New issue
Advanced search Search tips

Issue 690720 link

Starred by 2 users
Status: Fixed
Owner:
jsb...@chromium.org
Closed: Apr 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocked on:
issue 690714
Blocking:
issue 603992



Sign in to add a comment

Use [SecureContext] for navigator.storage

Project Member Reported by jsb...@chromium.org, Feb 10 2017 
Spec:

https://storage.spec.whatwg.org/#api

Has:

[SecureContext, ...] interface NavigatorStorage {
  readonly attribute StorageManager storage;
};
Navigator implements NavigatorStorage;
...

We can't do that because interfaces from core can't implement interfaces from modules, so we use a partial instead. But regardless - rather than having [SecureContext] we have the methods on StorageManager check and throw.

We should switch over to using [SecureContext] before shipping the feature.

Comment 1 by jsb...@chromium.org, Feb 10 2017

Blocking: 603992
Project Member

Comment 2 by bugdroid1@chromium.org, Mar 1 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b1b9e6d3db16818dfd5b76199136f8745f005144

commit b1b9e6d3db16818dfd5b76199136f8745f005144
Author: jsbell <jsbell@chromium.org>
Date: Wed Mar 01 22:31:36 2017

Use [SecureContext] for navigator.storage

StorageManager (navigator.storage) is specified [1] as having
[SecureContext] on the interface. Replace per-method checks
with [SecureContext] on the navigator.storage attribute so
it simply doesn't exist in non-secure contexts as intended.

(The spec has [SecureContext] on a non-partial interface and
the interface is implemented by Navigator. We don't support
core interfaces implementing module interfaces, so we use a
partial interface instead. [SecureContext] does not yet
work when defined on the partial interface itself.)

[1] https://storage.spec.whatwg.org/#api

BUG= 690720 , 634270 

Review-Url: https://codereview.chromium.org/2692633002
Cr-Commit-Position: refs/heads/master@{#454073}

[delete] https://crrev.com/e8d21447d207616130a7d68e4b7b98c8d9fdca9c/third_party/WebKit/LayoutTests/external/wpt/storage/opaque-origin.https-expected.txt
[modify] https://crrev.com/b1b9e6d3db16818dfd5b76199136f8745f005144/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/durable-storage-on-insecure-origin.html
[modify] https://crrev.com/b1b9e6d3db16818dfd5b76199136f8745f005144/third_party/WebKit/Source/modules/quota/NavigatorStorageQuota.idl
[modify] https://crrev.com/b1b9e6d3db16818dfd5b76199136f8745f005144/third_party/WebKit/Source/modules/quota/StorageManager.cpp
[modify] https://crrev.com/b1b9e6d3db16818dfd5b76199136f8745f005144/third_party/WebKit/Source/modules/quota/StorageManager.idl
[modify] https://crrev.com/b1b9e6d3db16818dfd5b76199136f8745f005144/third_party/WebKit/Source/modules/quota/WorkerNavigatorStorageQuota.idl

Comment 3 by jsb...@chromium.org, Apr 3 2017

Status: Fixed (was: Assigned)

Sign in to add a comment