Bug 683280 - 'Workers: creating workers from 'localhost' or an IP address fails'. r=sicking.

This commit is contained in:
Ben Turner 2011-09-08 17:07:11 -07:00
parent 84bef19b19
commit 92f904aeb4
8 changed files with 137 additions and 48 deletions

View File

@ -57,46 +57,6 @@ ThirdPartyUtil::Init()
return rv;
}
// Get the base domain for aHostURI; e.g. for "www.bbc.co.uk", this would be
// "bbc.co.uk". Only properly-formed URI's are tolerated, though a trailing
// dot may be present. If aHostURI is an IP address, an alias such as
// 'localhost', an eTLD such as 'co.uk', or the empty string, aBaseDomain will
// be the exact host. The result of this function should only be used in exact
// string comparisons, since substring comparisons will not be valid for the
// special cases elided above.
nsresult
ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
nsCString& aBaseDomain)
{
// Get the base domain. this will fail if the host contains a leading dot,
// more than one trailing dot, or is otherwise malformed.
nsresult rv = mTLDService->GetBaseDomain(aHostURI, 0, aBaseDomain);
if (rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
// aHostURI is either an IP address, an alias such as 'localhost', an eTLD
// such as 'co.uk', or the empty string. Uses the normalized host in such
// cases.
rv = aHostURI->GetAsciiHost(aBaseDomain);
}
NS_ENSURE_SUCCESS(rv, rv);
// aHostURI (and thus aBaseDomain) may be the string '.'. If so, fail.
if (aBaseDomain.Length() == 1 && aBaseDomain.Last() == '.')
return NS_ERROR_INVALID_ARG;
// Reject any URIs without a host that aren't file:// URIs. This makes it the
// only way we can get a base domain consisting of the empty string, which
// means we can safely perform foreign tests on such URIs where "not foreign"
// means "the involved URIs are all file://".
if (aBaseDomain.IsEmpty()) {
PRBool isFileURI = PR_FALSE;
aHostURI->SchemeIs("file", &isFileURI);
NS_ENSURE_TRUE(isFileURI, NS_ERROR_INVALID_ARG);
}
return NS_OK;
}
// Determine if aFirstDomain is a different base domain to aSecondURI; or, if
// the concept of base domain does not apply, determine if the two hosts are not
// string-identical.
@ -316,3 +276,42 @@ ThirdPartyUtil::IsThirdPartyChannel(nsIChannel* aChannel,
return IsThirdPartyWindow(ourWin, channelURI, aResult);
}
// Get the base domain for aHostURI; e.g. for "www.bbc.co.uk", this would be
// "bbc.co.uk". Only properly-formed URI's are tolerated, though a trailing
// dot may be present. If aHostURI is an IP address, an alias such as
// 'localhost', an eTLD such as 'co.uk', or the empty string, aBaseDomain will
// be the exact host. The result of this function should only be used in exact
// string comparisons, since substring comparisons will not be valid for the
// special cases elided above.
NS_IMETHODIMP
ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
nsACString& aBaseDomain)
{
// Get the base domain. this will fail if the host contains a leading dot,
// more than one trailing dot, or is otherwise malformed.
nsresult rv = mTLDService->GetBaseDomain(aHostURI, 0, aBaseDomain);
if (rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
// aHostURI is either an IP address, an alias such as 'localhost', an eTLD
// such as 'co.uk', or the empty string. Uses the normalized host in such
// cases.
rv = aHostURI->GetAsciiHost(aBaseDomain);
}
NS_ENSURE_SUCCESS(rv, rv);
// aHostURI (and thus aBaseDomain) may be the string '.'. If so, fail.
if (aBaseDomain.Length() == 1 && aBaseDomain.Last() == '.')
return NS_ERROR_INVALID_ARG;
// Reject any URIs without a host that aren't file:// URIs. This makes it the
// only way we can get a base domain consisting of the empty string, which
// means we can safely perform foreign tests on such URIs where "not foreign"
// means "the involved URIs are all file://".
if (aBaseDomain.IsEmpty()) {
PRBool isFileURI = PR_FALSE;
aHostURI->SchemeIs("file", &isFileURI);
NS_ENSURE_TRUE(isFileURI, NS_ERROR_INVALID_ARG);
}
return NS_OK;
}

View File

@ -56,7 +56,6 @@ public:
nsresult Init();
private:
nsresult GetBaseDomain(nsIURI* aHostURI, nsCString& aBaseDomain);
nsresult IsThirdPartyInternal(const nsCString& aFirstDomain,
nsIURI* aSecondURI, PRBool* aResult);
static already_AddRefed<nsIURI> GetURIFromWindow(nsIDOMWindow* aWin);

View File

@ -39,11 +39,11 @@
#include "WorkerPrivate.h"
#include "mozIThirdPartyUtil.h"
#include "nsIClassInfo.h"
#include "nsIConsoleService.h"
#include "nsIDOMFile.h"
#include "nsIDocument.h"
#include "nsIEffectiveTLDService.h"
#include "nsIJSContextStack.h"
#include "nsIMemoryReporter.h"
#include "nsIScriptError.h"
@ -2329,14 +2329,14 @@ WorkerPrivate::Create(JSContext* aCx, JSObject* aObj, WorkerPrivate* aParent,
domain = file;
}
else {
nsCOMPtr<nsIEffectiveTLDService> tldService =
do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
if (!tldService) {
JS_ReportError(aCx, "Could not get TLD service!");
nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
do_GetService(THIRDPARTYUTIL_CONTRACTID);
if (!thirdPartyUtil) {
JS_ReportError(aCx, "Could not get third party helper service!");
return nsnull;
}
if (NS_FAILED(tldService->GetBaseDomain(codebase, 0, domain))) {
if (NS_FAILED(thirdPartyUtil->GetBaseDomain(codebase, domain))) {
JS_ReportError(aCx, "Could not get domain!");
return nsnull;
}

View File

@ -58,6 +58,9 @@ _TEST_FILES = \
errorPropagation_worker.js \
test_eventDispatch.html \
eventDispatch_worker.js \
test_ipAddressOrigin.html \
ipAddressOrigin_iframe.html \
ipAddressOrigin_worker.js \
test_importScripts.html \
importScripts_worker.js \
importScripts_worker_imported1.js \

View File

@ -0,0 +1,23 @@
<!--
Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/
-->
<!DOCTYPE HTML>
<html>
<body>
<script>
onmessage = function (event) {
var url = "http://127.0.0.1" +
window.location.pathname.replace("ipAddressOrigin_iframe.html",
"ipAddRessOrigin_worker.js");
var worker = new Worker(url);
worker.onmessage = function (event) {
window.parent.postMessage(event.data, "*");
};
}
</script>
</body>
</html>

View File

@ -0,0 +1,5 @@
/**
* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
postMessage("done");

View File

@ -0,0 +1,42 @@
<!--
Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/
-->
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Web Workers</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="go();">
<p id="display"></p>
<div id="content" style="display: none">
</div>
<pre id="test">
<iframe id="testFrame"></iframe>
<script class="testbody" type="text/javascript">
function go() {
var iframe = document.getElementById("testFrame");
iframe.addEventListener("load", function() {
iframe.contentWindow.postMessage("go", "*");
window.addEventListener("message", function(event) {
is(event.data, "done", "Correct message");
SimpleTest.finish();
}, "false");
}, false);
iframe.src =
"http://127.0.0.1" +
window.location.pathname.replace("test_ipAddressOrigin.html",
"ipAddressOrigin_iframe.html");
}
SimpleTest.waitForExplicitFinish();
</script>
</pre>
</body>
</html>

View File

@ -45,7 +45,7 @@ interface nsIChannel;
* Utility functions for determining whether a given URI, channel, or window
* hierarchy is third party with respect to a known URI.
*/
[scriptable, uuid(55385caa-1b94-4376-a34c-b47c51ef0837)]
[scriptable, uuid(d994fd1d-d2fe-4372-9ae7-88b08b7d9d90)]
interface mozIThirdPartyUtil : nsISupports
{
/**
@ -155,6 +155,24 @@ interface mozIThirdPartyUtil : nsISupports
* @see isThirdPartyWindow
*/
boolean isThirdPartyChannel(in nsIChannel aChannel, [optional] in nsIURI aURI);
/**
* getBaseDomain
*
* Get the base domain for aHostURI; e.g. for "www.bbc.co.uk", this would be
* "bbc.co.uk". Only properly-formed URI's are tolerated, though a trailing
* dot may be present. If aHostURI is an IP address, an alias such as
* 'localhost', an eTLD such as 'co.uk', or the empty string, aBaseDomain will
* be the exact host. The result of this function should only be used in exact
* string comparisons, since substring comparisons will not be valid for the
* special cases elided above.
*
* @param aHostURI
* The URI to analyze.
*
* @return the base domain.
*/
AUTF8String getBaseDomain(in nsIURI aHostURI);
};
%{ C++