[tor-commits] [tor-browser] 29/46: Bug 1762078 - Blocking SerivceWorker interception for no_cors cross-origin range request. r=dom-worker-reviewers, karlt, a=dmeehan

gitolite role git at cupani.torproject.org
Wed Nov 16 20:43:09 UTC 2022 

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch base-browser-102.5.0esr-12.0-1
in repository tor-browser.

commit 991ebc73889d7ebf5194e1e72e6a928779dff1a7
Author: Eden Chuang <echuang at mozilla.com>
AuthorDate: Wed Oct 19 21:38:04 2022 +0000

    Bug 1762078 - Blocking SerivceWorker interception for no_cors cross-origin range request. r=dom-worker-reviewers,karlt, a=dmeehan
    
    Differential Revision: https://phabricator.services.mozilla.com/D146553
---
 .../ServiceWorkerInterceptController.cpp           | 59 ++++++++++++++--------
 dom/serviceworkers/moz.build                       |  7 +++
 .../meta/fetch/range/sw.https.window.js.ini        | 28 +++++++---
 .../fetch-request-resources.https.html.ini         |  5 +-
 4 files changed, 71 insertions(+), 28 deletions(-)

diff --git a/dom/serviceworkers/ServiceWorkerInterceptController.cpp b/dom/serviceworkers/ServiceWorkerInterceptController.cpp
index 41bf644f65d1..6db39f14bbeb 100644
--- a/dom/serviceworkers/ServiceWorkerInterceptController.cpp
+++ b/dom/serviceworkers/ServiceWorkerInterceptController.cpp
@@ -11,12 +11,15 @@
 #include "mozilla/StaticPrefs_privacy.h"
 #include "mozilla/StorageAccess.h"
 #include "mozilla/StoragePrincipalHelper.h"
+#include "mozilla/dom/InternalRequest.h"
+#include "mozilla/net/HttpBaseChannel.h"
 #include "nsCOMPtr.h"
 #include "nsContentUtils.h"
 #include "nsIChannel.h"
 #include "nsICookieJarSettings.h"
 #include "ServiceWorkerManager.h"
 #include "nsIPrincipal.h"
+#include "nsQueryObject.h"
 
 namespace mozilla::dom {
 
@@ -39,29 +42,45 @@ ServiceWorkerInterceptController::ShouldPrepareForIntercept(
   if (!nsContentUtils::IsNonSubresourceRequest(aChannel)) {
     const Maybe<ServiceWorkerDescriptor>& controller =
         loadInfo->GetController();
+
     // If the controller doesn't handle fetch events, return false
-    if (controller.isSome()) {
-      *aShouldIntercept = controller.ref().HandlesFetch();
-
-      // The service worker has no fetch event handler, try to schedule a
-      // soft-update through ServiceWorkerRegistrationInfo.
-      // Get ServiceWorkerRegistrationInfo by the ServiceWorkerInfo's principal
-      // and scope
-      if (!*aShouldIntercept && swm) {
-        nsCOMPtr<nsIPrincipal> principal =
-            controller.ref().GetPrincipal().unwrap();
-        RefPtr<ServiceWorkerRegistrationInfo> registration =
-            swm->GetRegistration(principal, controller.ref().Scope());
-        // Could not get ServiceWorkerRegistration here if unregister is
-        // executed before getting here.
-        if (NS_WARN_IF(!registration)) {
-          return NS_OK;
-        }
-        registration->MaybeScheduleTimeCheckAndUpdate();
+    if (!controller.isSome()) {
+      return NS_OK;
+    }
+
+    *aShouldIntercept = controller.ref().HandlesFetch();
+
+    // The service worker has no fetch event handler, try to schedule a
+    // soft-update through ServiceWorkerRegistrationInfo.
+    // Get ServiceWorkerRegistrationInfo by the ServiceWorkerInfo's principal
+    // and scope
+    if (!*aShouldIntercept && swm) {
+      nsCOMPtr<nsIPrincipal> principal =
+          controller.ref().GetPrincipal().unwrap();
+      RefPtr<ServiceWorkerRegistrationInfo> registration =
+          swm->GetRegistration(principal, controller.ref().Scope());
+      // Could not get ServiceWorkerRegistration here if unregister is
+      // executed before getting here.
+      if (NS_WARN_IF(!registration)) {
+        return NS_OK;
       }
-    } else {
-      *aShouldIntercept = false;
+      registration->MaybeScheduleTimeCheckAndUpdate();
     }
+
+    RefPtr<net::HttpBaseChannel> httpChannel = do_QueryObject(aChannel);
+
+    if (httpChannel &&
+        httpChannel->GetRequestHead()->HasHeader(net::nsHttp::Range)) {
+      RequestMode requestMode =
+          InternalRequest::MapChannelToRequestMode(aChannel);
+      bool mayLoad = nsContentUtils::CheckMayLoad(
+          loadInfo->GetLoadingPrincipal(), aChannel,
+          /*allowIfInheritsPrincipal*/ false);
+      if (requestMode == RequestMode::No_cors && !mayLoad) {
+        *aShouldIntercept = false;
+      }
+    }
+
     return NS_OK;
   }
 
diff --git a/dom/serviceworkers/moz.build b/dom/serviceworkers/moz.build
index 529bddd833e7..92f85058b9fd 100644
--- a/dom/serviceworkers/moz.build
+++ b/dom/serviceworkers/moz.build
@@ -104,6 +104,13 @@ IPDL_SOURCES += [
     "ServiceWorkerRegistrarTypes.ipdlh",
 ]
 
+LOCAL_INCLUDES += [
+    # For HttpBaseChannel.h dependencies
+    "/netwerk/base",
+    # For HttpBaseChannel.h
+    "/netwerk/protocol/http",
+]
+
 include("/ipc/chromium/chromium-config.mozbuild")
 
 FINAL_LIBRARY = "xul"
diff --git a/testing/web-platform/meta/fetch/range/sw.https.window.js.ini b/testing/web-platform/meta/fetch/range/sw.https.window.js.ini
index a4b5a78aa059..81025f2a6ec8 100644
--- a/testing/web-platform/meta/fetch/range/sw.https.window.js.ini
+++ b/testing/web-platform/meta/fetch/range/sw.https.window.js.ini
@@ -3,13 +3,8 @@
     if asan and (os == "linux") and (bits == 64): https://bugzilla.mozilla.org/show_bug.cgi?id=1509373
     if win10_2004 and debug: https://bugzilla.mozilla.org/show_bug.cgi?id=1746958
   max-asserts: 2
-  expected:
-    if (os == "linux") and not fission: [OK, ERROR]
-    if (os == "linux") and fission: OK
-    if (os == "win") and (processor == "x86_64"): OK
-    if (os == "win") and (processor == "x86"): [OK, TIMEOUT]
-    if (os == "mac"): [OK, ERROR]
-    if (os == "android"): OK
+  expected: TIMEOUT # see previous revision for how to re-enable
+
   [Ranged response not allowed following no-cors ranged request]
     expected:
       if os == "linux": [FAIL, PASS]
@@ -33,3 +28,22 @@
   [Accept-Encoding should not appear in a service worker]
     expected:
       if processor == "x86": [PASS, NOTRUN]
+
+  [Defer range header filter tests to service worker]
+    expected: TIMEOUT
+
+  [Defer range header passthrough tests to service worker]
+    expected: NOTRUN
+
+  [Ranged response not allowed following no-cors ranged request]
+    expected: NOTRUN
+
+  [Non-opaque ranged response executed]
+    expected: NOTRUN
+
+  [Accept-Encoding should not appear in a service worker]
+    expected: NOTRUN
+
+  [Opaque range preload successes and failures should be indistinguishable]
+    expected: NOTRUN
+
diff --git a/testing/web-platform/meta/service-workers/service-worker/fetch-request-resources.https.html.ini b/testing/web-platform/meta/service-workers/service-worker/fetch-request-resources.https.html.ini
index 4cc683511163..9c3eb9ec515f 100644
--- a/testing/web-platform/meta/service-workers/service-worker/fetch-request-resources.https.html.ini
+++ b/testing/web-platform/meta/service-workers/service-worker/fetch-request-resources.https.html.ini
@@ -1,4 +1,7 @@
 [fetch-request-resources.https.html]
+  expected:
+    TIMEOUT
+
   [Verify FetchEvent for resources.]
     expected:
-      if (processor == "x86") and (os == "linux"): [PASS, FAIL]
+      TIMEOUT # see previous revision for how to re-enable

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tor-commits mailing list