New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 534788 link

Starred by 11 users

Issue metadata

Status: Fixed
Owner:
OOO until 4th
Closed: Jan 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Task

Blocked on:
issue 634270


Show other hotlists

Hotlists containing this issue:
EnamelAndFriendsFixIt


Sign in to add a comment

Implement "Secure Contexts"

Project Member Reported by mkwst@chromium.org, Sep 22 2015

Issue description

Changes to API surface:
We're basically spec compliant at this point; we just need some slight modifications to Shared Workers, and to expose the `isSecureContext` boolean.

Links:
Public standards discussion: https://w3c.github.io/webappsec/specs/powerfulfeatures/

Support in other browsers:
Internet Explorer: Nada.
Firefox: Public support.
Safari: Zip.
 
Project Member

Comment 1 by bugdroid1@chromium.org, Sep 29 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fd67eed6357b2a5487c13cc159b4e843a9c91aee

commit fd67eed6357b2a5487c13cc159b4e843a9c91aee
Author: mkwst <mkwst@chromium.org>
Date: Tue Sep 29 12:05:37 2015

Implement 'window.isSecureContext'.

The "Secure Contexts" spec defines a feature-detection mechanism for
secure contexts on the Window and WorkerGlobalScope objects[1]. This
patch implements the former. The latter will be in a subsequent patch,
as the logic to deal with Shared Workers is a bit more complicated.

It also renames the internal check from 'isPrivilegedContext' to
'isSecureContext', in line with the specification. That is a purely
mechanical change, using the following commands:

> git grep -n -l -e "isPrivilegedContext" | xargs -L1 sed -i '' -e 's/isPrivilegedContext/isSecureContext/g'
> git grep -n -l -e "PrivilegeContextCheck" | xargs -L1 sed -i '' -e 's/PrivilegeContextCheck/SecureContextCheck/g'
> git grep -n -l -e "StandardPrivilegeCheck" | xargs -L1 sed -i '' -e 's/StandardPrivilegeCheck/StandardSecureContextCheck/g'
> git grep -n -l -e "WebCryptoPrivilegeCheck" | xargs -L1 sed -i '' -e 's/WebCryptoPrivilegeCheck/WebCryptoSecureContextCheck/g'

[1]: https://w3c.github.io/webappsec/specs/powerfulfeatures/#monkey-patching-global-object

BUG= 534788 

Review URL: https://codereview.chromium.org/1373773003

Cr-Commit-Position: refs/heads/master@{#351290}

[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/content/renderer/pepper/host_dispatcher_wrapper.cc
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/fast/dom/Window/property-access-on-cached-window-after-frame-navigated-expected.txt
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/fast/dom/Window/property-access-on-cached-window-after-frame-removed-and-gced-expected.txt
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/fast/dom/Window/property-access-on-cached-window-after-frame-removed-expected.txt
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/http/tests/resources/get-host-info.js
[add] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/127.0.0.1.html
[add] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/authenticated.html
[add] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/localhost.html
[add] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/resources/post-securecontext-status.html
[add] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/unauthenticated.html
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/virtual/stable/webexposed/global-interface-listing-expected.txt
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/LayoutTests/webexposed/global-interface-listing-expected.txt
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/dom/Document.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/dom/Document.h
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/dom/ExecutionContext.h
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/dom/Fullscreen.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/frame/DOMWindow.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/frame/DOMWindow.h
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/frame/Window.idl
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/html/forms/FileInputType.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/testing/NullExecutionContext.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/testing/NullExecutionContext.h
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/workers/WorkerGlobalScope.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/core/workers/WorkerGlobalScope.h
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/bluetooth/Bluetooth.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/cachestorage/CacheStorage.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/credentialmanager/CredentialsContainer.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/credentialmanager/PasswordCredential.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/crypto/SubtleCrypto.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/device_orientation/DeviceMotionController.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/device_orientation/DeviceOrientationController.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/encryptedmedia/NavigatorRequestMediaKeySystemAccess.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/geolocation/Geolocation.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/mediastream/MediaDevices.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/mediastream/NavigatorMediaStream.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/mediastream/UserMediaRequest.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/mediastream/UserMediaRequest.h
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/notifications/Notification.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/quota/StorageManager.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/Source/web/WebDocument.cpp
[modify] http://crrev.com/fd67eed6357b2a5487c13cc159b4e843a9c91aee/third_party/WebKit/public/web/WebDocument.h

Cc: haraken@chromium.org
Does this include the work in https://w3c.github.io/webappsec-secure-contexts/?  Eg. the implementation of the [SecureContext] WebIDL attribute?

Also, just curious: can a given context's "secure" status change, or is it fixed?  Eg. does loading script via http into a secure context mean that context is no longer secure?


Blocking: 542499
Cc: jungkee....@samsung.com
Cc: yukishiino@chromium.org bashi@chromium.org

Comment 6 by mkwst@chromium.org, May 4 2016

> Does this include the work in https://w3c.github.io/webappsec-secure-contexts/

Yes. This includes everything in the Secure Contexts spec. I think we're done with everything there.

>  Eg. the implementation of the [SecureContext] WebIDL attribute?

We haven't implemented the `[SecureContext]` WebIDL attribute yet. That just landed in the WebIDL spec a week or three ago; if anyone has bandwidth to pick it up, that would be brilliant.

> Also, just curious: can a given context's "secure" status change, or is it fixed? 

A context's state is fixed upon creation/navigation. A secure context cannot become non-secure, and neither can a non-secure context become secure.
Project Member

Comment 7 by bugdroid1@chromium.org, Jul 18 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ea6225bf8fb44062eabe9e9c99527408053180dd

commit ea6225bf8fb44062eabe9e9c99527408053180dd
Author: mkwst <mkwst@chromium.org>
Date: Mon Jul 18 10:43:52 2016

Add use counters for Secure Context checks and sandboxed origins.

At https://github.com/w3c/webappsec-secure-contexts/issues/28, we're
discussing whether or not we can tighten the notion of "secure context"
to exclude sandboxed documents by default. This patch adds counters
to determine how marginal the breakage would be.

BUG= 534788 
TBR=isherman@chromium.org

Review-Url: https://codereview.chromium.org/2160533002
Cr-Commit-Position: refs/heads/master@{#405973}

[modify] https://crrev.com/ea6225bf8fb44062eabe9e9c99527408053180dd/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/ea6225bf8fb44062eabe9e9c99527408053180dd/third_party/WebKit/Source/core/frame/UseCounter.h
[modify] https://crrev.com/ea6225bf8fb44062eabe9e9c99527408053180dd/tools/metrics/histograms/histograms.xml

Comment 8 by mkwst@chromium.org, Aug 4 2016

Blockedon: 634270
Project Member

Comment 9 by bugdroid1@chromium.org, Sep 29 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80

commit bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80
Author: mkwst <mkwst@chromium.org>
Date: Thu Sep 29 14:06:23 2016

Add 'WorkerGlobalScope::isSecureContext'

We shipped the 'Window' variant in [1] a ~year ago, with the promise
that we'd totally come back and do the 'Worker' bit. *cough* So, here
it is!

[1]: https://chromium.googlesource.com/chromium/src/+/fd67eed6357b2a5487c13cc159b4e843a9c91aee

BUG= 534788 , 649896 

Review-Url: https://codereview.chromium.org/2365353002
Cr-Commit-Position: refs/heads/master@{#421810}

[add] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/authenticated_worker.https.html
[add] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/resources/post-securecontext-shared.js
[add] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/resources/post-securecontext.js
[add] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/LayoutTests/http/tests/security/secureContexts/unauthenticated_worker.html
[modify] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/LayoutTests/http/tests/serviceworker/webexposed/global-interface-listing-service-worker-expected.txt
[modify] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/LayoutTests/virtual/stable/http/tests/serviceworker/webexposed/global-interface-listing-service-worker-expected.txt
[modify] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/LayoutTests/virtual/stable/webexposed/global-interface-listing-dedicated-worker-expected.txt
[modify] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/LayoutTests/virtual/stable/webexposed/global-interface-listing-shared-worker-expected.txt
[modify] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/LayoutTests/webexposed/global-interface-listing-dedicated-worker-expected.txt
[modify] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/LayoutTests/webexposed/global-interface-listing-shared-worker-expected.txt
[modify] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/Source/core/workers/WorkerGlobalScope.h
[modify] https://crrev.com/bd027238e7f3d3c8096c1a62e9063d8cbf5d8a80/third_party/WebKit/Source/core/workers/WorkerGlobalScope.idl

Is there a doc on how to use this? What's the expected behavior for a interface/method/attribute marked with SecureContext on a non-secure context (e.g. http)? What is currently supported and what is not supported?

I am asking because I have some questions in https://chromiumcodereview.appspot.com/2651413002/
Labels: migrated-launch-owp Type-Task
This issue has been automatically relabelled type=task because type=launch-owp issues are now officially deprecated. The deprecation is because they were creating confusion about how to get launch approvals, which should be instead done via type=launch issues.

We recommend this issue be used for implementation tracking (for public visibility), but if you already have an issue for that, you may mark this as duplicate.

For more details see here: https://docs.google.com/document/d/1JA6RohjtZQc26bTrGoIE_bSXGXUDQz8vc6G0n_sZJ2o/edit

For any questions, please contact owencm, sshruthi, larforge
Labels: Hotlist-EnamelAndFriendsFixIt
Blocking: -542499

Comment 15 by mkwst@chromium.org, Jan 22 2018

Status: Fixed (was: Assigned)
It's implemented. Any additional bits can have their own bugs.

Sign in to add a comment