Blink: Plumb correct security origin for isolated world CSPs.
https://chromium-review.googlesource.com/c/chromium/src/+/1395190
This commit is contained in:
parent
2c282203b5
commit
606c84b302
3 changed files with 23 additions and 45 deletions
|
@ -22,6 +22,7 @@
|
|||
#include "native_mate/dictionary.h"
|
||||
#include "native_mate/object_template_builder.h"
|
||||
#include "third_party/blink/public/platform/web_cache.h"
|
||||
#include "third_party/blink/public/platform/web_isolated_world_info.h"
|
||||
#include "third_party/blink/public/web/web_custom_element.h"
|
||||
#include "third_party/blink/public/web/web_document.h"
|
||||
#include "third_party/blink/public/web/web_element.h"
|
||||
|
@ -377,46 +378,27 @@ void ExecuteJavaScriptInIsolatedWorld(
|
|||
scriptExecutionType, callback.release());
|
||||
}
|
||||
|
||||
void SetIsolatedWorldSecurityOrigin(v8::Local<v8::Value> window,
|
||||
int world_id,
|
||||
const std::string& origin_url) {
|
||||
GetRenderFrame(window)->GetWebFrame()->SetIsolatedWorldSecurityOrigin(
|
||||
world_id, blink::WebSecurityOrigin::CreateFromString(
|
||||
blink::WebString::FromUTF8(origin_url)));
|
||||
}
|
||||
|
||||
void SetIsolatedWorldContentSecurityPolicy(v8::Local<v8::Value> window,
|
||||
int world_id,
|
||||
const std::string& security_policy) {
|
||||
GetRenderFrame(window)->GetWebFrame()->SetIsolatedWorldContentSecurityPolicy(
|
||||
world_id, blink::WebString::FromUTF8(security_policy));
|
||||
}
|
||||
|
||||
void SetIsolatedWorldHumanReadableName(v8::Local<v8::Value> window,
|
||||
int world_id,
|
||||
const std::string& name) {
|
||||
GetRenderFrame(window)->GetWebFrame()->SetIsolatedWorldHumanReadableName(
|
||||
world_id, blink::WebString::FromUTF8(name));
|
||||
}
|
||||
|
||||
void SetIsolatedWorldInfo(v8::Local<v8::Value> window,
|
||||
int world_id,
|
||||
const mate::Dictionary& options,
|
||||
mate::Arguments* args) {
|
||||
std::string origin, csp, name;
|
||||
options.Get("securityOrigin", &origin);
|
||||
options.Get("csp", &csp);
|
||||
std::string origin_url, security_policy, name;
|
||||
options.Get("securityOrigin", &origin_url);
|
||||
options.Get("csp", &security_policy);
|
||||
options.Get("name", &name);
|
||||
|
||||
if (!csp.empty() && origin.empty()) {
|
||||
if (!security_policy.empty() && origin_url.empty()) {
|
||||
args->ThrowError(
|
||||
"If csp is specified, securityOrigin should also be specified");
|
||||
return;
|
||||
}
|
||||
|
||||
SetIsolatedWorldSecurityOrigin(window, world_id, origin);
|
||||
SetIsolatedWorldContentSecurityPolicy(window, world_id, csp);
|
||||
SetIsolatedWorldHumanReadableName(window, world_id, name);
|
||||
blink::WebIsolatedWorldInfo info;
|
||||
info.security_origin = blink::WebSecurityOrigin::CreateFromString(
|
||||
blink::WebString::FromUTF8(origin_url));
|
||||
info.content_security_policy = blink::WebString::FromUTF8(security_policy);
|
||||
info.human_readable_name = blink::WebString::FromUTF8(name);
|
||||
GetRenderFrame(window)->GetWebFrame()->SetIsolatedWorldInfo(world_id, info);
|
||||
}
|
||||
|
||||
blink::WebCache::ResourceTypeStats GetResourceUsage(v8::Isolate* isolate) {
|
||||
|
@ -550,12 +532,6 @@ void Initialize(v8::Local<v8::Object> exports,
|
|||
dict.SetMethod("executeJavaScript", &ExecuteJavaScript);
|
||||
dict.SetMethod("executeJavaScriptInIsolatedWorld",
|
||||
&ExecuteJavaScriptInIsolatedWorld);
|
||||
dict.SetMethod("_setIsolatedWorldSecurityOrigin",
|
||||
&SetIsolatedWorldSecurityOrigin);
|
||||
dict.SetMethod("_setIsolatedWorldContentSecurityPolicy",
|
||||
&SetIsolatedWorldContentSecurityPolicy);
|
||||
dict.SetMethod("_setIsolatedWorldHumanReadableName",
|
||||
&SetIsolatedWorldHumanReadableName);
|
||||
dict.SetMethod("setIsolatedWorldInfo", &SetIsolatedWorldInfo);
|
||||
dict.SetMethod("getResourceUsage", &GetResourceUsage);
|
||||
dict.SetMethod("clearCache", &ClearCache);
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
#include "native_mate/dictionary.h"
|
||||
#include "net/base/net_module.h"
|
||||
#include "net/grit/net_resources.h"
|
||||
#include "third_party/blink/public/platform/web_isolated_world_info.h"
|
||||
#include "third_party/blink/public/web/blink.h"
|
||||
#include "third_party/blink/public/web/web_document.h"
|
||||
#include "third_party/blink/public/web/web_draggable_region.h"
|
||||
|
@ -131,16 +132,14 @@ void AtomRenderFrameObserver::OnDestruct() {
|
|||
|
||||
void AtomRenderFrameObserver::CreateIsolatedWorldContext() {
|
||||
auto* frame = render_frame_->GetWebFrame();
|
||||
|
||||
blink::WebIsolatedWorldInfo info;
|
||||
// This maps to the name shown in the context combo box in the Console tab
|
||||
// of the dev tools.
|
||||
frame->SetIsolatedWorldHumanReadableName(
|
||||
World::ISOLATED_WORLD,
|
||||
blink::WebString::FromUTF8("Electron Isolated Context"));
|
||||
|
||||
info.human_readable_name =
|
||||
blink::WebString::FromUTF8("Electron Isolated Context");
|
||||
// Setup document's origin policy in isolated world
|
||||
frame->SetIsolatedWorldSecurityOrigin(
|
||||
World::ISOLATED_WORLD, frame->GetDocument().GetSecurityOrigin());
|
||||
info.security_origin = frame->GetDocument().GetSecurityOrigin();
|
||||
frame->SetIsolatedWorldInfo(World::ISOLATED_WORLD, info);
|
||||
|
||||
// Create initial script context in isolated world
|
||||
blink::WebScriptSource source("void 0");
|
||||
|
|
|
@ -53,17 +53,20 @@ class WebFrame extends EventEmitter {
|
|||
// TODO(nitsakh): Remove in 6.0
|
||||
setIsolatedWorldSecurityOrigin (worldId, securityOrigin) {
|
||||
deprecate.warn('webFrame.setIsolatedWorldSecurityOrigin', 'webFrame.setIsolatedWorldInfo')
|
||||
binding._setIsolatedWorldSecurityOrigin(this.context, worldId, securityOrigin)
|
||||
binding.setIsolatedWorldInfo(this.context, worldId, { securityOrigin })
|
||||
}
|
||||
|
||||
setIsolatedWorldContentSecurityPolicy (worldId, csp) {
|
||||
deprecate.warn('webFrame.setIsolatedWorldContentSecurityPolicy', 'webFrame.setIsolatedWorldInfo')
|
||||
binding._setIsolatedWorldContentSecurityPolicy(this.context, worldId, csp)
|
||||
binding.setIsolatedWorldInfo(this.context, worldId, {
|
||||
securityOrigin: window.location.origin,
|
||||
csp
|
||||
})
|
||||
}
|
||||
|
||||
setIsolatedWorldHumanReadableName (worldId, name) {
|
||||
deprecate.warn('webFrame.setIsolatedWorldHumanReadableName', 'webFrame.setIsolatedWorldInfo')
|
||||
binding._setIsolatedWorldHumanReadableName(this.context, worldId, name)
|
||||
binding.setIsolatedWorldInfo(this.context, worldId, { name })
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue