Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: cherry-pick e246871765f5 from chromium #23040

Merged
merged 4 commits into from Apr 13, 2020

Conversation

@nornagon
Copy link
Member

@nornagon nornagon commented Apr 8, 2020

Worker: Stop passing creator's origin for starting a dedicated worker

This CL makes DedicatedWorkerHostFactoryImpl use its
|parent_execution_origin_| (renamed to |creator_origin| by this CL) for
starting a dedicated worker instead of an origin passed from a renderer
process.

This was not feasible before because |parent_execution_origin_| is
provided from parent's |RenderFrameHostImpl::last_committed_origin_|
that is set during navigation commit. Worker creation IPC from the
renderer to browser could race with navigation commit, and could see the
wrong last committed origin.

Now this is feasible. This is because worker creation IPC is now tied
with RenderFrameHostImpl's BrowserInterfaceBroker that is re-bound
during navigation commit[*]. This ensures that worker creation requests
issued before the navigation commit are discarded by the previous
BrowserInterfaceBroker, and new requests via the new
BrowserInterfaceBroker are scoped to the new last committed origin.

[*] The call path between binding BrowserInterfaceBroker and updating
the last committed origin is as follows. These are synchronously done.

Change-Id: Id69c3d66e50aa8cbb7fee520a1479b28970de1c6
Bug: 906991, 1030909
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1971660
Reviewed-by: Daniel Cheng dcheng@chromium.org
Reviewed-by: Matt Falkenhagen falken@chromium.org
Commit-Queue: Hiroki Nakagawa nhiroki@chromium.org
Cr-Commit-Position: refs/heads/master@{#748127}

Notes: Security: backported fix for site isolation bypass in dedicated workers.

@ppontes ppontes dismissed their stale review Apr 9, 2020

Approved wrong PR by mistake 🤯

@jkleinsc
Copy link
Contributor

@jkleinsc jkleinsc commented Apr 13, 2020

Merging as CI failure is known flake unrelated to this PR.

@jkleinsc jkleinsc merged commit ba1b75c into 7-2-x Apr 13, 2020
15 of 16 checks passed
@release-clerk
Copy link

@release-clerk release-clerk bot commented Apr 13, 2020

Release Notes Persisted

Security: backported fix for site isolation bypass in dedicated workers.

@jkleinsc jkleinsc deleted the cherry-pick/7-2-x/chromium/e246871765f5 branch Apr 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants