1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
content / public / browser / shared_worker_instance.cc [blame]
// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/public/browser/shared_worker_instance.h"
#include "base/check.h"
#include "content/public/browser/content_browser_client.h"
#include "content/public/common/content_client.h"
namespace content {
SharedWorkerInstance::SharedWorkerInstance(
const GURL& url,
blink::mojom::ScriptType script_type,
network::mojom::CredentialsMode credentials_mode,
const std::string& name,
const blink::StorageKey& storage_key,
blink::mojom::SharedWorkerCreationContextType creation_context_type,
blink::mojom::SharedWorkerSameSiteCookies same_site_cookies)
: url_(url),
script_type_(script_type),
credentials_mode_(credentials_mode),
name_(name),
storage_key_(storage_key),
// See the comment on the member declaration on why this is this way.
renderer_origin_(url.SchemeIs(url::kDataScheme) ? url::Origin()
: storage_key_.origin()),
creation_context_type_(creation_context_type),
same_site_cookies_(same_site_cookies) {
// Ensure the same-origin policy is enforced correctly.
DCHECK(url.SchemeIs(url::kDataScheme) ||
GetContentClient()->browser()->DoesSchemeAllowCrossOriginSharedWorker(
storage_key.origin().scheme()) ||
storage_key.origin().IsSameOriginWith(url));
// Ensure only first-party contexts can ask for SameSite Lax/Strict cookies.
DCHECK(storage_key.IsFirstPartyContext() ||
same_site_cookies == blink::mojom::SharedWorkerSameSiteCookies::kNone);
}
SharedWorkerInstance::SharedWorkerInstance(const SharedWorkerInstance& other) =
default;
SharedWorkerInstance::SharedWorkerInstance(SharedWorkerInstance&& other) =
default;
SharedWorkerInstance::~SharedWorkerInstance() = default;
bool SharedWorkerInstance::Matches(
const GURL& url,
const std::string& name,
const blink::StorageKey& storage_key,
const blink::mojom::SharedWorkerSameSiteCookies same_site_cookies) const {
// Step 11.2: "If there exists a SharedWorkerGlobalScope object whose closing
// flag is false, constructor origin is same origin with outside settings's
// origin, constructor url equals urlRecord, and name equals the value of
// options's name member, then set worker global scope to that
// SharedWorkerGlobalScope object."
if (storage_key_ != storage_key || url_ != url || name_ != name ||
same_site_cookies_ != same_site_cookies) {
return false;
}
// TODO(crbug.com/40554285): file:// URLs should be treated as opaque
// origins, but not in url::Origin. Therefore, we manually check it here.
if (url.SchemeIsFile() || storage_key.origin().scheme() == url::kFileScheme)
return false;
return true;
}
} // namespace content