From 6df198e4f6d0ec14e7c2a384c569a5dea33b857d Mon Sep 17 00:00:00 2001 From: Jeffrey Yasskin Date: Sun, 27 Jul 2014 13:03:23 -0700 Subject: [PATCH] Cause a Content-Security-Policy: sandbox header to unregister the Service Worker at that scriptURL. Joshua Peek suggested that this should work (http://lists.w3.org/Archives/Public/public-webappsec/2014Jul/0109.html) because `sandbox` gives the resource a unique origin, which combines with Service Workers' same-origin policy to disallow execution. See slightlyoff/ServiceWorker#113 and slightlyoff/ServiceWorker#224. --- spec/service_worker/index.html | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/spec/service_worker/index.html b/spec/service_worker/index.html index 25464fd3..eb8927d2 100644 --- a/spec/service_worker/index.html +++ b/spec/service_worker/index.html @@ -95,6 +95,7 @@

Dependencies

  • The Web Origin Concept
  • URL Living Standard
  • Hypertext Transfer Protocol -- HTTP/1.1
  • +
  • Content Security Policy Level 2
  • Mixed Content
  • @@ -138,7 +139,7 @@

    Concepts

    1. Fetch:
      - The script URL provided by the author (via a call to navigator.serviceWorker.register(scriptURL, options) from a document) is fetched without heuristic caching. If the return status code of the fetch is not 2xx, installation aborts.
    2. + The script URL provided by the author (via a call to navigator.serviceWorker.register(scriptURL, options) from a document) is fetched without heuristic caching. If the return status code of the fetch is not 2xx or it is served with a Content-Security-Policy header that disallows use as a Service Worker, installation aborts.
    3. Startup:
      If fetching the worker script is successful, it is executed in a ServiceWorkerGlobalScope. These scripts may call importScripts resulting in further fetches. Imported scripts are fetched, parsed and executed in turn, per the ECMA-262 and Web Workers specifications. All resources downloaded as part of the very first startup of a Service Worker are cached along with the worker script as described in "Worker Script Caching". @@ -1748,6 +1749,15 @@

      [[Update]]

    4. Abort these steps.
    +
  • Else if the server returned a Content-Security-Policy header including a sandbox directive, then: +

    Once Service Workers use the run a worker algorithm to start the Service Worker execution process, this should probably move inside the [[Install]] algorithm and refer to the worker's sandboxed origin browsing context flag inside its forced sandboxing flag set.

    +
      +
    1. Reject promise with a "SecurityError" exception.
    2. +
    3. Set registration.[[UpdatePromise]] to null.
    4. +
    5. Invoke the [[Unregister]] algorithm passing registration.scope as its argument.
    6. +
    7. Abort these steps.
    8. +
    +
  • Let fetchedScript be the fetched script.
  • Let newestWorker be the result of running the [[GetNewestWorker]] algorithm passing registration as the argument.
  • If newestWorker is not null, and newestWorker.scriptURL is equal to registration.[[ScriptURL]] and fetchedScript is a byte-for-byte match with the script of newestWorker, then: