Closed
Bug 1175138
Opened 9 years ago
Closed 9 years ago
Cache API should reject in untrusted origins
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla41
Tracking | Status | |
---|---|---|
firefox41 | --- | fixed |
People
(Reporter: bkelly, Assigned: bkelly)
References
Details
(Keywords: dev-doc-complete)
Attachments
(6 files, 5 obsolete files)
5.98 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
6.21 KB,
patch
|
bkelly
:
review+
|
Details | Diff | Splinter Review |
4.55 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
6.67 KB,
patch
|
bkelly
:
review+
|
Details | Diff | Splinter Review |
13.10 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
2.16 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
It appears the spec is going to change to restrict Cache API to only trusted origins. https://github.com/slightlyoff/ServiceWorker/issues/709
Assignee | ||
Comment 1•9 years ago
|
||
https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-secure
Assignee | ||
Comment 2•9 years ago
|
||
I am planning to do a simple scheme check first and then we can add the more comprehensive settings-secure algorithm later. This will let us prevent wholesale use on http sites while still shipping in the near future. I think implementing settings-secure algorithm my be a bit of work for features running in a worker.
Assignee | ||
Comment 3•9 years ago
|
||
Expose our new testing preference to workers.
Attachment #8626449 -
Flags: review?(ehsan)
Assignee | ||
Comment 4•9 years ago
|
||
Add the preference to the necessary tests. This turned out to be easy for the dom/cache tests because of the driver code. For service workers, however, we have to add the preference everywhere since the sw script is stored in Cache API and we are using a lot of http service workers.
Attachment #8626450 -
Flags: review?(ehsan)
Assignee | ||
Comment 5•9 years ago
|
||
The simple solution for now which simply verifies URL scheme (if the testing pref is not set). I still need to add a test that verifies that access is blocked on http, but I'm fairly certain that works based on figuring out where the pref needs to go. https://treeherder.mozilla.org/#/jobs?repo=try&revision=a76ea79acf78
Attachment #8626451 -
Flags: review?(ehsan)
Assignee | ||
Comment 6•9 years ago
|
||
Comment on attachment 8626450 [details] [diff] [review] P2 Enable dom.caches.testing.enabled in existing tests. r=ehsan Review of attachment 8626450 [details] [diff] [review]: ----------------------------------------------------------------- Oh, I also added dom.caches.enabled to all these tests since technically its necessary whenever a service worker script is saved now. In practice this hasn't been a problem since SW is restricted to nightly where caches is also enabled. Maybe this is a waste of time since I hope to remove dom.caches.enabled completely, but its done now.
Assignee | ||
Comment 7•9 years ago
|
||
Comment on attachment 8626451 [details] [diff] [review] P3 Make CacheStorage reject on untrusted origins. r=ehsan I realized I still need to add a localhost check as well.
Attachment #8626451 -
Flags: review?(ehsan)
Assignee | ||
Comment 8•9 years ago
|
||
Comment on attachment 8626450 [details] [diff] [review] P2 Enable dom.caches.testing.enabled in existing tests. r=ehsan Try shows there are more tests to fix.
Attachment #8626450 -
Flags: review?(ehsan)
Assignee | ||
Comment 9•9 years ago
|
||
I think I might just allow http if serviceWorker.testing is set as well. Seems silly to force people to set two preferences.
Comment 10•9 years ago
|
||
Comment on attachment 8626449 [details] [diff] [review] P1 Make the dom.caches.testing.enabled pref available in workers. r=ehsan Review of attachment 8626449 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/workers/RuntimeService.cpp @@ +161,5 @@ > #define PREF_WORKERS_LATEST_JS_VERSION "dom.workers.latestJSVersion" > #define PREF_INTL_ACCEPT_LANGUAGES "intl.accept_languages" > #define PREF_SERVICEWORKERS_ENABLED "dom.serviceWorkers.enabled" > #define PREF_INTERCEPTION_ENABLED "dom.serviceWorkers.interception.enabled" > +#define PREF_DOM_CACHES_TESTING_ENABLED "dom.caches.testing.enabled" Nit: can you please put this next to PREF_DOM_CACHES_ENABLED?
Attachment #8626449 -
Flags: review?(ehsan) → review+
Assignee | ||
Comment 11•9 years ago
|
||
Expose dom.serviceWorkers.testing.enabled on workers as well. This is easier than adding dom.caches.testing.enabled everywhere.
Attachment #8626631 -
Flags: review?(ehsan)
Assignee | ||
Comment 12•9 years ago
|
||
We shouldn't need all those new dom.cache.testing.enabled in dom/workers. Note, we still need it in test_installation_simple.html because it sets and then unsets prefs which seems to confuse things. I just added the cache pref to keep it working cleanly.
Attachment #8626450 -
Attachment is obsolete: true
Attachment #8626632 -
Flags: review?(ehsan)
Assignee | ||
Comment 13•9 years ago
|
||
Updated to allow CacheStorage on localhost as well. I still need to add a test case, but here's a try to verify the existing ones for now: https://treeherder.mozilla.org/#/jobs?repo=try&revision=82273e2e8a1e
Attachment #8626451 -
Attachment is obsolete: true
Attachment #8626633 -
Flags: review?(ehsan)
Updated•9 years ago
|
Attachment #8626631 -
Flags: review?(ehsan) → review+
Updated•9 years ago
|
Attachment #8626632 -
Flags: review?(ehsan) → review+
Comment 14•9 years ago
|
||
Comment on attachment 8626633 [details] [diff] [review] P3 Make CacheStorage reject on untrusted origins. r=ehsan Review of attachment 8626633 [details] [diff] [review]: ----------------------------------------------------------------- r=me specifically with file:// URIs being handled. ::: dom/cache/CacheStorage.cpp @@ +93,5 @@ > + } > + > + // Now parse the scheme of the principal's origin. This is a short term > + // method for determining "trust". In the long term we need to implement > + // the full algorithm here: Can you please file a follow-up to fix this based on a logic similar to IsFromAuthenticatedOrigin() and include a FIXME pointing to the bug here? @@ +115,5 @@ > + if (NS_WARN_IF(NS_FAILED(rv))) { return false; } > + > + nsAutoCString scheme(Substring(flatURL, schemePos, schemeLen)); > + if (scheme.LowerCaseEqualsLiteral("https") || > + scheme.LowerCaseEqualsLiteral("app")) { You need to handle file here as well. @@ +129,5 @@ > + &hostPos, &hostLen, > + nullptr); // ignore port > + if (NS_WARN_IF(NS_FAILED(rv))) { return false; } > + > + nsCString hostname(url + authPos + hostPos, hostLen); Nit: please use nsDependentCString which would be a tiny bit more efficient here. @@ +133,5 @@ > + nsCString hostname(url + authPos + hostPos, hostLen); > + > + return hostname == NS_LITERAL_CSTRING("localhost") || > + hostname == NS_LITERAL_CSTRING("127.0.0.1") || > + hostname == NS_LITERAL_CSTRING("::1"); Nit: Please use .Equals() which would be a bit more efficient. @@ +165,5 @@ > + bool testingEnabled = false; > + Preferences::GetBool("dom.caches.testing.enabled", &testingEnabled); > + if (!testingEnabled) { > + Preferences::GetBool("dom.serviceWorkers.testing.enabled", &testingEnabled); > + } Nit: Please rewrite similar to below: bool testingEnabled = Preferences::GetBool("dom.caches....") || Preferences::GetBool("dom.serviceWorkers....");
Attachment #8626633 -
Flags: review?(ehsan) → review+
Assignee | ||
Comment 15•9 years ago
|
||
Attachment #8626631 -
Attachment is obsolete: true
Attachment #8626865 -
Flags: review+
Assignee | ||
Comment 16•9 years ago
|
||
For sanity CacheStorage should bypass the trusted origin checks when devtools ServiceWorker testing is enabled. As a first step, expose this value on the worker private. This is kind of busted on SharedWorker like everything else right now when there are multiple documents. I added bug 1177935 to fix that.
Attachment #8626866 -
Flags: review?(ehsan)
Assignee | ||
Comment 17•9 years ago
|
||
Attachment #8626632 -
Attachment is obsolete: true
Attachment #8626867 -
Flags: review+
Assignee | ||
Comment 18•9 years ago
|
||
Update to check the devtools ServiceWorker testing flag as well. This flag is only checked for the window and worker .caches global. The ScriptLoader and ServiceWorkerScriptCache always bypass the trusted origin checks since ServiceWorker does its own checks at register. This is my solution for the devtools flag not being available on the SW registration object. I'm sorry this was not broken out as an interdiff, but I did a qref at the wrong time today. I figured the origin patch was small, so hopefully re-reviewing should not be a problem.
Attachment #8626633 -
Attachment is obsolete: true
Attachment #8626868 -
Flags: review?(ehsan)
Assignee | ||
Comment 19•9 years ago
|
||
Attachment #8626869 -
Flags: review?(ehsan)
Assignee | ||
Comment 20•9 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=08d38df3c78d
Updated•9 years ago
|
Keywords: dev-doc-needed
Updated•9 years ago
|
Attachment #8626866 -
Flags: review?(ehsan) → review+
Updated•9 years ago
|
Attachment #8626868 -
Flags: review?(ehsan) → review+
Updated•9 years ago
|
Attachment #8626869 -
Flags: review?(ehsan) → review+
Comment 21•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/8555bee87b61 https://hg.mozilla.org/integration/mozilla-inbound/rev/c2aaa299a7b2 https://hg.mozilla.org/integration/mozilla-inbound/rev/4e4a0a690041 https://hg.mozilla.org/integration/mozilla-inbound/rev/86b90d49810a https://hg.mozilla.org/integration/mozilla-inbound/rev/08dee0e2fa45 https://hg.mozilla.org/integration/mozilla-inbound/rev/8ca702e4ef1b
Comment 22•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/8555bee87b61 https://hg.mozilla.org/mozilla-central/rev/c2aaa299a7b2 https://hg.mozilla.org/mozilla-central/rev/4e4a0a690041 https://hg.mozilla.org/mozilla-central/rev/86b90d49810a https://hg.mozilla.org/mozilla-central/rev/08dee0e2fa45 https://hg.mozilla.org/mozilla-central/rev/8ca702e4ef1b
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox41:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
Comment 23•9 years ago
|
||
I've added a note to cover this near the top of https://developer.mozilla.org/en-US/docs/Web/API/CacheStorage I am not sure if anything else is really needed here?
Keywords: dev-doc-needed → dev-doc-complete
Assignee | ||
Comment 24•9 years ago
|
||
Chris, do you think its worth mentioning the "Enable Service Workers over HTTP (when toolbox is open)" option in devtools allows CacheStorage to work on http? Also, in the long term, "trusted" will be more complicated than just "https". It will depend on the parent of the document being trusted as well. I imagine we will want a page describing "trusted" when we fully implement that. As always, thanks for the excellent docs!
Flags: needinfo?(cmills)
Comment 25•9 years ago
|
||
(In reply to Ben Kelly [:bkelly] from comment #24) > Also, in the long term, "trusted" will be more complicated than just > "https". It will depend on the parent of the document being trusted as > well. I imagine we will want a page describing "trusted" when we fully > implement that. Yes, that would be wonderful to have!
Comment 26•9 years ago
|
||
(In reply to Ben Kelly [:bkelly] from comment #24) > Chris, do you think its worth mentioning the "Enable Service Workers over > HTTP (when toolbox is open)" option in devtools allows CacheStorage to work > on http? Definitely! I've added to the note, to cover this. I also added a note about it at: https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API/Using_Service_Workers#Dev_tools Do we have any other devtools features worth mentioning for SWs now? This bit is a little out of date. > > Also, in the long term, "trusted" will be more complicated than just > "https". It will depend on the parent of the document being trusted as > well. I imagine we will want a page describing "trusted" when we fully > implement that. Sounds good to me. Let's keep this in mind. I'll file a developer docs bug about it. > As always, thanks for the excellent docs! You're most welcome.
Flags: needinfo?(cmills)
Assignee | ||
Comment 27•9 years ago
|
||
(In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #26) > Do we have any other devtools features worth mentioning for SWs now? This > bit is a little out of date. Its not in devtools itself, but I think this section could mention about:serviceworkers. This lets you see what SWs are registered and then update/remove them. Thanks again.
Flags: needinfo?(cmills)
Comment 28•9 years ago
|
||
(In reply to Ben Kelly [:bkelly] from comment #27) > (In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #26) > > Do we have any other devtools features worth mentioning for SWs now? This > > bit is a little out of date. > > Its not in devtools itself, but I think this section could mention > about:serviceworkers. This lets you see what SWs are registered and then > update/remove them. Great - added!
Flags: needinfo?(cmills)
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•