From 2e8c178a033f39ed2f2ed6a1ea0f6674e83c01f8 Mon Sep 17 00:00:00 2001 From: Braydn Date: Thu, 4 Jul 2024 11:06:54 -0400 Subject: [PATCH] LibWeb: Add Web Worker Origin Inheritance Fetch requests from web workers fail CORS checks because the origin is not inherited from the outside settings. Ensure web worker origin is correctly inherited from outside settings (cherry picked from commit 24adb1c4526fe29bbc332780272251be1635cf05) --- .../Scripting/WorkerEnvironmentSettingsObject.cpp | 15 ++++++++++++--- .../Scripting/WorkerEnvironmentSettingsObject.h | 2 +- .../Services/WebWorker/DedicatedWorkerHost.cpp | 6 +++++- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/Userland/Libraries/LibWeb/HTML/Scripting/WorkerEnvironmentSettingsObject.cpp b/Userland/Libraries/LibWeb/HTML/Scripting/WorkerEnvironmentSettingsObject.cpp index 622be8098f..b92f3720fa 100644 --- a/Userland/Libraries/LibWeb/HTML/Scripting/WorkerEnvironmentSettingsObject.cpp +++ b/Userland/Libraries/LibWeb/HTML/Scripting/WorkerEnvironmentSettingsObject.cpp @@ -7,15 +7,20 @@ #include #include +#include +#include namespace Web::HTML { JS_DEFINE_ALLOCATOR(WorkerEnvironmentSettingsObject); // https://html.spec.whatwg.org/multipage/workers.html#set-up-a-worker-environment-settings-object -JS::NonnullGCPtr WorkerEnvironmentSettingsObject::setup(JS::NonnullGCPtr page, NonnullOwnPtr execution_context /* FIXME: null or an environment reservedEnvironment, a URL topLevelCreationURL, and an origin topLevelOrigin */) +JS::NonnullGCPtr WorkerEnvironmentSettingsObject::setup(JS::NonnullGCPtr page, NonnullOwnPtr execution_context, SerializedEnvironmentSettingsObject const& outside_settings, HighResolutionTime::DOMHighResTimeStamp unsafe_worker_creation_time) { - // 1. FIXME: Let inherited origin be outside settings's origin. + (void)unsafe_worker_creation_time; + + // 1. Let inherited origin be outside settings's origin. + auto inherited_origin = outside_settings.origin; // 2. Let realm be the value of execution context's Realm component. auto realm = execution_context->realm; @@ -28,9 +33,13 @@ JS::NonnullGCPtr WorkerEnvironmentSettingsObjec // NOTE: See the functions defined for this class. auto settings_object = realm->heap().allocate(*realm, move(execution_context), worker); settings_object->target_browsing_context = nullptr; + settings_object->m_origin = move(inherited_origin); // FIXME: 5. Set settings object's id to a new unique opaque string, creation URL to worker global scope's url, top-level creation URL to null, target browsing context to null, and active service worker to null. - // FIXME: 6. If worker global scope is a DedicatedWorkerGlobalScope object, then set settings object's top-level origin to outside settings's top-level origin. + // 6. If worker global scope is a DedicatedWorkerGlobalScope object, then set settings object's top-level origin to outside settings's top-level origin. + if (is(worker)) { + settings_object->top_level_origin = outside_settings.top_level_origin; + } // FIXME: 7. Otherwise, set settings object's top-level origin to an implementation-defined value. // 8. Set realm's [[HostDefined]] field to settings object. diff --git a/Userland/Libraries/LibWeb/HTML/Scripting/WorkerEnvironmentSettingsObject.h b/Userland/Libraries/LibWeb/HTML/Scripting/WorkerEnvironmentSettingsObject.h index b01af2f73d..169fcf8f62 100644 --- a/Userland/Libraries/LibWeb/HTML/Scripting/WorkerEnvironmentSettingsObject.h +++ b/Userland/Libraries/LibWeb/HTML/Scripting/WorkerEnvironmentSettingsObject.h @@ -24,7 +24,7 @@ public: { } - static JS::NonnullGCPtr setup(JS::NonnullGCPtr page, NonnullOwnPtr execution_context /* FIXME: null or an environment reservedEnvironment, a URL topLevelCreationURL, and an origin topLevelOrigin */); + static JS::NonnullGCPtr setup(JS::NonnullGCPtr page, NonnullOwnPtr execution_context, SerializedEnvironmentSettingsObject const& outside_settings, HighResolutionTime::DOMHighResTimeStamp unsafe_worker_creation_time); virtual ~WorkerEnvironmentSettingsObject() override = default; diff --git a/Userland/Services/WebWorker/DedicatedWorkerHost.cpp b/Userland/Services/WebWorker/DedicatedWorkerHost.cpp index ed0355b7d8..13fcaf2232 100644 --- a/Userland/Services/WebWorker/DedicatedWorkerHost.cpp +++ b/Userland/Services/WebWorker/DedicatedWorkerHost.cpp @@ -15,6 +15,7 @@ #include #include #include +#include #include #include @@ -35,6 +36,9 @@ void DedicatedWorkerHost::run(JS::NonnullGCPtr page, Web::HTML::Trans { bool const is_shared = false; + // 3. Let unsafeWorkerCreationTime be the unsafe shared current time. + auto unsafe_worker_creation_time = Web::HighResolutionTime::unsafe_shared_current_time(); + // 7. Let realm execution context be the result of creating a new JavaScript realm given agent and the following customizations: auto realm_execution_context = Web::Bindings::create_a_new_javascript_realm( Web::Bindings::main_thread_vm(), @@ -54,7 +58,7 @@ void DedicatedWorkerHost::run(JS::NonnullGCPtr page, Web::HTML::Trans // 9. Set up a worker environment settings object with realm execution context, // outside settings, and unsafeWorkerCreationTime, and let inside settings be the result. - auto inner_settings = Web::HTML::WorkerEnvironmentSettingsObject::setup(page, move(realm_execution_context)); + auto inner_settings = Web::HTML::WorkerEnvironmentSettingsObject::setup(page, move(realm_execution_context), outside_settings_snapshot, unsafe_worker_creation_time); auto& console_object = *inner_settings->realm().intrinsics().console_object(); m_console = console_object.heap().allocate_without_realm(console_object.console());