Bug 1532303: Fix evaluation of Service-Worker-Allowed header r=perry,asuth

The spec mandates that only the paths of the URIs resulting from evaluation of the Service-Worker-Allowed header and the registration's scope be compared, yet Gecko also includes the origin in the comparison. This commit makes Gecko follow the spec. Differential Revision: https://phabricator.services.mozilla.com/D21970 --HG-- extra : moz-landing-system : lando
2024-10-19 08:15:31 +00:00 · 2019-03-06 02:11:54 +00:00 · 2019-03-06 02:11:54 +00:00 · 47e3c782c9
commit 47e3c782c9
parent 3aa9896ebc
2 changed files with 18 additions and 21 deletions
--- a/dom/serviceworkers/ServiceWorkerUpdateJob.cpp
+++ b/dom/serviceworkers/ServiceWorkerUpdateJob.cpp
@ -46,32 +46,22 @@ enum ScopeStringPrefixMode { eUseDirectory, eUsePath };

 nsresult GetRequiredScopeStringPrefix(nsIURI* aScriptURI, nsACString& aPrefix,
                                      ScopeStringPrefixMode aPrefixMode) {
-  nsresult rv = aScriptURI->GetPrePath(aPrefix);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return rv;
-  }
-
+  nsresult rv;
  if (aPrefixMode == eUseDirectory) {
    nsCOMPtr<nsIURL> scriptURL(do_QueryInterface(aScriptURI));
    if (NS_WARN_IF(!scriptURL)) {
      return NS_ERROR_FAILURE;
    }

-    nsAutoCString dir;
-    rv = scriptURL->GetDirectory(dir);
+    rv = scriptURL->GetDirectory(aPrefix);
    if (NS_WARN_IF(NS_FAILED(rv))) {
      return rv;
    }
-
-    aPrefix.Append(dir);
  } else if (aPrefixMode == eUsePath) {
-    nsAutoCString path;
-    rv = aScriptURI->GetPathQueryRef(path);
+    rv = aScriptURI->GetPathQueryRef(aPrefix);
    if (NS_WARN_IF(NS_FAILED(rv))) {
      return rv;
    }
-
-    aPrefix.Append(path);
  } else {
    MOZ_ASSERT_UNREACHABLE("Invalid value for aPrefixMode");
  }
@ -372,7 +362,21 @@ void ServiceWorkerUpdateJob::ComparisonResult(nsresult aStatus,
    }
  }

-  if (!StringBeginsWith(mRegistration->Scope(), maxPrefix)) {
+  nsCOMPtr<nsIURI> scopeURI;
+  rv = NS_NewURI(getter_AddRefs(scopeURI), mRegistration->Scope(), nullptr, scriptURI);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    FailUpdateJob(NS_ERROR_FAILURE);
+    return;
+  }
+
+  nsAutoCString scopeString;
+  rv = scopeURI->GetPathQueryRef(scopeString);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    FailUpdateJob(NS_ERROR_FAILURE);
+    return;
+  }
+
+  if (!StringBeginsWith(scopeString, maxPrefix)) {
    nsAutoString message;
    NS_ConvertUTF8toUTF16 reportScope(mRegistration->Scope());
    NS_ConvertUTF8toUTF16 reportMaxPrefix(maxPrefix);
--- a/testing/web-platform/meta/service-workers/service-worker/Service-Worker-Allowed-header.https.html.ini
+++ b/testing/web-platform/meta/service-workers/service-worker/Service-Worker-Allowed-header.https.html.ini
@ -1,7 +0,0 @@
-[Service-Worker-Allowed-header.https.html]
-  [Service-Worker-Allowed is cross-origin to script, registering on a normally allowed scope]
-    expected: FAIL
-
-  [Service-Worker-Allowed is cross-origin to script, registering on a normally disallowed scope]
-    expected: FAIL
-