8000 Add {secure:} opt to protocol.registerStandardSchemes by pfrazee · Pull Request #7947 · electron/electron · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add {secure:} opt to protocol.registerStandardSchemes #7947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Dec 12, 2016
Merged

Add {secure:} opt to protocol.registerStandardSchemes #7947

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
9d2e234
add {secure:} opt to protocol.registerStandardSchemes
pfrazee Nov 11, 2016
99ea506
finish implementation of {secure:true} opt on protocol.registerStanda…
pfrazee Nov 14, 2016
b458201
add deprecation notices to webframe
pfrazee Nov 14, 2016
a46040a
log deprecation notices for webframe
pfrazee Nov 14, 2016
4e01ab5
fix documentation for planned breaking changes
pfrazee Nov 16, 2016
bacf651
remove unneeded deprecations couts
pfrazee Dec 11, 2016
04fa85f
removed unused iostream include
pfrazee Dec 12, 2016
381f55b
Remove unneeded empty checks
kevinsawicki Dec 12, 2016
cac85d2
Remove linter errors
kevinsawicki Dec 12, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 13 additions & 4 deletions atom/app/atom_content_client.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,11 +197,20 @@ void AtomContentClient::AddServiceWorkerSchemes(
std::vector<std::string> schemes;
ConvertStringWithSeparatorToVector(&schemes, ",",
switches::kRegisterServiceWorkerSchemes);
if (!schemes.empty()) {
for (const std::string& scheme : schemes)
service_worker_schemes->insert(scheme);
}
for (const std::string& scheme : schemes)
service_worker_schemes->insert(scheme);

service_worker_schemes->insert(url::kFileScheme);
}

void AtomContentClient::AddSecureSchemesAndOrigins(
std::set<std::string>* secure_schemes,
std::set<GURL>* secure_origins) {
std::vector<std::string> schemes;
ConvertStringWithSeparatorToVector(&schemes, ",", switches::kSecureSchemes);
for (const std::string& scheme : schemes)
secure_schemes->insert(scheme);
}


} // namespace atom
3 changes: 3 additions & 0 deletions atom/app/atom_content_client.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ class AtomContentClient : public brightray::ContentClient {
std::vector<content::PepperPluginInfo>* plugins) override;
void AddServiceWorkerSchemes(
std::set<std::string>* service_worker_schemes) override;
void AddSecureSchemesAndOrigins(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this still used? I'm not seeing references to it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it's called by chromium or brightray code. I confirmed by removing it and running tests, which then failed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I didn't see the override 👍

std::set<std::string>* secure_schemes,
std::set<GURL>* secure_origins) override;

private:
DISALLOW_COPY_AND_ASSIGN(AtomContentClient);
Expand Down
14 changes: 12 additions & 2 deletions atom/browser/api/atom_api_protocol.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,8 @@ std::vector<std::string> GetStandardSchemes() {
return g_standard_schemes;
}

void RegisterStandardSchemes(const std::vector<std::string>& schemes) {
void RegisterStandardSchemes(const std::vector<std::string>& schemes,
mate::Arguments* args) {
g_standard_schemes = schemes;

auto* policy = content::ChildProcessSecurityPolicy::GetInstance();
Expand All @@ -55,8 +56,17 @@ void RegisterStandardSchemes(const std::vector<std::string>& schemes) {
policy->RegisterWebSafeScheme(scheme);
}

// add switches to register as standard
base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
atom::switches::kStandardSchemes, base::JoinString(schemes, ","));

mate::Dictionary opts;
bool secure = false;
if (args->GetNext(&opts) && opts.Get("secure", &secure) && secure) {
// add switches to register as secure
base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
atom::switches::kSecureSchemes, base::JoinString(schemes, ","));
}
}

Protocol::Protocol(v8::Isolate* isolate, AtomBrowserContext* browser_context)
Expand Down Expand Up @@ -220,7 +230,7 @@ void RegisterStandardSchemes(
return;
}

atom::api::RegisterStandardSchemes(schemes);
atom::api::RegisterStandardSchemes(schemes, args);
}

void Initialize(v8::Local<v8::Object> exports, v8::Local<v8::Value> unused,
Expand Down
3 changes: 2 additions & 1 deletion atom/browser/api/atom_api_protocol.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ namespace atom {
namespace api {

std::vector<std::string> GetStandardSchemes();
void RegisterStandardSchemes(const std::vector<std::string>& schemes);
void RegisterStandardSchemes(const std::vector<std::string>& schemes,
mate::Arguments* args);

class Protocol : public mate::TrackableObject<Protocol> {
public:
Expand Down
3 changes: 2 additions & 1 deletion atom/browser/atom_browser_client.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,8 @@ void AtomBrowserClient::AppendExtraCommandLineSwitches(
// Copy following switches to child process.
static const char* const kCommonSwitchNames[] = {
switches::kStandardSchemes,
switches::kEnableSandbox
switches::kEnableSandbox,
switches::kSecureSchemes
};
command_line->CopySwitchesFrom(
*base::CommandLine::ForCurrentProcess(),
Expand Down
3 changes: 3 additions & 0 deletions atom/common/options_switches.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,9 @@ const char kStandardSchemes[] = "standard-schemes";
// Register schemes to handle service worker.
const char kRegisterServiceWorkerSchemes[] = "register-service-worker-schemes";

// Register schemes as secure.
const char kSecureSchemes[] = "secure-schemes";

// The minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2") that
// TLS fallback will accept.
const char kSSLVersionFallbackMin[] = "ssl-version-fallback-min";
Expand Down
1 change: 1 addition & 0 deletions atom/common/options_switches.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ extern const char kPpapiFlashVersion[];
extern const char kDisableHttpCache[];
extern const char kStandardSchemes[];
extern const char kRegisterServiceWorkerSchemes[];
extern const char kSecureSchemes[];
extern const char kSSLVersionFallbackMin[];
extern const char kCipherSuiteBlacklist[];
extern const char kAppUserModelId[];
Expand Down
2 changes: 2 additions & 0 deletions atom/renderer/api/atom_api_web_frame.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ void WebFrame::SetSpellCheckProvider(mate::Arguments* args,
}

void WebFrame::RegisterURLSchemeAsSecure(const std::string& scheme) {
// TODO(pfrazee): Remove 2.0
// Register scheme to secure list (https, wss, data).
blink::WebSecurityPolicy::registerURLSchemeAsSecure(
blink::WebString::fromUTF8(scheme));
Expand Down Expand Up @@ -165,6 +166,7 @@ void WebFrame::RegisterURLSchemeAsPrivileged(const std::string& scheme,
// Register scheme to privileged list (https, wss, data, chrome-extension)
blink::WebString privileged_scheme(blink::WebString::fromUTF8(scheme));
if (secure) {
// TODO(pfrazee): Remove 2.0
blink::WebSecurityPolicy::registerURLSchemeAsSecure(privileged_scheme);
}
if (bypassCSP) {
Expand Down
27 changes: 18 additions & 9 deletions atom/renderer/atom_renderer_client.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,21 +121,23 @@ bool IsDevToolsExtension(content::RenderFrame* render_frame) {
.SchemeIs("chrome-extension");
}

std::vector<std::string> ParseSchemesCLISwitch(const char* switch_name) {
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
std::string custom_schemes = command_line->GetSwitchValueASCII(switch_name);
return base::SplitString(
custom_schemes, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
}

} // namespace

AtomRendererClient::AtomRendererClient()
: node_bindings_(NodeBindings::Create(false)),
atom_bindings_(new AtomBindings) {
// Parse --standard-schemes=scheme1,scheme2
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
std::string custom_schemes = command_line->GetSwitchValueASCII(
switches::kStandardSchemes);
if (!custom_schemes.empty()) {
std::vector<std::string> schemes_list = base::SplitString(
custom_schemes, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
for (const std::string& scheme : schemes_list)
url::AddStandardScheme(scheme.c_str(), url::SCHEME_WITHOUT_PORT);
}
std::vector<std::string> standard_schemes_list =
ParseSchemesCLISwitch(switches::kStandardSchemes);
for (const std::string& scheme : standard_schemes_list)
url::AddStandardScheme(scheme.c_str(), url::SCHEME_WITHOUT_PORT);
}

AtomRendererClient::~AtomRendererClient() {
Expand Down Expand Up @@ -182,6 +184,13 @@ void AtomRendererClient::RenderFrameCreated(
// Allow file scheme to handle service worker by default.
// FIXME(zcbenz): Can this be moved elsewhere?
blink::WebSecurityPolicy::registerURLSchemeAsAllowingServiceWorkers("file");

// Parse --secure-schemes=scheme1,scheme2
std::vector<std::string> secure_schemes_list =
ParseSchemesCLISwitch(switches::kSecureSchemes);
for (const std::string& secure_scheme : secure_schemes_list)
blink::WebSecurityPolicy::registerURLSchemeAsSecure(
blink::WebString::fromUTF8(secure_scheme));
}

void AtomRendererClient::RenderViewCreated(content::RenderView* render_view) {
Expand Down
10 changes: 10 additions & 0 deletions docs/tutorial/planned-breaking-changes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,16 @@ webContents.setVisualZoomLevelLimits(1, 2)
webFrame.setZoomLevelLimits(1, 2)
// Replace with
webFrame.setVisualZoomLevelLimits(1, 2)

// Deprecated
webFrame.registerURLSchemeAsSecure('app')
// Replace with
protocol.registerStandardSchemes(['app'], {secure: true})

// Deprecated
webFrame.registerURLSchemeAsPrivileged('app', {secure: true})
// Replace with
protocol.registerStandardSchemes(['app'], {secure: true})
```

## `<webview>`
Expand Down
14 changes: 14 additions & 0 deletions spec/api-protocol-spec.js
View file
Open in desktop
E377
Original file line number Diff line number Diff line change
Expand Up @@ -985,5 +985,19 @@ describe('protocol module', function () {
ipcMain.once('file-system-error', (event, err) => done(err))
ipcMain.once('file-system-write-end', () => done())
})

it('registers secure, when {secure: true}', function (done) {
// the CacheStorage API will only work if secure == true
let filePath = path.join(__dirname, 'fixtures', 'pages', 'cache-storage.html')
const handler = function (request, callback) {
callback({path: filePath})
}
ipcMain.once('success', () => done())
ipcMain.once('failure', (event, err) => done(err))
protocol.registerFileProtocol(standardScheme, handler, function (error) {
if (error) return done(error)
w.loadURL(origin)
})
})
})
})
7 changes: 7 additions & 0 deletions spec/fixtures/pages/cache-storage.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<script>
const ipcRenderer = require('electron').ipcRenderer;
caches.open('foo').then(
() => ipcRenderer.send('success'),
err => ipcRenderer.send('failure', err)
)
</script>
2 changes: 1 addition & 1 deletion spec/static/main.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ if (global.isCi) {

// Register app as standard scheme.
global.standardScheme = 'app'
protocol.registerStandardSchemes([global.standardScheme])
protocol.registerStandardSchemes([global.standardScheme], { secure: true })

app.on('window-all-closed', function () {
app.quit()
Expand Down
0