Extensions: Inherit SecurityOrigin in chrome-extension workers

This CL changes the WorkerGlobalScope's SecurityOrigin for workers constructed in chrome-extension. Previously, workers didn't inherit the origin from their parents but create security origin from their url. SecurityOrigin::Create(creation_params->script_url); Usually, the result of this is the same with inheriting the parent origin since workers are same-origin only. However, in chrome-extension, it is allowed to construct a cross-origin worker if the script url has the permission. In this case, we should inherit the origin with 'chrome-extention://example/' so that the |request_initiator| matches to what the browser can see. This CL also adds the test for subresource fetch from dedicated workers and shared workers constructed in chrome-extension. This test covers the case that worker's script url is cross-origin to chrome-extension but included in permitted urls by chrome-extension. The worker should allow same-origin and cross-origin fetch unless the script url is not permitted by chrome-extension. Bug: 1059218 Change-Id: I498399275d3b4c2c3085e26a8e37145aa74f1d21 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2091327Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Eriko Kurimoto <elkurin@google.com> Cr-Commit-Position: refs/heads/master@{#751616}

Extensions: Inherit SecurityOrigin in chrome-extension workers
This CL changes the WorkerGlobalScope's SecurityOrigin for workers constructed in chrome-extension. Previously, workers didn't inherit the origin from their parents but create security origin from their url. SecurityOrigin::Create(creation_params->script_url); Usually, the result of this is the same with inheriting the parent origin since workers are same-origin only. However, in chrome-extension, it is allowed to construct a cross-origin worker if the script url has the permission. In this case, we should inherit the origin with 'chrome-extention://example/' so that the |request_initiator| matches to what the browser can see. This CL also adds the test for subresource fetch from dedicated workers and shared workers constructed in chrome-extension. This test covers the case that worker's script url is cross-origin to chrome-extension but included in permitted urls by chrome-extension. The worker should allow same-origin and cross-origin fetch unless the script url is not permitted by chrome-extension. Bug: 1059218 Change-Id: I498399275d3b4c2c3085e26a8e37145aa74f1d21 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2091327Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Eriko Kurimoto <elkurin@google.com> Cr-Commit-Position: refs/heads/master@{#751616}
9946a387 · Eriko Kurimoto · Commit Bot · f079513f · 9946a387 · 9946a387
Commit 9946a387 authored Mar 19, 2020 by Eriko Kurimoto Committed by Commit Bot Mar 19, 2020
4 changed files
--- a/chrome/test/data/extensions/api_test/worker/background.js
+++ b/chrome/test/data/extensions/api_test/worker/background.js
@@ -22,6 +22,42 @@ function createWorker(workerFactory, onsuccess, onerror) {
  worker.onerror = onerror;
 }
+function fetchFromWorker(workerFactory, fetchUrl, allowed, rejected) {
+  const worker = workerFactory();
+  const onmessage = message => {
+    if (message.data)
+      allowed();
+    else
+      rejected();
+  };
+  if (worker.constructor === Worker) {
+    worker.postMessage(fetchUrl);
+    worker.onmessage = onmessage;
+  } else {
+    worker.port.postMessage(fetchUrl);
+    worker.port.onmessage = onmessage;
+  }
+  worker.onerror = () => chrome.test.fail();
+}
+function fetchFromSameOriginWorkerTest(workerFactory, fetchUrl) {
+  fetchFromWorker(
+      workerFactory,
+      fetchUrl,
+      () => { chrome.test.succeed(); },
+      () => { chrome.test.fail(); }
+  );
+}
+function fetchFromCrossOriginWorkerTest(workerFactory, fetchUrl) {
+  fetchFromWorker(
+      workerFactory,
+      fetchUrl,
+      () => { chrome.test.succeed(); },
+      () => { chrome.test.fail(); }
+  );
+}
 function noRedirectTest(workerFactory, expectedUrl) {
  createWorker(
    workerFactory,
@@ -70,7 +106,27 @@ chrome.test.getConfig(function(config) {
  const crossOriginRedirectedSharedWorkerUrl =
    crossOriginBaseUrl + '/server-redirect?' + sharedWorkerUrl;
+  const workerForFetchUrl = baseUrl + '/worker/fetch.js';
+  const sameOriginFetchUrl = baseUrl + '/worker/empty.js';
+  const crossOriginFetchUrl = crossOriginBaseUrl + '/worker/empty.js';
  chrome.test.runTests([
+    fetchFromSameOriginWorkerTest.bind(
+      undefined,
+      () => { return new Worker(workerForFetchUrl) },
+      sameOriginFetchUrl),
+    fetchFromCrossOriginWorkerTest.bind(
+      undefined,
+      () => { return new Worker(workerForFetchUrl) },
+      crossOriginFetchUrl),
+    fetchFromSameOriginWorkerTest.bind(
+      undefined,
+      () => { return new SharedWorker(workerForFetchUrl) },
+      sameOriginFetchUrl),
+    fetchFromCrossOriginWorkerTest.bind(
+      undefined,
+      () => { return new SharedWorker(workerForFetchUrl) },
+      crossOriginFetchUrl),
    noRedirectTest.bind(
      undefined,
      () => { return new Worker(workerUrl) },

--- a/chrome/test/data/extensions/api_test/worker/empty.js
+++ b/chrome/test/data/extensions/api_test/worker/empty.js
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+// Do nothing.
--- a/chrome/test/data/extensions/api_test/worker/fetch.js
+++ b/chrome/test/data/extensions/api_test/worker/fetch.js
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+async function test(url) {
+  let allowed = true;
+  try {
+    await fetch(url);
+  } catch (e) {
+    allowed = false;
+  }
+  return allowed;
+};
+if ('DedicatedWorkerGlobalScope' in self &&
+    self instanceof DedicatedWorkerGlobalScope) {
+  onmessage = message => {
+    test(message.data)
+      .then(allowed => postMessage(allowed));
+  };
+} else if (
+    'SharedWorkerGlobalScope' in self &&
+    self instanceof SharedWorkerGlobalScope) {
+  onconnect = e => {
+    e.ports[0].onmessage = message => {
+      test(message.data)
+        .then(allowed => e.ports[0].postMessage(allowed));
+    }
+  };
+}
--- a/third_party/blink/renderer/core/workers/worker_global_scope.cc
+++ b/third_party/blink/renderer/core/workers/worker_global_scope.cc
@@ -124,13 +124,6 @@ scoped_refptr<SecurityOrigin> CreateSecurityOrigin(
  scoped_refptr<SecurityOrigin> security_origin;
  if (KURL(creation_params->script_url).ProtocolIsData()) {
    security_origin = SecurityOrigin::CreateUniqueOpaque();
-  } else if (creation_params->starter_origin->Protocol() ==
-             "chrome-extension") {
-    // TODO(https://crbug.com/1059218) Whether the origin should be inherited
-    // for chrome-extension frame is under discussion. For now, the worker
-    // doesn't inherit the parent origin in this case to keep the previous
-    // behavior.
-    security_origin = SecurityOrigin::Create(creation_params->script_url);
  } else {
    security_origin = SecurityOrigin::CreateFromUrlOrigin(
        creation_params->starter_origin->ToUrlOrigin());