Closed
Bug 1455078
Opened 6 years ago
Closed 6 years ago
move service worker secure context checks to a webidl [Func] annotation
Categories
(Core :: DOM: Service Workers, enhancement, P2)
Core
DOM: Service Workers
Tracking
()
RESOLVED
FIXED
mozilla63
| Tracking | Status | |
|---|---|---|
| firefox63 | --- | fixed |
People
(Reporter: bkelly, Assigned: ytausky)
References
(Blocks 2 open bugs)
Details
Attachments
(6 files)
|
46 bytes,
text/x-phabricator-request
|
asuth
:
review+
|
Details | Review |
|
46 bytes,
text/x-phabricator-request
|
asuth
:
review+
ochameau
:
review+
|
Details | Review |
|
46 bytes,
text/x-phabricator-request
|
asuth
:
review+
|
Details | Review |
|
46 bytes,
text/x-phabricator-request
|
asuth
:
review+
|
Details | Review |
|
46 bytes,
text/x-phabricator-request
|
asuth
:
review+
|
Details | Review |
|
46 bytes,
text/x-phabricator-request
|
asuth
:
review+
|
Details | Review |
Currently we do some manual checking for secure context in ServiceWorkerContainer::Register(). We should really move this to a webidl [Func] annotation so that the ServiceWorkerContainer is hidden instead of rejecting promises. Note, we will need this before we can do bug 1131324 because the current code is very window-specific.
|
||
Updated•6 years ago
|
Priority: -- → P3
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → ytausky
|
|
||
Updated•6 years ago
|
Priority: P3 → P2
|
|
Assignee | |
Comment 1•6 years ago
|
||
The spec mandates that ServiceWorkerContainer only be visible in a secure context, yet currently it is (almost) always visible, but rejects calls to register() in non-secure contexts. This commit moves the context check to a [Func] function, thus implementing the behavior exactly as specified. This commit uses the same mechanism used by [SecureContext] bindings instead of the current ad hoc implementation.
|
|
Assignee | |
Updated•6 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•6 years ago
|
||
This test runs code in the frame script, which has system privileges. Even though it trips the security tests as it is, it's not clear whether that should be the case or not. By running the code in the page itself, the expected behavior is governed by the service workers spec and is thus well defined.
|
||
Comment 3•6 years ago
|
||
Comment on attachment 8999902 [details] Bug 1455078: Refactor test to run in code in page Andrew Sutherland [:asuth] has approved the revision.
Attachment #8999902 -
Flags: review+
|
|
Assignee | |
Comment 4•6 years ago
|
||
Documents whose creation URL is a data: URL are not considered secure contexts, therefore they should not have access to navigator.serviceWorker. Another WPT test, local-url-inherit-controller.https.html, currently assumes the this interface is available and uses it to test that data: frames do not inherit the parent's controller; this is wrong, but before we can remove that test, we'd better test explicitly that such frames cannot access the service worker interface and therefore cannot have a controller.
|
||
Comment 5•6 years ago
|
||
Comment on attachment 8999902 [details] Bug 1455078: Refactor test to run in code in page Alexandre Poirot [:ochameau] has approved the revision.
Attachment #8999902 -
Flags: review+
Pushed by bugmail@asutherland.org: https://hg.mozilla.org/integration/autoland/rev/3c2f920f1a2d Refactor test to run in code in page r=ochameau,asuth
|
||
Comment 7•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/3c2f920f1a2d
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
|
|
Assignee | |
Comment 8•6 years ago
|
||
Sorry for the confusion, but that was only one of several patches required to resolve this bug. Is there a way to mark a patch as partial?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Updated•6 years ago
|
Status: REOPENED → ASSIGNED
|
|
Assignee | |
Updated•6 years ago
|
Keywords: leave-open
|
|
Assignee | |
Comment 9•6 years ago
|
||
This preference must be enabled since the test creates an insecure context, in which navigator.serviceWorker is undefined.
|
|
Assignee | |
Comment 10•6 years ago
|
||
This test case would fail on a conforming implementation of the spec, since navigator.serviceWorker is undefined in frames originating from data: URLs, thus navigator.serviceWorker.controller doesn't exist.
|
|
Assignee | |
Comment 11•6 years ago
|
||
The test as it is currently written checks whether navigator.serviceWorker exists with system privileges. By using eval(), this commit makes it perform the check with the content's privileges.
|
|
||
Comment 12•6 years ago
|
||
Comment on attachment 8998628 [details] Bug 1455078: Implement [SecureContext] for ServiceWorkerContainer Andrew Sutherland [:asuth] has approved the revision.
Attachment #8998628 -
Flags: review+
|
|
||
Comment 13•6 years ago
|
||
Comment on attachment 9001914 [details] Bug 1455078: Make ServiceWorker test check interface availability with lowered privileges Andrew Sutherland [:asuth] has approved the revision.
Attachment #9001914 -
Flags: review+
|
|
||
Comment 14•6 years ago
|
||
Comment on attachment 9001911 [details] Bug 1455078: Enable service worker testing in test Andrew Sutherland [:asuth] has approved the revision.
Attachment #9001911 -
Flags: review+
|
|
||
Comment 15•6 years ago
|
||
Comment on attachment 9001912 [details] Bug 1455078: Remove non-conformant ServiceWorker test case Andrew Sutherland [:asuth] has approved the revision.
Attachment #9001912 -
Flags: review+
|
|
||
Comment 16•6 years ago
|
||
Comment on attachment 9001552 [details] Bug 1455078: Test exposure of navigator.serviceWorker to data: iframes Andrew Sutherland [:asuth] has approved the revision.
Attachment #9001552 -
Flags: review+
|
||
Comment 17•6 years ago
|
||
Pushed by bugmail@asutherland.org: https://hg.mozilla.org/integration/autoland/rev/5e8edebf7500 Test exposure of navigator.serviceWorker to data: iframes r=asuth
|
|
||
Comment 18•6 years ago
|
||
Pushed by bugmail@asutherland.org: https://hg.mozilla.org/integration/autoland/rev/6fc9afb46004 Remove non-conformant ServiceWorker test case r=asuth
|
|
||
Comment 19•6 years ago
|
||
Pushed by bugmail@asutherland.org: https://hg.mozilla.org/integration/autoland/rev/3f29d9aef185 Enable service worker testing in test r=asuth
|
|
||
Comment 20•6 years ago
|
||
Pushed by bugmail@asutherland.org: https://hg.mozilla.org/integration/autoland/rev/9e44b02e94ca Make ServiceWorker test check interface availability with lowered privileges r=asuth
|
|
||
Comment 21•6 years ago
|
||
Pushed by bugmail@asutherland.org: https://hg.mozilla.org/integration/autoland/rev/7472e52f6d12 Implement [SecureContext] for ServiceWorkerContainer r=asuth
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/12623 for changes under testing/web-platform/tests
Upstream web-platform-tests status checks passed, PR will merge once commit reaches central.
|
||
Comment 24•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/5e8edebf7500 https://hg.mozilla.org/mozilla-central/rev/6fc9afb46004 https://hg.mozilla.org/mozilla-central/rev/3f29d9aef185 https://hg.mozilla.org/mozilla-central/rev/9e44b02e94ca https://hg.mozilla.org/mozilla-central/rev/7472e52f6d12
Upstream PR merged
|
|
Assignee | |
Comment 26•6 years ago
|
||
All the patches landed, this bug can be closed now.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago → 6 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Keywords: leave-open
You need to log in
before you can comment on or make changes to this bug.
Description
•