From 45ddbd291d1ccd6feab734f6bcd7e222dc7d770e Mon Sep 17 00:00:00 2001 From: Matt Falkenhagen Date: Mon, 8 Oct 2018 16:35:13 +0900 Subject: [PATCH] Create a new reserved environment for cross-origin redirects Previously, a navigation would create a reserved environment once and use it for all redirects. This commit changes that so a new environment is created on a cross-origin redirect. We now also run CSP for each redirect. See also https://github.com/w3c/ServiceWorker/issues/1316. --- source | 109 ++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 73 insertions(+), 36 deletions(-) diff --git a/source b/source index b989d1c4683..41e540d4ff4 100644 --- a/source +++ b/source @@ -2835,6 +2835,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • header list
  • body
  • client
  • +
  • current URL
  • reserved client
  • replaces client id
  • initiator
  • @@ -82092,54 +82093,90 @@ interface Location { // but see also origin to that browsing context scope origin.

    +
  • Let done be false and reservedEnvironment be null.

  • +
  • -

    Create a new environment reservedEnvironment, and set its id to a new unique opaque string, its creation URL to request's - url, and its target - browsing context to browsingContext.

    +

    While done is false:

    -

    The created environment's active service worker is set in the - handle fetch algorithm during the fetch if its - creation URL matches a service worker - registration.

    -
  • +
      +
    1. Let currentURL be response's location URL, if response is not null, + and request's current URL + otherwise.

    2. -
    3. Set request's reserved - client to reservedEnvironment.

    4. +
    5. +

      If reservedEnvironment is not null and currentURL's + origin is not the same as reservedEnvironment's creation URL's origin, then:

      -
    6. -

      If the Should navigation request of type from source in target be blocked by Content - Security Policy? algorithm returns "Blocked" when executed upon - request, navigationType, sourceBrowsingContext, and - browsingContext, then set response to a network error. -

      +
        +
      1. Run the environment discarding steps for + reservedEnvironment.

      2. -

        Otherwise:

        +
      3. Set reservedEnvironment to null.

      4. +
      +
    7. -
        -
      1. Fetch request.

      2. +
      3. If reservedEnvironment is null, then set reservedEnvironment to a + new environment whose id is a + unique opaque string and target browsing context is + browsingContext.

      4. -
      5. Wait for the task on the networking task - source to process response and set response to the - result.

      6. -
      - +
    8. +

      Set reservedEnvironment's creation URL to currentURL.

      +

      The created environment's active service worker is set in the + Handle Fetch algorithm during the fetch if + the request URL matches a service worker registration.

      +
    9. -
    10. Set request's reserved + client to reservedEnvironment.

    11. -

      Navigation handles redirects manually as navigation is the only place in the web - platform that cares for redirects to mailto: URLs and - such.

      +
    12. If the Should navigation request of type from source in target be blocked by + Content Security Policy? algorithm returns "Blocked" when + executed upon request, navigationType, sourceBrowsingContext, + and browsingContext, then set response to a network error + and set done to true.

    13. + +
    14. +

      Otherwise:

      + +
        +
      1. If response is null, fetch request.

      2. + +
      3. Otherwise, perform HTTP-redirect fetch using + request and response.

      4. + +
      5. Wait for the task on the networking task + source to process response and set response to the + result.

      6. + +
      7. +

        If response does not have a location URL or the location URL is not a URL whose + scheme is an HTTP(S) scheme, + then set done to true.

        + +

        Navigation handles redirects manually as navigation is the only place in + the web platform that cares for redirects to mailto: + URLs and such.

        +
      8. +
      +
    15. +
    +
  • If response's location URL + is failure, then set response to a network error.

  • +
  • Otherwise, if response has a location URL that is a URL whose scheme is "blob", "