Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

service worker: Disallow interception for EMBED and OBJECT requests. #9555

Merged
merged 1 commit into from Feb 16, 2018

Conversation

Projects
None yet
3 participants
@chromium-wpt-export-bot
Copy link
Collaborator

chromium-wpt-export-bot commented Feb 16, 2018

This matches the service worker specification and Firefox.

This change itself is probably not enough to skip all EMBED/OBJECT
requests, as some requests get initiated by PepperURLLoaderHost or
MimeHandlerViewContainer.

In implementor concerns:
https://w3c.github.io/ServiceWorker/#implementer-concerns
"Plug-ins should not load via service workers. As plug-ins may get their
security origins from their own urls, the embedding service worker cannot
handle it. For this reason, the Handle Fetch algorithm makes the
potential-navigation-or-subresource request (whose context is either or
) immediately fallback to the network without dispatching fetch event."

In Handle Fetch:
https://w3c.github.io/ServiceWorker/#handle-fetch
"If request is a potential-navigation-or-subresource request, then:
Return null."

R=kinuko, yhirano

Bug: 771933
Change-Id: Ia04ae8dec8c968de6a73dca088aa88a67b21718a
Reviewed-on: https://chromium-review.googlesource.com/923445
Reviewed-by: Kinuko Yasuda kinuko@chromium.org
Commit-Queue: Matt Falkenhagen falken@chromium.org
Cr-Commit-Position: refs/heads/master@{#537245}

@wpt-pr-bot
Copy link
Collaborator

wpt-pr-bot left a comment

Already reviewed downstream.

@w3c-bots

This comment has been minimized.

Copy link

w3c-bots commented Feb 16, 2018

Build PASSED

Started: 2018-02-16 07:36:24
Finished: 2018-02-16 07:41:07

Failing Jobs

  • chrome:dev
  • safari:11.0

View more information about this build on:

service worker: Disallow interception for EMBED and OBJECT requests.
This matches the service worker specification and Firefox.

This change itself is probably not enough to skip all EMBED/OBJECT
requests, as some requests get initiated by PepperURLLoaderHost or
MimeHandlerViewContainer.

In implementor concerns:
https://w3c.github.io/ServiceWorker/#implementer-concerns
"Plug-ins should not load via service workers. As plug-ins may get their
security origins from their own urls, the embedding service worker cannot
handle it. For this reason, the Handle Fetch algorithm makes the
potential-navigation-or-subresource request (whose context is either <embed> or
<object>) immediately fallback to the network without dispatching fetch event."

In Handle Fetch:
https://w3c.github.io/ServiceWorker/#handle-fetch
"If request is a potential-navigation-or-subresource request, then:
Return null."

R=kinuko, yhirano

Bug: 771933
Change-Id: Ia04ae8dec8c968de6a73dca088aa88a67b21718a
Reviewed-on: https://chromium-review.googlesource.com/923445
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Matt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#537245}

@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-923445 branch from 04d2b05 to a1d28d9 Feb 16, 2018

@chromium-wpt-export-bot chromium-wpt-export-bot merged commit e7607da into master Feb 16, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@chromium-wpt-export-bot chromium-wpt-export-bot deleted the chromium-export-cl-923445 branch Feb 16, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.