Bypass Service Worker for favicon loads

Since Service Workers can intercept off-origin requests for controlled pages, a controlled page at http://a.example.com/ that requests a favicon from http://b.example.com would give the SW the opportunity to taint the browser's favicon cache for http://b.example.com, While we determine how (or if) we should restructure the favicon cache, just bypass the SW for favicon loads. R=horo@chromium.org,mkwest@chromium.org,jochen@chromium.org BUG=422250 Review URL: https://codereview.chromium.org/654713002 Cr-Commit-Position: refs/heads/master@{#299744}

Bypass Service Worker for favicon loads
Since Service Workers can intercept off-origin requests for controlled pages, a controlled page at http://a.example.com/ that requests a favicon from http://b.example.com would give the SW the opportunity to taint the browser's favicon cache for http://b.example.com, While we determine how (or if) we should restructure the favicon cache, just bypass the SW for favicon loads. R=horo@chromium.org,mkwest@chromium.org,jochen@chromium.org BUG=422250 Review URL: https://codereview.chromium.org/654713002 Cr-Commit-Position: refs/heads/master@{#299744}
f82b4f68 · jsbell · Commit bot · aafdf82b · f82b4f68
Commit f82b4f68 authored Oct 15, 2014 by jsbell Committed by Commit bot Oct 15, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

content/browser/loader/resource_dispatcher_host_impl.cc content/browser/loader/resource_dispatcher_host_impl.cc +4 -2

No files found.
--- a/content/browser/loader/resource_dispatcher_host_impl.cc
+++ b/content/browser/loader/resource_dispatcher_host_impl.cc
@@ -1226,14 +1226,16 @@ void ResourceDispatcherHostImpl::BeginRequest(
  }
  // Initialize the service worker handler for the request. We don't use
-  // ServiceWorker for synchronous loads to avoid renderer deadlocks.
+  // ServiceWorker for synchronous loads to avoid renderer deadlocks. We
+  // don't use ServiceWorker for favicons to avoid cache tainting.
+  bool is_favicon_load = request_data.resource_type == RESOURCE_TYPE_FAVICON;
  ServiceWorkerRequestHandler::InitializeHandler(
      new_request.get(),
      filter_->service_worker_context(),
      blob_context,
      child_id,
      request_data.service_worker_provider_id,
-      request_data.skip_service_worker || is_sync_load,
+      request_data.skip_service_worker || is_sync_load || is_favicon_load,
      request_data.fetch_request_mode,
      request_data.fetch_credentials_mode,
      request_data.resource_type,