https://bugs.webkit.org/show_bug.cgi?id=180950
Reviewed by Youenn Fablet.
LayoutTests/imported/w3c:
Rebaseline test now that behavior has changed. Note that we are still failing becuase we reject
the registration promise with a TypeError instead of a SecurityError. I cannot find any reason
to throw a SecurityError here based on the specification though, so the test may not match the
specification.
* web-platform-tests/service-workers/service-worker/registration-security-error.https-expected.txt:
Source/WebCore:
We should use "error" redirect mode for fetching service worker scripts, as per:
- https://w3c.github.io/ServiceWorker/#update (Step 7.5)
No new tests, rebaselined existing test.
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::willSendRequestInternal):
* workers/Worker.cpp:
(WebCore::Worker::create):
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadAsynchronously):
* workers/WorkerScriptLoader.h:
* workers/service/ServiceWorkerJob.cpp:
(WebCore::ServiceWorkerJob::fetchScriptWithContext):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226087
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
imported/w3c/web-platform-tests/workers/constructors/SharedWorker [ Skip ]
imported/w3c/web-platform-tests/workers/SharedWorker_blobUrl.html [ Skip ]
+imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.html [ DumpJSConsoleLogInStdErr ]
+
# textarea.animate is not supported
imported/w3c/web-platform-tests/css/css-ui-3/caret-color-018.html [ Skip ]
imported/w3c/web-platform-tests/css/css-ui-3/caret-color-019.html [ Skip ]
+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii. Redirections are not allowed
+CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/fetch/resources/redirect-with-cache.php?enableCaching&url=http://localhost:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2F127.0.0.1%3A8000&name=alert-fail.js&contentType=text/ascii. Redirections are not allowed
PASS Fetch should check for redirections even if resource is preloaded (same fetch options except for redirect mode)
PASS Fetch should check for redirections even if resource is preloaded (different fetch mode, different redirect mode)
2017-12-18 Chris Dumez <cdumez@apple.com>
+ We should use "error" redirect mode for fetching service worker scripts
+ https://bugs.webkit.org/show_bug.cgi?id=180950
+
+ Reviewed by Youenn Fablet.
+
+ Rebaseline test now that behavior has changed. Note that we are still failing becuase we reject
+ the registration promise with a TypeError instead of a SecurityError. I cannot find any reason
+ to throw a SecurityError here based on the specification though, so the test may not match the
+ specification.
+
+ * web-platform-tests/service-workers/service-worker/registration-security-error.https-expected.txt:
+
+2017-12-18 Chris Dumez <cdumez@apple.com>
+
ExtendableMessageEvent constructor fails to initialize the 'source' attribute
https://bugs.webkit.org/show_bug.cgi?id=180954
FAIL Registration scope outside the script directory assert_unreached: Should have rejected: Registration scope outside the script directory should fail with SecurityError. Reached unreachable code
PASS Registering scope outside domain
PASS Registering script outside domain
-FAIL Registering redirected script assert_throws: Registration of redirected script should fail. function "function () { throw e }" threw object "TypeError: Script URL https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fresources%2Fregistration-worker.js fetch resulted in error: Failed to load script" that is not a DOMException SecurityError: property "code" is equal to undefined, expected 18
+FAIL Registering redirected script assert_throws: Registration of redirected script should fail. function "function () { throw e }" threw object "TypeError: Script URL https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=%2Fresources%2Fregistration-worker.js fetch resulted in error: Redirections are not allowed" that is not a DOMException SecurityError: property "code" is equal to undefined, expected 18
FAIL Scope including parent-reference and not under the script directory assert_unreached: Should have rejected: Scope not under the script directory should be rejected. Reached unreachable code
FAIL Script URL including consecutive slashes assert_unreached: Should have rejected: Consecutive slashes in the script url should not be unified. Reached unreachable code
FAIL Script URL is same-origin filesystem: URL assert_throws: Registering a script which has same-origin filesystem: URL should fail with SecurityError. function "function () { throw e }" threw object "TypeError: serviceWorker.register() must be called with a script URL whose protocol is either HTTP or HTTPS" that is not a DOMException SecurityError: property "code" is equal to undefined, expected 18
promise_test(function(t) {
var script = 'resources/redirect.py?Redirect=' +
- encodeURIComponent('/resources/registration-worker.js');
+ encodeURIComponent('/service-workers/service-worker/resources/registration-worker.js');
var scope = 'resources/scope/redirect/';
return promise_rejects(t,
check_error_types ? 'SecurityError' : null,
2017-12-18 Chris Dumez <cdumez@apple.com>
+ We should use "error" redirect mode for fetching service worker scripts
+ https://bugs.webkit.org/show_bug.cgi?id=180950
+
+ Reviewed by Youenn Fablet.
+
+ We should use "error" redirect mode for fetching service worker scripts, as per:
+ - https://w3c.github.io/ServiceWorker/#update (Step 7.5)
+
+ No new tests, rebaselined existing test.
+
+ * loader/SubresourceLoader.cpp:
+ (WebCore::SubresourceLoader::willSendRequestInternal):
+ * workers/Worker.cpp:
+ (WebCore::Worker::create):
+ * workers/WorkerScriptLoader.cpp:
+ (WebCore::WorkerScriptLoader::loadAsynchronously):
+ * workers/WorkerScriptLoader.h:
+ * workers/service/ServiceWorkerJob.cpp:
+ (WebCore::ServiceWorkerJob::fetchScriptWithContext):
+
+2017-12-18 Chris Dumez <cdumez@apple.com>
+
ExtendableMessageEvent constructor fails to initialize the 'source' attribute
https://bugs.webkit.org/show_bug.cgi?id=180954
if (!redirectResponse.isNull()) {
if (options().redirect != FetchOptions::Redirect::Follow) {
if (options().redirect == FetchOptions::Redirect::Error) {
- cancel();
+ cancel(ResourceError { errorDomainWebKitInternal, 0, redirectResponse.url(), "Redirections are not allowed", ResourceError::Type::AccessControl });
return completionHandler(WTFMove(newRequest));
}
ResourceRequest request { scriptURL.releaseReturnValue() };
request.setInitiatorIdentifier(worker->m_identifier);
- worker->m_scriptLoader->loadAsynchronously(context, WTFMove(request), FetchOptions::Mode::SameOrigin, FetchOptions::Cache::Default, contentSecurityPolicyEnforcement, worker);
+ worker->m_scriptLoader->loadAsynchronously(context, WTFMove(request), FetchOptions::Mode::SameOrigin, FetchOptions::Cache::Default, FetchOptions::Redirect::Follow, contentSecurityPolicyEnforcement, worker);
return WTFMove(worker);
}
WorkerThreadableLoader::loadResourceSynchronously(workerGlobalScope, WTFMove(*request), *this, options);
}
-void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext& scriptExecutionContext, ResourceRequest&& scriptRequest, FetchOptions::Mode mode, FetchOptions::Cache cachePolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, WorkerScriptLoaderClient& client)
+void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext& scriptExecutionContext, ResourceRequest&& scriptRequest, FetchOptions::Mode mode, FetchOptions::Cache cachePolicy, FetchOptions::Redirect redirectPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, WorkerScriptLoaderClient& client)
{
m_client = &client;
m_url = scriptRequest.url();
options.credentials = FetchOptions::Credentials::SameOrigin;
options.mode = mode;
options.cache = cachePolicy;
+ options.redirect = redirectPolicy;
options.sendLoadCallbacks = SendCallbacks;
options.contentSecurityPolicyEnforcement = contentSecurityPolicyEnforcement;
#if ENABLE(SERVICE_WORKER)
}
void loadSynchronously(ScriptExecutionContext*, const URL&, FetchOptions::Mode, FetchOptions::Cache, ContentSecurityPolicyEnforcement, const String& initiatorIdentifier);
- void loadAsynchronously(ScriptExecutionContext&, ResourceRequest&&, FetchOptions::Mode, FetchOptions::Cache, ContentSecurityPolicyEnforcement, WorkerScriptLoaderClient&);
+ void loadAsynchronously(ScriptExecutionContext&, ResourceRequest&&, FetchOptions::Mode, FetchOptions::Cache, FetchOptions::Redirect, ContentSecurityPolicyEnforcement, WorkerScriptLoaderClient&);
void notifyError();
request.setInitiatorIdentifier("serviceWorkerScriptLoad:");
request.addHTTPHeaderField(ASCIILiteral("Service-Worker"), ASCIILiteral("script"));
- m_scriptLoader->loadAsynchronously(context, WTFMove(request), FetchOptions::Mode::SameOrigin, cachePolicy, ContentSecurityPolicyEnforcement::DoNotEnforce, *this);
+ m_scriptLoader->loadAsynchronously(context, WTFMove(request), FetchOptions::Mode::SameOrigin, cachePolicy, FetchOptions::Redirect::Error, ContentSecurityPolicyEnforcement::DoNotEnforce, *this);
}
void ServiceWorkerJob::didReceiveResponse(unsigned long, const ResourceResponse& response)
git://git.webkit.org / WebKit-https.git / commitdiff