[tbb-commits] [tor-browser] 01/14: Bug 1762078 - Blocking SerivceWorker interception for no_cors cross-origin range request. r=dom-worker-reviewers, karlt, a=dmeehan
gitolite role
git at cupani.torproject.org
Thu Nov 17 14:03:40 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1
in repository tor-browser.
commit 1846b2503b265a81dd68a280402fcaff042168e4
Author: Eden Chuang <echuang at mozilla.com>
AuthorDate: Wed Oct 19 21:38:04 2022 +0000
Bug 1762078 - Blocking SerivceWorker interception for no_cors cross-origin range request. r=dom-worker-reviewers,karlt, a=dmeehan
Differential Revision: https://phabricator.services.mozilla.com/D146553
---
.../ServiceWorkerInterceptController.cpp | 59 ++++++++++++++--------
dom/serviceworkers/moz.build | 7 +++
.../meta/fetch/range/sw.https.window.js.ini | 24 +++++++--
3 files changed, 66 insertions(+), 24 deletions(-)
diff --git a/dom/serviceworkers/ServiceWorkerInterceptController.cpp b/dom/serviceworkers/ServiceWorkerInterceptController.cpp
index 3869d6bbe5de..4dfcaedfcf73 100644
--- a/dom/serviceworkers/ServiceWorkerInterceptController.cpp
+++ b/dom/serviceworkers/ServiceWorkerInterceptController.cpp
@@ -9,11 +9,14 @@
#include "mozilla/BasePrincipal.h"
#include "mozilla/StaticPrefs_dom.h"
#include "mozilla/StorageAccess.h"
+#include "mozilla/dom/InternalRequest.h"
+#include "mozilla/net/HttpBaseChannel.h"
#include "nsCOMPtr.h"
#include "nsContentUtils.h"
#include "nsIChannel.h"
#include "ServiceWorkerManager.h"
#include "nsIPrincipal.h"
+#include "nsQueryObject.h"
namespace mozilla {
namespace dom {
@@ -37,29 +40,45 @@ ServiceWorkerInterceptController::ShouldPrepareForIntercept(
if (!nsContentUtils::IsNonSubresourceRequest(aChannel)) {
const Maybe<ServiceWorkerDescriptor>& controller =
loadInfo->GetController();
+
// If the controller doesn't handle fetch events, return false
- if (controller.isSome()) {
- *aShouldIntercept = controller.ref().HandlesFetch();
-
- // The service worker has no fetch event handler, try to schedule a
- // soft-update through ServiceWorkerRegistrationInfo.
- // Get ServiceWorkerRegistrationInfo by the ServiceWorkerInfo's principal
- // and scope
- if (!*aShouldIntercept && swm) {
- nsCOMPtr<nsIPrincipal> principal =
- controller.ref().GetPrincipal().unwrap();
- RefPtr<ServiceWorkerRegistrationInfo> registration =
- swm->GetRegistration(principal, controller.ref().Scope());
- // Could not get ServiceWorkerRegistration here if unregister is
- // executed before getting here.
- if (NS_WARN_IF(!registration)) {
- return NS_OK;
- }
- registration->MaybeScheduleTimeCheckAndUpdate();
+ if (!controller.isSome()) {
+ return NS_OK;
+ }
+
+ *aShouldIntercept = controller.ref().HandlesFetch();
+
+ // The service worker has no fetch event handler, try to schedule a
+ // soft-update through ServiceWorkerRegistrationInfo.
+ // Get ServiceWorkerRegistrationInfo by the ServiceWorkerInfo's principal
+ // and scope
+ if (!*aShouldIntercept && swm) {
+ nsCOMPtr<nsIPrincipal> principal =
+ controller.ref().GetPrincipal().unwrap();
+ RefPtr<ServiceWorkerRegistrationInfo> registration =
+ swm->GetRegistration(principal, controller.ref().Scope());
+ // Could not get ServiceWorkerRegistration here if unregister is
+ // executed before getting here.
+ if (NS_WARN_IF(!registration)) {
+ return NS_OK;
}
- } else {
- *aShouldIntercept = false;
+ registration->MaybeScheduleTimeCheckAndUpdate();
}
+
+ RefPtr<net::HttpBaseChannel> httpChannel = do_QueryObject(aChannel);
+
+ if (httpChannel &&
+ httpChannel->GetRequestHead()->HasHeader(net::nsHttp::Range)) {
+ RequestMode requestMode =
+ InternalRequest::MapChannelToRequestMode(aChannel);
+ bool mayLoad = nsContentUtils::CheckMayLoad(
+ loadInfo->GetLoadingPrincipal(), aChannel,
+ /*allowIfInheritsPrincipal*/ false);
+ if (requestMode == RequestMode::No_cors && !mayLoad) {
+ *aShouldIntercept = false;
+ }
+ }
+
return NS_OK;
}
diff --git a/dom/serviceworkers/moz.build b/dom/serviceworkers/moz.build
index 885c87dace33..11100a511317 100644
--- a/dom/serviceworkers/moz.build
+++ b/dom/serviceworkers/moz.build
@@ -103,6 +103,13 @@ IPDL_SOURCES += [
"ServiceWorkerRegistrarTypes.ipdlh",
]
+LOCAL_INCLUDES += [
+ # For HttpBaseChannel.h dependencies
+ "/netwerk/base",
+ # For HttpBaseChannel.h
+ "/netwerk/protocol/http",
+]
+
include("/ipc/chromium/chromium-config.mozbuild")
FINAL_LIBRARY = "xul"
diff --git a/testing/web-platform/meta/fetch/range/sw.https.window.js.ini b/testing/web-platform/meta/fetch/range/sw.https.window.js.ini
index f1c1ad7348bc..e3b1e847940b 100644
--- a/testing/web-platform/meta/fetch/range/sw.https.window.js.ini
+++ b/testing/web-platform/meta/fetch/range/sw.https.window.js.ini
@@ -2,10 +2,8 @@
disabled:
if asan and (os == "linux") and (bits == 64): https://bugzilla.mozilla.org/show_bug.cgi?id=1509373
max-asserts: 2
- expected:
- if (os == "linux") and not debug and webrender and not fission: [OK, ERROR]
- if (os == "win") and (processor == "x86") and not debug: [OK, TIMEOUT]
- if (os == "mac") and not debug: [OK, ERROR]
+ expected: TIMEOUT # see previous revision for how to re-enable
+
[Ranged response not allowed following no-cors ranged request]
expected:
if (os == "linux") and not debug and webrender: [FAIL, PASS]
@@ -30,3 +28,21 @@
expected:
if (processor == "x86") and not debug: [PASS, NOTRUN]
+ [Defer range header filter tests to service worker]
+ expected: TIMEOUT
+
+ [Defer range header passthrough tests to service worker]
+ expected: NOTRUN
+
+ [Ranged response not allowed following no-cors ranged request]
+ expected: NOTRUN
+
+ [Non-opaque ranged response executed]
+ expected: NOTRUN
+
+ [Accept-Encoding should not appear in a service worker]
+ expected: NOTRUN
+
+ [Opaque range preload successes and failures should be indistinguishable]
+ expected: NOTRUN
+
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tbb-commits
mailing list