responseMIMEType = response.mimeType();
m_responseEncoding = response.textEncodingName();
+ m_contentSecurityPolicy = ContentSecurityPolicyResponseHeaders { response };
if (m_client)
m_client->didReceiveResponse(identifier, response);
}
#pragma once
+#include "ContentSecurityPolicyResponseHeaders.h"
#include "ResourceError.h"
#include "ResourceRequest.h"
#include "ThreadableLoader.h"
void notifyError();
String script();
+ const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy() const { return m_contentSecurityPolicy; }
const URL& url() const { return m_url; }
const URL& responseURL() const;
const String& responseMIMEType() const { return m_responseMIMEType; }
URL m_url;
URL m_responseURL;
String m_responseMIMEType;
+ ContentSecurityPolicyResponseHeaders m_contentSecurityPolicy;
unsigned long m_identifier { 0 };
bool m_failed { false };
bool m_finishing { false };
scheduleJobInServer(job.data());
}
-void SWClientConnection::finishedFetchingScript(ServiceWorkerJob& job, const String& script)
+void SWClientConnection::finishedFetchingScript(ServiceWorkerJob& job, const String& script, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy)
{
ASSERT(isMainThread());
ASSERT(m_scheduledJobs.get(job.identifier()) == &job);
- finishFetchingScriptInServer({ job.data().identifier(), job.data().registrationKey(), script, { } });
+ finishFetchingScriptInServer({ job.data().identifier(), job.data().registrationKey(), script, contentSecurityPolicy, { } });
}
void SWClientConnection::failedFetchingScript(const ServiceWorkerJobDataIdentifier& jobDataIdentifier, const ServiceWorkerRegistrationKey& registrationKey, const ResourceError& error)
{
ASSERT(isMainThread());
- finishFetchingScriptInServer({ jobDataIdentifier, registrationKey, { }, error });
+ finishFetchingScriptInServer({ jobDataIdentifier, registrationKey, { }, { }, error });
}
void SWClientConnection::jobRejectedInServer(const ServiceWorkerJobDataIdentifier& jobDataIdentifier, const ExceptionData& exceptionData)
virtual void removeServiceWorkerRegistrationInServer(ServiceWorkerRegistrationIdentifier) = 0;
void scheduleJob(ServiceWorkerJob&);
- void finishedFetchingScript(ServiceWorkerJob&, const String&);
+ void finishedFetchingScript(ServiceWorkerJob&, const String& script, const ContentSecurityPolicyResponseHeaders&);
void failedFetchingScript(const ServiceWorkerJobDataIdentifier&, const ServiceWorkerRegistrationKey&, const ResourceError&);
virtual void didResolveRegistrationPromise(const ServiceWorkerRegistrationKey&) = 0;
job.fetchScriptWithContext(*context, cachePolicy);
}
-void ServiceWorkerContainer::jobFinishedLoadingScript(ServiceWorkerJob& job, const String& script)
+void ServiceWorkerContainer::jobFinishedLoadingScript(ServiceWorkerJob& job, const String& script, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy)
{
#ifndef NDEBUG
ASSERT(m_creationThread.ptr() == &Thread::current());
LOG(ServiceWorker, "SeviceWorkerContainer %p finished fetching script for job %s", this, job.identifier().loggingString().utf8().data());
- callOnMainThread([connection = m_swConnection, job = makeRef(job), script = script.isolatedCopy()] {
- connection->finishedFetchingScript(job, script);
+ callOnMainThread([connection = m_swConnection, job = makeRef(job), script = script.isolatedCopy(), contentSecurityPolicy = contentSecurityPolicy.isolatedCopy()] {
+ connection->finishedFetchingScript(job, script, contentSecurityPolicy);
});
}
void jobResolvedWithRegistration(ServiceWorkerJob&, ServiceWorkerRegistrationData&&, ShouldNotifyWhenResolved) final;
void jobResolvedWithUnregistrationResult(ServiceWorkerJob&, bool unregistrationResult) final;
void startScriptFetchForJob(ServiceWorkerJob&, FetchOptions::Cache) final;
- void jobFinishedLoadingScript(ServiceWorkerJob&, const String&) final;
+ void jobFinishedLoadingScript(ServiceWorkerJob&, const String& script, const ContentSecurityPolicyResponseHeaders&) final;
void jobFailedLoadingScript(ServiceWorkerJob&, const ResourceError&, std::optional<Exception>&&) final;
void jobDidFinish(ServiceWorkerJob&);
ServiceWorkerContextData ServiceWorkerContextData::isolatedCopy() const
{
- return { jobDataIdentifier, registration.isolatedCopy(), serviceWorkerIdentifier, script.isolatedCopy(), scriptURL.isolatedCopy(), workerType, loadedFromDisk };
+ return { jobDataIdentifier, registration.isolatedCopy(), serviceWorkerIdentifier, script.isolatedCopy(), contentSecurityPolicy.isolatedCopy(), scriptURL.isolatedCopy(), workerType, loadedFromDisk };
}
} // namespace WebCore
#pragma once
+#include "ContentSecurityPolicyResponseHeaders.h"
#include "ServiceWorkerIdentifier.h"
#include "ServiceWorkerJobDataIdentifier.h"
#include "ServiceWorkerRegistrationData.h"
ServiceWorkerRegistrationData registration;
ServiceWorkerIdentifier serviceWorkerIdentifier;
String script;
+ ContentSecurityPolicyResponseHeaders contentSecurityPolicy;
URL scriptURL;
WorkerType workerType;
bool loadedFromDisk;
-
+
template<class Encoder> void encode(Encoder&) const;
template<class Decoder> static std::optional<ServiceWorkerContextData> decode(Decoder&);
template<class Encoder>
void ServiceWorkerContextData::encode(Encoder& encoder) const
{
- encoder << jobDataIdentifier << registration << serviceWorkerIdentifier << script << scriptURL << workerType << loadedFromDisk;
+ encoder << jobDataIdentifier << registration << serviceWorkerIdentifier << script << contentSecurityPolicy << scriptURL << workerType << loadedFromDisk;
}
template<class Decoder>
String script;
if (!decoder.decode(script))
return std::nullopt;
-
+
+ ContentSecurityPolicyResponseHeaders contentSecurityPolicy;
+ if (!decoder.decode(contentSecurityPolicy))
+ return std::nullopt;
+
URL scriptURL;
if (!decoder.decode(scriptURL))
return std::nullopt;
if (!decoder.decode(loadedFromDisk))
return std::nullopt;
- return {{ WTFMove(*jobDataIdentifier), WTFMove(*registration), WTFMove(*serviceWorkerIdentifier), WTFMove(script), WTFMove(scriptURL), workerType, loadedFromDisk}};
+ return {{ WTFMove(*jobDataIdentifier), WTFMove(*registration), WTFMove(*serviceWorkerIdentifier), WTFMove(script), WTFMove(contentSecurityPolicy), WTFMove(scriptURL), workerType, loadedFromDisk }};
}
} // namespace WebCore
#if ENABLE(SERVICE_WORKER)
+#include "ContentSecurityPolicyResponseHeaders.h"
#include "ResourceError.h"
#include "ServiceWorkerRegistrationKey.h"
#include "ServiceWorkerTypes.h"
ServiceWorkerJobDataIdentifier jobDataIdentifier;
ServiceWorkerRegistrationKey registrationKey;
String script;
+ ContentSecurityPolicyResponseHeaders contentSecurityPolicy;
ResourceError scriptError;
template<class Encoder> void encode(Encoder&) const;
template<class Encoder>
void ServiceWorkerFetchResult::encode(Encoder& encoder) const
{
- encoder << jobDataIdentifier << registrationKey << script << scriptError;
+ encoder << jobDataIdentifier << registrationKey << script << contentSecurityPolicy << scriptError;
}
template<class Decoder>
if (!decoder.decode(result.script))
return false;
+ if (!decoder.decode(result.contentSecurityPolicy))
+ return false;
if (!decoder.decode(result.scriptError))
return false;
namespace WebCore {
+Ref<ServiceWorkerGlobalScope> ServiceWorkerGlobalScope::create(const ServiceWorkerContextData& data, const URL& url, const String& identifier, const String& userAgent, bool isOnline, ServiceWorkerThread& thread, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy, bool shouldBypassMainWorldContentSecurityPolicy, Ref<SecurityOrigin>&& topOrigin, MonotonicTime timeOrigin, IDBClient::IDBConnectionProxy* connectionProxy, SocketProvider* socketProvider, PAL::SessionID sessionID)
+{
+ auto scope = adoptRef(*new ServiceWorkerGlobalScope { data, url, identifier, userAgent, isOnline, thread, shouldBypassMainWorldContentSecurityPolicy, WTFMove(topOrigin), timeOrigin, connectionProxy, socketProvider, sessionID });
+ scope->applyContentSecurityPolicyResponseHeaders(contentSecurityPolicy);
+ return scope;
+}
+
ServiceWorkerGlobalScope::ServiceWorkerGlobalScope(const ServiceWorkerContextData& data, const URL& url, const String& identifier, const String& userAgent, bool isOnline, ServiceWorkerThread& thread, bool shouldBypassMainWorldContentSecurityPolicy, Ref<SecurityOrigin>&& topOrigin, MonotonicTime timeOrigin, IDBClient::IDBConnectionProxy* connectionProxy, SocketProvider* socketProvider, PAL::SessionID sessionID)
: WorkerGlobalScope(url, identifier, userAgent, isOnline, thread, shouldBypassMainWorldContentSecurityPolicy, WTFMove(topOrigin), timeOrigin, connectionProxy, socketProvider, sessionID)
, m_contextData(crossThreadCopy(data))
class ServiceWorkerGlobalScope final : public WorkerGlobalScope {
public:
- template<typename... Args> static Ref<ServiceWorkerGlobalScope> create(Args&&... args)
- {
- return adoptRef(*new ServiceWorkerGlobalScope(std::forward<Args>(args)...));
- }
+ static Ref<ServiceWorkerGlobalScope> create(const ServiceWorkerContextData&, const URL&, const String& identifier, const String& userAgent, bool isOnline, ServiceWorkerThread&, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, Ref<SecurityOrigin>&& topOrigin, MonotonicTime timeOrigin, IDBClient::IDBConnectionProxy*, SocketProvider*, PAL::SessionID);
~ServiceWorkerGlobalScope();
ASSERT(m_scriptLoader);
if (!m_scriptLoader->failed())
- m_client->jobFinishedLoadingScript(*this, m_scriptLoader->script());
+ m_client->jobFinishedLoadingScript(*this, m_scriptLoader->script(), m_scriptLoader->contentSecurityPolicy());
else {
auto& error = m_scriptLoader->error();
ASSERT(!error.isNull());
namespace WebCore {
+class ContentSecurityPolicyResponseHeaders;
class Exception;
class ResourceError;
class ServiceWorkerJob;
virtual void jobResolvedWithRegistration(ServiceWorkerJob&, ServiceWorkerRegistrationData&&, ShouldNotifyWhenResolved) = 0;
virtual void jobResolvedWithUnregistrationResult(ServiceWorkerJob&, bool unregistrationResult) = 0;
virtual void startScriptFetchForJob(ServiceWorkerJob&, FetchOptions::Cache) = 0;
- virtual void jobFinishedLoadingScript(ServiceWorkerJob&, const String&) = 0;
+ virtual void jobFinishedLoadingScript(ServiceWorkerJob&, const String& script, const ContentSecurityPolicyResponseHeaders&) = 0;
virtual void jobFailedLoadingScript(ServiceWorkerJob&, const ResourceError&, std::optional<Exception>&&) = 0;
virtual SWServerConnectionIdentifier connectionIdentifier() = 0;
// FIXME: Use valid runtime flags
ServiceWorkerThread::ServiceWorkerThread(const ServiceWorkerContextData& data, PAL::SessionID, String&& userAgent, WorkerLoaderProxy& loaderProxy, WorkerDebuggerProxy& debuggerProxy, IDBClient::IDBConnectionProxy* idbConnectionProxy, SocketProvider* socketProvider)
- : WorkerThread(data.scriptURL, "serviceworker:" + Inspector::IdentifiersFactory::createIdentifier(), WTFMove(userAgent), NetworkStateNotifier::singleton().onLine(), data.script, loaderProxy, debuggerProxy, DummyServiceWorkerThreadProxy::shared(), WorkerThreadStartMode::Normal, ContentSecurityPolicyResponseHeaders { }, false, SecurityOrigin::create(data.scriptURL).get(), MonotonicTime::now(), idbConnectionProxy, socketProvider, JSC::RuntimeFlags::createAllEnabled(), SessionID::defaultSessionID())
+ : WorkerThread(data.scriptURL, "serviceworker:" + Inspector::IdentifiersFactory::createIdentifier(), WTFMove(userAgent), NetworkStateNotifier::singleton().onLine(), data.script, loaderProxy, debuggerProxy, DummyServiceWorkerThreadProxy::shared(), WorkerThreadStartMode::Normal, data.contentSecurityPolicy, false, SecurityOrigin::create(data.scriptURL).get(), MonotonicTime::now(), idbConnectionProxy, socketProvider, JSC::RuntimeFlags::createAllEnabled(), SessionID::defaultSessionID())
, m_data(data.isolatedCopy())
, m_workerObjectProxy(DummyServiceWorkerThreadProxy::shared())
{
ServiceWorkerThread::~ServiceWorkerThread() = default;
-Ref<WorkerGlobalScope> ServiceWorkerThread::createWorkerGlobalScope(const URL& url, const String& identifier, const String& userAgent, bool isOnline, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, Ref<SecurityOrigin>&& topOrigin, MonotonicTime timeOrigin, PAL::SessionID sessionID)
+Ref<WorkerGlobalScope> ServiceWorkerThread::createWorkerGlobalScope(const URL& url, const String& identifier, const String& userAgent, bool isOnline, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy, bool shouldBypassMainWorldContentSecurityPolicy, Ref<SecurityOrigin>&& topOrigin, MonotonicTime timeOrigin, PAL::SessionID sessionID)
{
- return ServiceWorkerGlobalScope::create(m_data, url, identifier, userAgent, isOnline, *this, shouldBypassMainWorldContentSecurityPolicy, WTFMove(topOrigin), timeOrigin, idbConnectionProxy(), socketProvider(), sessionID);
+ return ServiceWorkerGlobalScope::create(m_data, url, identifier, userAgent, isOnline, *this, contentSecurityPolicy, shouldBypassMainWorldContentSecurityPolicy, WTFMove(topOrigin), timeOrigin, idbConnectionProxy(), socketProvider(), sessionID);
}
void ServiceWorkerThread::runEventLoop()
#include <wtf/MainThread.h>
#include <wtf/NeverDestroyed.h>
#include <wtf/Scope.h>
+#include <wtf/persistence/PersistentCoders.h>
+#include <wtf/persistence/PersistentDecoder.h>
+#include <wtf/persistence/PersistentEncoder.h>
namespace WebCore {
static const String v1RecordsTableSchema(const String& tableName)
{
- return makeString("CREATE TABLE ", tableName, " (key TEXT NOT NULL ON CONFLICT FAIL UNIQUE ON CONFLICT REPLACE, origin TEXT NOT NULL ON CONFLICT FAIL, scopeURL TEXT NOT NULL ON CONFLICT FAIL, topOrigin TEXT NOT NULL ON CONFLICT FAIL, lastUpdateCheckTime DOUBLE NOT NULL ON CONFLICT FAIL, updateViaCache TEXT NOT NULL ON CONFLICT FAIL, scriptURL TEXT NOT NULL ON CONFLICT FAIL, script TEXT NOT NULL ON CONFLICT FAIL, workerType TEXT NOT NULL ON CONFLICT FAIL)");
+ return makeString("CREATE TABLE ", tableName, " (key TEXT NOT NULL ON CONFLICT FAIL UNIQUE ON CONFLICT REPLACE, origin TEXT NOT NULL ON CONFLICT FAIL, scopeURL TEXT NOT NULL ON CONFLICT FAIL, topOrigin TEXT NOT NULL ON CONFLICT FAIL, lastUpdateCheckTime DOUBLE NOT NULL ON CONFLICT FAIL, updateViaCache TEXT NOT NULL ON CONFLICT FAIL, scriptURL TEXT NOT NULL ON CONFLICT FAIL, script TEXT NOT NULL ON CONFLICT FAIL, workerType TEXT NOT NULL ON CONFLICT FAIL, contentSecurityPolicy BLOB NOT NULL ON CONFLICT FAIL)");
}
static const String v1RecordsTableSchema()
errorMessage = importRecords();
if (!errorMessage.isNull())
return;
-
+
scopeExit.release();
}
SQLiteTransaction transaction(*m_database);
transaction.begin();
- SQLiteStatement sql(*m_database, ASCIILiteral("INSERT INTO Records VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"));
+ SQLiteStatement sql(*m_database, ASCIILiteral("INSERT INTO Records VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"));
if (sql.prepare() != SQLITE_OK) {
RELEASE_LOG_ERROR(ServiceWorker, "Failed to prepare statement to store registration data into records table (%i) - %s", m_database->lastError(), m_database->lastErrorMsg());
return;
continue;
}
+ WTF::Persistence::Encoder encoder;
+ data.contentSecurityPolicy.encode(encoder);
+
if (sql.bindText(1, data.registration.key.toDatabaseKey()) != SQLITE_OK
|| sql.bindText(2, data.registration.scopeURL.protocolHostAndPort()) != SQLITE_OK
|| sql.bindText(3, data.registration.scopeURL.path()) != SQLITE_OK
|| sql.bindText(7, data.scriptURL.string()) != SQLITE_OK
|| sql.bindText(8, data.script) != SQLITE_OK
|| sql.bindText(9, workerTypeToString(data.workerType)) != SQLITE_OK
+ || sql.bindBlob(10, encoder.buffer(), encoder.bufferSize()) != SQLITE_OK
|| sql.step() != SQLITE_DONE) {
RELEASE_LOG_ERROR(ServiceWorker, "Failed to store registration data into records table (%i) - %s", m_database->lastError(), m_database->lastErrorMsg());
return;
auto script = sql.getColumnText(7);
auto workerType = stringToWorkerType(sql.getColumnText(8));
+ Vector<uint8_t> contentSecurityPolicyData;
+ sql.getColumnBlobAsVector(9, contentSecurityPolicyData);
+ WTF::Persistence::Decoder decoder(contentSecurityPolicyData.data(), contentSecurityPolicyData.size());
+ ContentSecurityPolicyResponseHeaders contentSecurityPolicy;
+ if (contentSecurityPolicyData.size() && !ContentSecurityPolicyResponseHeaders::decode(decoder, contentSecurityPolicy))
+ continue;
+
// Validate the input for this registration.
// If any part of this input is invalid, let's skip this registration.
// FIXME: Should we return an error skipping *all* registrations?
auto registrationIdentifier = generateObjectIdentifier<ServiceWorkerRegistrationIdentifierType>();
auto serviceWorkerData = ServiceWorkerData { workerIdentifier, scriptURL, ServiceWorkerState::Activated, *workerType, registrationIdentifier };
auto registration = ServiceWorkerRegistrationData { WTFMove(*key), registrationIdentifier, URL(originURL, scopePath), *updateViaCache, lastUpdateCheckTime, std::nullopt, std::nullopt, WTFMove(serviceWorkerData) };
- auto contextData = ServiceWorkerContextData { std::nullopt, WTFMove(registration), workerIdentifier, WTFMove(script), WTFMove(scriptURL), *workerType, true };
+ auto contextData = ServiceWorkerContextData { std::nullopt, WTFMove(registration), workerIdentifier, WTFMove(script), WTFMove(contentSecurityPolicy), WTFMove(scriptURL), *workerType, true };
postTaskReply(createCrossThreadTask(*this, &RegistrationDatabase::addRegistrationToStore, WTFMove(contextData)));
}
registration->removeClientServiceWorkerRegistration(connection.identifier());
}
-void SWServer::updateWorker(Connection&, const ServiceWorkerJobDataIdentifier& jobDataIdentifier, SWServerRegistration& registration, const URL& url, const String& script, WorkerType type)
+void SWServer::updateWorker(Connection&, const ServiceWorkerJobDataIdentifier& jobDataIdentifier, SWServerRegistration& registration, const URL& url, const String& script, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy, WorkerType type)
{
registration.setLastUpdateTime(WallTime::now());
- tryInstallContextData({ jobDataIdentifier, registration.data(), generateObjectIdentifier<ServiceWorkerIdentifierType>(), script, url, type, false });
+ tryInstallContextData({ jobDataIdentifier, registration.data(), generateObjectIdentifier<ServiceWorkerIdentifierType>(), script, contentSecurityPolicy, url, type, false });
}
void SWServer::tryInstallContextData(ServiceWorkerContextData&& data)
auto* registration = m_registrations.get(data.registration.key);
RELEASE_ASSERT(registration);
- auto worker = SWServerWorker::create(*this, *registration, connection->identifier(), data.scriptURL, data.script, data.workerType, data.serviceWorkerIdentifier);
+ auto worker = SWServerWorker::create(*this, *registration, connection->identifier(), data.scriptURL, data.script, data.contentSecurityPolicy, data.workerType, data.serviceWorkerIdentifier);
// We don't immediately launch all workers that were just read in from disk,
// as it is unlikely they will be needed immediately.
void postTask(CrossThreadTask&&);
void postTaskReply(CrossThreadTask&&);
- void updateWorker(Connection&, const ServiceWorkerJobDataIdentifier&, SWServerRegistration&, const URL&, const String& script, WorkerType);
+ void updateWorker(Connection&, const ServiceWorkerJobDataIdentifier&, SWServerRegistration&, const URL&, const String& script, const ContentSecurityPolicyResponseHeaders&, WorkerType);
void terminateWorker(SWServerWorker&);
void syncTerminateWorker(SWServerWorker&);
void fireInstallEvent(SWServerWorker&);
}
// FIXME: Support the proper worker type (classic vs module)
- m_server.updateWorker(connection, job.identifier(), *registration, job.scriptURL, result.script, WorkerType::Classic);
+ m_server.updateWorker(connection, job.identifier(), *registration, job.scriptURL, result.script, result.contentSecurityPolicy, WorkerType::Classic);
}
// https://w3c.github.io/ServiceWorker/#update-algorithm
return allWorkers().get(identifier);
}
-SWServerWorker::SWServerWorker(SWServer& server, SWServerRegistration& registration, SWServerToContextConnectionIdentifier contextConnectionIdentifier, const URL& scriptURL, const String& script, WorkerType type, ServiceWorkerIdentifier identifier)
+// FIXME: Use r-value references for script and contentSecurityPolicy
+SWServerWorker::SWServerWorker(SWServer& server, SWServerRegistration& registration, SWServerToContextConnectionIdentifier contextConnectionIdentifier, const URL& scriptURL, const String& script, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicy, WorkerType type, ServiceWorkerIdentifier identifier)
: m_server(server)
, m_registrationKey(registration.key())
, m_contextConnectionIdentifier(contextConnectionIdentifier)
, m_data { identifier, scriptURL, ServiceWorkerState::Redundant, type, registration.identifier() }
, m_script(script)
+ , m_contentSecurityPolicy(contentSecurityPolicy)
{
m_data.scriptURL.removeFragmentIdentifier();
auto* registration = m_server.getRegistration(m_registrationKey);
ASSERT(registration);
- return { std::nullopt, registration->data(), m_data.identifier, m_script, m_data.scriptURL, m_data.type, false };
+ return { std::nullopt, registration->data(), m_data.identifier, m_script, m_contentSecurityPolicy, m_data.scriptURL, m_data.type, false };
}
void SWServerWorker::terminate()
const ClientOrigin& origin() const;
private:
- SWServerWorker(SWServer&, SWServerRegistration&, SWServerToContextConnectionIdentifier, const URL&, const String& script, WorkerType, ServiceWorkerIdentifier);
+ SWServerWorker(SWServer&, SWServerRegistration&, SWServerToContextConnectionIdentifier, const URL&, const String& script, const ContentSecurityPolicyResponseHeaders&, WorkerType, ServiceWorkerIdentifier);
void callWhenActivatedHandler(bool success);
SWServerToContextConnectionIdentifier m_contextConnectionIdentifier;
ServiceWorkerData m_data;
String m_script;
+ ContentSecurityPolicyResponseHeaders m_contentSecurityPolicy;
bool m_hasPendingEvents { false };
State m_state { State::NotRunning };
mutable std::optional<ClientOrigin> m_origin;