Failing layout test: virtual/service-worker-servicification/http/tests/serviceworker/register-error-messages.html |
||||
Issue descriptionIt's currently failing since we don't sniff mime type for worker scripts. We need to sniff mime type before caching the script to the storage.
,
Aug 7
Do you mean mime sniffing the service worker script type? I think that shouldn't be done. The spec requires an explicit content-type.
,
Aug 7
Thanks! I misunderstood the expectation message. https://cs.chromium.org/chromium/src/third_party/WebKit/LayoutTests/virtual/service-worker-servicification/http/tests/serviceworker/register-error-messages-expected.txt Probably the problem is opposite. The response shouldn't be sniffed but it is. It's because RenderProcessHost::CreateURLLoader() routes the network request to the ResourceDispatcherHostImpl, which internally has MimeSniffingResourceHandler.
,
Aug 8
Good catch. It's important to fix this because requiring Content-Type is a security mitigation to prevent users from, e.g, using a site's image upload feature to upload JavaScript and registering a service worker for the site. Is there a way to stop the sniffing by RDHI?
,
Aug 16
,
Aug 23
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/34ab40ca0d0be59f87fb068151b34a8386f0d416 commit 34ab40ca0d0be59f87fb068151b34a8386f0d416 Author: Makoto Shimazu <shimazu@chromium.org> Date: Thu Aug 23 04:32:03 2018 Use network::mojom::kURLLoadOptionSniffMimeType everywhere This CL is to reflect kURLLoadOptionSniffMimeType when making ResourceHandlers. If there is no option to request mime sniffing, it won't create MimeSniffingResourceHandler. ServiceWorkerNewScriptLoader removes the mime sniffing option, so requests for service worker scripts can skip mime sniffing in RDHI. Context of this CL: Before NetS13nServiceWorker, network requests for service worker scripts is handled by ServiceWorkerWriteToCacheJob, and it rejects responses without mime type. It results in network error and none of ResourceHandlers handle the response. After NetS13nServiceWorker, network requests coming from the renderer reach ServiceWorkerNewScriptLoader first, and eventually they are routed to ResourceDispatcherHostImpl. It means that ResourceDispatcherHostImpl works as usual and MimeSniffingResourceHandler in RDHI handles the response. This CL helps to avoid the script response is handled by MimeSniffingResourceHandler. Bug: 871654 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: Ia7c7885157029be16a3a4669cf204ac85232f1b6 Reviewed-on: https://chromium-review.googlesource.com/1179482 Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Commit-Queue: Makoto Shimazu <shimazu@chromium.org> Cr-Commit-Position: refs/heads/master@{#585398} [modify] https://crrev.com/34ab40ca0d0be59f87fb068151b34a8386f0d416/content/browser/loader/navigation_url_loader_impl.cc [modify] https://crrev.com/34ab40ca0d0be59f87fb068151b34a8386f0d416/content/browser/loader/resource_dispatcher_host_impl.cc [modify] https://crrev.com/34ab40ca0d0be59f87fb068151b34a8386f0d416/content/browser/loader/resource_dispatcher_host_impl.h [modify] https://crrev.com/34ab40ca0d0be59f87fb068151b34a8386f0d416/content/browser/loader/resource_dispatcher_host_unittest.cc [modify] https://crrev.com/34ab40ca0d0be59f87fb068151b34a8386f0d416/content/browser/loader/url_loader_factory_impl_unittest.cc [modify] https://crrev.com/34ab40ca0d0be59f87fb068151b34a8386f0d416/content/renderer/loader/resource_dispatcher.cc [modify] https://crrev.com/34ab40ca0d0be59f87fb068151b34a8386f0d416/services/network/public/mojom/url_loader_factory.mojom [delete] https://crrev.com/b9501577665f81d4ed981186d7494af921f2d424/third_party/WebKit/LayoutTests/virtual/service-worker-servicification/http/tests/serviceworker/register-error-messages-expected.txt
,
Aug 23
re c#4: sorry for my slow reply. MimeSniffingResourceHandler was originally always created, so I added the way to skipt it at c#6. |
||||
►
Sign in to add a comment |
||||
Comment 1 by shimazu@chromium.org
, Aug 7