71 lines
3.7 KiB
Diff
71 lines
3.7 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Patrick Meenan <pmeenan@chromium.org>
|
|
Date: Thu, 6 Feb 2025 07:41:40 -0800
|
|
Subject: Set is_web_secure_context when initializing Service Worker from disk
|
|
|
|
The value of is_web_secure_context is not serialized to disk when
|
|
storing the service worker registration (only a few select policies
|
|
are).
|
|
|
|
When instantiating the policy container for an already-registered
|
|
worker, it uses the default value (false) which is wrong.
|
|
|
|
Since Service Workers are guaranteed to ALWAYS be a web secure
|
|
context, this change explicitly sets it to true when restoring a
|
|
serialized policy.
|
|
|
|
See: https://w3c.github.io/webappsec-secure-contexts/#examples-service-workers
|
|
|
|
Bug: 387258077,383070811
|
|
Change-Id: I75efe895662ab4e6d68cacace6d05e004c5dfd33
|
|
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6236205
|
|
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
|
|
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
|
|
Commit-Queue: Patrick Meenan <pmeenan@chromium.org>
|
|
Cr-Commit-Position: refs/heads/main@{#1416795}
|
|
|
|
diff --git a/content/browser/renderer_host/policy_container_host.cc b/content/browser/renderer_host/policy_container_host.cc
|
|
index b17c33c425da7bc98a6669c6595a7e6185a96644..9630f39ee4570d084c877f69658534affef226d2 100644
|
|
--- a/content/browser/renderer_host/policy_container_host.cc
|
|
+++ b/content/browser/renderer_host/policy_container_host.cc
|
|
@@ -135,9 +135,11 @@ PolicyContainerPolicies::PolicyContainerPolicies(
|
|
allow_cross_origin_isolation(allow_cross_origin_isolation) {}
|
|
|
|
PolicyContainerPolicies::PolicyContainerPolicies(
|
|
- const blink::mojom::PolicyContainerPolicies& policies)
|
|
+ const blink::mojom::PolicyContainerPolicies& policies,
|
|
+ bool is_web_secure_context)
|
|
: referrer_policy(policies.referrer_policy),
|
|
ip_address_space(policies.ip_address_space),
|
|
+ is_web_secure_context(is_web_secure_context),
|
|
content_security_policies(
|
|
mojo::Clone(policies.content_security_policies)),
|
|
cross_origin_embedder_policy(policies.cross_origin_embedder_policy),
|
|
diff --git a/content/browser/renderer_host/policy_container_host.h b/content/browser/renderer_host/policy_container_host.h
|
|
index 394bd53bb5c1dfea5abe24b9047eb190884c2648..7add42348ef28079196b447feda78210815d1551 100644
|
|
--- a/content/browser/renderer_host/policy_container_host.h
|
|
+++ b/content/browser/renderer_host/policy_container_host.h
|
|
@@ -49,7 +49,8 @@ struct CONTENT_EXPORT PolicyContainerPolicies {
|
|
bool allow_cross_origin_isolation);
|
|
|
|
explicit PolicyContainerPolicies(
|
|
- const blink::mojom::PolicyContainerPolicies& policies);
|
|
+ const blink::mojom::PolicyContainerPolicies& policies,
|
|
+ bool is_web_secure_context);
|
|
|
|
// Used when loading workers from network schemes.
|
|
// WARNING: This does not populate referrer policy.
|
|
diff --git a/content/browser/service_worker/service_worker_registry.cc b/content/browser/service_worker/service_worker_registry.cc
|
|
index 8ce6875c21522032e8eb448338558c2a28f78613..efa037a599a38af655fd593767f35a601badd3a1 100644
|
|
--- a/content/browser/service_worker/service_worker_registry.cc
|
|
+++ b/content/browser/service_worker/service_worker_registry.cc
|
|
@@ -1076,7 +1076,8 @@ ServiceWorkerRegistry::GetOrCreateRegistration(
|
|
if (data.policy_container_policies) {
|
|
version->set_policy_container_host(
|
|
base::MakeRefCounted<PolicyContainerHost>(
|
|
- PolicyContainerPolicies(*data.policy_container_policies)));
|
|
+ PolicyContainerPolicies(*data.policy_container_policies,
|
|
+ /*is_web_secure_context=*/true)));
|
|
}
|
|
if (data.router_rules && version->IsStaticRouterEnabled()) {
|
|
auto error = version->SetupRouterEvaluator(*data.router_rules);
|