Skip to content
Permalink
Browse files

Regression fix: add back origin check for shared workers

Shared workers always needs to perform a same-origin check since if the
SharedWorkerGlobalScope already exists, no fetching is done, so we
cannot count on fetching to do the same-origin check. Additionally,
module workers allow cross-origin fetches, but we still want to ensure
a distinct SharedWorkerGlobalScope per origin.

This also cleans up “set up a worker environment settings object” with
a more explicit way of referencing the needed environment settings
object.

This regressed through #339 (though that change also had to be made for
module workers).

Fixes #1321.
  • Loading branch information...
annevk committed May 28, 2016
1 parent 0678e3d commit 18c891f1a300a336d3df5b76fdae3b1d77b0b468
Showing with 13 additions and 9 deletions.
  1. +13 −9 source
22 source
</li>

<li><p><span>Set up a worker environment settings object</span> with <var>realm execution
context</var>, and let <var>inside settings</var> be the result.</p></li>
context</var> and <var>outside settings</var>, and let <var>inside settings</var> be the
result.</p></li>

<li><p>Let <var>destination</var> be "<code data-x="">sharedworker</code>" if <var>is
shared</var> is true, and "<code data-x="">worker</code>" otherwise.</p></li>
<h5>Script settings for workers</h5>

<p>When the user agent is required to <dfn>set up a worker environment settings object</dfn>,
given a <span>JavaScript execution context</span> <var>execution context</var>, it must run the
following steps:</p>
given a <span>JavaScript execution context</span> <var>execution context</var> and
<span>environment settings object</span> <var>outside settings</var>, it must run the following
steps:</p>

<ol>

<li><p>Let <var>inherited responsible browsing context</var> be the <span>responsible
browsing context</span> specified by the <span>incumbent settings object</span>.</p></li>
<li><p>Let <var>inherited responsible browsing context</var> be <var>outside settings</var>'s
<span>responsible browsing context</span>.</p></li>

<li><p>Let <var>inherited origin</var> be the <span>origin</span> specified by the
<span>incumbent settings object</span>.</p></li>
<li><p>Let <var>inherited origin</var> be <var>outside settings</var>'s
<span>origin</span>.</p></li>

<li><p>Let <var>worker event loop</var> be a newly created <span>event
loop</span>.</p></li>
<li><p>If there exists a <code>SharedWorkerGlobalScope</code> object whose <span
data-x="dom-WorkerGlobalScope-closing">closing</span> flag is false, whose <span
data-x="concept-SharedWorkerGlobalScope-name">name</span> is exactly equal to <var>name</var>,
and whose <span data-x="concept-SharedWorkerGlobalScope-constructor-url">constructor url</span>
is equal to <var>urlString</var>, then let <var>worker global scope</var> be that
whose <span data-x="concept-SharedWorkerGlobalScope-constructor-url">constructor url</span> is
equal to <var>urlString</var>, and whose <span>relevant settings object</span>'s
<span>origin</span> is <span>same origin</span> with <var>outside settings</var>'s
<span>origin</span>, then let <var>worker global scope</var> be that
<code>SharedWorkerGlobalScope</code> object.</p></li>

<li>

0 comments on commit 18c891f

Please sign in to comment.
You can’t perform that action at this time.