Issue 855312 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	richard...@intel.com
Closed:	Sep 1
Cc:	leon....@intel.com
Components:	Blink>ServiceWorker
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Task

Move security checks in ServiceWorkerProviderHost::IsValidRegisterMessage so they are also applied to ServiceWorkerContext::RegisterServiceWorker

Project Member Reported by falken@chromium.org, Jun 22 2018

Issue description

Context at issue 853924.

We should make it so the security checks are applied also to callers that use ServiceWorkerContext::RegisterServiceWorker directly.

This will probably involve making SWContext use a richer result callback, e.g., a code or string that we can pass to bad message received.

Comment 1 by falken@chromium.org, Jun 22 2018

Owner: leon....@intel.com
Status: Assigned (was: Untriaged)

Leon: Would you or Richard have time to take this bug?

Comment 2 by leon....@intel.com, Jun 22 2018

Yep I'll help Richard to solve this issue.

Comment 3 by leon....@intel.com, Jul 3

Status: Started (was: Assigned)

Comment 4 by leon....@intel.com, Sep 1

Cc: leon....@intel.com
Owner: richard...@intel.com
Status: Fixed (was: Started)

This has been fixed by https://chromium-review.googlesource.com/c/chromium/src/+/1177441.

►

Issue 855312 link

Issue metadata

Move security checks in ServiceWorkerProviderHost::IsValidRegisterMessage so they are also applied to ServiceWorkerContext::RegisterServiceWorker

Issue description

Comment 1 by falken@chromium.org, Jun 22 2018

Comment 1 Deleted

Comment 2 by leon....@intel.com, Jun 22 2018

Comment 2 Deleted

Comment 3 by leon....@intel.com, Jul 3

Comment 3 Deleted

Comment 4 by leon....@intel.com, Sep 1

Comment 4 Deleted

Sign in to add a comment