Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-25 05:41:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1269052 part 3. Implement isSecureContext for worker scopes. r=bkelly

Browse Source
This commit is contained in:
Boris Zbarsky 2016-10-10 15:09:00 -04:00
parent e5598c42f7
commit 0b7535dfdc
22 changed files with 749 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dom/webidl/Window.webidl
View File

@ -405,11 +405,6 @@ partial interface Window {
};
#endif
// https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object
partial interface Window {
readonly attribute boolean isSecureContext;
};
#ifdef HAVE_SIDEBAR
// Mozilla extension
partial interface Window {

6
dom/webidl/WindowOrWorkerGlobalScope.webidl
View File

@ -6,6 +6,7 @@
* The origin of this IDL file is:
* https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope-mixin
* https://fetch.spec.whatwg.org/#fetch-method
* https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object
*/
// https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope-mixin
@ -47,6 +48,11 @@ partial interface WindowOrWorkerGlobalScope {
[NewObject] Promise<Response> fetch(RequestInfo input, optional RequestInit init);
};
// https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object
partial interface WindowOrWorkerGlobalScope {
readonly attribute boolean isSecureContext;
};
// Mozilla extensions
partial interface WindowOrWorkerGlobalScope {
// Extensions to ImageBitmap bits.

28
dom/workers/RuntimeService.cpp
View File

@ -27,6 +27,7 @@
#include "GeckoProfiler.h"
#include "jsfriendapi.h"
#include "mozilla/ArrayUtils.h"
#include "mozilla/AsyncEventDispatcher.h"
#include "mozilla/Atomics.h"
#include "mozilla/CycleCollectedJSContext.h"
#include "mozilla/Telemetry.h"
@ -2446,6 +2447,11 @@ RuntimeService::CreateSharedWorkerFromLoadInfo(JSContext* aCx,
// will reset the loadInfo's window.
nsCOMPtr<nsPIDOMWindowInner> window = aLoadInfo->mWindow;
// shouldAttachToWorkerPrivate tracks whether our SharedWorker should actually
// get attached to the WorkerPrivate we're using. It will become false if the
// WorkerPrivate already exists and its secure context state doesn't match
// what we want for the new SharedWorker.
bool shouldAttachToWorkerPrivate = true;
bool created = false;
ErrorResult rv;
if (!workerPrivate) {
@ -2456,10 +2462,20 @@ RuntimeService::CreateSharedWorkerFromLoadInfo(JSContext* aCx,
created = true;
} else {
// Check whether the secure context state matches. The current compartment
// of aCx is the compartment of the SharedWorker constructor that was
// invoked, which is the compartment of the document that will be hooked up
// to the worker, so that's what we want to check.
shouldAttachToWorkerPrivate =
workerPrivate->IsSecureContext() ==
JS_GetIsSecureContext(js::GetContextCompartment(aCx));
// If we're attaching to an existing SharedWorker private, then we
// must update the overriden load group to account for our document's
// load group.
workerPrivate->UpdateOverridenLoadGroup(aLoadInfo->mLoadGroup);
if (shouldAttachToWorkerPrivate) {
workerPrivate->UpdateOverridenLoadGroup(aLoadInfo->mLoadGroup);
}
}
// We don't actually care about this MessageChannel, but we use it to 'steal'
@ -2473,6 +2489,16 @@ RuntimeService::CreateSharedWorkerFromLoadInfo(JSContext* aCx,
RefPtr<SharedWorker> sharedWorker = new SharedWorker(window, workerPrivate,
channel->Port1());
if (!shouldAttachToWorkerPrivate) {
// We're done here. Just queue up our error event and return our
// dead-on-arrival SharedWorker.
RefPtr<AsyncEventDispatcher> errorEvent =
new AsyncEventDispatcher(sharedWorker, NS_LITERAL_STRING("error"), false);
errorEvent->PostDOMEvent();
sharedWorker.forget(aSharedWorker);
return NS_OK;
}
if (!workerPrivate->RegisterSharedWorker(sharedWorker, channel->Port2())) {
NS_WARNING("Worker is unreachable, this shouldn't happen!");
sharedWorker->Close();

30
dom/workers/WorkerPrivate.cpp
View File

@ -32,6 +32,7 @@
#include "nsIWorkerDebugger.h"
#include "nsIXPConnect.h"
#include "nsPIDOMWindow.h"
#include "nsGlobalWindow.h"
#include <algorithm>
#include "ImageContainer.h"
@ -2182,7 +2183,8 @@ WorkerPrivateParent<Derived>::WorkerPrivateParent(
mWorkerName(aWorkerName), mLoadingWorkerScript(false),
mBusyCount(0), mParentStatus(Pending), mParentFrozen(false),
mParentWindowPaused(false), mIsChromeWorker(aIsChromeWorker),
mMainThreadObjectsForgotten(false), mWorkerType(aWorkerType),
mMainThreadObjectsForgotten(false), mIsSecureContext(false),
mWorkerType(aWorkerType),
mCreationTimeStamp(TimeStamp::Now()),
mCreationTimeHighRes((double)PR_Now() / PR_USEC_PER_MSEC)
{
@ -2202,8 +2204,14 @@ WorkerPrivateParent<Derived>::WorkerPrivateParent(
if (aParent) {
aParent->AssertIsOnWorkerThread();
// Note that this copies our parent's secure context state into mJSSettings.
aParent->CopyJSSettings(mJSSettings);
// And manually set our mIsSecureContext, though it's not really relevant to
// dedicated workers...
mIsSecureContext = aParent->IsSecureContext();
MOZ_ASSERT_IF(mIsChromeWorker, mIsSecureContext);
MOZ_ASSERT(IsDedicatedWorker());
mNowBaseTimeStamp = aParent->NowBaseTimeStamp();
mNowBaseTimeHighRes = aParent->NowBaseTime();
@ -2213,6 +2221,26 @@ WorkerPrivateParent<Derived>::WorkerPrivateParent(
RuntimeService::GetDefaultJSSettings(mJSSettings);
// Our secure context state depends on the kind of worker we have.
if (UsesSystemPrincipal() || IsServiceWorker()) {
mIsSecureContext = true;
} else if (mLoadInfo.mWindow) {
// Shared and dedicated workers both inherit the loading window's secure
// context state. Shared workers then prevent windows with a different
// secure context state from attaching to them.
mIsSecureContext = mLoadInfo.mWindow->IsSecureContext();
} else {
MOZ_ASSERT_UNREACHABLE("non-chrome worker that is not a service worker "
"that has no parent and no associated window");
}
if (mIsSecureContext) {
mJSSettings.chrome.compartmentOptions
.creationOptions().setSecureContext(true);
mJSSettings.content.compartmentOptions
.creationOptions().setSecureContext(true);
}
if (IsDedicatedWorker() && mLoadInfo.mWindow &&
mLoadInfo.mWindow->GetPerformance()) {
mNowBaseTimeStamp = mLoadInfo.mWindow->GetPerformance()->GetDOMTiming()->

19
dom/workers/WorkerPrivate.h
View File

@ -202,6 +202,15 @@ private:
bool mParentWindowPaused;
bool mIsChromeWorker;
bool mMainThreadObjectsForgotten;
// mIsSecureContext is set once in our constructor; after that it can be read
// from various threads. We could make this const if we were OK with setting
// it in the initializer list via calling some function that takes all sorts
// of state (loadinfo, worker type, parent).
//
// It's a bit unfortunate that we have to have an out-of-band boolean for
// this, but we need access to this state from the parent thread, and we can't
// use our global object's secure state there.
bool mIsSecureContext;
WorkerType mWorkerType;
TimeStamp mCreationTimeStamp;
DOMHighResTimeStamp mCreationTimeHighRes;
@ -823,6 +832,16 @@ public:
IMPL_EVENT_HANDLER(message)
IMPL_EVENT_HANDLER(error)
// Check whether this worker is a secure context. For use from the parent
// thread only; the canonical "is secure context" boolean is stored on the
// compartment of the worker global. The only reason we don't
// AssertIsOnParentThread() here is so we can assert that this value matches
// the one on the compartment, which has to be done from the worker thread.
bool IsSecureContext() const
{
return mIsSecureContext;
}
#ifdef DEBUG
void
AssertIsOnParentThread() const;

9
dom/workers/WorkerScope.cpp
View File

@ -173,6 +173,15 @@ WorkerGlobalScope::GetCaches(ErrorResult& aRv)
return ref.forget();
}
bool
WorkerGlobalScope::IsSecureContext() const
{
bool globalSecure =
JS_GetIsSecureContext(js::GetObjectCompartment(GetWrapperPreserveColor()));
MOZ_ASSERT(globalSecure == mWorkerPrivate->IsSecureContext());
return globalSecure;
}
already_AddRefed<WorkerLocation>
WorkerGlobalScope::Location()
{

2
dom/workers/WorkerScope.h
View File

@ -163,6 +163,8 @@ public:
already_AddRefed<cache::CacheStorage>
GetCaches(ErrorResult& aRv);
bool IsSecureContext() const;
already_AddRefed<Promise>
CreateImageBitmap(const ImageBitmapSource& aImage, ErrorResult& aRv);

36
testing/web-platform/meta/MANIFEST.json
View File

@ -37508,6 +37508,42 @@
"url": "/html/semantics/scripting-1/the-script-element/script-onload-insertion-point.html"
}
],
"secure-contexts/basic-dedicated-worker.html": [
{
"path": "secure-contexts/basic-dedicated-worker.html",
"url": "/secure-contexts/basic-dedicated-worker.html"
}
],
"secure-contexts/basic-dedicated-worker.https.html": [
{
"path": "secure-contexts/basic-dedicated-worker.https.html",
"url": "/secure-contexts/basic-dedicated-worker.https.html"
}
],
"secure-contexts/basic-shared-worker.html": [
{
"path": "secure-contexts/basic-shared-worker.html",
"url": "/secure-contexts/basic-shared-worker.html"
}
],
"secure-contexts/basic-shared-worker.https.html": [
{
"path": "secure-contexts/basic-shared-worker.https.html",
"url": "/secure-contexts/basic-shared-worker.https.html"
}
],
"secure-contexts/shared-worker-insecure-first.https.html": [
{
"path": "secure-contexts/shared-worker-insecure-first.https.html",
"url": "/secure-contexts/shared-worker-insecure-first.https.html"
}
],
"secure-contexts/shared-worker-secure-first.https.html": [
{
"path": "secure-contexts/shared-worker-secure-first.https.html",
"url": "/secure-contexts/shared-worker-secure-first.https.html"
}
],
"selectors/child-indexed-pseudo-class.html": [
{
"path": "selectors/child-indexed-pseudo-class.html",

83
testing/web-platform/tests/secure-contexts/basic-dedicated-worker.html Normal file
View File

@ -0,0 +1,83 @@
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>Test WorkerGlobalScope.isSecureContext for HTTP creator</title>
<meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="server-locations.sub.js"></script>
</head>
<body>
<script>
var t1 = async_test("HTTP worker");
var t2 = async_test("HTTPS worker");
var t3 = async_test("HTTP nested worker");
var t4 = async_test("HTTPS nested worker");
var t5 = async_test("HTTP worker from HTTPS subframe");
var t6 = async_test("HTTPS worker from HTTPS subframe");
var w1 = new Worker(http_dir + "support/dedicated-worker-script.js");
w1.onmessage = t1.step_func_done(function(e) {
assert_false(e.data);
});
w1.onerror = t1.step_func_done(function(e) {
assert_unreached("isSecureContext should be supported");
});
var w2 = new Worker(https_dir + "support/dedicated-worker-script.js");
w2.onmessage = t2.step_func_done(function(e) {
assert_unreached("cross-origin workers should not be loaded");
});
w2.onerror = t2.step_func_done(function(e) {
e.preventDefault();
});
var w3 = new Worker(http_dir + "support/parent-dedicated-worker-script.js");
w3.onmessage = t3.step_func_done(function(e) {
assert_false(e.data);
});
w3.onerror = t3.step_func_done(function(e) {
assert_unreached("isSecureContext should be supported");
});
var w4 = new Worker(https_dir + "support/parent-dedicated-worker-script.js");
w4.onmessage = t4.step_func_done(function(e) {
assert_unreached("cross-origin workers should not be loaded");
});
w4.onerror = t4.step_func_done(function(e) {
e.preventDefault();
});
onmessage = function(e) {
var data = e.data;
if (data.type == "http") {
t5.step(function() {
assert_true(data.error);
});
t5.done();
} else if (data.type == "https") {
t6.step(function() {
assert_false(data.error);
assert_false(data.isSecureContext);
});
t6.done();
} else {
t5.step(function() {
assert_unreached("Unknown message");
});
t5.done();
t6.step(function() {
assert_unreached("Unknown message");
});
t6.done();
}
}
var ifr = document.createElement("iframe");
ifr.src = https_dir + "support/https-subframe-dedicated.html";
document.body.appendChild(ifr);
</script>
</body>
</html>

83
testing/web-platform/tests/secure-contexts/basic-dedicated-worker.https.html Normal file
View File

@ -0,0 +1,83 @@
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>Test WorkerGlobalScope.isSecureContext for HTTPS creator</title>
<meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="server-locations.sub.js"></script>
</head>
<body>
<script>
var t1 = async_test("HTTP worker");
var t2 = async_test("HTTPS worker");
var t3 = async_test("HTTP nested worker");
var t4 = async_test("HTTPS nested worker");
var t5 = async_test("HTTP worker from HTTPS subframe");
var t6 = async_test("HTTPS worker from HTTPS subframe");
var w1 = new Worker(http_dir + "support/dedicated-worker-script.js");
w1.onmessage = t1.step_func_done(function(e) {
assert_unreached("cross-origin workers should not be loaded");
});
w1.onerror = t1.step_func_done(function(e) {
e.preventDefault();
});
var w2 = new Worker(https_dir + "support/dedicated-worker-script.js");
w2.onmessage = t2.step_func_done(function(e) {
assert_true(e.data);
});
w2.onerror = t2.step_func_done(function(e) {
assert_unreached("isSecureContext should be supported");
});
var w3 = new Worker(http_dir + "support/parent-dedicated-worker-script.js");
w3.onmessage = t3.step_func_done(function(e) {
assert_unreached("cross-origin workers should not be loaded");
});
w3.onerror = t3.step_func_done(function(e) {
e.preventDefault();
});
var w4 = new Worker(https_dir + "support/parent-dedicated-worker-script.js");
w4.onmessage = t4.step_func_done(function(e) {
assert_true(e.data);
});
w4.onerror = t4.step_func_done(function(e) {
assert_unreached("isSecureContext should be supported");
});
onmessage = function(e) {
var data = e.data;
if (data.type == "http") {
t5.step(function() {
assert_true(data.error);
});
t5.done();
} else if (data.type == "https") {
t6.step(function() {
assert_false(data.error);
assert_true(data.isSecureContext);
});
t6.done();
} else {
t5.step(function() {
assert_unreached("Unknown message");
});
t5.done();
t6.step(function() {
assert_unreached("Unknown message");
});
t6.done();
}
}
var ifr = document.createElement("iframe");
ifr.src = https_dir + "support/https-subframe-dedicated.html";
document.body.appendChild(ifr);
</script>
</body>
</html>

69
testing/web-platform/tests/secure-contexts/basic-shared-worker.html Normal file
View File

@ -0,0 +1,69 @@
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
<meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="server-locations.sub.js"></script>
</head>
<body>
<script>
var t1 = async_test("Shared worker");
var t2 = async_test("Nested worker in shared worker");
var t3 = async_test("Shared worker from https subframe");
var t4 = async_test("Nested worker from shared worker from https subframe");
// Tests for SharedWorkers used from other workers (not supported right
// now) would go here.
t1.step(function() {
var w = new SharedWorker("support/shared-worker-script.js");
w.port.onmessage = t1.step_func_done(function(e) {
assert_false(e.data);
});
w.port.start();
});
t2.step(function() {
var w = new SharedWorker("support/parent-shared-worker-script.js");
w.port.onmessage = t2.step_func_done(function(e) {
assert_false(e.data);
});
w.port.start();
});
onmessage = function(e) {
var data = e.data;
if (data.type == "shared") {
t3.step(function() {
assert_false(data.exception);
assert_false(data.error);
assert_false(data.isSecureContext);
});
t3.done();
} else if (data.type == "nested") {
t4.step(function() {
assert_false(data.exception);
assert_false(data.error);
assert_false(data.isSecureContext);
});
t4.done();
} else {
t3.step(function() {
assert_unreached("Unknown message");
});
t3.done();
t4.step(function() {
assert_unreached("Unknown message");
});
t4.done();
}
}
var ifr = document.createElement("iframe");
ifr.src = https_dir2 + "support/https-subframe-shared.html";
document.body.appendChild(ifr);
</script>
</body>
</html>

67
testing/web-platform/tests/secure-contexts/basic-shared-worker.https.html Normal file
View File

@ -0,0 +1,67 @@
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
<meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="server-locations.sub.js"></script>
</head>
<body>
<script>
var t1 = async_test("Shared worker");
var t2 = async_test("Nested worker in shared worker");
var t3 = async_test("Shared worker from https subframe");
var t4 = async_test("Nested worker from shared worker from https subframe");
t1.step(function() {
var w = new SharedWorker("support/shared-worker-script.js");
w.port.onmessage = t1.step_func_done(function(e) {
assert_true(e.data);
});
w.port.start();
});
t2.step(function() {
var w = new SharedWorker("support/parent-shared-worker-script.js");
w.port.onmessage = t2.step_func_done(function(e) {
assert_true(e.data);
});
w.port.start();
});
onmessage = function(e) {
var data = e.data;
if (data.type == "shared") {
t3.step(function() {
assert_false(data.exception);
assert_false(data.error);
assert_true(data.isSecureContext);
});
t3.done();
} else if (data.type == "nested") {
t4.step(function() {
assert_false(data.exception);
assert_false(data.error);
assert_true(data.isSecureContext);
});
t4.done();
} else {
t3.step(function() {
assert_unreached("Unknown message");
});
t3.done();
t4.step(function() {
assert_unreached("Unknown message");
});
t4.done();
}
}
var ifr = document.createElement("iframe");
ifr.src = https_dir3 + "support/https-subframe-shared.html";
document.body.appendChild(ifr);
</script>
</body>
</html>

11
testing/web-platform/tests/secure-contexts/server-locations.sub.js
View File

@ -4,3 +4,14 @@ https_dir = https_dir.substr(0, https_dir.lastIndexOf("/") + 1);
var http_dir = "http://{{location[hostname]}}:{{ports[http][0]}}{{location[path]}}";
http_dir = http_dir.substr(0, http_dir.lastIndexOf("/") + 1);
var https_dir2 = "https://{{domains[www]}}:{{ports[https][0]}}{{location[path]}}";
https_dir2 = https_dir2.substr(0, https_dir2.lastIndexOf("/") + 1);
var https_dir3 = "https://{{domains[www1]}}:{{ports[https][0]}}{{location[path]}}";
https_dir3 = https_dir3.substr(0, https_dir3.lastIndexOf("/") + 1);
var https_dir4 = "https://{{domains[www2]}}:{{ports[https][0]}}{{location[path]}}";
https_dir4 = https_dir4.substr(0, https_dir4.lastIndexOf("/") + 1);
var https_dir5 = "https://{{domains[élève]}}:{{ports[https][0]}}{{location[path]}}";
https_dir5 = https_dir5.substr(0, https_dir5.lastIndexOf("/") + 1);

111
testing/web-platform/tests/secure-contexts/shared-worker-insecure-first.https.html Normal file
View File

@ -0,0 +1,111 @@
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
<meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="server-locations.sub.js"></script>
</head>
<body>
<script>
/*
* The goal of this test is to check that we do the right thing if the
* same SharedWorker is used first from an insecure context and then from
* a secure context.
*
* To do this, we first open an insecure (http) popup, which loads a
* subframe that is same-origin with us but not a secure context, since
* its parent is http, not https. Then this subframe loads a SharedWorker
* and communicates back to us whether that worker and a child dedicated
* worker it spawns think they are secure contexts. Async tests t3 and t4
* track these two workers.
*
* After we have heard from both workers in the popup, we directly load
* the same exact subframe ourselves and see what the workers in it
* report. Async tests t1 and t2 track these two workers.
*/
var t1 = async_test("Shared worker in subframe");
var t2 = async_test("Nested worker in shared worker in subframe");
var t3 = async_test("Shared worker in popup");
var t4 = async_test("Nested worker from shared worker in popup");
var messageCount = 0;
var popup = null;
onmessage = function(e) {
++messageCount;
// Make sure to not close the popup until we've run the iframe part of
// the test! We need to keep those shared workers alive.
if (messageCount == 4 && popup) {
popup.close();
}
var data = e.data;
if (data.type == "shared") {
// This is a message from our shared worker; check whether it's the
// one in the popup or in our subframe.
if (data.fromPopup) {
t3.step(function() {
assert_false(data.exception);
assert_false(data.error);
assert_false(data.isSecureContext);
});
t3.done();
} else {
t1.step(function() {
assert_false(data.exception);
assert_true(data.error);
});
t1.done();
}
} else if (data.type == "nested") {
// This is a message from our shared worker's nested dedicated worker;
// check whether it's the one in the popup or in our subframe.
if (data.fromPopup) {
t4.step(function() {
assert_false(data.exception);
assert_false(data.error);
assert_false(data.isSecureContext);
});
t4.done();
} else {
t2.step(function() {
assert_false(data.exception);
assert_true(data.error);
});
t2.done();
}
} else {
if (popup) {
popup.close();
}
t1.step(function() {
assert_unreached("Unknown message");
});
t1.done();
t2.step(function() {
assert_unreached("Unknown message");
});
t2.done();
t3.step(function() {
assert_unreached("Unknown message");
});
t3.done();
t4.step(function() {
assert_unreached("Unknown message");
});
t4.done();
}
if (messageCount == 2) {
// Got both messages from our popup; time to create our child.
var ifr = document.createElement("iframe");
ifr.src = https_dir5 + "support/https-subframe-shared.html";
document.body.appendChild(ifr);
}
}
popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir5");
</script>
</body>
</html>

111
testing/web-platform/tests/secure-contexts/shared-worker-secure-first.https.html Normal file
View File

@ -0,0 +1,111 @@
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
<meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="server-locations.sub.js"></script>
</head>
<body>
<script>
/*
* The goal of this test is to check that we do the right thing if the
* same SharedWorker is used first from an secure context and then from
* an insecure context.
*
* To do this, we load a subframe which loads a SharedWorker
* and communicates back to us whether that worker and a child dedicated
* worker it spawns think they are secure contexts. Async tests t1 and t2
* track these two workers.
*
* After we have heard from both workers in the subframe, we open an
* insecure (http) popup, which loads the same exact subframe. This
* subframe is still is same-origin with
* us but not a secure context, since its parent is http, not https. Then
* we wait to hear about the status of the workers in the popup's
* subframe. Async tests t3 and t4 track these two workers.
*
*/
var t1 = async_test("Shared worker in subframe");
var t2 = async_test("Nested worker in shared worker in subframe");
var t3 = async_test("Shared worker in popup");
var t4 = async_test("Nested worker from shared worker in popup");
var messageCount = 0;
var popup = null;
onmessage = function(e) {
++messageCount;
if (messageCount == 4 && popup) {
popup.close();
}
var data = e.data;
if (data.type == "shared") {
// This is a message from our shared worker; check whether it's the
// one in the popup or in our subframe.
if (data.fromPopup) {
t3.step(function() {
assert_false(data.exception);
assert_true(data.error);
});
t3.done();
} else {
t1.step(function() {
assert_false(data.exception);
assert_false(data.error);
assert_true(data.isSecureContext);
});
t1.done();
}
} else if (data.type == "nested") {
// This is a message from our shared worker's nested dedicated worker;
// check whether it's the one in the popup or in our subframe.
if (data.fromPopup) {
t4.step(function() {
assert_false(data.exception);
assert_true(data.error);
});
t4.done();
} else {
t2.step(function() {
assert_false(data.exception);
assert_false(data.error);
assert_true(data.isSecureContext);
});
t2.done();
}
} else {
if (popup) {
popup.close();
}
t1.step(function() {
assert_unreached("Unknown message");
});
t1.done();
t2.step(function() {
assert_unreached("Unknown message");
});
t2.done();
t3.step(function() {
assert_unreached("Unknown message");
});
t3.done();
t4.step(function() {
assert_unreached("Unknown message");
});
t4.done();
}
if (messageCount == 2) {
// Got both messages from our child; time to open our popup
popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir4");
}
}
var ifr = document.createElement("iframe");
ifr.src = https_dir4 + "support/https-subframe-shared.html";
document.body.appendChild(ifr);
</script>
</body>
</html>

1
testing/web-platform/tests/secure-contexts/support/dedicated-worker-script.js Normal file
View File

@ -0,0 +1 @@
postMessage(isSecureContext);

21
testing/web-platform/tests/secure-contexts/support/https-subframe-dedicated.html Normal file
View File

@ -0,0 +1,21 @@
<!DOCTYPE html>
<script src="../server-locations.sub.js"></script>
<script>
var w1 = new Worker(http_dir + "support/dedicated-worker-script.js");
w1.onmessage = function(e) {
parent.postMessage({ type: "http", error: false,
isSecureContext: e.data }, "*");
};
w1.onerror = function(e) {
parent.postMessage({ type: "http", error: true }, "*");
};
var w2 = new Worker(https_dir + "support/dedicated-worker-script.js");
w2.onmessage = function(e) {
parent.postMessage({ type: "https", error: false,
isSecureContext: e.data }, "*");
};
w2.onerror = function(e) {
parent.postMessage({ type: "https", error: true }, "*");
}
</script>

32
testing/web-platform/tests/secure-contexts/support/https-subframe-shared.html Normal file
View File

@ -0,0 +1,32 @@
<!DOCTYPE html>
<script>
try {
var w = new SharedWorker("shared-worker-script.js");
w.port.onmessage = function(e) {
parent.postMessage({ type: "shared", error: false, exception: false,
isSecureContext: e.data }, "*");
};
w.onerror = function(e) {
parent.postMessage({ type: "shared", error: true, exception: false },
"*");
}
w.port.start();
} catch (e) {
parent.postMessage({ type: "shared", exception: true }, "*");
}
try {
var w = new SharedWorker("parent-shared-worker-script.js");
w.port.onmessage = function(e) {
parent.postMessage({ type: "nested", error: false, exception: false,
isSecureContext: e.data }, "*");
};
w.onerror = function(e) {
parent.postMessage({ type: "nested", error: true, exception: false },
"*");
}
w.port.start();
} catch (e) {
parent.postMessage({ type: "nested", exception: true }, "*");
}
</script>

4
testing/web-platform/tests/secure-contexts/support/parent-dedicated-worker-script.js Normal file
View File

@ -0,0 +1,4 @@
var w = new Worker("dedicated-worker-script.js");
w.onmessage = function (e) {
postMessage(e.data);
}

8
testing/web-platform/tests/secure-contexts/support/parent-shared-worker-script.js Normal file
View File

@ -0,0 +1,8 @@
addEventListener("connect", function (e) {
var port = e.ports[0];
port.start();
var w = new Worker("dedicated-worker-script.js");
w.onmessage = function (e) {
port.postMessage(e.data);
}
});

15
testing/web-platform/tests/secure-contexts/support/shared-worker-insecure-popup.html Normal file
View File

@ -0,0 +1,15 @@
<!DOCTYPE html>
<script src="../server-locations.sub.js"></script>
<body>
<script>
var url = self[location.search.substr(1)] + "support/https-subframe-shared.html";
onmessage = function(e) {
var data = e.data;
data.fromPopup = true;
opener.postMessage(data, "*");
}
var ifr = document.createElement("iframe");
ifr.src = url;
document.body.appendChild(ifr);
</script>
</body>

5
testing/web-platform/tests/secure-contexts/support/shared-worker-script.js Normal file
View File

@ -0,0 +1,5 @@
addEventListener("connect", function (e) {
var port = e.ports[0];
port.start();
port.postMessage(isSecureContext);
});