[Payments] Web app, service worker and its registration scope must from the same origin

Bug: 853924 Change-Id: Ide62705b38858dc9d02658784bbfc02001e933bd Reviewed-on: https://chromium-review.googlesource.com/1106277 Commit-Queue: Ganggui Tang <gogerald@chromium.org> Reviewed-by: Marijn Kruisselbrink <mek@chromium.org> Reviewed-by: Mathieu Perreault <mathp@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#569051}

[Payments] Web app, service worker and its registration scope must from the same origin
Bug: 853924 Change-Id: Ide62705b38858dc9d02658784bbfc02001e933bd Reviewed-on: https://chromium-review.googlesource.com/1106277 Commit-Queue: Ganggui Tang <gogerald@chromium.org> Reviewed-by: Marijn Kruisselbrink <mek@chromium.org> Reviewed-by: Mathieu Perreault <mathp@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#569051}
fc2159b7 · gogerald · Commit Bot · 8bcae931 · fc2159b7 · fc2159b7
Commit fc2159b7 authored Jun 20, 2018 by gogerald Committed by Commit Bot Jun 20, 2018
4 changed files
--- a/components/payments/content/installable_payment_app_crawler.cc
+++ b/components/payments/content/installable_payment_app_crawler.cc
@@ -11,6 +11,7 @@
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/manifest_icon_downloader.h"
 #include "content/public/browser/manifest_icon_selector.h"
+#include "content/public/browser/payment_app_provider.h"
 #include "content/public/browser/permission_manager.h"
 #include "content/public/browser/permission_type.h"
 #include "content/public/browser/web_contents.h"
@@ -211,6 +212,14 @@ bool InstallablePaymentAppCrawler::CompleteAndStorePaymentWebAppInfoIfValid(
    app_info->sw_scope = absolute_scope.spec();
  }

+  std::string error_message;
+  if (!content::PaymentAppProvider::GetInstance()->IsValidInstallablePaymentApp(
+          web_app_manifest_url, GURL(app_info->sw_js_url),
+          GURL(app_info->sw_scope), &error_message)) {
+    WarnIfPossible(error_message);
+    return false;
+  }
+
  // TODO(crbug.com/782270): Support multiple installable payment apps for a
  // payment method.
  if (installable_apps_.find(method_manifest_url) != installable_apps_.end())

--- a/content/browser/payments/payment_app_provider_impl.cc
+++ b/content/browser/payments/payment_app_provider_impl.cc
@@ -13,6 +13,7 @@
 #include "content/browser/service_worker/service_worker_version.h"
 #include "content/browser/storage_partition_impl.h"
 #include "content/common/service_worker/service_worker_status_code.h"
+#include "content/common/service_worker/service_worker_utils.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/permission_manager.h"
 #include "content/public/browser/permission_type.h"
@@ -569,6 +570,35 @@ void PaymentAppProviderImpl::OnClosingOpenedWindow(
      base::BindOnce(&AbortInvokePaymentApp, browser_context));
 }

+bool PaymentAppProviderImpl::IsValidInstallablePaymentApp(
+    const GURL& manifest_url,
+    const GURL& sw_js_url,
+    const GURL& sw_scope,
+    std::string* error_message) {
+  DCHECK(manifest_url.is_valid() && sw_js_url.is_valid() &&
+         sw_scope.is_valid());
+
+  // TODO(crbug.com/853924): Unify duplicated code between here and
+  // ServiceWorkerProviderHost::IsValidRegisterMessage.
+  if (ServiceWorkerUtils::ContainsDisallowedCharacter(sw_js_url, sw_scope,
+                                                      error_message)) {
+    return false;
+  }
+
+  std::vector<GURL> urls = {manifest_url, sw_js_url, sw_scope};
+  if (!ServiceWorkerUtils::AllOriginsMatchAndCanAccessServiceWorkers(urls)) {
+    *error_message =
+        "Origins are not matching, or some origins cannot access service "
+        "worker "
+        "(manifest:" +
+        manifest_url.spec() + " scope:" + sw_scope.spec() +
+        " sw:" + sw_js_url.spec() + ")";
+    return false;
+  }
+
+  return true;
+}
+
 PaymentAppProviderImpl::PaymentAppProviderImpl() = default;

 PaymentAppProviderImpl::~PaymentAppProviderImpl() = default;

--- a/content/browser/payments/payment_app_provider_impl.h
+++ b/content/browser/payments/payment_app_provider_impl.h
@@ -45,6 +45,10 @@ class CONTENT_EXPORT PaymentAppProviderImpl : public PaymentAppProvider {
  void SetOpenedWindow(WebContents* web_contents) override;
  void CloseOpenedWindow(BrowserContext* browser_context) override;
  void OnClosingOpenedWindow(BrowserContext* browser_context) override;
+  bool IsValidInstallablePaymentApp(const GURL& manifest_url,
+                                    const GURL& sw_js_url,
+                                    const GURL& sw_scope,
+                                    std::string* error_message) override;

 private:
  PaymentAppProviderImpl();

--- a/content/public/browser/payment_app_provider.h
+++ b/content/public/browser/payment_app_provider.h
@@ -79,6 +79,13 @@ class CONTENT_EXPORT PaymentAppProvider {
  // to abort payment request.
  virtual void OnClosingOpenedWindow(BrowserContext* browser_context) = 0;

+  // Check whether given |sw_js_url| from |manifest_url| is allowed to register
+  // with |sw_scope|.
+  virtual bool IsValidInstallablePaymentApp(const GURL& manifest_url,
+                                            const GURL& sw_js_url,
+                                            const GURL& sw_scope,
+                                            std::string* error_message) = 0;
+
 protected:
  virtual ~PaymentAppProvider() {}
 };