diff options
Diffstat (limited to 'chromium/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc')
| -rw-r--r-- | chromium/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc | 52 |
1 files changed, 41 insertions, 11 deletions
diff --git a/chromium/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc b/chromium/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc index 008ff1ba127..7290eabda66 100644 --- a/chromium/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc +++ b/chromium/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc @@ -45,6 +45,7 @@ #include "third_party/blink/renderer/core/probe/core_probes.h" #include "third_party/blink/renderer/core/workers/shared_worker_thread.h" #include "third_party/blink/renderer/core/workers/worker_classic_script_loader.h" +#include "third_party/blink/renderer/core/workers/worker_module_tree_client.h" #include "third_party/blink/renderer/core/workers/worker_reporting_proxy.h" #include "third_party/blink/renderer/platform/loader/fetch/fetch_client_settings_object_snapshot.h" #include "third_party/blink/renderer/platform/weborigin/security_policy.h" @@ -90,13 +91,25 @@ void SharedWorkerGlobalScope::Initialize( SetReferrerPolicy(response_referrer_policy); // https://wicg.github.io/cors-rfc1918/#integration-html - SetAddressSpace(response_address_space); + GetSecurityContext().SetAddressSpace(response_address_space); // Step 12.6. "Execute the Initialize a global object's CSP list algorithm // on worker global scope and response. [CSP]" + // SharedWorkerGlobalScope inherits the outside's CSP instead of the response + // CSP headers when the response's url's scheme is a local scheme. Otherwise, + // use the response CSP headers. Here a local scheme is defined as follows: + // "A local scheme is a scheme that is "about", "blob", or "data"." + // https://fetch.spec.whatwg.org/#local-scheme + // + // https://w3c.github.io/webappsec-csp/#initialize-global-object-csp // These should be called after SetAddressSpace() to correctly override the // address space by the "treat-as-public-address" CSP directive. - InitContentSecurityPolicyFromVector(response_csp_headers); + Vector<CSPHeaderAndType> csp_headers = + response_url.ProtocolIsAbout() || response_url.ProtocolIsData() || + response_url.ProtocolIs("blob") + ? OutsideContentSecurityPolicyHeaders() + : response_csp_headers; + InitContentSecurityPolicyFromVector(csp_headers); BindContentSecurityPolicyToExecutionContext(); OriginTrialContext::AddTokens(this, response_origin_trial_tokens); @@ -121,7 +134,9 @@ void SharedWorkerGlobalScope::FetchAndRunClassicScript( // Step 12. "Fetch a classic worker script given url, outside settings, // destination, and inside settings." - auto destination = mojom::RequestContextType::SHARED_WORKER; + auto context_type = mojom::RequestContextType::SHARED_WORKER; + network::mojom::RequestDestination destination = + network::mojom::RequestDestination::kSharedWorker; // Step 12.1. "Set request's reserved client to inside settings." // The browesr process takes care of this. @@ -134,7 +149,8 @@ void SharedWorkerGlobalScope::FetchAndRunClassicScript( *this, CreateOutsideSettingsFetcher(outside_settings_object, outside_resource_timing_notifier), - script_url, destination, network::mojom::RequestMode::kSameOrigin, + script_url, context_type, destination, + network::mojom::RequestMode::kSameOrigin, network::mojom::CredentialsMode::kSameOrigin, WTF::Bind(&SharedWorkerGlobalScope::DidReceiveResponseForClassicScript, WrapWeakPersistent(this), @@ -149,17 +165,23 @@ void SharedWorkerGlobalScope::FetchAndRunModuleScript( const KURL& module_url_record, const FetchClientSettingsObjectSnapshot& outside_settings_object, WorkerResourceTimingNotifier& outside_resource_timing_notifier, - network::mojom::CredentialsMode credentials_mode) { + network::mojom::CredentialsMode credentials_mode, + RejectCoepUnsafeNone reject_coep_unsafe_none) { + DCHECK(!reject_coep_unsafe_none); // Step 12: "Let destination be "sharedworker" if is shared is true, and // "worker" otherwise." + auto context_type = mojom::RequestContextType::SHARED_WORKER; + auto destination = network::mojom::RequestDestination::kSharedWorker; // Step 13: "... Fetch a module worker script graph given url, outside // settings, destination, the value of the credentials member of options, and // inside settings." - - // TODO(nhiroki): Implement module loading for shared workers. - // (https://crbug.com/824646) - NOTREACHED(); + FetchModuleScript(module_url_record, outside_settings_object, + outside_resource_timing_notifier, context_type, destination, + credentials_mode, + ModuleScriptCustomFetchType::kWorkerConstructor, + MakeGarbageCollected<WorkerModuleTreeClient>( + ScriptController()->GetScriptState())); } const String SharedWorkerGlobalScope::name() const { @@ -194,7 +216,15 @@ void SharedWorkerGlobalScope::DidFetchClassicScript( const v8_inspector::V8StackTraceId& stack_id) { DCHECK(IsContextThread()); - // Step 12. "If the algorithm asynchronously completes with null, then:" + // Step 12. "If the algorithm asynchronously completes with null or with + // script whose error to rethrow is non-null, then:" + // + // The case |error to rethrow| is non-null indicates the parse error. + // Parsing the script should be done during fetching according to the spec + // but it is done in EvaluateClassicScript() for classic scripts. + // Therefore, we cannot catch parse error events here. + // TODO(https://crbug.com/1058259) Catch parse error events for classic + // shared workers. if (classic_script_loader->Failed()) { // Step 12.1. "Queue a task to fire an event named error at worker." // Step 12.2. "Run the environment discarding steps for inside settings." @@ -236,7 +266,7 @@ void SharedWorkerGlobalScope::ExceptionThrown(ErrorEvent* event) { debugger->ExceptionThrown(GetThread(), event); } -void SharedWorkerGlobalScope::Trace(blink::Visitor* visitor) { +void SharedWorkerGlobalScope::Trace(Visitor* visitor) { visitor->Trace(appcache_host_); WorkerGlobalScope::Trace(visitor); } |