mirror of
https://github.com/electron/electron.git
synced 2026-01-10 07:58:08 -05:00
8a8241163d
* chore: bump chromium in DEPS to 127.0.6526.0
* chore: update network_service_allow_remote_certificate_verification_logic.patch
manually apply patch due to minor upstream shear
Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5598454
* chore: update fix_move_autopipsettingshelper_behind_branding_buildflag.patch
No manual changes; patch applied with fuzz 1
* chore: update refactor_expose_file_system_access_blocklist.patch
No manual changes; patch applied with fuzz 2
* chore: update revert_heap_add_checks_position_info.patch
No manual changes; patch applied with fuzz 1
* chore: e patches all
* chore: bump chromium in DEPS to 127.0.6527.0
* chore: update patches
* chore: bump chromium in DEPS to 127.0.6529.0
* chore: bump chromium in DEPS to 127.0.6531.0
* chore: update patches
* 5596349: Remove PDF OCR toggle from settings.
https://chromium-review.googlesource.com/c/chromium/src/+/5596349
* 5585932: [video-pip] Add minimize button to video picture-in-picture window
https://chromium-review.googlesource.com/c/chromium/src/+/5585932
* 5604487: Reland "[api] Deprecate v8::FunctionCallbackInfo::Holder() for real"
https://chromium-review.googlesource.com/c/v8/v8/+/5604487
* 5581721: [DEPS] Update clang-format location
https://chromium-review.googlesource.com/c/chromium/src/+/5581721
* 5597904: [Windows] Remove ConvertToLongPath from Sandbox Utilities.
https://chromium-review.googlesource.com/c/chromium/src/+/5597904
ResolveNTFunctionPtr was removed in this CL.
* fix: visibility state specs on macOS
Refs https://chromium-review.googlesource.com/c/chromium/src/+/5605407
* Revert "fix: visibility state specs on macOS"
This reverts commit 1eee30a33d.
* temp: disable occlusion checker on macOS
* chore: bump chromium in DEPS to 128.0.6535.0
* chore: update patches
* [Extensions] Move some scriptings files out of the API directory.
Refs https://chromium-review.googlesource.com/c/chromium/src/+/5606682
* fix[node]: do not use soon-to-be-deprecated V8 API
* fix: update api_remove_allcan_read_write.patch
* chore: update patches
* chore: update patches
* chore: fix lf mismatch in api_remove_allcan_read_write.patch
* chore: update patches
* chore: bump chromium in DEPS to 128.0.6538.0
* chore: update v8 patches
* chore: update patches
* ui/gl/features.gni: Set use_egl=true unconditionally.
Refs https://chromium-review.googlesource.com/c/chromium/src/+/5569748
Refs https://issues.chromium.org/issues/344606399
* chore: bump chromium in DEPS to 128.0.6540.0
* chore: bump chromium in DEPS to 128.0.6541.0
* chore: update patches
* chore: fix nan read/write patch
* chore: bump chromium in DEPS to 128.0.6543.0
* 5626254: Use sandbox_type instead of process_type | https://chromium-review.googlesource.com/c/chromium/src/+/5626254
* chore: update patches
* rework nan patches
* 5621488: Apply consistent naming conventions to zoom values | https://chromium-review.googlesource.com/c/chromium/src/+/5621488
* chore: bump chromium in DEPS to 128.0.6544.0
* 5605693: Remove files from third_party/ninja | https://chromium-review.googlesource.com/c/chromium/src/+/5605693
* chore: update patches
* chore: maybe fix nan patch, part 3
* chore: delete nan patch
* chore: re-add nan patch (attempt 2)
* chore: add test patch
* fixup! add test patch
* chore: bump chromium in DEPS to 128.0.6549.0
* chore: bump chromium in DEPS to 128.0.6551.0
* 5637699: Add command line to ASAN Additional Info section | https://chromium-review.googlesource.com/c/chromium/src/+/5637699
* chore: update patches
* chore: bump chromium in DEPS to 128.0.6553.0
* chore: bump chromium in DEPS to 128.0.6555.0
* fix: add property query interceptors
* chore: bump chromium in DEPS to 128.0.6557.0
* 5583182: Automatic Fullscreen: Prototype Permissions API query support | https://chromium-review.googlesource.com/c/chromium/src/+/5583182
* 5613297: Move render input router and related dependencies to //components/input | https://chromium-review.googlesource.com/c/chromium/src/+/5613297
* chore: update patches
* test: skip methodswithdata-test.js nan test
* chore: bump chromium in DEPS to 128.0.6558.0
* chore: update patches
* build: reference correct ninja cipd ref
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/5605693
* update libcxx filenames
* refactor: CursorManager moved to //components/input
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/5613297
* refactor: spanify mojo Read/WriteData methods
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/5619291
* refactor: remove constexpr from KeyboardCodeFromKeyIdentifier
Ref: unknown
Added TODO to investigate after
* chore: update patches
* refactor: improve type safety of a11y ids
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/5614590
* chore: disable tls node tests that don't apply given boringssl tls configuration
Ref: https://boringssl-review.googlesource.com/c/boringssl/+/68487
* chore: add patch to fix nan v8 incompat with NamedPropertyHandlerConfiguration and IndexedPropertyHandlerConfiguration
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/5630388
* fix: limit subspan length per feedback
* Fix incorrect CalculateInsetsInDIP check
* 5645742: Reland "Reland "Add toolchains without PartitionAlloc-Everywhere for dump_syms et al""
https://chromium-review.googlesource.com/c/chromium/src/+/5645742
* chore: more Windows logging
* 5617471: Add NPU blocking to chromium blocklist
https://chromium-review.googlesource.com/c/chromium/src/+/5617471
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Alice Zhao <alice@makenotion.com>
Co-authored-by: Samuel Attard <marshallofsound@electronjs.org>
Co-authored-by: VerteDinde <vertedinde@electronjs.org>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
459 lines
20 KiB
Diff
459 lines
20 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Cheng Zhao <zcbenz@gmail.com>
|
|
Date: Thu, 14 Dec 2023 21:16:53 +0900
|
|
Subject: Enable V8 code cache for custom schemes
|
|
|
|
Add a new category in ContentClient::AddAdditionalSchemes which allows
|
|
embedders to make custom schemes allow V8 code cache.
|
|
|
|
Chromium CL: https://chromium-review.googlesource.com/c/chromium/src/+/5019665
|
|
|
|
diff --git a/content/browser/code_cache/generated_code_cache.cc b/content/browser/code_cache/generated_code_cache.cc
|
|
index 7982c87feb19cf80aa05025996b50b1d9be5f54c..8434fdab9d0e66f54381ed96142b138a5149c9ce 100644
|
|
--- a/content/browser/code_cache/generated_code_cache.cc
|
|
+++ b/content/browser/code_cache/generated_code_cache.cc
|
|
@@ -12,6 +12,7 @@
|
|
#include <iostream>
|
|
#include <string_view>
|
|
|
|
+#include "base/containers/contains.h"
|
|
#include "base/feature_list.h"
|
|
#include "base/functional/bind.h"
|
|
#include "base/functional/callback_helpers.h"
|
|
@@ -32,6 +33,7 @@
|
|
#include "net/http/http_cache.h"
|
|
#include "third_party/blink/public/common/scheme_registry.h"
|
|
#include "url/gurl.h"
|
|
+#include "url/url_util.h"
|
|
|
|
using storage::BigIOBuffer;
|
|
|
|
@@ -44,7 +46,7 @@ constexpr char kSeparator[] = " \n";
|
|
|
|
// We always expect to receive valid URLs that can be used as keys to the code
|
|
// cache. The relevant checks (for ex: resource_url is valid, origin_lock is
|
|
-// not opque etc.,) must be done prior to requesting the code cache.
|
|
+// not opaque etc.,) must be done prior to requesting the code cache.
|
|
//
|
|
// This function doesn't enforce anything in the production code. It is here
|
|
// to make the assumptions explicit and to catch any errors when DCHECKs are
|
|
@@ -54,33 +56,55 @@ void CheckValidKeys(const GURL& resource_url,
|
|
GeneratedCodeCache::CodeCacheType cache_type) {
|
|
// If the resource url is invalid don't cache the code.
|
|
DCHECK(resource_url.is_valid());
|
|
- bool resource_url_is_chrome_or_chrome_untrusted =
|
|
+
|
|
+ // There are 3 kind of URL scheme compatible for the `resource_url`.
|
|
+ // 1. http: and https: URLs.
|
|
+ // 2. chrome: and chrome-untrusted: URLs.
|
|
+ // 3. URLs whose scheme are allowed by the content/ embedder.
|
|
+ const bool resource_url_http = resource_url.SchemeIsHTTPOrHTTPS();
|
|
+ const bool resource_url_webui =
|
|
resource_url.SchemeIs(content::kChromeUIScheme) ||
|
|
resource_url.SchemeIs(content::kChromeUIUntrustedScheme);
|
|
- DCHECK(resource_url.SchemeIsHTTPOrHTTPS() ||
|
|
- resource_url_is_chrome_or_chrome_untrusted ||
|
|
- blink::CommonSchemeRegistry::IsExtensionScheme(resource_url.scheme()));
|
|
-
|
|
- // |origin_lock| should be either empty or should have
|
|
- // Http/Https/chrome/chrome-untrusted schemes and it should not be a URL with
|
|
- // opaque origin. Empty origin_locks are allowed when the renderer is not
|
|
- // locked to an origin.
|
|
- bool origin_lock_is_chrome_or_chrome_untrusted =
|
|
+
|
|
+ const bool resource_url_embedder =
|
|
+ base::Contains(url::GetCodeCacheSchemes(), resource_url.scheme());
|
|
+ DCHECK(resource_url_http || resource_url_webui || resource_url_embedder);
|
|
+
|
|
+ // |origin_lock| should be either empty or should have code cache allowed
|
|
+ // schemes (http/https/chrome/chrome-untrusted or other custom schemes added
|
|
+ // by url::AddCodeCacheScheme), and it should not be a URL with opaque
|
|
+ // origin. Empty origin_locks are allowed when the renderer is not locked to
|
|
+ // an origin.
|
|
+ const bool origin_lock_empty = origin_lock.is_empty();
|
|
+ const bool origin_lock_for_http = origin_lock.SchemeIsHTTPOrHTTPS();
|
|
+ const bool origin_lock_for_webui =
|
|
origin_lock.SchemeIs(content::kChromeUIScheme) ||
|
|
origin_lock.SchemeIs(content::kChromeUIUntrustedScheme);
|
|
- DCHECK(
|
|
- origin_lock.is_empty() ||
|
|
- ((origin_lock.SchemeIsHTTPOrHTTPS() ||
|
|
- origin_lock_is_chrome_or_chrome_untrusted ||
|
|
- blink::CommonSchemeRegistry::IsExtensionScheme(origin_lock.scheme())) &&
|
|
- !url::Origin::Create(origin_lock).opaque()));
|
|
-
|
|
- // The chrome and chrome-untrusted schemes are only used with the WebUI
|
|
- // code cache type.
|
|
- DCHECK_EQ(origin_lock_is_chrome_or_chrome_untrusted,
|
|
- cache_type == GeneratedCodeCache::kWebUIJavaScript);
|
|
- DCHECK_EQ(resource_url_is_chrome_or_chrome_untrusted,
|
|
- cache_type == GeneratedCodeCache::kWebUIJavaScript);
|
|
+ const bool origin_lock_for_embedder =
|
|
+ base::Contains(url::GetCodeCacheSchemes(), origin_lock.scheme());
|
|
+
|
|
+ DCHECK(origin_lock_empty || ((origin_lock_for_http || origin_lock_for_webui ||
|
|
+ origin_lock_for_embedder) &&
|
|
+ !url::Origin::Create(origin_lock).opaque()));
|
|
+
|
|
+ // The webui schemes are only used with their dedicated code cache type.
|
|
+ switch (cache_type) {
|
|
+ case GeneratedCodeCache::kJavaScript:
|
|
+ case GeneratedCodeCache::kWebAssembly:
|
|
+ DCHECK(!origin_lock_for_webui);
|
|
+ DCHECK(!resource_url_webui);
|
|
+ break;
|
|
+ case GeneratedCodeCache::kWebUIJavaScript:
|
|
+ DCHECK(origin_lock_for_webui);
|
|
+ DCHECK(resource_url_webui);
|
|
+ break;
|
|
+ }
|
|
+
|
|
+ // The custom schemes share the cache type with http(s).
|
|
+ if (origin_lock_for_embedder || resource_url_embedder) {
|
|
+ DCHECK(cache_type == GeneratedCodeCache::kJavaScript ||
|
|
+ cache_type == GeneratedCodeCache::kWebAssembly);
|
|
+ }
|
|
}
|
|
|
|
// Generates the cache key for the given |resource_url|, |origin_lock| and
|
|
diff --git a/content/browser/code_cache/generated_code_cache.h b/content/browser/code_cache/generated_code_cache.h
|
|
index f5c5ff2c89489257003dfe3284ee9de9f517c99b..fdd2e2483171c4d43963590200817dac27d22cf9 100644
|
|
--- a/content/browser/code_cache/generated_code_cache.h
|
|
+++ b/content/browser/code_cache/generated_code_cache.h
|
|
@@ -52,12 +52,14 @@ class CONTENT_EXPORT GeneratedCodeCache {
|
|
// Cache type. Used for collecting statistics for JS and Wasm in separate
|
|
// buckets.
|
|
enum CodeCacheType {
|
|
- // JavaScript from http(s) pages.
|
|
+ // JavaScript from pages of http(s) schemes or custom schemes registered by
|
|
+ // url::AddCodeCacheScheme.
|
|
kJavaScript,
|
|
|
|
- // WebAssembly from http(s) pages. This cache allows more total size and
|
|
- // more size per item than the JavaScript cache, since some
|
|
- // WebAssembly programs are very large.
|
|
+ // WebAssembly from pages of http(s) schemes or custom schemes registered by
|
|
+ // url::AddCodeCacheScheme. This cache allows more total size and more size
|
|
+ // per item than the JavaScript cache, since some WebAssembly programs are
|
|
+ // very large.
|
|
kWebAssembly,
|
|
|
|
// JavaScript from chrome and chrome-untrusted pages. The resource URLs are
|
|
diff --git a/content/browser/code_cache/generated_code_cache_browsertest.cc b/content/browser/code_cache/generated_code_cache_browsertest.cc
|
|
index b6dd7405a5c9275ab699d4b347759427b30ef594..253918a2e54c98ce0075bce4e1a52134032ce367 100644
|
|
--- a/content/browser/code_cache/generated_code_cache_browsertest.cc
|
|
+++ b/content/browser/code_cache/generated_code_cache_browsertest.cc
|
|
@@ -8,13 +8,18 @@
|
|
#include "content/browser/code_cache/generated_code_cache.h"
|
|
#include "content/browser/code_cache/generated_code_cache_context.h"
|
|
#include "content/browser/renderer_host/code_cache_host_impl.h"
|
|
+#include "content/browser/storage_partition_impl.h"
|
|
+#include "content/common/url_schemes.h"
|
|
#include "content/public/browser/browser_context.h"
|
|
+#include "content/public/browser/browser_thread.h"
|
|
#include "content/public/browser/storage_partition.h"
|
|
#include "content/public/test/browser_test.h"
|
|
#include "content/public/test/browser_test_utils.h"
|
|
#include "content/public/test/content_browser_test.h"
|
|
#include "content/public/test/content_browser_test_utils.h"
|
|
+#include "content/public/test/test_browser_context.h"
|
|
#include "content/shell/browser/shell.h"
|
|
+#include "content/test/test_content_client.h"
|
|
#include "net/dns/mock_host_resolver.h"
|
|
#include "third_party/blink/public/common/features.h"
|
|
#include "third_party/blink/public/common/page/v8_compile_hints_histograms.h"
|
|
@@ -23,6 +28,8 @@ namespace content {
|
|
|
|
namespace {
|
|
|
|
+const std::string kCodeCacheScheme = "test-code-cache";
|
|
+
|
|
bool SupportsSharedWorker() {
|
|
#if BUILDFLAG(IS_ANDROID)
|
|
// SharedWorkers are not enabled on Android. https://crbug.com/154571
|
|
@@ -714,4 +721,82 @@ IN_PROC_BROWSER_TEST_F(LocalCompileHintsBrowserTest, LocalCompileHints) {
|
|
}
|
|
}
|
|
|
|
+class CodeCacheInCustomSchemeBrowserTest : public ContentBrowserTest,
|
|
+ public TestContentClient {
|
|
+ public:
|
|
+ CodeCacheInCustomSchemeBrowserTest() {
|
|
+ SetContentClient(this);
|
|
+ ReRegisterContentSchemesForTests();
|
|
+ }
|
|
+
|
|
+ ~CodeCacheInCustomSchemeBrowserTest() override { SetContentClient(nullptr); }
|
|
+
|
|
+ private:
|
|
+ void AddAdditionalSchemes(Schemes* schemes) override {
|
|
+ schemes->standard_schemes.push_back(kCodeCacheScheme);
|
|
+ schemes->code_cache_schemes.push_back(kCodeCacheScheme);
|
|
+ }
|
|
+
|
|
+ url::ScopedSchemeRegistryForTests scheme_registry_;
|
|
+};
|
|
+
|
|
+IN_PROC_BROWSER_TEST_F(CodeCacheInCustomSchemeBrowserTest,
|
|
+ AllowedCustomSchemeCanGenerateCodeCache) {
|
|
+ StoragePartitionImpl* partition =
|
|
+ static_cast<StoragePartitionImpl*>(shell()
|
|
+ ->web_contents()
|
|
+ ->GetBrowserContext()
|
|
+ ->GetDefaultStoragePartition());
|
|
+ scoped_refptr<GeneratedCodeCacheContext> context =
|
|
+ partition->GetGeneratedCodeCacheContext();
|
|
+ EXPECT_NE(context, nullptr);
|
|
+
|
|
+ GURL url(kCodeCacheScheme + "://host4/script.js");
|
|
+ GURL origin(kCodeCacheScheme + "://host1:1/");
|
|
+ ASSERT_TRUE(url.is_valid());
|
|
+ ASSERT_TRUE(origin.is_valid());
|
|
+ std::string data("SomeData");
|
|
+
|
|
+ // Add a code cache entry for the custom scheme.
|
|
+ base::test::TestFuture<void> add_entry_future;
|
|
+ GeneratedCodeCacheContext::RunOrPostTask(
|
|
+ context.get(), FROM_HERE,
|
|
+ base::BindOnce(
|
|
+ [](scoped_refptr<GeneratedCodeCacheContext> context, const GURL& url,
|
|
+ const GURL& origin, const std::string& data,
|
|
+ base::OnceClosure callback) {
|
|
+ context->generated_js_code_cache()->WriteEntry(
|
|
+ url, origin, net::NetworkIsolationKey(), base::Time::Now(),
|
|
+ std::vector<uint8_t>(data.begin(), data.end()));
|
|
+ GetUIThreadTaskRunner({})->PostTask(FROM_HERE, std::move(callback));
|
|
+ },
|
|
+ context, url, origin, data, add_entry_future.GetCallback()));
|
|
+ ASSERT_TRUE(add_entry_future.Wait());
|
|
+
|
|
+ // Get the code cache entry.
|
|
+ base::test::TestFuture<std::string> get_entry_future;
|
|
+ GeneratedCodeCacheContext::RunOrPostTask(
|
|
+ context.get(), FROM_HERE,
|
|
+ base::BindOnce(
|
|
+ [](scoped_refptr<GeneratedCodeCacheContext> context, const GURL& url,
|
|
+ const GURL& origin,
|
|
+ base::OnceCallback<void(std::string)> callback) {
|
|
+ context->generated_js_code_cache()->FetchEntry(
|
|
+ url, origin, net::NetworkIsolationKey(),
|
|
+ base::BindOnce(
|
|
+ [](base::OnceCallback<void(std::string)> callback,
|
|
+ const base::Time& response_time,
|
|
+ mojo_base::BigBuffer buffer) {
|
|
+ std::string data(buffer.data(),
|
|
+ buffer.data() + buffer.size());
|
|
+ GetUIThreadTaskRunner({})->PostTask(
|
|
+ FROM_HERE, base::BindOnce(std::move(callback), data));
|
|
+ },
|
|
+ std::move(callback)));
|
|
+ },
|
|
+ context, url, origin, get_entry_future.GetCallback()));
|
|
+ ASSERT_TRUE(get_entry_future.Wait());
|
|
+ ASSERT_EQ(data, get_entry_future.Get<0>());
|
|
+}
|
|
+
|
|
} // namespace content
|
|
diff --git a/content/browser/renderer_host/code_cache_host_impl.cc b/content/browser/renderer_host/code_cache_host_impl.cc
|
|
index b083cd89c46e676f26a7c28eda091cedbf9a5a97..84736ba6b3ae6111f1cebad862989daadb838234 100644
|
|
--- a/content/browser/renderer_host/code_cache_host_impl.cc
|
|
+++ b/content/browser/renderer_host/code_cache_host_impl.cc
|
|
@@ -6,6 +6,7 @@
|
|
|
|
#include <utility>
|
|
|
|
+#include "base/containers/contains.h"
|
|
#include "base/functional/bind.h"
|
|
#include "base/functional/callback_helpers.h"
|
|
#include "base/metrics/histogram_functions.h"
|
|
@@ -29,6 +30,7 @@
|
|
#include "third_party/blink/public/common/scheme_registry.h"
|
|
#include "url/gurl.h"
|
|
#include "url/origin.h"
|
|
+#include "url/url_util.h"
|
|
|
|
using blink::mojom::CacheStorageError;
|
|
|
|
@@ -36,6 +38,11 @@ namespace content {
|
|
|
|
namespace {
|
|
|
|
+bool ProcessLockURLIsCodeCacheScheme(const ProcessLock& process_lock) {
|
|
+ return base::Contains(url::GetCodeCacheSchemes(),
|
|
+ process_lock.lock_url().scheme());
|
|
+}
|
|
+
|
|
bool CheckSecurityForAccessingCodeCacheData(
|
|
const GURL& resource_url,
|
|
int render_process_id,
|
|
@@ -46,39 +53,57 @@ bool CheckSecurityForAccessingCodeCacheData(
|
|
|
|
// Code caching is only allowed for http(s) and chrome/chrome-untrusted
|
|
// scripts. Furthermore, there is no way for http(s) pages to load chrome or
|
|
+ // Code caching is only allowed for scripts from:
|
|
+ // 1. http: and https: schemes.
|
|
+ // 2. chrome: and chrome-untrusted: schemes.
|
|
+ // 3. Schemes registered by content/ embedder via url::AddCodeCacheScheme.
|
|
+ //
|
|
+ // Furthermore, we know there are no way for http(s) pages to load chrome or
|
|
// chrome-untrusted scripts, so any http(s) page attempting to store data
|
|
// about a chrome or chrome-untrusted script would be an indication of
|
|
// suspicious activity.
|
|
- if (resource_url.SchemeIs(content::kChromeUIScheme) ||
|
|
- resource_url.SchemeIs(content::kChromeUIUntrustedScheme)) {
|
|
- if (!process_lock.is_locked_to_site()) {
|
|
- // We can't tell for certain whether this renderer is doing something
|
|
- // malicious, but we don't trust it enough to store data.
|
|
- return false;
|
|
- }
|
|
+ if (resource_url.SchemeIsHTTPOrHTTPS()) {
|
|
if (process_lock.matches_scheme(url::kHttpScheme) ||
|
|
process_lock.matches_scheme(url::kHttpsScheme)) {
|
|
- if (operation == CodeCacheHostImpl::Operation::kWrite) {
|
|
+ return true;
|
|
+ }
|
|
+ // Pages in custom schemes like isolated-app: are allowed to load http(s)
|
|
+ // resources.
|
|
+ if (ProcessLockURLIsCodeCacheScheme(process_lock)) {
|
|
+ return true;
|
|
+ }
|
|
+ // It is possible for WebUI pages to include open-web content, but such
|
|
+ // usage is rare and we've decided that reasoning about security is easier
|
|
+ // if the WebUI code cache includes only WebUI scripts.
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ if (resource_url.SchemeIs(kChromeUIScheme) ||
|
|
+ resource_url.SchemeIs(kChromeUIUntrustedScheme)) {
|
|
+ if (process_lock.matches_scheme(kChromeUIScheme) ||
|
|
+ process_lock.matches_scheme(kChromeUIUntrustedScheme)) {
|
|
+ return true;
|
|
+ }
|
|
+ if (operation == CodeCacheHostImpl::Operation::kWrite) {
|
|
+ if (process_lock.matches_scheme(url::kHttpScheme) ||
|
|
+ process_lock.matches_scheme(url::kHttpsScheme)) {
|
|
mojo::ReportBadMessage("HTTP(S) pages cannot cache WebUI code");
|
|
}
|
|
+ if (ProcessLockURLIsCodeCacheScheme(process_lock)) {
|
|
+ mojo::ReportBadMessage(
|
|
+ "Page whose scheme are allowed by content/ embedders cannot cache "
|
|
+ "WebUI code. Did the embedder misconfigured content/?");
|
|
+ }
|
|
return false;
|
|
}
|
|
// Other schemes which might successfully load chrome or chrome-untrusted
|
|
// scripts, such as the PDF viewer, are unsupported but not considered
|
|
- // dangerous.
|
|
- return process_lock.matches_scheme(content::kChromeUIScheme) ||
|
|
- process_lock.matches_scheme(content::kChromeUIUntrustedScheme);
|
|
+ // dangerous. Similarly, the process might not be locked to a site.
|
|
+ return false;
|
|
}
|
|
- if (resource_url.SchemeIsHTTPOrHTTPS() ||
|
|
- blink::CommonSchemeRegistry::IsExtensionScheme(resource_url.scheme())) {
|
|
- if (process_lock.matches_scheme(content::kChromeUIScheme) ||
|
|
- process_lock.matches_scheme(content::kChromeUIUntrustedScheme)) {
|
|
- // It is possible for WebUI pages to include open-web content, but such
|
|
- // usage is rare and we've decided that reasoning about security is easier
|
|
- // if the WebUI code cache includes only WebUI scripts.
|
|
- return false;
|
|
- }
|
|
- return true;
|
|
+
|
|
+ if (base::Contains(url::GetCodeCacheSchemes(), resource_url.scheme())) {
|
|
+ return ProcessLockURLIsCodeCacheScheme(process_lock);
|
|
}
|
|
|
|
if (operation == CodeCacheHostImpl::Operation::kWrite) {
|
|
@@ -425,6 +450,7 @@ std::optional<GURL> CodeCacheHostImpl::GetSecondaryKeyForCodeCache(
|
|
process_lock.matches_scheme(url::kHttpsScheme) ||
|
|
process_lock.matches_scheme(content::kChromeUIScheme) ||
|
|
process_lock.matches_scheme(content::kChromeUIUntrustedScheme) ||
|
|
+ ProcessLockURLIsCodeCacheScheme(process_lock) ||
|
|
blink::CommonSchemeRegistry::IsExtensionScheme(
|
|
process_lock.lock_url().scheme())) {
|
|
return process_lock.lock_url();
|
|
diff --git a/content/common/url_schemes.cc b/content/common/url_schemes.cc
|
|
index ce9644d33fe83379127b01bf9a2b1c4badc3bc7c..fd486d4637ae4766ed78571dee7f9cebbd809f38 100644
|
|
--- a/content/common/url_schemes.cc
|
|
+++ b/content/common/url_schemes.cc
|
|
@@ -98,6 +98,14 @@ void RegisterContentSchemes(bool should_lock_registry) {
|
|
for (auto& scheme : schemes.empty_document_schemes)
|
|
url::AddEmptyDocumentScheme(scheme.c_str());
|
|
|
|
+ for (auto& scheme : schemes.code_cache_schemes) {
|
|
+ CHECK_NE(scheme, kChromeUIScheme);
|
|
+ CHECK_NE(scheme, kChromeUIUntrustedScheme);
|
|
+ CHECK_NE(scheme, url::kHttpScheme);
|
|
+ CHECK_NE(scheme, url::kHttpsScheme);
|
|
+ url::AddCodeCacheScheme(scheme.c_str());
|
|
+ }
|
|
+
|
|
#if BUILDFLAG(IS_ANDROID)
|
|
if (schemes.allow_non_standard_schemes_in_origins)
|
|
url::EnableNonStandardSchemesForAndroidWebView();
|
|
diff --git a/content/public/common/content_client.h b/content/public/common/content_client.h
|
|
index 9dc2d5a33858da7c31fd87bbbabe3899301fa52d..ebf0bb23b9aedb7bf9eb8af52b4756dba452183e 100644
|
|
--- a/content/public/common/content_client.h
|
|
+++ b/content/public/common/content_client.h
|
|
@@ -142,6 +142,9 @@ class CONTENT_EXPORT ContentClient {
|
|
// Registers a URL scheme as strictly empty documents, allowing them to
|
|
// commit synchronously.
|
|
std::vector<std::string> empty_document_schemes;
|
|
+ // Registers a URL scheme whose js and wasm scripts have V8 code cache
|
|
+ // enabled.
|
|
+ std::vector<std::string> code_cache_schemes;
|
|
// Registers a URL scheme as extension scheme.
|
|
std::vector<std::string> extension_schemes;
|
|
// Registers a URL scheme with a predefined default custom handler.
|
|
diff --git a/url/url_util.cc b/url/url_util.cc
|
|
index da35159332452f49f9e249804a6d7bd23379aba3..1f33d868bc368076ac1bda1e23fc595fd78f1e8a 100644
|
|
--- a/url/url_util.cc
|
|
+++ b/url/url_util.cc
|
|
@@ -130,6 +130,9 @@ struct SchemeRegistry {
|
|
kMaterializedViewScheme,
|
|
};
|
|
|
|
+ // Embedder schemes that have V8 code cache enabled in js and wasm scripts.
|
|
+ std::vector<std::string> code_cache_schemes = {};
|
|
+
|
|
// Schemes with a predefined default custom handler.
|
|
std::vector<SchemeWithHandler> predefined_handler_schemes;
|
|
|
|
@@ -711,6 +714,15 @@ const std::vector<std::string>& GetEmptyDocumentSchemes() {
|
|
return GetSchemeRegistry().empty_document_schemes;
|
|
}
|
|
|
|
+void AddCodeCacheScheme(const char* new_scheme) {
|
|
+ DoAddScheme(new_scheme,
|
|
+ &GetSchemeRegistryWithoutLocking()->code_cache_schemes);
|
|
+}
|
|
+
|
|
+const std::vector<std::string>& GetCodeCacheSchemes() {
|
|
+ return GetSchemeRegistry().code_cache_schemes;
|
|
+}
|
|
+
|
|
void AddPredefinedHandlerScheme(const char* new_scheme, const char* handler) {
|
|
DoAddSchemeWithHandler(
|
|
new_scheme, handler,
|
|
diff --git a/url/url_util.h b/url/url_util.h
|
|
index e39a44057cebce7cdf90bcb02a7463e88bd271b4..e80b81d2ddeb2ec201b143d86bec6ee54ca49afc 100644
|
|
--- a/url/url_util.h
|
|
+++ b/url/url_util.h
|
|
@@ -115,6 +115,15 @@ COMPONENT_EXPORT(URL) const std::vector<std::string>& GetCSPBypassingSchemes();
|
|
COMPONENT_EXPORT(URL) void AddEmptyDocumentScheme(const char* new_scheme);
|
|
COMPONENT_EXPORT(URL) const std::vector<std::string>& GetEmptyDocumentSchemes();
|
|
|
|
+// Adds an application-defined scheme to the list of schemes that have V8 code
|
|
+// cache enabled for the js and wasm scripts.
|
|
+// The WebUI schemes (chrome/chrome-untrusted) do not belong to this list, as
|
|
+// they are treated as a separate cache type for security purpose.
|
|
+// The http(s) schemes do not belong to this list neither, they always have V8
|
|
+// code cache enabled.
|
|
+COMPONENT_EXPORT(URL) void AddCodeCacheScheme(const char* new_scheme);
|
|
+COMPONENT_EXPORT(URL) const std::vector<std::string>& GetCodeCacheSchemes();
|
|
+
|
|
// Adds a scheme with a predefined default handler.
|
|
//
|
|
// This pair of strings must be normalized protocol handler parameters as
|