Bug 1354577 - require ServiceWorkerContainer.register() to only accept JavaScript MIME types r=edenchuang
authorPerry Jiang <perry@mozilla.com>
Mon, 29 Oct 2018 15:09:40 +0000
changeset 443381 73b6c58850206414f5921ab974106e88802725fc
parent 443380 b8c47a4bef9402b0d5044477979549c6e47dccf0
child 443382 82c8a3aae99cb0207639b1850b2ef46625a60ace
push id71940
push userrgurzau@mozilla.com
push dateMon, 29 Oct 2018 20:40:22 +0000
treeherderautoland@73b6c5885020 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersedenchuang
bugs1354577
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1354577 - require ServiceWorkerContainer.register() to only accept JavaScript MIME types r=edenchuang - Change "ServiceWorkerRegisterMimeTypeError" to "ServiceWorkerRegisterMimeTypeError2" to account for more acceptable MIME types Differential Revision: https://phabricator.services.mozilla.com/D6416
dom/locales/en-US/chrome/dom/dom.properties
dom/serviceworkers/ServiceWorkerScriptCache.cpp
dom/serviceworkers/test/test_error_reporting.html
testing/web-platform/meta/service-workers/service-worker/registration-mime-types.https.html.ini
--- a/dom/locales/en-US/chrome/dom/dom.properties
+++ b/dom/locales/en-US/chrome/dom/dom.properties
@@ -218,17 +218,17 @@ InterceptionRejectedResponseWithURL=Failed to load ‘%1$S’. A ServiceWorker passed a promise to FetchEvent.respondWith() that rejected with ‘%2$S’.
 InterceptedNonResponseWithURL=Failed to load ‘%1$S’. A ServiceWorker passed a promise to FetchEvent.respondWith() that resolved with non-Response value ‘%2$S’.
 # LOCALIZATION NOTE: Do not translate "mozImageSmoothingEnabled", or "imageSmoothingEnabled"
 PrefixedImageSmoothingEnabledWarning=Use of mozImageSmoothingEnabled is deprecated. Please use the unprefixed imageSmoothingEnabled property instead.
 # LOCALIZATION NOTE: Do not translate "ServiceWorker", "Service-Worker-Allowed" or "HTTP". %1$S and %2$S are URLs.
 ServiceWorkerScopePathMismatch=Failed to register a ServiceWorker: The path of the provided scope ‘%1$S’ is not under the max scope allowed ‘%2$S’. Adjust the scope, move the Service Worker script, or use the Service-Worker-Allowed HTTP header to allow the scope.
 # LOCALIZATION NOTE: Do not translate "ServiceWorker". %1$S is a URL representing the scope of the ServiceWorker, %2$S is a stringified numeric HTTP status code like "404" and %3$S is a URL.
 ServiceWorkerRegisterNetworkError=Failed to register/update a ServiceWorker for scope ‘%1$S’: Load failed with status %2$S for script ‘%3$S’.
 # LOCALIZATION NOTE: Do not translate "ServiceWorker". %1$S is a URL representing the scope of the ServiceWorker, %2$S is a MIME Media Type like "text/plain" and %3$S is a URL.
-ServiceWorkerRegisterMimeTypeError=Failed to register/update a ServiceWorker for scope ‘%1$S’: Bad Content-Type of ‘%2$S’ received for script ‘%3$S’.  Must be ‘text/javascript’, ‘application/x-javascript’, or ‘application/javascript’.
+ServiceWorkerRegisterMimeTypeError2=Failed to register/update a ServiceWorker for scope ‘%1$S’: Bad Content-Type of ‘%2$S’ received for script ‘%3$S’.  Must be a JavaScript MIME type.
 # LOCALIZATION NOTE: Do not translate "ServiceWorker". %S is a URL representing the scope of the ServiceWorker.
 ServiceWorkerRegisterStorageError=Failed to register/update a ServiceWorker for scope ‘%S’: Storage access is restricted in this context due to user settings or private browsing mode.
 ServiceWorkerGetRegistrationStorageError=Failed to get service worker registration(s): Storage access is restricted in this context due to user settings or private browsing mode.
 ServiceWorkerGetClientStorageError=Failed to get service worker’s client(s): Storage access is restricted in this context due to user settings or private browsing mode.
 # LOCALIZATION NOTE: Do not translate "ServiceWorker" and "postMessage". %S is a URL representing the scope of the ServiceWorker.
 ServiceWorkerPostMessageStorageError=The ServiceWorker for scope ‘%S’ failed to execute ‘postMessage‘ because storage access is restricted in this context due to user settings or private browsing mode.
 # LOCALIZATION NOTE: Do not translate "ServiceWorker". %1$S is a URL representing the scope of the ServiceWorker.
 ServiceWorkerGraceTimeoutTermination=Terminating ServiceWorker for scope ‘%1$S’ with pending waitUntil/respondWith promises because of grace timeout.
--- a/dom/serviceworkers/ServiceWorkerScriptCache.cpp
+++ b/dom/serviceworkers/ServiceWorkerScriptCache.cpp
@@ -1026,21 +1026,20 @@ CompareNetwork::OnStreamComplete(nsIStre
     // We should only end up here if !mResponseHead in the channel.  If headers
     // were received but no content type was specified, we'll be given
     // UNKNOWN_CONTENT_TYPE "application/x-unknown-content-type" and so fall
     // into the next case with its better error message.
     rv = NS_ERROR_DOM_SECURITY_ERR;
     return rv;
   }
 
-  if (!mimeType.LowerCaseEqualsLiteral("text/javascript") &&
-      !mimeType.LowerCaseEqualsLiteral("application/x-javascript") &&
-      !mimeType.LowerCaseEqualsLiteral("application/javascript")) {
+  if (mimeType.IsEmpty() ||
+      !nsContentUtils::IsJavascriptMIMEType(NS_ConvertUTF8toUTF16(mimeType))) {
     ServiceWorkerManager::LocalizeAndReportToAllClients(
-      mRegistration->Scope(), "ServiceWorkerRegisterMimeTypeError",
+      mRegistration->Scope(), "ServiceWorkerRegisterMimeTypeError2",
       nsTArray<nsString> { NS_ConvertUTF8toUTF16(mRegistration->Scope()),
         NS_ConvertUTF8toUTF16(mimeType), mURL });
     rv = NS_ERROR_DOM_SECURITY_ERR;
     return rv;
   }
 
   nsCOMPtr<nsIURI> channelURL;
   rv = httpChannel->GetURI(getter_AddRefs(channelURL));
--- a/dom/serviceworkers/test/test_error_reporting.html
+++ b/dom/serviceworkers/test/test_error_reporting.html
@@ -54,17 +54,17 @@ add_task(async function register_404() {
 });
 
 /**
  * Ensure an error is logged when the service worker is being served with a
  * MIME type of text/plain rather than a JS type.
  */
 add_task(async function register_bad_mime_type() {
   let expectedMessage = expect_console_message(
-    "ServiceWorkerRegisterMimeTypeError",
+    "ServiceWorkerRegisterMimeTypeError2",
     [make_absolute_url("bad_mime_type/"), "text/plain",
      make_absolute_url("sw_bad_mime_type.js")]);
 
   // consume the expected rejection so it doesn't get thrown at us.
   await navigator.serviceWorker.register("sw_bad_mime_type.js", { scope: "bad_mime_type/" })
     .then(
       () => { ok(false, "should have rejected"); },
       (e) => { ok(e.name === "SecurityError", "bad MIME type failed as expected"); });
--- a/testing/web-platform/meta/service-workers/service-worker/registration-mime-types.https.html.ini
+++ b/testing/web-platform/meta/service-workers/service-worker/registration-mime-types.https.html.ini
@@ -1,46 +1,6 @@
 [registration-mime-types.https.html]
   [Registering script that imports script with no MIME type]
     expected: FAIL
 
   [Registering script that imports script with bad MIME type]
     expected: FAIL
-
-  [Registering script with good MIME type application/ecmascript]
-    expected: FAIL
-
-  [Registering script with good MIME type application/x-ecmascript]
-    expected: FAIL
-
-  [Registering script with good MIME type text/ecmascript]
-    expected: FAIL
-
-  [Registering script with good MIME type text/javascript1.0]
-    expected: FAIL
-
-  [Registering script with good MIME type text/javascript1.1]
-    expected: FAIL
-
-  [Registering script with good MIME type text/javascript1.2]
-    expected: FAIL
-
-  [Registering script with good MIME type text/javascript1.3]
-    expected: FAIL
-
-  [Registering script with good MIME type text/javascript1.4]
-    expected: FAIL
-
-  [Registering script with good MIME type text/javascript1.5]
-    expected: FAIL
-
-  [Registering script with good MIME type text/jscript]
-    expected: FAIL
-
-  [Registering script with good MIME type text/livescript]
-    expected: FAIL
-
-  [Registering script with good MIME type text/x-ecmascript]
-    expected: FAIL
-
-  [Registering script with good MIME type text/x-javascript]
-    expected: FAIL
-