Issue 794548 link

Starred by 4 users

Issue metadata

Status:	Started
Owner:	vogelheim@chromium.org
Components:	Blink>Loader Blink>SecurityFeature Blink>Workers
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Bug
merge-merged-3538

Blocked on:
issue 879994
issue 894868

Remove content type sniffing for worker scripts

Project Member Reported by vogelheim@chromium.org, Dec 13 2017

Issue description

Technical feature description:

Disable 'content type sniffing' for worker scripts only. That is, only allow execution from resources with a supported JavaScript content type. This edges us a little closer to the goal of never second-guessing the content type of a resource.


Eng owner: vogelheim@chromium.org, mkwst@chromium.org


Design doc:

  +--------------------------------------------------------------------
  |
  | In AllowedByNosniff:::MimeTypeAsScript (AllowedByNosniff.cpp),
  | hoist worker_global_scope to the top and use it in the first
  | if-condition, or something vaguely like that.
  |
  +--------------------------------------------------------------------


Metrics: 

This condition is presently covered by UseCounters, which indicate this would impact less than 0.01% of page loads.

Comment 1 by mkwst@chromium.org, Sep 3

Blockedon: 879994

Project Member

Comment 2 by bugdroid1@chromium.org, Sep 3

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4b736aaff87186c442a20dc5e6823d0fe087e101

commit 4b736aaff87186c442a20dc5e6823d0fe087e101
Author: Mike West <mkwst@chromium.org>
Date: Mon Sep 03 10:22:53 2018

Impose strict MIME-type checks on `importScripts()`.

Intent to Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/35t5cJQ3J_Q/FH45dl0vAwAJ

Bug: 794548,  879994 
Change-Id: Ie87aedd0027921960ff429d5d8ecf168572c82de
Reviewed-on: https://chromium-review.googlesource.com/1199068
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#588364}
[add] https://crrev.com/4b736aaff87186c442a20dc5e6823d0fe087e101/third_party/WebKit/LayoutTests/external/wpt/workers/importscripts_mime.tentative.any.js
[add] https://crrev.com/4b736aaff87186c442a20dc5e6823d0fe087e101/third_party/WebKit/LayoutTests/external/wpt/workers/support/imported_script.py
[modify] https://crrev.com/4b736aaff87186c442a20dc5e6823d0fe087e101/third_party/blink/renderer/core/loader/allowed_by_nosniff.cc
[modify] https://crrev.com/4b736aaff87186c442a20dc5e6823d0fe087e101/third_party/blink/renderer/platform/runtime_enabled_features.json5

Project Member

Comment 3 by bugdroid1@chromium.org, Sep 4

Labels: merge-merged-3538

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dfde306c094e28746fd45f3a058ab40e1d5e069e

commit dfde306c094e28746fd45f3a058ab40e1d5e069e
Author: Mike West <mkwst@chromium.org>
Date: Tue Sep 04 10:46:30 2018

Impose strict MIME-type checks on `importScripts()`.

Intent to Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/35t5cJQ3J_Q/FH45dl0vAwAJ

TBR=mkwst@chromium.org

(cherry picked from commit 4b736aaff87186c442a20dc5e6823d0fe087e101)

Bug: 794548,  879994 
Change-Id: Ie87aedd0027921960ff429d5d8ecf168572c82de
Reviewed-on: https://chromium-review.googlesource.com/1199068
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#588364}
Reviewed-on: https://chromium-review.googlesource.com/1203972
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/branch-heads/3538@{#21}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/importscripts_mime.tentative.any.js
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/support/imported_script.py
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/core/loader/allowed_by_nosniff.cc
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/platform/runtime_enabled_features.json5

Project Member

Comment 4 by bugdroid1@chromium.org, Sep 4

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dfde306c094e28746fd45f3a058ab40e1d5e069e

commit dfde306c094e28746fd45f3a058ab40e1d5e069e
Author: Mike West <mkwst@chromium.org>
Date: Tue Sep 04 10:46:30 2018

Impose strict MIME-type checks on `importScripts()`.

Intent to Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/35t5cJQ3J_Q/FH45dl0vAwAJ

TBR=mkwst@chromium.org

(cherry picked from commit 4b736aaff87186c442a20dc5e6823d0fe087e101)

Bug: 794548,  879994 
Change-Id: Ie87aedd0027921960ff429d5d8ecf168572c82de
Reviewed-on: https://chromium-review.googlesource.com/1199068
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#588364}
Reviewed-on: https://chromium-review.googlesource.com/1203972
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/branch-heads/3538@{#21}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/importscripts_mime.tentative.any.js
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/support/imported_script.py
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/core/loader/allowed_by_nosniff.cc
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/platform/runtime_enabled_features.json5

Project Member

Comment 5 by bugdroid1@chromium.org, Sep 4

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dfde306c094e28746fd45f3a058ab40e1d5e069e

commit dfde306c094e28746fd45f3a058ab40e1d5e069e
Author: Mike West <mkwst@chromium.org>
Date: Tue Sep 04 10:46:30 2018

Impose strict MIME-type checks on `importScripts()`.

Intent to Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/35t5cJQ3J_Q/FH45dl0vAwAJ

TBR=mkwst@chromium.org

(cherry picked from commit 4b736aaff87186c442a20dc5e6823d0fe087e101)

Bug: 794548,  879994 
Change-Id: Ie87aedd0027921960ff429d5d8ecf168572c82de
Reviewed-on: https://chromium-review.googlesource.com/1199068
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#588364}
Reviewed-on: https://chromium-review.googlesource.com/1203972
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/branch-heads/3538@{#21}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/importscripts_mime.tentative.any.js
[add] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/WebKit/LayoutTests/external/wpt/workers/support/imported_script.py
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/core/loader/allowed_by_nosniff.cc
[modify] https://crrev.com/dfde306c094e28746fd45f3a058ab40e1d5e069e/third_party/blink/renderer/platform/runtime_enabled_features.json5

Project Member

Comment 6 by bugdroid1@chromium.org, Sep 5

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bd8853574964974b80f539f21e887b9932b5ebab

commit bd8853574964974b80f539f21e887b9932b5ebab
Author: Mike West <mkwst@chromium.org>
Date: Wed Sep 05 13:57:45 2018

Ship strict MIME-type checks for `importScripts()`.

Intent to Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/35t5cJQ3J_Q/FH45dl0vAwAJ
PR against HTML: https://github.com/whatwg/html/pull/4001

Bug: 794548
Change-Id: I6a310aeeba12bc427062169c6397621725eb9bbd
Reviewed-on: https://chromium-review.googlesource.com/1206270
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#588854}
[modify] https://crrev.com/bd8853574964974b80f539f21e887b9932b5ebab/third_party/blink/renderer/platform/runtime_enabled_features.json5

Comment 7 by kbr@chromium.org, Oct 12

Blockedon: 894868

Comment 8 by nhiroki@chromium.org, Oct 22

Components: Blink>Workers

Project Member

Comment 9 by bugdroid1@chromium.org, Oct 31

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0bebf92d05406b5b318565a6cf007b00b790f163

commit 0bebf92d05406b5b318565a6cf007b00b790f163
Author: Hiroki Nakagawa <nhiroki@chromium.org>
Date: Wed Oct 31 09:59:56 2018

Loader: Allow WorkerClassicScriptLoader to specify whether to impose strict MIME-type checks

This is a preparation CL for implementing off-the-main-thread worker top-level
classic script loading.

<Context of this change>

Currently, a top-level worker classic script is loaded on the main thread with a
parent document's context. In this case, MIME-type of the script is loosely
checked for historical reasons. For example, 'text/html' can be executed as a
script. On the other hand, once off-the-main-thread script loading is
implemented, a top-level worker classic script is loaded on a worker thread with
a worker's context and MIME-type of the script is strictly checked. This breaks
bunch of web-platform-tests.

To keep the backward compatibility, this CL allows WorkerClassicScriptLoader to
specify whether to impose strict MIME-type checks regardless of the execution
context type. A subsequent CL will disable it when off-the-main-thread top-level
worker classic script loading:
https://chromium-review.googlesource.com/c/chromium/src/+/1293432

<Possible cleanup in the future>

The flag to disable the strict MIME-type check should actually be determined
based on the 'fetch client' of script loading, so a subsequent cleanup CL may
move the flag from WorkerClassicScriptLoader to FetchClientSettingsObject.

Bug: 794548, 835717
Change-Id: I5cc8828966dd7619b30879f3d287505ad4b22fc0
Reviewed-on: https://chromium-review.googlesource.com/c/1293097
Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org>
Cr-Commit-Position: refs/heads/master@{#604192}
[modify] https://crrev.com/0bebf92d05406b5b318565a6cf007b00b790f163/third_party/blink/renderer/core/loader/allowed_by_nosniff.cc
[modify] https://crrev.com/0bebf92d05406b5b318565a6cf007b00b790f163/third_party/blink/renderer/core/loader/allowed_by_nosniff.h
[modify] https://crrev.com/0bebf92d05406b5b318565a6cf007b00b790f163/third_party/blink/renderer/core/loader/allowed_by_nosniff_test.cc
[modify] https://crrev.com/0bebf92d05406b5b318565a6cf007b00b790f163/third_party/blink/renderer/core/script/classic_pending_script.cc
[modify] https://crrev.com/0bebf92d05406b5b318565a6cf007b00b790f163/third_party/blink/renderer/core/workers/worker_classic_script_loader.cc
[modify] https://crrev.com/0bebf92d05406b5b318565a6cf007b00b790f163/third_party/blink/renderer/core/workers/worker_classic_script_loader.h

Project Member

Comment 10 by bugdroid1@chromium.org, Dec 7

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d7968ab13a3ae57504e720b312d13e8486be671d

commit d7968ab13a3ae57504e720b312d13e8486be671d
Author: Hiroshige Hayashizaki <hiroshige@chromium.org>
Date: Thu Dec 06 20:03:38 2018

Move AllowedByNosniff::MimeTypeCheck logic to FetchClientSettingsObject

This CL introduces
FetchClientSettingsObject::MimeTypeCheckForClassicWorkerScript()
and moves AllowedByNosniff::MimeTypeCheck logic to it from
WorkerClassicScriptLoader.

This CL removes most of dependencies from
WorkerClassicScriptLoader to ExeuctionContext except for
calling IsWorkerGlobalScope() and plumbing to ThreadableLoader.

This CL shouldn't change the behavior.

Bug: 880027, 794548
Change-Id: I68d31e359899faf4d5461e1be8a46db9f9bc1303
Reviewed-on: https://chromium-review.googlesource.com/c/1351929
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#614461}
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/core/execution_context/execution_context.cc
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/core/exported/web_shared_worker_impl.cc
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/core/loader/frame_fetch_context.cc
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/core/script/fetch_client_settings_object_impl.cc
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/core/script/fetch_client_settings_object_impl.h
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/core/workers/dedicated_worker.cc
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/core/workers/worker_classic_script_loader.cc
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/core/workers/worker_classic_script_loader.h
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/core/workers/worker_global_scope.cc
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/modules/exported/web_embedded_worker_impl.cc
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/platform/loader/fetch/fetch_client_settings_object.h
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/platform/loader/fetch/fetch_client_settings_object_snapshot.cc
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/platform/loader/fetch/fetch_client_settings_object_snapshot.h
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/platform/loader/fetch/fetch_context.cc
[modify] https://crrev.com/d7968ab13a3ae57504e720b312d13e8486be671d/third_party/blink/renderer/platform/loader/testing/mock_fetch_context.h

►

Issue 794548 link

Issue metadata

Remove content type sniffing for worker scripts

Issue description

Comment 1 by mkwst@chromium.org, Sep 3

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, Sep 3

Comment 2 Deleted

Comment 3 by bugdroid1@chromium.org, Sep 4

Comment 3 Deleted

Comment 4 by bugdroid1@chromium.org, Sep 4

Comment 4 Deleted

Comment 5 by bugdroid1@chromium.org, Sep 4

Comment 5 Deleted

Comment 6 by bugdroid1@chromium.org, Sep 5

Comment 6 Deleted

Comment 7 by kbr@chromium.org, Oct 12

Comment 7 Deleted

Comment 8 by nhiroki@chromium.org, Oct 22

Comment 8 Deleted

Comment 9 by bugdroid1@chromium.org, Oct 31

Comment 9 Deleted

Comment 10 by bugdroid1@chromium.org, Dec 7

Comment 10 Deleted

Sign in to add a comment