angler-fishThe Vulnerability History Project

Support the Service-Worker-Allowed header

      This allows a site to customize Service Worker's path restriction
policy, which by default means a script can only control a scope within
the directory of the script.

Service-Worker-Allowed is an optional HTTP response header for a Service
Worker script. The value is a URL that is the maximum allowed scope that
the script can control. If it's a relative URL, it's relative to the
script URL. For example, when included in the response for a script at
&quothttp://www.example.com/resources/sw.js&quot, a value of &quot..&quot means that
sw.js can control a max scope of &quot/&quot, rather than the default max scope
of &quotresources/&quot.

As spec'd at:
https://slightlyoff.github.io/ServiceWorker/spec/service_worker/index.html#update-algorithm

Blink-side test:
https://codereview.chromium.org/868973004/

BUG=436747

Review URL: https://codereview.chromium.org/866403002

Cr-Commit-Position: refs/heads/master@{#313263}
by Miranda the Spadefoot Toad 2015-01-27 12:57:43 UTC
commit d0dfdbbae1b2356c56e566d5880796af8cf246c1
Chromium
content/browser/service_worker/service_worker_browsertest.cc
+5 -6
content/browser/service_worker/service_worker_dispatcher_host.cc
+2 -2
content/browser/service_worker/service_worker_utils.cc
+20 -43
content/browser/service_worker/service_worker_utils.h
+2 -9
content/browser/service_worker/service_worker_utils_unittest.cc
+1 -52
content/browser/service_worker/service_worker_write_to_cache_job.cc
+1 -27
content/browser/service_worker/service_worker_write_to_cache_job.h
-2
expand_less