Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user
Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Oct 2014
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug

Blocked on:
issue 362214



Sign in to add a comment
Registering, using Service Workers should be restricted to secure origins
Project Member Reported by dominicc@chromium.org, Jul 16 2014 Back to list
In line with the proposal to prefer secure origins for powerful new web platform features [1] and requirements of the Service Worker spec [2] Service Worker should be limited to secure origins.

[1] <https://groups.google.com/a/chromium.org/d/msg/blink-dev/octnFM8IXfs/U3PSr8FLoygJ>
[2] <https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#security-considerations>
 
Summary: Registering, using Service Workers should be restricted to secure origins (was: ServiceWorker should be restricted to secure origins)
First patch is up here, which makes the policy enforcement kill the renderer instead of returning an error. The error is redundant because Blink already does an origin check for the purposes of generating a nice error message for the developer:

https://codereview.chromium.org/397913003/

Note that until  Issue 362214  is fixed the enforced policy will be lax.
Project Member Comment 3 by bugdroid1@chromium.org, Jul 17 2014
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4bbdddfbd1288ddc3a2412564cc4f885f0b65749

commit 4bbdddfbd1288ddc3a2412564cc4f885f0b65749
Author: dominicc@chromium.org <dominicc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu Jul 17 08:15:46 2014

Kill renderers which try to register Service Workers across domains.

There is a same-origin check in
ServiceWorkerContainer::registerServiceWorker, so this code should
only be reachable if something has gone wrong.

BUG= 394213 

Review URL: https://codereview.chromium.org/397913003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@283707 0039d316-1c4b-4281-b951-d872f2087c98


Project Member Comment 4 by bugdroid1@chromium.org, Jul 17 2014
------------------------------------------------------------------
r283707 | dominicc@chromium.org | 2014-07-17T08:15:46.495249Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/service_worker/service_worker_dispatcher_host_unittest.cc?r1=283707&r2=283706&pathrev=283707
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/service_worker/service_worker_dispatcher_host.cc?r1=283707&r2=283706&pathrev=283707

Kill renderers which try to register Service Workers across domains.

There is a same-origin check in
ServiceWorkerContainer::registerServiceWorker, so this code should
only be reachable if something has gone wrong.

BUG= 394213 

Review URL: https://codereview.chromium.org/397913003
-----------------------------------------------------------------
The "secure origins" policy now has a wiki page:

http://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features

Separately, current suggested exception text for failures is:

Service Workers are only supported over secure origins.
Initial cut at generating an error in the renderer for this is up at https://codereview.chromium.org/400903002/
Project Member Comment 7 by bugdroid1@chromium.org, Jul 23 2014
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=178728

------------------------------------------------------------------
r178728 | dominicc@chromium.org | 2014-07-23T03:47:15.432779Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/modules/modules.gypi?r1=178728&r2=178727&pathrev=178728
   M http://src.chromium.org/viewvc/blink/trunk/Source/modules/serviceworkers/ServiceWorkerContainer.cpp?r1=178728&r2=178727&pathrev=178728
   A http://src.chromium.org/viewvc/blink/trunk/Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp?r1=178728&r2=178727&pathrev=178728

Check that Service Workers are registered from secure origins.

This is in keeping with the Chromium proposal to provide powerful new
web platform features to secure origins:

http://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features

This is also in keeping with the Service Worker spec, which recommends
Service Workers use HTTPS, with some exceptions:

https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#security-considerations

BUG= 394213 

Review URL: https://codereview.chromium.org/400903002
-----------------------------------------------------------------
Cc: dominicc@chromium.org
Labels: -M-38
Status: Available
I think we have done all that we will do for M38. Want to leave this open for follow-up work when  Issue 362214  unblocks. May put it back into M38 if  Issue 362214  unblocks in time.
Status: Started
Picking this up again, I think  Issue 362214  has unblocked this.
Labels: -Pri-2 Pri-1 M-40
Project Member Comment 14 by bugdroid1@chromium.org, Oct 2 2014
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/67fac000875442072230a0e1033879c19a038000

commit 67fac000875442072230a0e1033879c19a038000
Author: dominicc <dominicc@chromium.org>
Date: Thu Oct 02 16:48:34 2014

Kill renderers that dink with Service Workers from non-secure origins.

The API use is checked on the Blink side, so these checks are to
thwart corrupted renderers. Specifically, renderers that try to
register, unregister or get registrations for non-secure origins must
be nuked from orbit. It's the only way to be sure.

BUG= 394213 
TEST=content_unittests ServiceWorkerDispatcherHostTest.*

Review URL: https://codereview.chromium.org/618113005

Cr-Commit-Position: refs/heads/master@{#297851}

[modify] https://chromium.googlesource.com/chromium/src.git/+/67fac000875442072230a0e1033879c19a038000/content/browser/service_worker/service_worker_dispatcher_host.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/67fac000875442072230a0e1033879c19a038000/content/browser/service_worker/service_worker_dispatcher_host_unittest.cc

Status: Fixed
There is an ad-hoc check in browser now, and when  Issue 362214  is fixed we'll switch to use that.
Sign in to add a comment