Issue 621788 link

Starred by 16 users

Issue metadata

Status:	Fixed
Owner:	shimazu@chromium.org
Closed:	Jun 2016
Cc:	jochen@chromium.org █ mkwst@chromium.org shimazu@chromium.org █ tyoshino@chromium.org horo@chromium.org
Components:	Blink>ServiceWorker
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Bug
M-53

ASSERTION FAILED: m_fallbackRequestForServiceWorker.isNull() || getSecurityOrigi n()->canRequest(m_fallbackRequestForServiceWorker.url())

Project Member Reported by ukai@chromium.org, Jun 21 2016

Issue description

Version: Chromium	53.0.2774.0 (Developer Build) (64-bit) with dcheck_always_on=1
OS: Linux

What steps will reproduce the problem?
(1) visit twitter.com
(2)
(3)

What is the expected output?

What do you see instead?

ASSERTION FAILED: m_fallbackRequestForServiceWorker.isNull() || getSecurityOrigin()->canRequest(m_fallbackRequestForServiceWorker.url())
../../third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp(698) : void blink::DocumentThreadableLoader::handleResponse(unsigned long, const blink::ResourceResponse &, std::unique_ptr<WebDataConsumerHandle>)
1   0x7fffea8a5908 blink::DocumentThreadableLoader::responseReceived(blink::Resource*, blink::ResourceResponse const&, std::unique_ptr<blink::WebDataConsumerHandle, std::default_delete<blink::WebDataConsumerHandle> >)
2   0x7fffea755f56 blink::RawResource::responseReceived(blink::ResourceResponse const&, std::unique_ptr<blink::WebDataConsumerHandle, std::default_delete<blink::WebDataConsumerHandle> >)
3   0x7fffea76fd01 blink::ResourceLoader::didReceiveResponse(blink::WebURLLoader*, blink::WebURLResponse const&, blink::WebDataConsumerHandle*)
4   0x7ffff54022a5 content::WebURLLoaderImpl::Context::OnReceivedResponse(content::ResourceResponseInfo const&)
5   0x7ffff53e12b8 content::ResourceDispatcher::OnReceivedResponse(int, content::ResourceResponseHead const&)
6   0x7ffff53e3a6d
7   0x7ffff53e0c46 content::ResourceDispatcher::DispatchMessage(IPC::Message const&)
8   0x7ffff53e0568 content::ResourceDispatcher::OnMessageReceived(IPC::Message const&)
9   0x7fffedd8aa89
10  0x7ffff7c98ff9 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)
11  0x7fffedd7d947 scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(scheduler::internal::WorkQueue*, scheduler::internal::TaskQueueImpl::Task*)
12  0x7fffedd7c6c5 scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool)
13  0x7ffff7c98ff9 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)
14  0x7ffff7cc2ff5 base::MessageLoop::RunTask(base::PendingTask const&)
15  0x7ffff7cc3328 base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&)
16  0x7ffff7cc36bb base::MessageLoop::DoWork()
17  0x7ffff7cc4fee base::MessagePumpDefault::Run(base::MessagePump::Delegate*)
18  0x7ffff7cc2ae1 base::MessageLoop::RunHandler()
19  0x7ffff7cf1c00 base::RunLoop::Run()
20  0x7ffff7cc1b10 base::MessageLoop::Run()
21  0x7ffff5ecd03c
22  0x7ffff5fe043e
23  0x7ffff5fe0ce2
24  0x7ffff5fe1733
25  0x7ffff5fe0000 content::ContentMain(content::ContentMainParams const&)
26  0x555555a1177b ChromeMain
27  0x7fffee9e4f45 __libc_start_main
28  0x555555a11659
Received signal 11 SEGV_MAPERR 0000fbadbeef
#0 0x7ffff7c97947 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#1 0x7ffff0037330 <unknown>
#2 0x7fffea8a632e blink::DocumentThreadableLoader::handleResponse()
#3 0x7fffea8a5908 blink::DocumentThreadableLoader::responseReceived()
#4 0x7fffea755f56 blink::RawResource::responseReceived()
#5 0x7fffea76fd01 blink::ResourceLoader::didReceiveResponse()
#6 0x7ffff54022a5 content::WebURLLoaderImpl::Context::OnReceivedResponse()
#7 0x7ffff53e12b8 content::ResourceDispatcher::OnReceivedResponse()
#8 0x7ffff53e3a6d _ZN3IPC8MessageTI33ResourceMsg_ReceivedResponse_MetaSt5tupleIJiN7content20ResourceResponseHeadEEEvE8DispatchINS3_18ResourceDispatcherES8_vMS8_
FviRKS4_EEEbPKNS_7MessageEPT_PT0_PT1_T2_#9 0x7ffff53e0c46 content::ResourceDispatcher::DispatchMessage()
#10 0x7ffff53e0568 content::ResourceDispatcher::OnMessageReceived()
#11 0x7fffedd8aa89 _ZN4base8internal7InvokerINS_13IndexSequenceIJLm0EEEENS0_9BindStateINS0_15RunnableAdapterIPFvSt10unique_ptrIN5blink13WebTaskRunner4TaskESt14d
efault_deleteIS9_EEEEESD_JNS0_13PassedWrapperISC_EEEEELb0EFvvEE3RunEPNS0_13BindStateBaseE
#12 0x7ffff7c98ff9 base::debug::TaskAnnotator::RunTask()
#13 0x7fffedd7d947 scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
#14 0x7fffedd7c6c5 scheduler::TaskQueueManager::DoWork()
#15 0x7ffff7c98ff9 base::debug::TaskAnnotator::RunTask()
#16 0x7ffff7cc2ff5 base::MessageLoop::RunTask()
#17 0x7ffff7cc3328 base::MessageLoop::DeferOrRunPendingTask()
#18 0x7ffff7cc36bb base::MessageLoop::DoWork()
#19 0x7ffff7cc4fee base::MessagePumpDefault::Run()
#20 0x7ffff7cc2ae1 base::MessageLoop::RunHandler()
#21 0x7ffff7cf1c00 base::RunLoop::Run()
#22 0x7ffff7cc1b10 base::MessageLoop::Run()
#23 0x7ffff5ecd03c content::RendererMain()
#24 0x7ffff5fe043e content::RunZygote()
#25 0x7ffff5fe0ce2 content::RunNamedProcessTypeMain()
#26 0x7ffff5fe1733 content::ContentMainRunnerImpl::Run()
#27 0x7ffff5fe0000 content::ContentMain()
#28 0x555555a1177b ChromeMain
#29 0x7fffee9e4f45 __libc_start_main
#30 0x555555a11659 <unknown>
  r8: 00007fffe44baa00  r9: 0000555555de87a0 r10: 00007fffeed7fbe0 r11: 00000000
00000000
 r12: 00000000fbadbeef r13: 00002502395e37e0 r14: 00003ee629206428 r15: 00000000
000000cf
  di: 0000000000000000  si: 0000000000000000  bp: 0000250238e44550  bx: 00002502
395e3710
  dx: 0000000000000000  ax: 42247ab73293dd00  cx: 00007ffff7d5d7a0  sp: 00007fff
ffff9da0
  ip: 00007fffea8a632e efl: 0000000000010246 cgf: 0000000000000033 erf: 00000000
00000006
 trp: 000000000000000e msk: 0000000000000000 cr2: 00000000fbadbeef
[end of stack trace]



Please use labels and text to provide additional information.
https://chromium.googlesource.com/chromium/src/+/71331253d6537b9409518dec2368388c5d73cb94

Comment 1 by horo@chromium.org, Jun 21 2016

Labels: Hotlist-Google

Comment 2 by horo@chromium.org, Jun 21 2016

Labels: -Hotlist-Google Restrict-View-Google

Comment 3 by horo@chromium.org, Jun 21 2016

I think no fetch handler optimization introduced CORS bypass bug.

Comment 4 by horo@chromium.org, Jun 21 2016

Labels: -Pri-3 M-53 Pri-1
Owner: shimazu@chromium.org
Status: Assigned (was: Untriaged)

Comment 5 by shimazu@chromium.org, Jun 21 2016

CL of bypassing SW is being reverted now (http://crrev.com/2080793003/).

Comment 6 by danakj@chromium.org, Jun 21 2016

Cc: -danakj@chromium.org

Comment 7 by shimazu@chromium.org, Jun 23 2016

Status: Started (was: Assigned)

This might be caused by using SWURLRequestJob::FallbackToNetwork directly in SWControlleeRequestHandler. This method will fallback the request directly to usual loading path and return a response as if it was provided by the service worker, so any CORS checks done by DocumentThreadableLoader are skipped.

When fallbacking in the SWURLRequestJob, I guess the request shouldn't go to the network directly and it should go back to the renderer using ServiceWorkerResponseInfo::OnStartCompleted with was_fallback_required set to true. I'm taking a look now.

Comment 8 by mmenke@chromium.org, Jun 24 2016

Cc: shimazu@chromium.org

 Issue 620746  has been merged into this issue.

Comment 9 by mmenke@chromium.org, Jun 24 2016

Cc: tyoshino@chromium.org mkwst@chromium.org jochen@chromium.org

 Issue 621712  has been merged into this issue.

Comment 10 by shimazu@chromium.org, Jun 28 2016

Labels: -Pri-1 Pri-2

The CL for revert (http://crrev.com/2080793003/) was already landed a week ago, so moved to P2.

These are CLs to reland: http://crrev.com/2103063002, http://crrev.com/2108573002.

Comment 11 by falken@chromium.org, Jun 29 2016

> The CL for revert (http://crrev.com/2080793003/) was already landed a week ago, so moved to P2.

The typical thing to do is mark this bug fixed and reopen  issue 605844  to track relanding.

Comment 12 by shimazu@chromium.org, Jun 29 2016

Status: Fixed (was: Started)

I see, fixed.

Project Member

Comment 13 by bugdroid1@chromium.org, Jul 7 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e14963a7be1f6445401efb43619301bf9fe3157d

commit e14963a7be1f6445401efb43619301bf9fe3157d
Author: shimazu <shimazu@chromium.org>
Date: Thu Jul 07 09:31:48 2016

ServiceWorker: Add an API to fallback to renderer for CORS preflight

Currently ServiceWorkerURLRequestJob::ForwardToNetwork invokes restart
of the request and the request goes to the network directly. In
subresource case, this causes an bug when the request needs CORS
preflight.
This patch adds an API to fallback with CORS check for subresources; this
is used at a subsequent patch: aka no-fetch optimization
http://crrev.com/2103063002.

BUG= 621788 , 605844 

Review-Url: https://codereview.chromium.org/2108573002
Cr-Commit-Position: refs/heads/master@{#404114}

[modify] https://crrev.com/e14963a7be1f6445401efb43619301bf9fe3157d/content/browser/service_worker/service_worker_url_request_job.cc
[modify] https://crrev.com/e14963a7be1f6445401efb43619301bf9fe3157d/content/browser/service_worker/service_worker_url_request_job.h

Project Member

Comment 14 by bugdroid1@chromium.org, Jul 8 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cb53dfa21239d8be2ed3bc53c83d8c001603cee6

commit cb53dfa21239d8be2ed3bc53c83d8c001603cee6
Author: shimazu <shimazu@chromium.org>
Date: Fri Jul 08 14:04:11 2016

ServiceWorker: Reland of bypassing SW when no fetch handler existed

When the script doesn't have fetch handler, in-scope network requests
don't need to go to the service worker. This patch is to bypass it.
This patch is a CL for re-landing which was reverted at
http://crrev.com/2080793003.

This CL should be landed after http://crrev.com/2108573002 is committed.

BUG= 605844 , 621788 
TEST=./out/Debug/content_unittests --gtest_filter="ServiceWorkerControlleeRequestHandlerTest.FallbackWithNoFetchHandler*"

Review-Url: https://codereview.chromium.org/2103063002
Cr-Commit-Position: refs/heads/master@{#404348}

[modify] https://crrev.com/cb53dfa21239d8be2ed3bc53c83d8c001603cee6/content/browser/service_worker/service_worker_controllee_request_handler.cc
[modify] https://crrev.com/cb53dfa21239d8be2ed3bc53c83d8c001603cee6/content/browser/service_worker/service_worker_controllee_request_handler_unittest.cc
[modify] https://crrev.com/cb53dfa21239d8be2ed3bc53c83d8c001603cee6/content/browser/service_worker/service_worker_version.h

Comment 15 by shimazu@chromium.org, Mar 3 2017

Labels: -Restrict-View-Google

►

Issue 621788 link

Issue metadata

ASSERTION FAILED: m_fallbackRequestForServiceWorker.isNull() || getSecurityOrigi n()->canRequest(m_fallbackRequestForServiceWorker.url())

Issue description

Comment 1 by horo@chromium.org, Jun 21 2016

Comment 1 Deleted

Comment 2 by horo@chromium.org, Jun 21 2016

Comment 2 Deleted

Comment 3 by horo@chromium.org, Jun 21 2016

Comment 3 Deleted

Comment 4 by horo@chromium.org, Jun 21 2016

Comment 4 Deleted

Comment 5 by shimazu@chromium.org, Jun 21 2016

Comment 5 Deleted

Comment 6 by danakj@chromium.org, Jun 21 2016

Comment 6 Deleted

Comment 7 by shimazu@chromium.org, Jun 23 2016

Comment 7 Deleted

Comment 8 by mmenke@chromium.org, Jun 24 2016

Comment 8 Deleted

Comment 9 by mmenke@chromium.org, Jun 24 2016

Comment 9 Deleted

Comment 10 by shimazu@chromium.org, Jun 28 2016

Comment 10 Deleted

Comment 11 by falken@chromium.org, Jun 29 2016

Comment 11 Deleted

Comment 12 by shimazu@chromium.org, Jun 29 2016

Comment 12 Deleted

Comment 13 by bugdroid1@chromium.org, Jul 7 2016

Comment 13 Deleted

Comment 14 by bugdroid1@chromium.org, Jul 8 2016

Comment 14 Deleted

Comment 15 by shimazu@chromium.org, Mar 3 2017

Comment 15 Deleted

Sign in to add a comment