angler-fishThe Vulnerability History Project

Reland: service worker: Don't control a subframe of an insecure context

      We must check isSecureContext when creating the network provider to
adhere to https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged.

We already did this for getRegistration(), register(), unregister() but must
also do this when deciding whether to control an in-scope document.

BUG=607543
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
TBR=reviewers from the original review

Original review: https://codereview.chromium.org/2009453002

Review-Url: https://codereview.chromium.org/2071433003
Cr-Commit-Position: refs/heads/master@{#400093}
by Miranda the Spadefoot Toad 2016-06-16 06:10:02 UTC
commit ad1850962644e19cdb040d60eb236e0ebc23c243
Chromium Fix CVE-2016-5132
chrome/browser/chrome_content_browser_client.cc
-6
chrome/browser/chrome_content_browser_client.h
-2
chrome/browser/extensions/service_worker_apitest.cc
+3 -20
content/browser/service_worker/service_worker_browsertest.cc
+5 -6
content/browser/service_worker/service_worker_context_core.cc
+7 -7
content/browser/service_worker/service_worker_context_request_handler_unittest.cc
+5 -6
content/browser/service_worker/service_worker_context_unittest.cc
+4 -12
content/browser/service_worker/service_worker_controllee_request_handler.cc
-12
content/browser/service_worker/service_worker_controllee_request_handler_unittest.cc
+12 -13
content/browser/service_worker/service_worker_dispatcher_host.cc
+5 -12
content/browser/service_worker/service_worker_dispatcher_host.h
+1 -2
content/browser/service_worker/service_worker_dispatcher_host_unittest.cc
+7 -13
content/browser/service_worker/service_worker_handle_unittest.cc
+2 -3
content/browser/service_worker/service_worker_job_unittest.cc
+5 -6
content/browser/service_worker/service_worker_provider_host.cc
+1 -25
content/browser/service_worker/service_worker_provider_host.h
+2 -28
content/browser/service_worker/service_worker_provider_host_unittest.cc
+14 -70
content/browser/service_worker/service_worker_registration.cc
-2
content/browser/service_worker/service_worker_request_handler_unittest.cc
+9 -9
content/browser/service_worker/service_worker_storage_unittest.cc
-3
content/browser/service_worker/service_worker_url_request_job_unittest.cc
+20 -17
content/browser/service_worker/service_worker_version_unittest.cc
-1
content/browser/service_worker/service_worker_write_to_cache_job_unittest.cc
+3 -5
content/child/service_worker/service_worker_network_provider.cc
+11 -25
content/child/service_worker/service_worker_network_provider.h
+4 -11
content/common/service_worker/service_worker_messages.h
+2 -13
content/public/browser/content_browser_client.h
-6
content/renderer/render_frame_impl.cc
+2 -2
content/renderer/service_worker/service_worker_context_client.cc
+1 -2
content/renderer/shared_worker/embedded_shared_worker_stub.cc
+1 -2
third_party/WebKit/LayoutTests/http/tests/serviceworker/insecure-parent-frame.html
-85
third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-inscope.html
-12
third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-parent.html
-16
third_party/WebKit/Source/core/dom/Document.cpp
+21 -10
third_party/WebKit/Source/core/dom/Document.h
+1 -1
third_party/WebKit/Source/core/frame/Frame.cpp
-9
third_party/WebKit/Source/core/frame/Frame.h
-9
third_party/WebKit/Source/web/WebFrame.cpp
-8
third_party/WebKit/Source/web/tests/WebFrameTest.cpp
-58
third_party/WebKit/public/web/WebFrame.h
-9
expand_less