Bug 1598278 - Check that Service Worker controls client in navigate() r=asuth

Differential Revision: https://phabricator.services.mozilla.com/D66040 --HG-- extra : moz-landing-system : lando
2020-03-24 23:35:38 +00:00 · 2020-03-24 23:35:38 +00:00 · 7f0520ae9a
--- a/dom/clients/api/Client.cpp
+++ b/dom/clients/api/Client.cpp
@ -185,7 +185,8 @@ already_AddRefed<Promise> Client::Navigate(const nsAString& aURL,
  }

  ClientNavigateArgs args(mData->info(), NS_ConvertUTF16toUTF8(aURL),
-                          workerPrivate->GetLocationInfo().mHref);
+                          workerPrivate->GetLocationInfo().mHref,
+                          workerPrivate->GetServiceWorkerDescriptor().ToIPC());
  RefPtr<Client> self = this;

  StartClientManagerOp(
--- a/dom/clients/manager/ClientIPCTypes.ipdlh
+++ b/dom/clients/manager/ClientIPCTypes.ipdlh
@ -85,6 +85,7 @@ struct ClientNavigateArgs
  IPCClientInfo target;
  nsCString url;
  nsCString baseURL;
+  IPCServiceWorkerDescriptor serviceWorker;
 };

 struct ClientPostMessageArgs
--- a/dom/clients/manager/ClientManagerService.cpp
+++ b/dom/clients/manager/ClientManagerService.cpp
@ -284,6 +284,19 @@ RefPtr<ClientOpPromise> ClientManagerService::Navigate(
    return ClientOpPromise::CreateAndReject(rv, __func__);
  }

+  const IPCServiceWorkerDescriptor& serviceWorker = aArgs.serviceWorker();
+
+  // Per https://w3c.github.io/ServiceWorker/#dom-windowclient-navigate step 4,
+  // if the service worker does not control the client, reject with a TypeError.
+  const Maybe<ServiceWorkerDescriptor>& controller = source->GetController();
+  if (controller.isNothing() ||
+      controller.ref().Scope() != serviceWorker.scope() ||
+      controller.ref().Id() != serviceWorker.id()) {
+    CopyableErrorResult rv;
+    rv.ThrowTypeError("Client is not controlled by this Service Worker");
+    return ClientOpPromise::CreateAndReject(rv, __func__);
+  }
+
  PClientManagerParent* manager = source->Manager();
  MOZ_DIAGNOSTIC_ASSERT(manager);

--- a/testing/web-platform/meta/service-workers/service-worker/windowclient-navigate.https.html.ini
+++ b/testing/web-platform/meta/service-workers/service-worker/windowclient-navigate.https.html.ini
@ -1,32 +0,0 @@
-[windowclient-navigate.https.html]
-  expected: [OK, ERROR, TIMEOUT]
-  [in scope but not controlled test on installing worker worker side]
-    expected: FAIL
-
-  [in scope but not controlled test on active worker worker side]
-    expected: FAIL
-
-  [out of scope worker side]
-    expected: FAIL
-
-  [invalid url (about:blank)]
-    expected: [PASS, TIMEOUT, NOTRUN]
-
-  [in scope but not controlled test on active worker]
-    expected: [PASS, NOTRUN]
-
-  [out of scope]
-    expected: [PASS, NOTRUN]
-
-  [invalid url (view-source://example.com)]
-    expected: [PASS, NOTRUN]
-
-  [invalid url (http://[example.com\])]
-    expected: [PASS, NOTRUN]
-
-  [invalid url (file:///)]
-    expected: [PASS, NOTRUN]
-
-  [cross orgin url]
-    expected: [PASS, NOTRUN]
-