[tor-commits] [tor-browser/tor-browser-38.4.0esr-5.5-1] Bug 15564: Isolate SharedWorker by first party domain
gk at torproject.org
gk at torproject.org
Sat Dec 12 20:54:36 UTC 2015
commit 67173fc914d1fb17b942e8f7b1c9de770a21a347
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date: Thu Oct 8 12:45:37 2015 -0700
Bug 15564: Isolate SharedWorker by first party domain
---
dom/workers/RuntimeService.cpp | 27 ++++++++++++++++++++-------
dom/workers/RuntimeService.h | 5 ++++-
dom/workers/WorkerPrivate.cpp | 5 +++++
dom/workers/WorkerPrivate.h | 8 ++++++++
4 files changed, 37 insertions(+), 8 deletions(-)
diff --git a/dom/workers/RuntimeService.cpp b/dom/workers/RuntimeService.cpp
index 271c74f..4f5f363 100644
--- a/dom/workers/RuntimeService.cpp
+++ b/dom/workers/RuntimeService.cpp
@@ -64,6 +64,7 @@
#include "WorkerPrivate.h"
#include "WorkerRunnable.h"
#include "WorkerThread.h"
+#include "ThirdPartyUtil.h"
#ifdef ENABLE_TESTS
#include "BackgroundChildImpl.h"
@@ -269,11 +270,13 @@ GetWorkerPref(const nsACString& aPref,
// This function creates a key for a SharedWorker composed by "name|scriptSpec".
// If the name contains a '|', this will be replaced by '||'.
void
-GenerateSharedWorkerKey(const nsACString& aScriptSpec, const nsACString& aName,
+GenerateSharedWorkerKey(const nsACString& aScriptSpec,
+ const nsACString& aIsolationKey,
+ const nsACString& aName,
nsCString& aKey)
{
aKey.Truncate();
- aKey.SetCapacity(aScriptSpec.Length() + aName.Length() + 1);
+ aKey.SetCapacity(aScriptSpec.Length() + aName.Length() + aIsolationKey.Length() + 2);
nsACString::const_iterator start, end;
aName.BeginReading(start);
@@ -288,6 +291,9 @@ GenerateSharedWorkerKey(const nsACString& aScriptSpec, const nsACString& aName,
aKey.Append('|');
aKey.Append(aScriptSpec);
+
+ aKey.Append('|');
+ aKey.Append(aIsolationKey);
}
void
@@ -1402,13 +1408,16 @@ RuntimeService::RegisterWorker(JSContext* aCx, WorkerPrivate* aWorkerPrivate)
if (isSharedOrServiceWorker) {
const nsCString& sharedWorkerName = aWorkerPrivate->SharedWorkerName();
+ const nsCString& isolationKey = aWorkerPrivate->IsolationKey();
nsAutoCString key;
- GenerateSharedWorkerKey(sharedWorkerScriptSpec, sharedWorkerName, key);
+ GenerateSharedWorkerKey(sharedWorkerScriptSpec, isolationKey, sharedWorkerName, key);
MOZ_ASSERT(!domainInfo->mSharedWorkerInfos.Get(key));
SharedWorkerInfo* sharedWorkerInfo =
- new SharedWorkerInfo(aWorkerPrivate, sharedWorkerScriptSpec,
+ new SharedWorkerInfo(aWorkerPrivate,
+ sharedWorkerScriptSpec,
+ isolationKey,
sharedWorkerName);
domainInfo->mSharedWorkerInfos.Put(key, sharedWorkerInfo);
}
@@ -1509,7 +1518,9 @@ RuntimeService::UnregisterWorker(JSContext* aCx, WorkerPrivate* aWorkerPrivate)
if (match.mSharedWorkerInfo) {
nsAutoCString key;
GenerateSharedWorkerKey(match.mSharedWorkerInfo->mScriptSpec,
- match.mSharedWorkerInfo->mName, key);
+ match.mSharedWorkerInfo->mIsolationKey,
+ match.mSharedWorkerInfo->mName,
+ key);
domainInfo->mSharedWorkerInfos.Remove(key);
}
}
@@ -2293,7 +2304,7 @@ RuntimeService::CreateSharedWorkerFromLoadInfo(JSContext* aCx,
NS_ENSURE_SUCCESS(rv, rv);
nsAutoCString key;
- GenerateSharedWorkerKey(scriptSpec, aName, key);
+ GenerateSharedWorkerKey(scriptSpec, aLoadInfo->mIsolationKey, aName, key);
if (mDomainMap.Get(aLoadInfo->mDomain, &domainInfo) &&
domainInfo->mSharedWorkerInfos.Get(key, &sharedWorkerInfo)) {
@@ -2368,7 +2379,9 @@ RuntimeService::ForgetSharedWorker(WorkerPrivate* aWorkerPrivate)
if (match.mSharedWorkerInfo) {
nsAutoCString key;
GenerateSharedWorkerKey(match.mSharedWorkerInfo->mScriptSpec,
- match.mSharedWorkerInfo->mName, key);
+ match.mSharedWorkerInfo->mIsolationKey,
+ match.mSharedWorkerInfo->mName,
+ key);
domainInfo->mSharedWorkerInfos.Remove(key);
}
}
diff --git a/dom/workers/RuntimeService.h b/dom/workers/RuntimeService.h
index 94bff10..8036b60 100644
--- a/dom/workers/RuntimeService.h
+++ b/dom/workers/RuntimeService.h
@@ -34,12 +34,15 @@ class RuntimeService final : public nsIObserver
{
WorkerPrivate* mWorkerPrivate;
nsCString mScriptSpec;
+ nsCString mIsolationKey;
nsCString mName;
SharedWorkerInfo(WorkerPrivate* aWorkerPrivate,
const nsACString& aScriptSpec,
+ const nsACString& aIsolationKey,
const nsACString& aName)
- : mWorkerPrivate(aWorkerPrivate), mScriptSpec(aScriptSpec), mName(aName)
+ : mWorkerPrivate(aWorkerPrivate), mScriptSpec(aScriptSpec),
+ mIsolationKey(aIsolationKey), mName(aName)
{ }
};
diff --git a/dom/workers/WorkerPrivate.cpp b/dom/workers/WorkerPrivate.cpp
index 7057b3a..5d0064b 100644
--- a/dom/workers/WorkerPrivate.cpp
+++ b/dom/workers/WorkerPrivate.cpp
@@ -4355,6 +4355,7 @@ WorkerPrivate::GetLoadInfo(JSContext* aCx, nsPIDOMWindow* aWindow,
}
loadInfo.mDomain = aParent->Domain();
+ loadInfo.mIsolationKey = aParent->IsolationKey();
loadInfo.mFromWindow = aParent->IsFromWindow();
loadInfo.mWindowID = aParent->WindowID();
loadInfo.mIndexedDBAllowed = aParent->IsIndexedDBAllowed();
@@ -4421,6 +4422,10 @@ WorkerPrivate::GetLoadInfo(JSContext* aCx, nsPIDOMWindow* aWindow,
loadInfo.mBaseURI = document->GetDocBaseURI();
loadInfo.mLoadGroup = document->GetDocumentLoadGroup();
+ nsCString isolationKey;
+ ThirdPartyUtil::GetFirstPartyHost(document, isolationKey);
+ loadInfo.mIsolationKey = isolationKey;
+
// Use the document's NodePrincipal as our principal if we're not being
// called from chrome.
if (!loadInfo.mPrincipal) {
diff --git a/dom/workers/WorkerPrivate.h b/dom/workers/WorkerPrivate.h
index a684e6d..a84407c 100644
--- a/dom/workers/WorkerPrivate.h
+++ b/dom/workers/WorkerPrivate.h
@@ -169,6 +169,7 @@ public:
nsAutoPtr<PrincipalInfo> mPrincipalInfo;
nsCString mDomain;
+ nsCString mIsolationKey;
uint64_t mWindowID;
@@ -218,6 +219,7 @@ public:
mPrincipalInfo = aOther.mPrincipalInfo.forget();
mDomain = aOther.mDomain;
+ mIsolationKey = aOther.mIsolationKey;
mWindowID = aOther.mWindowID;
mFromWindow = aOther.mFromWindow;
mEvalAllowed = aOther.mEvalAllowed;
@@ -532,6 +534,12 @@ public:
return mLoadInfo.mDomain;
}
+ const nsCString&
+ IsolationKey() const
+ {
+ return mLoadInfo.mIsolationKey;
+ }
+
bool
IsFromWindow() const
{
More information about the tor-commits
mailing list