[Payments] Check path restriction before presenting JIT payment handlers

Bug: 862865 Change-Id: I655432dc051ea9df3a3edb6d4ee54ad1dc2ed48f Reviewed-on: https://chromium-review.googlesource.com/1135197Reviewed-by: Marijn Kruisselbrink <mek@chromium.org> Reviewed-by: Mathieu Perreault <mathp@chromium.org> Commit-Queue: Ganggui Tang <gogerald@chromium.org> Cr-Commit-Position: refs/heads/master@{#575383}

[Payments] Check path restriction before presenting JIT payment handlers
Bug: 862865 Change-Id: I655432dc051ea9df3a3edb6d4ee54ad1dc2ed48f Reviewed-on: https://chromium-review.googlesource.com/1135197Reviewed-by: Marijn Kruisselbrink <mek@chromium.org> Reviewed-by: Mathieu Perreault <mathp@chromium.org> Commit-Queue: Ganggui Tang <gogerald@chromium.org> Cr-Commit-Position: refs/heads/master@{#575383}
13270c02 · gogerald · Commit Bot · a2a407b3 · 13270c02 · 13270c02
Commit 13270c02 authored Jul 16, 2018 by gogerald Committed by Commit Bot Jul 16, 2018
3 changed files
--- a/content/browser/payments/payment_app_provider_impl.cc
+++ b/content/browser/payments/payment_app_provider_impl.cc
@@ -575,13 +575,15 @@ bool PaymentAppProviderImpl::IsValidInstallablePaymentApp(
  DCHECK(manifest_url.is_valid() && sw_js_url.is_valid() &&
         sw_scope.is_valid());
-  // TODO(crbug.com/853924): Unify duplicated code between here and
+  // Scope will be checked against service worker js url when registering, but
-  // ServiceWorkerProviderHost::IsValidRegisterMessage.
+  // we check it here earlier to avoid presenting unusable payment handlers.
-  if (ServiceWorkerUtils::ContainsDisallowedCharacter(sw_js_url, sw_scope,
+  if (!ServiceWorkerUtils::IsPathRestrictionSatisfiedWithoutHeader(
-                                                      error_message)) {
+          sw_scope, sw_js_url, error_message)) {
    return false;
  }
+  // TODO(crbug.com/855312): Unify duplicated code between here and
+  // ServiceWorkerProviderHost::IsValidRegisterMessage.
  std::vector<GURL> urls = {manifest_url, sw_js_url, sw_scope};
  if (!ServiceWorkerUtils::AllOriginsMatchAndCanAccessServiceWorkers(urls)) {
    *error_message =

--- a/content/common/service_worker/service_worker_utils.cc
+++ b/content/common/service_worker/service_worker_utils.cc
@@ -53,6 +53,27 @@ bool ServiceWorkerUtils::IsPathRestrictionSatisfied(
    const GURL& script_url,
    const std::string* service_worker_allowed_header_value,
    std::string* error_message) {
+  return IsPathRestrictionSatisfiedInternal(scope, script_url, true,
+                                            service_worker_allowed_header_value,
+                                            error_message);
+}
+// static
+bool ServiceWorkerUtils::IsPathRestrictionSatisfiedWithoutHeader(
+    const GURL& scope,
+    const GURL& script_url,
+    std::string* error_message) {
+  return IsPathRestrictionSatisfiedInternal(scope, script_url, false, nullptr,
+                                            error_message);
+}
+// static
+bool ServiceWorkerUtils::IsPathRestrictionSatisfiedInternal(
+    const GURL& scope,
+    const GURL& script_url,
+    bool service_worker_allowed_header_supported,
+    const std::string* service_worker_allowed_header_value,
+    std::string* error_message) {
  DCHECK(scope.is_valid());
  DCHECK(!scope.has_ref());
  DCHECK(script_url.is_valid());
@@ -63,7 +84,8 @@ bool ServiceWorkerUtils::IsPathRestrictionSatisfied(
    return false;
  std::string max_scope_string;
-  if (service_worker_allowed_header_value) {
+  if (service_worker_allowed_header_value &&
+      service_worker_allowed_header_supported) {
    GURL max_scope = script_url.Resolve(*service_worker_allowed_header_value);
    if (!max_scope.is_valid()) {
      *error_message = "An invalid Service-Worker-Allowed header value ('";
@@ -82,13 +104,19 @@ bool ServiceWorkerUtils::IsPathRestrictionSatisfied(
    *error_message = "The path of the provided scope ('";
    error_message->append(scope_string);
    error_message->append("') is not under the max scope allowed (");
-    if (service_worker_allowed_header_value)
+    if (service_worker_allowed_header_value &&
+        service_worker_allowed_header_supported)
      error_message->append("set by Service-Worker-Allowed: ");
    error_message->append("'");
    error_message->append(max_scope_string);
-    error_message->append(
+    if (service_worker_allowed_header_supported) {
-        "'). Adjust the scope, move the Service Worker script, or use the "
+      error_message->append(
-        "Service-Worker-Allowed HTTP header to allow the scope.");
+          "'). Adjust the scope, move the Service Worker script, or use the "
+          "Service-Worker-Allowed HTTP header to allow the scope.");
+    } else {
+      error_message->append(
+          "'). Adjust the scope or move the Service Worker script.");
+    }
    return false;
  }
  return true;

--- a/content/common/service_worker/service_worker_utils.h
+++ b/content/common/service_worker/service_worker_utils.h
@@ -39,6 +39,13 @@ class ServiceWorkerUtils {
      const std::string* service_worker_allowed_header_value,
      std::string* error_message);
+  // Same as above IsPathRestrictionSatisfied, but without considering
+  // 'Service-Worker-Allowed' header.
+  CONTENT_EXPORT static bool IsPathRestrictionSatisfiedWithoutHeader(
+      const GURL& scope,
+      const GURL& script_url,
+      std::string* error_message);
  static bool ContainsDisallowedCharacter(const GURL& scope,
                                          const GURL& script_url,
                                          std::string* error_message);
@@ -74,6 +81,14 @@ class ServiceWorkerUtils {
  static bool ShouldBypassCacheDueToUpdateViaCache(
      bool is_main_script,
      blink::mojom::ServiceWorkerUpdateViaCache cache_mode);
+ private:
+  static bool IsPathRestrictionSatisfiedInternal(
+      const GURL& scope,
+      const GURL& script_url,
+      bool service_worker_allowed_header_supported,
+      const std::string* service_worker_allowed_header_value,
+      std::string* error_message);
 };
 class CONTENT_EXPORT LongestScopeMatcher {