From 99ea50649ac73987886b13f3c39829151af8c73d Mon Sep 17 00:00:00 2001 From: Paul Frazee Date: Mon, 14 Nov 2016 10:20:04 -0600 Subject: [PATCH] finish implementation of {secure:true} opt on protocol.registerStandardScehesm, and add working test --- atom/app/atom_content_client.cc | 2 +- atom/browser/api/atom_api_protocol.cc | 2 +- atom/browser/atom_browser_client.cc | 3 ++- atom/common/options_switches.cc | 2 +- atom/common/options_switches.h | 2 +- atom/renderer/atom_renderer_client.cc | 26 ++++++++++++++++++-------- spec/api-protocol-spec.js | 14 ++++++++++++++ spec/fixtures/pages/cache-storage.html | 7 +++++++ spec/static/main.js | 2 +- 9 files changed, 46 insertions(+), 14 deletions(-) create mode 100644 spec/fixtures/pages/cache-storage.html diff --git a/atom/app/atom_content_client.cc b/atom/app/atom_content_client.cc index f1528b09e8..a3d3ac862a 100644 --- a/atom/app/atom_content_client.cc +++ b/atom/app/atom_content_client.cc @@ -209,7 +209,7 @@ void AtomContentClient::AddSecureSchemesAndOrigins( std::set* secure_origins) { std::vector schemes; ConvertStringWithSeparatorToVector(&schemes, ",", - switches::kRegisterSecureSchemes); + switches::kSecureSchemes); if (!schemes.empty()) { for (const std::string& scheme : schemes) { secure_schemes->insert(scheme); diff --git a/atom/browser/api/atom_api_protocol.cc b/atom/browser/api/atom_api_protocol.cc index 33ad0cb773..ee2fe9d598 100644 --- a/atom/browser/api/atom_api_protocol.cc +++ b/atom/browser/api/atom_api_protocol.cc @@ -64,7 +64,7 @@ void RegisterStandardSchemes(const std::vector& schemes, mate::Argu if (args->GetNext(&opts) && opts.Get("secure", &secure) && secure) { // add switches to register as secure base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( - atom::switches::kRegisterSecureSchemes, base::JoinString(schemes, ",")); + atom::switches::kSecureSchemes, base::JoinString(schemes, ",")); } } diff --git a/atom/browser/atom_browser_client.cc b/atom/browser/atom_browser_client.cc index 030ad1402b..6734bbfa10 100644 --- a/atom/browser/atom_browser_client.cc +++ b/atom/browser/atom_browser_client.cc @@ -234,7 +234,8 @@ void AtomBrowserClient::AppendExtraCommandLineSwitches( // Copy following switches to child process. static const char* const kCommonSwitchNames[] = { switches::kStandardSchemes, - switches::kEnableSandbox + switches::kEnableSandbox, + switches::kSecureSchemes }; command_line->CopySwitchesFrom( *base::CommandLine::ForCurrentProcess(), diff --git a/atom/common/options_switches.cc b/atom/common/options_switches.cc index 12e097a500..30aa48b987 100644 --- a/atom/common/options_switches.cc +++ b/atom/common/options_switches.cc @@ -145,7 +145,7 @@ const char kStandardSchemes[] = "standard-schemes"; const char kRegisterServiceWorkerSchemes[] = "register-service-worker-schemes"; // Register schemes as secure. -const char kRegisterSecureSchemes[] = "register-secure-schemes"; +const char kSecureSchemes[] = "secure-schemes"; // The minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2") that // TLS fallback will accept. diff --git a/atom/common/options_switches.h b/atom/common/options_switches.h index 4ca7f61a42..c930cabe34 100644 --- a/atom/common/options_switches.h +++ b/atom/common/options_switches.h @@ -76,7 +76,7 @@ extern const char kPpapiFlashVersion[]; extern const char kDisableHttpCache[]; extern const char kStandardSchemes[]; extern const char kRegisterServiceWorkerSchemes[]; -extern const char kRegisterSecureSchemes[]; +extern const char kSecureSchemes[]; extern const char kSSLVersionFallbackMin[]; extern const char kCipherSuiteBlacklist[]; extern const char kAppUserModelId[]; diff --git a/atom/renderer/atom_renderer_client.cc b/atom/renderer/atom_renderer_client.cc index c3ad11e143..963d63946a 100644 --- a/atom/renderer/atom_renderer_client.cc +++ b/atom/renderer/atom_renderer_client.cc @@ -121,20 +121,24 @@ bool IsDevToolsExtension(content::RenderFrame* render_frame) { .SchemeIs("chrome-extension"); } +std::vector ParseSchemesCLISwitch(const char* switch_name) { + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + std::string custom_schemes = command_line->GetSwitchValueASCII(switch_name); + if (!custom_schemes.empty()) { + return base::SplitString(custom_schemes, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY); + } + return std::vector(); +} + } // namespace AtomRendererClient::AtomRendererClient() : node_bindings_(NodeBindings::Create(false)), atom_bindings_(new AtomBindings) { // Parse --standard-schemes=scheme1,scheme2 - base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); - std::string custom_schemes = command_line->GetSwitchValueASCII( - switches::kStandardSchemes); - if (!custom_schemes.empty()) { - std::vector schemes_list = base::SplitString( - custom_schemes, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY); - for (const std::string& scheme : schemes_list) - url::AddStandardScheme(scheme.c_str(), url::SCHEME_WITHOUT_PORT); + std::vector standard_schemes_list = ParseSchemesCLISwitch(switches::kStandardSchemes); + for (const std::string& scheme : standard_schemes_list) { + url::AddStandardScheme(scheme.c_str(), url::SCHEME_WITHOUT_PORT); } } @@ -182,6 +186,12 @@ void AtomRendererClient::RenderFrameCreated( // Allow file scheme to handle service worker by default. // FIXME(zcbenz): Can this be moved elsewhere? blink::WebSecurityPolicy::registerURLSchemeAsAllowingServiceWorkers("file"); + + // Parse --secure-schemes=scheme1,scheme2 + std::vector secure_schemes_list = ParseSchemesCLISwitch(switches::kSecureSchemes); + for (const std::string& secure_scheme : secure_schemes_list) { + blink::WebSecurityPolicy::registerURLSchemeAsSecure(blink::WebString::fromUTF8(secure_scheme)); + } } void AtomRendererClient::RenderViewCreated(content::RenderView* render_view) { diff --git a/spec/api-protocol-spec.js b/spec/api-protocol-spec.js index 51003ebf42..7781706b81 100644 --- a/spec/api-protocol-spec.js +++ b/spec/api-protocol-spec.js @@ -985,5 +985,19 @@ describe('protocol module', function () { ipcMain.once('file-system-error', (event, err) => done(err)) ipcMain.once('file-system-write-end', () => done()) }) + + it('registers secure, when {secure: true}', function (done) { + // the CacheStorage API will only work if secure == true + let filePath = path.join(__dirname, 'fixtures', 'pages', 'cache-storage.html') + const handler = function (request, callback) { + callback({path: filePath}) + } + ipcMain.once('success', () => done()) + ipcMain.once('failure', (event, err) => done(err)) + protocol.registerFileProtocol(standardScheme, handler, function (error) { + if (error) return done(error) + w.loadURL(origin) + }) + }) }) }) diff --git a/spec/fixtures/pages/cache-storage.html b/spec/fixtures/pages/cache-storage.html new file mode 100644 index 0000000000..0b6717201e --- /dev/null +++ b/spec/fixtures/pages/cache-storage.html @@ -0,0 +1,7 @@ + diff --git a/spec/static/main.js b/spec/static/main.js index f29cbebeeb..1b512e1b0d 100644 --- a/spec/static/main.js +++ b/spec/static/main.js @@ -92,7 +92,7 @@ if (global.isCi) { // Register app as standard scheme. global.standardScheme = 'app' -protocol.registerStandardSchemes([global.standardScheme]) +protocol.registerStandardSchemes([global.standardScheme], { secure: true }) app.on('window-all-closed', function () { app.quit()