ServiceWorker: Simplify CSP handling in WebEmbeddedWorkerImpl

For simplifying CSP handling in WebEmbeddedWorkerImpl, this CL... - parses ContentSecurityPolicyResponseHeaders in ServiceWorkerGlobalScopeProxy instead of WorkerShadowPage, - excludes signal handling from WebEmbeddedWorkerImpl to ServiceWorkerGlobalScopeProxy, and - unifies CSP handling between regular script loading (network) and installed script loading (script streaming) as WebEmbeddedWorkerImpl::SetContentSecurityPolicyAndReferrerPolicy(). Bug: 683037 Change-Id: Id530b30fc0bc8ead0ff29f631dd4f2a52a8ecf72 Reviewed-on: https://chromium-review.googlesource.com/597033Reviewed-by: Makoto Shimazu <shimazu@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#491328}

ServiceWorker: Simplify CSP handling in WebEmbeddedWorkerImpl
For simplifying CSP handling in WebEmbeddedWorkerImpl, this CL... - parses ContentSecurityPolicyResponseHeaders in ServiceWorkerGlobalScopeProxy instead of WorkerShadowPage, - excludes signal handling from WebEmbeddedWorkerImpl to ServiceWorkerGlobalScopeProxy, and - unifies CSP handling between regular script loading (network) and installed script loading (script streaming) as WebEmbeddedWorkerImpl::SetContentSecurityPolicyAndReferrerPolicy(). Bug: 683037 Change-Id: Id530b30fc0bc8ead0ff29f631dd4f2a52a8ecf72 Reviewed-on: https://chromium-review.googlesource.com/597033Reviewed-by: Makoto Shimazu <shimazu@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#491328}
65db7edc · Hiroki Nakagawa · Commit Bot · 6163e501 · 65db7edc · 65db7edc
Commit 65db7edc authored Aug 02, 2017 by Hiroki Nakagawa Committed by Commit Bot Aug 02, 2017
5 changed files
--- a/third_party/WebKit/Source/core/exported/WorkerShadowPage.cpp
+++ b/third_party/WebKit/Source/core/exported/WorkerShadowPage.cpp
@@ -57,17 +57,13 @@ void WorkerShadowPage::Initialize(const KURL& script_url) {
 }
 void WorkerShadowPage::SetContentSecurityPolicyAndReferrerPolicy(
-    ContentSecurityPolicyResponseHeaders csp_headers,
+    ContentSecurityPolicy* content_security_policy,
    String referrer_policy) {
  DCHECK(IsMainThread());
-  Document* document = main_frame_->GetFrame()->GetDocument();
+  content_security_policy->SetOverrideURLForSelf(GetDocument()->Url());
-  ContentSecurityPolicy* content_security_policy =
+  GetDocument()->InitContentSecurityPolicy(content_security_policy);
-      ContentSecurityPolicy::Create();
-  content_security_policy->SetOverrideURLForSelf(document->Url());
-  content_security_policy->DidReceiveHeaders(csp_headers);
-  document->InitContentSecurityPolicy(content_security_policy);
  if (!referrer_policy.IsNull())
-    document->ParseAndSetReferrerPolicy(referrer_policy);
+    GetDocument()->ParseAndSetReferrerPolicy(referrer_policy);
 }
 void WorkerShadowPage::DidFinishDocumentLoad() {

--- a/third_party/WebKit/Source/core/exported/WorkerShadowPage.h
+++ b/third_party/WebKit/Source/core/exported/WorkerShadowPage.h
@@ -6,7 +6,6 @@
 #define WorkerShadowPage_h
 #include "core/frame/WebLocalFrameImpl.h"
-#include "platform/network/ContentSecurityPolicyResponseHeaders.h"
 #include "public/web/WebDevToolsAgentClient.h"
 #include "public/web/WebDocumentLoader.h"
 #include "public/web/WebFrameClient.h"
@@ -15,6 +14,7 @@
 namespace blink {
+class ContentSecurityPolicy;
 class WebApplicationCacheHost;
 class WebApplicationCacheHostClient;
 class WebSettings;
@@ -53,9 +53,8 @@ class CORE_EXPORT WorkerShadowPage : public WebFrameClient {
  // Calls Client::OnShadowPageInitialized() when complete.
  void Initialize(const KURL& script_url);
-  void SetContentSecurityPolicyAndReferrerPolicy(
+  void SetContentSecurityPolicyAndReferrerPolicy(ContentSecurityPolicy*,
-      ContentSecurityPolicyResponseHeaders csp_headers,
+                                                 String referrer_policy);
-      String referrer_policy);
  // WebFrameClient overrides.
  std::unique_ptr<WebApplicationCacheHost> CreateApplicationCacheHost(

--- a/third_party/WebKit/Source/modules/exported/WebEmbeddedWorkerImpl.cpp
+++ b/third_party/WebKit/Source/modules/exported/WebEmbeddedWorkerImpl.cpp
@@ -56,12 +56,9 @@
 #include "platform/Histogram.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/SharedBuffer.h"
-#include "platform/WaitableEvent.h"
 #include "platform/heap/Handle.h"
 #include "platform/instrumentation/tracing/TraceEvent.h"
 #include "platform/loader/fetch/SubstituteData.h"
-#include "platform/network/ContentSecurityPolicyParsers.h"
-#include "platform/network/ContentSecurityPolicyResponseHeaders.h"
 #include "platform/network/NetworkUtils.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "platform/wtf/Functional.h"
@@ -267,12 +264,11 @@ void WebEmbeddedWorkerImpl::PostMessageToPageInspector(int session_id,
 }
 void WebEmbeddedWorkerImpl::SetContentSecurityPolicyAndReferrerPolicy(
-    ContentSecurityPolicyResponseHeaders csp_headers,
+    ContentSecurityPolicy* content_security_policy,
-    String referrer_policy,
+    String referrer_policy) {
-    WaitableEvent* event) {
+  DCHECK(IsMainThread());
  shadow_page_->SetContentSecurityPolicyAndReferrerPolicy(
-      std::move(csp_headers), std::move(referrer_policy));
+      content_security_policy, std::move(referrer_policy));
-  event->Signal();
 }
 std::unique_ptr<WebApplicationCacheHost>
@@ -413,12 +409,9 @@ void WebEmbeddedWorkerImpl::StartWorkerThread() {
  if (main_script_loader_) {
    // We need to set the CSP to both the shadow page's document and the
    // ServiceWorkerGlobalScope.
-    document->InitContentSecurityPolicy(
+    SetContentSecurityPolicyAndReferrerPolicy(
-        main_script_loader_->ReleaseContentSecurityPolicy());
+        main_script_loader_->ReleaseContentSecurityPolicy(),
-    if (!main_script_loader_->GetReferrerPolicy().IsNull()) {
+        main_script_loader_->GetReferrerPolicy());
-      document->ParseAndSetReferrerPolicy(
-          main_script_loader_->GetReferrerPolicy());
-    }
    global_scope_creation_params = WTF::MakeUnique<GlobalScopeCreationParams>(
        worker_start_data_.script_url, worker_start_data_.user_agent,
        main_script_loader_->SourceText(),

--- a/third_party/WebKit/Source/modules/exported/WebEmbeddedWorkerImpl.h
+++ b/third_party/WebKit/Source/modules/exported/WebEmbeddedWorkerImpl.h
@@ -38,7 +38,6 @@
 #include "modules/ModulesExport.h"
 #include "platform/WebTaskRunner.h"
 #include "platform/heap/Handle.h"
-#include "public/platform/WebContentSecurityPolicy.h"
 #include "public/web/WebDevToolsAgentClient.h"
 #include "public/web/WebEmbeddedWorker.h"
 #include "public/web/WebEmbeddedWorkerStartData.h"
@@ -46,9 +45,9 @@
 namespace blink {
+class ContentSecurityPolicy;
 class ServiceWorkerGlobalScopeProxy;
 class ServiceWorkerInstalledScriptsManager;
-class WaitableEvent;
 class WorkerInspectorProxy;
 class WorkerScriptLoader;
 class WorkerThread;
@@ -84,13 +83,10 @@ class MODULES_EXPORT WebEmbeddedWorkerImpl final
  // Applies the specified CSP and referrer policy to the worker, so that
  // fetches initiated by the worker (other than for the main worker script
-  // itself) are affected by these policies. The WaitableEvent is signaled when
+  // itself) are affected by these policies. This must be called before starting
-  // the policies are set. This enables the caller to ensure that policies are
+  // script execution on the worker thread.
-  // set before starting script execution on the worker thread.
+  void SetContentSecurityPolicyAndReferrerPolicy(ContentSecurityPolicy*,
-  void SetContentSecurityPolicyAndReferrerPolicy(
+                                                 String referrer_policy);
-      ContentSecurityPolicyResponseHeaders,
-      WTF::String referrer_policy,
-      WaitableEvent*);
  // WorkerShadowPage::Client overrides.
  std::unique_ptr<WebApplicationCacheHost> CreateApplicationCacheHost(

--- a/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerGlobalScopeProxy.cpp
+++ b/third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerGlobalScopeProxy.cpp
@@ -79,6 +79,7 @@
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/WaitableEvent.h"
 #include "platform/loader/fetch/ResourceResponse.h"
+#include "platform/network/ContentSecurityPolicyResponseHeaders.h"
 #include "platform/wtf/Assertions.h"
 #include "platform/wtf/Functional.h"
 #include "platform/wtf/PtrUtil.h"
@@ -90,6 +91,24 @@
 namespace blink {
+namespace {
+void SetContentSecurityPolicyAndReferrerPolicyOnMainThread(
+    WebEmbeddedWorkerImpl* embedded_worker,
+    ContentSecurityPolicyResponseHeaders csp_headers,
+    String referrer_policy,
+    WaitableEvent* waitable_event) {
+  DCHECK(IsMainThread());
+  ContentSecurityPolicy* content_security_policy =
+      ContentSecurityPolicy::Create();
+  content_security_policy->DidReceiveHeaders(csp_headers);
+  embedded_worker->SetContentSecurityPolicyAndReferrerPolicy(
+      content_security_policy, std::move(referrer_policy));
+  waitable_event->Signal();
+}
+}  // namespace
 ServiceWorkerGlobalScopeProxy* ServiceWorkerGlobalScopeProxy::Create(
    WebEmbeddedWorkerImpl& embedded_worker,
    WebServiceWorkerContextClient& client) {
@@ -576,7 +595,7 @@ void ServiceWorkerGlobalScopeProxy::DidLoadInstalledScript(
      ->PostTask(
          BLINK_FROM_HERE,
          CrossThreadBind(
-              &WebEmbeddedWorkerImpl::SetContentSecurityPolicyAndReferrerPolicy,
+              &SetContentSecurityPolicyAndReferrerPolicyOnMainThread,
              CrossThreadUnretained(embedded_worker_),
              csp_headers_on_worker_thread, referrer_policy_on_worker_thread,
              CrossThreadUnretained(&waitable_event)));