Extend url library for WebEngine custom schemes

Adds (another) parallel scheme registry in url/url_util_qt, which is then used in Chromium and Blink to specialize URL handling for WebEngine custom schemes. The registry is transmitted from the main process to subprocesses in a new command line flag (--webengine-schemes), since the scheme lists in url/url_util are locked before IPC is initialized. Task-number: QTBUG-62536 Change-Id: Id26811a18d4c740cc4d281d2da5720304a235a41 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Jüri Valdmann <juri.valdmann@qt.io> 2018-04-19 12:14:44 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2021-10-04 10:17:59 +0200
commit: 96397825bd85d2bef6219e0d7ab595835db058c7 (patch)
tree: ea22f24358bb9db372464106697b4d6f64234405 /chromium/third_party
parent: 39af75235ac5e4bc488b7dc8e60c8413586cb9ff (diff)
download: qtwebengine-chromium-96397825bd85d2bef6219e0d7ab595835db058c7.tar.gz
6 files changed, 69 insertions, 4 deletions
diff --git a/chromium/third_party/blink/renderer/core/workers/dedicated_worker.cc b/chromium/third_party/blink/renderer/core/workers/dedicated_worker.cc
index 7f4cf6368c8..21d27a9c1e0 100644
--- a/chromium/third_party/blink/renderer/core/workers/dedicated_worker.cc
+++ b/chromium/third_party/blink/renderer/core/workers/dedicated_worker.cc
@@ -76,6 +76,14 @@ DedicatedWorker* DedicatedWorker::Create(ExecutionContext* context,
     return nullptr;
   }
 
+  auto origin = SecurityOrigin::Create(script_request_url);
+  if (origin->IsBroken()) {
+      exception_state.ThrowDOMException(
+          DOMExceptionCode::kNotSupportedError,
+          "Access to dedicated workers is denied to origin '" + origin->ToString() + "'.");
+      return nullptr;
+  }
+
   if (context->IsWorkerGlobalScope())
     UseCounter::Count(context, WebFeature::kNestedDedicatedWorker);
 
diff --git a/chromium/third_party/blink/renderer/modules/broadcastchannel/broadcast_channel.cc b/chromium/third_party/blink/renderer/modules/broadcastchannel/broadcast_channel.cc
index fe77576d149..ca93fba34d0 100644
--- a/chromium/third_party/blink/renderer/modules/broadcastchannel/broadcast_channel.cc
+++ b/chromium/third_party/blink/renderer/modules/broadcastchannel/broadcast_channel.cc
@@ -53,6 +53,12 @@ BroadcastChannel* BroadcastChannel::Create(ExecutionContext* execution_context,
         "Can't create BroadcastChannel in an opaque origin");
     return nullptr;
   }
+  if (execution_context->GetSecurityOrigin()->IsBroken()) {
+      exception_state.ThrowDOMException(
+          DOMExceptionCode::kNotSupportedError,
+          "Can't create BroadcastChannel");
+      return nullptr;
+  }
   return MakeGarbageCollected<BroadcastChannel>(execution_context, name);
 }
 
diff --git a/chromium/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc b/chromium/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc
index b8dcbd34eca..4cc59548f07 100644
--- a/chromium/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc
+++ b/chromium/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc
@@ -309,7 +309,8 @@ bool WebSocketChannelImpl::Connect(const KURL& url, const String& protocol) {
   // If the connection needs to be filtered, asynchronously fail. Synchronous
   // failure blocks the worker thread which should be avoided. Note that
   // returning "true" just indicates that this was not a mixed content error.
-  if (ShouldDisallowConnection(url)) {
+  if (ShouldDisallowConnection(url) ||
+      execution_context_->GetSecurityOrigin()->IsBroken()) {
     execution_context_->GetTaskRunner(TaskType::kNetworking)
         ->PostTask(FROM_HERE,
                    WTF::Bind(&WebSocketChannelImpl::TearDownFailedConnection,
diff --git a/chromium/third_party/blink/renderer/platform/weborigin/scheme_registry.cc b/chromium/third_party/blink/renderer/platform/weborigin/scheme_registry.cc
index 541170707bf..ee0b3d59b01 100644
--- a/chromium/third_party/blink/renderer/platform/weborigin/scheme_registry.cc
+++ b/chromium/third_party/blink/renderer/platform/weborigin/scheme_registry.cc
@@ -34,6 +34,7 @@
 #include "third_party/blink/renderer/platform/wtf/threading.h"
 #include "third_party/blink/renderer/platform/wtf/threading_primitives.h"
 #include "url/url_util.h"
+#include "url/url_util_qt.h"
 
 namespace blink {
 
@@ -77,6 +78,15 @@ class URLSchemesRegistry final {
     }
     for (auto& scheme : url::GetEmptyDocumentSchemes())
       empty_document_schemes.insert(scheme.c_str());
+
+    // NOTE(juvaldma)(Chromium 67.0.3396.47)
+    //
+    // Non-blink Chromium has it's own version of this list (see
+    // content::RegisterContentSchemes).
+    for (auto& cs : url::CustomScheme::GetSchemes()) {
+      if (cs.flags & url::CustomScheme::ServiceWorkersAllowed)
+        service_worker_schemes.insert(String(cs.name.c_str()));
+    }
   }
   ~URLSchemesRegistry() = default;
 
diff --git a/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc b/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc
index 2db34d308c9..4a4d3e133b8 100644
--- a/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc
+++ b/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc
@@ -52,6 +52,7 @@
 #include "url/url_canon.h"
 #include "url/url_canon_ip.h"
 #include "url/url_util.h"
+#include "url/url_util_qt.h"
 
 namespace blink {
 
@@ -65,6 +66,10 @@ const String& EnsureNonNull(const String& string) {
 
 }  // namespace
 
+bool SecurityOrigin::IsBroken() const {
+  return !IsOpaque() && ToUrlOrigin().opaque();
+}
+
 bool SecurityOrigin::ShouldUseInnerURL(const KURL& url) {
   // FIXME: Blob URLs don't have inner URLs. Their form is
   // "blob:<inner-origin>/<UUID>", so treating the part after "blob:" as a URL
@@ -153,10 +158,27 @@ SecurityOrigin::SecurityOrigin(const String& protocol,
                                const String& host,
                                uint16_t port)
     : protocol_(protocol), host_(host), domain_(host_), port_(port) {
+  DCHECK(!IsOpaque());
+
+  // NOTE(juvaldma)(Chromium 67.0.3396.47)
+  //
+  // If DefaultPortForProtocol and IsDefaultPortForProtocol were appropriately
+  // extended, then SecurityOrigin would *almost* work without the following
+  // code. The only problem is that can_load_local_resources_ would be set for
+  // Local schemes and not LocalAccessAllowed schemes.
+  if (const url::CustomScheme* cs = url::CustomScheme::FindScheme(StringUTF8Adaptor(protocol_).AsStringPiece())) {
+    if (cs->has_port_component()) {
+      if (!port_)
+        port_ = cs->default_port;
+    } else {
+      port_ = 0;
+    }
+    can_load_local_resources_ = cs->flags & url::CustomScheme::LocalAccessAllowed;
+    return;
+  }
   DCHECK(url::SchemeHostPort(protocol.Utf8(), host.Utf8(), port,
                              url::SchemeHostPort::CHECK_CANONICALIZATION)
              .IsValid());
-  DCHECK(!IsOpaque());
   // By default, only local SecurityOrigins can load local resources.
   can_load_local_resources_ = IsLocal();
 }
@@ -498,6 +520,23 @@ String SecurityOrigin::ToRawString() const {
 }
 
 void SecurityOrigin::BuildRawString(StringBuilder& builder) const {
+  // NOTE(juvaldma)(Chromium 69.0.3497.128)
+  //
+  // Should match url::SchemeHostPort::Serialize().
+  if (const url::CustomScheme* cs = url::CustomScheme::FindScheme(StringUTF8Adaptor(protocol_).AsStringPiece())) {
+    builder.Append(protocol_);
+    builder.Append(":");
+    if (!cs->has_host_component())
+      return;
+    builder.Append("//");
+    builder.Append(host_);
+    if (!cs->has_port_component() || port_ == cs->default_port)
+      return;
+    builder.Append(':');
+    builder.AppendNumber(port_);
+    return;
+  }
+
   builder.Append(protocol_);
   builder.Append("://");
   builder.Append(host_);
diff --git a/chromium/third_party/blink/renderer/platform/weborigin/security_origin.h b/chromium/third_party/blink/renderer/platform/weborigin/security_origin.h
index 28c9d9b6fea..bdb02e52815 100644
--- a/chromium/third_party/blink/renderer/platform/weborigin/security_origin.h
+++ b/chromium/third_party/blink/renderer/platform/weborigin/security_origin.h
@@ -104,6 +104,7 @@ class PLATFORM_EXPORT SecurityOrigin : public RefCounted<SecurityOrigin> {
 
   static scoped_refptr<SecurityOrigin> CreateFromUrlOrigin(const url::Origin&);
   url::Origin ToUrlOrigin() const;
+  bool IsBroken() const;
 
   // Some URL schemes use nested URLs for their security context. For example,
   // filesystem URLs look like the following:
@@ -419,8 +420,8 @@ class PLATFORM_EXPORT SecurityOrigin : public RefCounted<SecurityOrigin> {
   const String protocol_ = g_empty_string;
   const String host_ = g_empty_string;
   String domain_ = g_empty_string;
-  const uint16_t port_ = 0;
-  const absl::optional<url::Origin::Nonce> nonce_if_opaque_;
+  uint16_t port_ = 0;
+  const absl::Optional<url::Origin::Nonce> nonce_if_opaque_;
   bool universal_access_ = false;
   bool domain_was_set_in_dom_ = false;
   bool can_load_local_resources_ = false;
author	Jüri Valdmann <juri.valdmann@qt.io>	2018-04-19 12:14:44 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2021-10-04 10:17:59 +0200
commit	96397825bd85d2bef6219e0d7ab595835db058c7 (patch)
tree	ea22f24358bb9db372464106697b4d6f64234405 /chromium/third_party
parent	39af75235ac5e4bc488b7dc8e60c8413586cb9ff (diff)
download	qtwebengine-chromium-96397825bd85d2bef6219e0d7ab595835db058c7.tar.gz