From f5ed97de88da7f6ea87e59ef5b509af3fa530bcb Mon Sep 17 00:00:00 2001 From: Yutaka Hirano Date: Wed, 1 Sep 2021 20:31:17 +0900 Subject: [PATCH 1/2] Set correct embedder policy and cross-origin isolation mode - Set the correct embedder policy to the service worker and its global. - Set the correct cross-origin isolation mode to the agent cluster. --- docs/index.bs | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/index.bs b/docs/index.bs index 9e1f5ee4..dd860084 100644 --- a/docs/index.bs +++ b/docs/index.bs @@ -185,6 +185,8 @@ spec: rfc7231; urlPrefix: https://tools.ietf.org/html/rfc7231 A [=/service worker=] has an associated start status which can be null or a [=Completion=]. It is initially null. + A [=/service worker=] has an associated embedder policy which is an [=/embedder policy=]. + A [=/service worker=] is said to be running if its [=event loop=] is running.
@@ -2621,6 +2623,7 @@ spec: rfc7231; urlPrefix: https://tools.ietf.org/html/rfc7231 1. Invoke [=Reject Job Promise=] with |job| and `TypeError`. 1. Invoke Finish Job with |job| and abort these steps. 1. Let |referrerPolicy| be the empty string. + 1. Let |embedderPolicy| be an [=embedder policy=]. 1. Let |hasUpdatedResources| be false. 1. Let |updatedResourceMap| be an [=ordered map=] where the [=map/keys=] are [=/URLs=] and the [=map/values=] are [=/responses=]. 1. Switching on |job|'s [=worker type=], run these substeps with the following options: @@ -2679,11 +2682,13 @@ spec: rfc7231; urlPrefix: https://tools.ietf.org/html/rfc7231 1. Asynchronously complete these steps with a network error. 1. Let |url| be |request|'s [=request/url=]. 1. Set |updatedResourceMap|[|url|] to |response|. + 1. Set |embedderPolicy| to the result of [=obtaining an embedder policy=] from |response| and |request|'s |client|. 1. If |response|'s [=response/cache state=] is not "`local`", set |registration|'s [=last update check time=] to the current time. 1. Set |hasUpdatedResources| to true if any of the following are true: * |newestWorker| is null. * |newestWorker|'s [=service worker/script url=] is not |url| or |newestWorker|'s [=service worker/type=] is not |job|'s [=worker type=]. * |newestWorker|'s [=script resource map=][|url|]'s [=response/body=] is not byte-for-byte identical with |response|'s [=response/body=]. + * |newestWorker|'s [=service worker/embedder policy=] does not equal to |embedderPolicy|. 1. If |hasUpdatedResources| is false and |newestWorker|'s [=classic scripts imported flag=] is set, then: Note: The following checks to see if an imported script has been updated, since the main script has not changed. @@ -2722,7 +2727,7 @@ spec: rfc7231; urlPrefix: https://tools.ietf.org/html/rfc7231 1. Invoke [=Resolve Job Promise=] with |job| and |registration|. 1. Invoke [=Finish Job=] with |job| and abort these steps. 1. Let |worker| be a new [=/service worker=]. - 1. Set |worker|'s [=service worker/script url=] to |job|'s [=job/script url=], |worker|'s [=script resource=] to |script|, |worker|'s [=service worker/type=] to |job|'s [=worker type=], and |worker|'s [=script resource map=] to |updatedResourceMap|. + 1. Set |worker|'s [=service worker/script url=] to |job|'s [=job/script url=], |worker|'s [=script resource=] to |script|, |worker|'s [=service worker/type=] to |job|'s [=worker type=], |worker|'s [=script resource map=] to |updatedResourceMap|, and |worker|'s [=service worker/embedder policy=] to |embedderPolicy|. 1. Append |url| to |worker|'s [=set of used scripts=]. 1. Set |worker|'s script resource's [=script resource/policy container=] to |policyContainer|. 1. Let |forceBypassCache| be true if |job|'s [=job/force bypass cache flag=] is set, and false otherwise. @@ -2901,7 +2906,9 @@ spec: rfc7231; urlPrefix: https://tools.ietf.org/html/rfc7231 1. Let |script| be |serviceWorker|'s [=service worker/script resource=]. 1. Assert: |script| is not null. 1. Let |startFailed| be false. - 1. Let |agent| be the result of [=obtain a service worker agent|obtaining a service worker agent=], and run the following steps in that context: + 1. Let |agent| be the result of [=obtain a service worker agent|obtaining a service worker agent=]. + 1. If |serviceWorker|'s [=service worker/embedder policy=]'s [=embedder policy/value=] is `"require-corp"`, set |agent|'s agent cluster's [=agent cluster/cross-origin isolation mode=] to `"logical"` or `"concrete"`. The one chosen is [=implementation-defined=]. + 1. Run the following steps in |agent|: 1. Let |realmExecutionContext| be the result of [=create a new JavaScript realm|creating a new JavaScript realm=] given |agent| and the following customizations: * For the global object, create a new {{ServiceWorkerGlobalScope}} object. Let |workerGlobalScope| be the created object. 1. Set |serviceWorker|'s [=service worker/global object=] to |workerGlobalScope|. @@ -2924,6 +2931,8 @@ spec: rfc7231; urlPrefix: https://tools.ietf.org/html/rfc7231 1. Set |workerGlobalScope|'s [=WorkerGlobalScope/url=] to |serviceWorker|'s [=service worker/script url=]. 1. Set |workerGlobalScope|'s [=WorkerGlobalScope/policy container=] to |serviceWorker|'s script resource's [=script resource/policy container=]. 1. Set |workerGlobalScope|'s [=WorkerGlobalScope/type=] to |serviceWorker|'s [=service worker/type=]. + 1. Set |workerGlobalScope|'s [=WorkerGlobalScope/embedder policy=] to |serviceWorker|'s [=service worker/embedder policy=]. + 1. Set |workerGlobalScope|'s [=WorkerGlobalScope/cross-origin isolated capability=] to true if |agent|'s agent cluster's [=agent cluster/cross-origin isolation mode=] is `"concrete"`. 1. Set |workerGlobalScope|'s [=ServiceWorkerGlobalScope/force bypass cache for import scripts flag=] if |forceBypassCache| is true. 1. Create a new {{WorkerLocation}} object and associate it with |workerGlobalScope|. 1. If the run CSP initialization for a global object algorithm returns "Blocked" when executed upon |workerGlobalScope|, set |startFailed| to true and abort these steps. From bc538d4d50efb33c507105e7961a79746bfebfb5 Mon Sep 17 00:00:00 2001 From: Yutaka Hirano Date: Wed, 1 Sep 2021 20:37:44 +0900 Subject: [PATCH 2/2] fix --- docs/index.bs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/index.bs b/docs/index.bs index dd860084..2e58b145 100644 --- a/docs/index.bs +++ b/docs/index.bs @@ -2906,9 +2906,7 @@ spec: rfc7231; urlPrefix: https://tools.ietf.org/html/rfc7231 1. Let |script| be |serviceWorker|'s [=service worker/script resource=]. 1. Assert: |script| is not null. 1. Let |startFailed| be false. - 1. Let |agent| be the result of [=obtain a service worker agent|obtaining a service worker agent=]. - 1. If |serviceWorker|'s [=service worker/embedder policy=]'s [=embedder policy/value=] is `"require-corp"`, set |agent|'s agent cluster's [=agent cluster/cross-origin isolation mode=] to `"logical"` or `"concrete"`. The one chosen is [=implementation-defined=]. - 1. Run the following steps in |agent|: + 1. Let |agent| be the result of [=obtain a service worker agent|obtaining a service worker agent=] with |serviceWorker|'s [=service worker/embedder policy=], and run the following steps in that context: 1. Let |realmExecutionContext| be the result of [=create a new JavaScript realm|creating a new JavaScript realm=] given |agent| and the following customizations: * For the global object, create a new {{ServiceWorkerGlobalScope}} object. Let |workerGlobalScope| be the created object. 1. Set |serviceWorker|'s [=service worker/global object=] to |workerGlobalScope|.