mirrors/gecko-dev
1
0
Fork 1
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-11-09 21:00:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
gecko-dev/testing/web-platform/tests/native-file-system/script-tests/FileSystemBaseHandle-postMessage-BroadcastChannel.js
Steve Becker ba435d06a4 Bug 1579753 [wpt PR 18921] - [NativeFileSystem] Make FileSystemHandle cloneable, a=testonly 
Automatic update from web-platform-tests
[NativeFileSystem] Make FileSystemHandle cloneable

Updates postMessage() to clone FileSystemFileHandle and
FileSystemDirectoryHandle objects for same origin targets.  Including
a FileSystemHandle object with a cross origin message fails by
dispatching a 'messageerror' event instead of 'message' event.

The change consists of four parts:

(1) Updates V8ScriptValueSerializerForModules to serialize
FileSystemFileHandle and FileSystemDirectoryHandle into
blink::SerializedScriptValue, by following these steps:

 * Write a tag for the handle type (file or directory).

 * Write the name of the file or directory.

 * Creates a mojom::blink::NativeFileSystemTransferTokenPtr  by calling
   blink:NativeFileSystemHandle::Transfer().  This token informs the
   storage::NativeFileSystemManagerImpl that a transfer is in progress.
   The NativeFileSystemManagerImpl creates a
   NativeFileSystemTransferTokenImpl to store the information required
   to clone the handle.

 * Stores the token in
   blink::SerializedScriptValue::native_file_system_tokens_.  This
   array tracks all cloned FileSystemFileHandle. The
   blink::mojom::CloneableMessage struct is also updated to hold this
   array for MessagePort and BroadcastChannels.

 * Write the index of the token in the native_file_system_tokens_
   array.

(2) Updates V8ScriptValueDeserializerForModules to deserialize
FileSystemFileHandle objects when creating clones for the message
targets.  This is the inverse of (1).  Deserializing uses
mojom::blink::NativeFileSystemManager to redeem the token, which
creates the mojom::blink::NativeFileSystemFileHandlePtr or
mojom::blink::NativeFileSystemDirectoryHandlePtr using the info
stored by NativeFileSystemTransferTokenImpl.

(3) Updates content::NativeFileSystemManagerImpl to support token
transfers.  To redeem a token, NativeFileSystemManagerImpl receives
a mojo message that includes the token as well as a request for a
handle interface like mojom::blink::NativeFileSystemFileHandlePtr.
NativeFileSystemManagerImpl finds the token and then binds the request.
Token redemption does not return any results.  Token redemption should
never fail, unless a render process is misbehaving.
NativeFileSystemManagerImpl performs a few sanity checks before binding
the mojo request, including a token existence check, a handle type
check and an origin check.  If any of the sanity checks fail,
NativeFileSystemManagerImpl silently fails closing the redeemed
FileHandle's pipe.

(4) Adds a cross origin check to window and message port messaging.
Most message targets, like dedicated workers, are same origin only.
However, both windows and message port messages can go cross origin.
When a cross origin message includes a FileSystemHandle, the message
must fail with a 'messageerror' event to prevent cross origin access
to the FileSystemHandle.

Messaging between windows already included origin information before
this change. This change adds a NativeFileSystem origin check before
dispatching a message event to a window.  The message event is
replaced with  a message error when a cross origin NativeFileSystem
object exists in the message data.

For message ports, no sender origin information existed before this
change.  This change updates the CloneableMessage structs to
include a 'sender_origin' url::Origin property.  Message ports use
this property to perform the same cross origin NativeFileSystem
check as the window.

The NativeFileSystemManagerImpl performs an additional origin check
before binding the FileSystemHandle mojo request.  The
NativeFileSystemManagerImpl cannot trust the postMessage() origin
check performed in the render process.

Bug: 955192
Change-Id: Ieeb76bd8102067d70c5d7719622ecd4930c3a88f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1791942
Commit-Queue: Steve Becker <stevebe@microsoft.com>
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Olivier Yiptong <oyiptong@chromium.org>
Cr-Commit-Position: refs/heads/master@{#709407}

--

wpt-commits: 474923949524b5c05a9e6f28ec082fdca87078de
wpt-pr: 18921

Differential Revision: https://phabricator.services.mozilla.com/D53468
2019-11-20 11:18:36 +00:00

82 lines
No EOL
3.4 KiB
JavaScript
Raw Blame History

'use strict';
// This script depends on the following scripts:
// /native-file-system/resources/messaging-helpers.js
// /native-file-system/resources/messaging-serialize-helpers.js
// /native-file-system/resources/test-helpers.js
// /service-workers/service-worker/resources/test-helpers.sub.js
// Sets up a new broadcast channel in |target|. Posts a message instructing
// |target| to open the broadcast channel using |broadcast_channel_name|.
async function create_broadcast_channel(
test, broadcast_channel_name, receiver, target, target_origin) {
target.postMessage(
{ type: 'create-broadcast-channel', broadcast_channel_name },
{ targetOrigin: target_origin });
const event_watcher = new EventWatcher(test, receiver, 'message');
// Wait until |target| is listening to the broad cast channel.
const message_event = await event_watcher.wait_for('message');
assert_equals(message_event.data.type, 'broadcast-channel-created',
'The message target must receive a "broadcast-channel-created" message ' +
'response.');
}
// This test is very similar to 'FileSystemBaseHandle-postMessage.js'. It
// starts by creating three message targets for the broadcast channel:
// an iframe, dedicated worker and a service worker. After setup, an array
// of FileSystemHandles is sent across the broadcast channel. The test
// expects three responses -- one from each message target.
directory_test(async (t, root) => {
const broadcast_channel_name = 'file-system-file-handle-channel';
const broadcast_channel = new BroadcastChannel(broadcast_channel_name);
const broadcast_channel_event_watcher =
new EventWatcher(t, broadcast_channel, 'message');
const iframe = await add_iframe(t, { src: kDocumentMessageTarget });
await create_broadcast_channel(
t, broadcast_channel_name, self, iframe.contentWindow, '*');
const scope = `${kServiceWorkerMessageTarget}` +
'?post-message-to-broadcast-channel-with-file-handle';
const registration = await create_service_worker(
t, kServiceWorkerMessageTarget, scope);
await create_broadcast_channel(
t, broadcast_channel_name,
navigator.serviceWorker, registration.installing);
const dedicated_worker =
create_dedicated_worker(t, kDedicatedWorkerMessageTarget);
await create_broadcast_channel(
t, broadcast_channel_name, dedicated_worker, dedicated_worker);
const handles = await create_file_system_handles(t, root);
broadcast_channel.postMessage(
{ type: 'receive-file-system-handles', cloned_handles: handles });
const expected_response_count = 3;
const responses = [];
for (let i = 0; i < expected_response_count; ++i) {
const message_event =
await broadcast_channel_event_watcher.wait_for('message');
responses.push(message_event.data);
}
const expected_serialized_handles = await serialize_handles(handles);
for (let i = 0; i < responses.length; ++i) {
assert_equals(responses[i].type, 'receive-serialized-file-system-handles',
'The test runner must receive a "serialized-file-system-handles" ' +
`message response. Actual response: ${responses[i]}`);
assert_equals_serialized_handles(
responses[i].serialized_handles, expected_serialized_handles);
await assert_equals_cloned_handles(responses[i].cloned_handles, handles);
}
}, 'Send and receive messages using a broadcast channel in an iframe, ' +
'dedicated worker and service worker.');
Reference in a new issue View git blame Copy permalink