[Connection-Allowlist] Dedicated workers local and network based [chromium/src : main]
0 views
Skip to first unread message
Shivani Sharma (Gerrit)
Feb 5, 2026, 4:18:22 PMFeb 5
to Yoshisato Yanagisawa, Mike West, Andrew Verge, Chromium LUCI CQ, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Attention needed from Mike West, Shivani Sharma and Yoshisato Yanagisawa
Shivani Sharma voted Commit-Queue+1![]( "Open in Gerrit")
| Commit-Queue | +1 |
Related details
Attention is currently required from:
- Mike West
- Shivani Sharma
- Yoshisato Yanagisawa
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Yoshisato Yanagisawa (Gerrit)
Feb 9, 2026, 4:28:42 AMFeb 9
to Shivani Sharma, Wang, Wei4, Arnaud Mandy, Kenneth R Christiansen, Mike West, Andrew Verge, Chromium LUCI CQ, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Attention needed from Mike West and Shivani Sharma
Yoshisato Yanagisawa voted and added 9 comments![]( "Open in Gerrit")
Votes added by Yoshisato Yanagisawa
| Code-Review | +1 |
9 comments
Patchset-level comments
Commit Message
Line 7, Patchset 10 (Latest):
[Connection-Allowlist] Dedicated workers local and network basedYoshisato Yanagisawa . unresolved
nit but will you format the CL description?
Text wrapping is usually not aligned with the "markdown" you add, and I have a bit difficulty on reading the description smoothly.
File content/browser/compute_pressure/pressure_service_for_worker_unittest.cc
Line 152, Patchset 10 (Latest):
/*creator_coep_reporter=*/nullptr, std::nullopt,Yoshisato Yanagisawa . unresolved
nit but /* network_restrictions_id= */?
File content/browser/worker_host/dedicated_worker_host_factory_impl.h
Line 47, Patchset 10 (Latest):
const PolicyContainerPolicies& creator_policies,Yoshisato Yanagisawa . unresolved
I just have wondered why `creator_policies` are always set while `creator_network_restriction_id` is optional. What is the case `creator_network_restriction_id` will be be `std::nullopt`?
File content/browser/worker_host/dedicated_worker_service_impl_unittest.cc
Line 60, Patchset 10 (Latest):
std::nullopt),Yoshisato Yanagisawa . unresolved
nit `/*network_restrictions_id=*/`
File content/browser/worker_host/network_restrictions_worker_throttle.cc
Line 47, Patchset 10 (Latest):
policies.connection_allowlists =Yoshisato Yanagisawa . unresolved
For the non-local scheme, we use the policy coming from the network, and we ignores creator's, right?
File content/browser/worker_host/shared_worker_service_impl.cc
Line 448, Patchset 10 (Latest):
/*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,Yoshisato Yanagisawa . unresolved
creator and worker?
File content/browser/worker_host/worker_script_fetcher.cc
Line 176, Patchset 10 (Latest):
} else {Yoshisato Yanagisawa . unresolved
It respects the response header's connection allowlist for non-local schemes, right?
File third_party/blink/web_tests/external/wpt/connection-allowlist/tentative/dedicated-worker.sub.window.js
Line 81, Patchset 10 (Latest):
t.step_timeout(() => resolve(SUCCESS), 1000);Yoshisato Yanagisawa . unresolved
Does this assume that the expectation should be FAILURE for this time?
Related details
Attention is currently required from:
- Mike West
- Shivani Sharma
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Shivani Sharma (Gerrit)
Feb 9, 2026, 7:03:18 PMFeb 9
to Yoshisato Yanagisawa, Wang, Wei4, Arnaud Mandy, Kenneth R Christiansen, Mike West, Andrew Verge, Chromium LUCI CQ, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Attention needed from Mike West
Shivani Sharma added 9 comments![]( "Open in Gerrit")
Patchset-level comments
Commit Message
Line 7, Patchset 10:
[Connection-Allowlist] Dedicated workers local and network basedYoshisato Yanagisawa . resolved
nit but will you format the CL description?
Text wrapping is usually not aligned with the "markdown" you add, and I have a bit difficulty on reading the description smoothly.
Shivani Sharma
Done
File content/browser/compute_pressure/pressure_service_for_worker_unittest.cc
Line 152, Patchset 10:
/*creator_coep_reporter=*/nullptr, std::nullopt,Yoshisato Yanagisawa . resolved
nit but /* network_restrictions_id= */?
Shivani Sharma
Done
File content/browser/worker_host/dedicated_worker_host_factory_impl.h
Line 47, Patchset 10:
const PolicyContainerPolicies& creator_policies,Yoshisato Yanagisawa . resolved
I just have wondered why `creator_policies` are always set while `creator_network_restriction_id` is optional. What is the case `creator_network_restriction_id` will be be `std::nullopt`?
Shivani Sharma
The creator RenderFrameHost does not always have a network restrictions id, see https://source.chromium.org/chromium/chromium/src/+/main:content/browser/renderer_host/network_restrictions_navigation_throttle.cc;l=40 for conditions where it is not created (feature is disabled or it is a fenced frame)
File content/browser/worker_host/dedicated_worker_service_impl_unittest.cc
Line 60, Patchset 10:
std::nullopt),Yoshisato Yanagisawa . resolved
Shivani Sharmanit `/*network_restrictions_id=*/`
Done
File content/browser/worker_host/network_restrictions_worker_throttle.cc
For the non-local scheme, we use the policy coming from the network, and we ignores creator's, right?
Shivani Sharma
That's correct
File content/browser/worker_host/shared_worker_service_impl.cc
Line 448, Patchset 10:
/*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,Yoshisato Yanagisawa . resolved
Shivani Sharmacreator and worker?
Done
File content/browser/worker_host/worker_script_fetcher.cc
It respects the response header's connection allowlist for non-local schemes, right?
Shivani Sharma
That's right
File third_party/blink/web_tests/external/wpt/connection-allowlist/tentative/dedicated-worker.sub.window.js
Does this assume that the expectation should be FAILURE for this time?
Shivani Sharma
that's right, from line 99
Related details
Attention is currently required from:
- Mike West
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Mike West (Gerrit)
Feb 10, 2026, 5:19:37 AMFeb 10
to Shivani Sharma, Yoshisato Yanagisawa, Wang, Wei4, Arnaud Mandy, Kenneth R Christiansen, Andrew Verge, Chromium LUCI CQ, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Attention needed from Shivani Sharma
Mike West voted and added 5 comments![]( "Open in Gerrit")
Votes added by Mike West
| Code-Review | +1 |
5 comments
Patchset-level comments
Mike West . resolved
LGTM % some nits. I have a CL in flight to add reporting, but I think I'll wait for this to land first so I can pass the reporting group in along with the worker-based network restrictions.
File third_party/blink/web_tests/external/wpt/connection-allowlist/tentative/dedicated-worker.sub.window.js
Line 40, Patchset 11 (Parent):
assert_true(msgEvent.data.success, `Fetch to ${origin} currently succeeds but should be blocked.`);Mike West . resolved
Nit for next time: rather than landing incorrect test expectations, I'd recommend landing tests in the shared WPT respository that verify the behavior you want, alongside `-expectation.txt` files that accept the behavior we have while we're working on things. :)
Line 64, Patchset 11 (Latest):
assert_false(expectation, "Worker constructor threw unexpectedly");Mike West . unresolved
Nit: It's a little confusing to call this `false` here, and `SUCCESS` below. I'd suggest shifting this to `assert_equals` instead to make the comparison clear.
Line 81, Patchset 11 (Latest):
t.step_timeout(() => resolve(SUCCESS), 1000);Mike West . unresolved
I'm confused about resolving this as `SUCCESS`, or resolving it at all, really. It seems like it might hide errors. Why not just let the test itself time out if something unexpected happens?
Line 113, Patchset 11 (Latest):
worker.onerror = (e) => resolve({ data: { success: false, error: "Worker Error" } });Mike West . unresolved
Semantically, I'd suggest you could reject here (and on #72 above), but that would likely require rewriting some additional tests for consistency. Perhaps doing that in a future CL would be reasonable?
Related details
Attention is currently required from:
- Shivani Sharma
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Shivani Sharma (Gerrit)
Feb 10, 2026, 6:29:49 PMFeb 10
to Mike West, Yoshisato Yanagisawa, Wang, Wei4, Arnaud Mandy, Kenneth R Christiansen, Andrew Verge, Chromium LUCI CQ, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Shivani Sharma added 5 comments![]( "Open in Gerrit")
Patchset-level comments
Shivani Sharma . resolved
Thanks!
File third_party/blink/web_tests/external/wpt/connection-allowlist/tentative/dedicated-worker.sub.window.js
Line 40, Patchset 11 (Parent):
assert_true(msgEvent.data.success, `Fetch to ${origin} currently succeeds but should be blocked.`);Mike West . resolved
Nit for next time: rather than landing incorrect test expectations, I'd recommend landing tests in the shared WPT respository that verify the behavior you want, alongside `-expectation.txt` files that accept the behavior we have while we're working on things. :)
Shivani Sharma
Ack, thanks!
Line 64, Patchset 11:
assert_false(expectation, "Worker constructor threw unexpectedly");Mike West . resolved
Nit: It's a little confusing to call this `false` here, and `SUCCESS` below. I'd suggest shifting this to `assert_equals` instead to make the comparison clear.
Shivani Sharma
Done
I'm confused about resolving this as `SUCCESS`, or resolving it at all, really. It seems like it might hide errors. Why not just let the test itself time out if something unexpected happens?
Shivani Sharma
Agree this is confusing. Removed it
Line 113, Patchset 11:
worker.onerror = (e) => resolve({ data: { success: false, error: "Worker Error" } });Mike West . resolved
Semantically, I'd suggest you could reject here (and on #72 above), but that would likely require rewriting some additional tests for consistency. Perhaps doing that in a future CL would be reasonable?
Shivani Sharma
ack, I'll create a follow up with the reject option.
Related details
Attention set is empty
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Shivani Sharma (Gerrit)
Feb 11, 2026, 9:40:07 AMFeb 11
to Arthur Sonzogni, Mike West, Yoshisato Yanagisawa, Wang, Wei4, Arnaud Mandy, Kenneth R Christiansen, Andrew Verge, Chromium LUCI CQ, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Attention needed from Arthur Sonzogni
Shivani Sharma added 1 comment![]( "Open in Gerrit")
Patchset-level comments
Shivani Sharma . resolved
arthursonzogni@ PTAL for owner's approval of the following, thanks!
content/browser/compute_pressure/pressure_service_for_worker_unittest.cc
content/browser/devtools/service_worker_devtools_agent_host.cc
content/browser/renderer_host/render_frame_host_impl.cc
content/browser/url_loader_factory_params_helper.cc
content/browser/url_loader_factory_params_helper.h
Related details
Attention is currently required from:
- Arthur Sonzogni
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Arthur Sonzogni (Gerrit)
Feb 12, 2026, 4:42:47 AMFeb 12
to Shivani Sharma, Mike West, Yoshisato Yanagisawa, Wang, Wei4, Arnaud Mandy, Kenneth R Christiansen, Andrew Verge, Chromium LUCI CQ, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Attention needed from Shivani Sharma
Arthur Sonzogni voted and added 6 comments![]( "Open in Gerrit")
Votes added by Arthur Sonzogni
| Code-Review | +1 |
6 comments
Patchset-level comments
Arthur Sonzogni . resolved
Thanks!
LGTM with nits.
File content/browser/compute_pressure/pressure_service_for_worker_unittest.cc
Line 153, Patchset 12 (Latest):
/* network_restrictions_id= */ std::nullopt,Arthur Sonzogni . unresolved
nit: remove extra spaces.
File content/browser/devtools/service_worker_devtools_agent_host.cc
Line 450, Patchset 12 (Latest):
/*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,Arthur Sonzogni . unresolved
nit The format should be:
```
/*arg=*/value
```
This make clang tidy to check the `arg` matches the function argument name.
I don't understand what this TODO means. Could you move it above and add a proper line explaining what this TODO means?
File content/browser/service_worker/embedded_worker_instance.cc
Line 891, Patchset 12 (Latest):
std::move(client_security_state),
/*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,Arthur Sonzogni . unresolved
ditto
File content/browser/worker_host/shared_worker_host.cc
Line 536, Patchset 12 (Latest):
/*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,Arthur Sonzogni . unresolved
ditto
File content/browser/worker_host/shared_worker_service_impl.cc
Line 448, Patchset 12 (Latest):
/*TODO(crbug.com/447954811): worker_network_restrictions_id*/
std::nullopt,
/*TODO(crbug.com/447954811): creator_network_restrictions_id*/
std::nullopt, std::nullopt,Arthur Sonzogni . unresolved
ditto
Related details
Attention is currently required from:
- Shivani Sharma
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Shivani Sharma (Gerrit)
Feb 13, 2026, 9:49:14 AMFeb 13
to Arthur Sonzogni, Mike West, Yoshisato Yanagisawa, Wang, Wei4, Arnaud Mandy, Kenneth R Christiansen, Andrew Verge, Chromium LUCI CQ, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Shivani Sharma added 7 comments![]( "Open in Gerrit")
Patchset-level comments
File content/browser/compute_pressure/pressure_service_for_worker_unittest.cc
Line 153, Patchset 12:
/* network_restrictions_id= */ std::nullopt,Arthur Sonzogni . resolved
Shivani Sharmanit: remove extra spaces.
Done
File content/browser/devtools/service_worker_devtools_agent_host.cc
Line 450, Patchset 12:
/*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,Arthur Sonzogni . resolved
nit The format should be:
```
/*arg=*/value
```
This make clang tidy to check the `arg` matches the function argument name.I don't understand what this TODO means. Could you move it above and add a proper line explaining what this TODO means?
Shivani Sharma
Done
File content/browser/service_worker/embedded_worker_instance.cc
Line 891, Patchset 12:
std::move(client_security_state),
/*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,Arthur Sonzogni . resolved
Shivani Sharmaditto
Done
File content/browser/worker_host/shared_worker_host.cc
Line 536, Patchset 12:
/*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,Arthur Sonzogni . resolved
Shivani Sharmaditto
Done
File content/browser/worker_host/shared_worker_service_impl.cc
Line 448, Patchset 12:
/*TODO(crbug.com/447954811): worker_network_restrictions_id*/
std::nullopt,
/*TODO(crbug.com/447954811): creator_network_restrictions_id*/
std::nullopt, std::nullopt,Arthur Sonzogni . resolved
Shivani Sharmaditto
Done
File content/browser/worker_host/worker_script_fetcher.cc
Line 545, Patchset 14 (Latest):
*worker_network_restrictions_id, creator_policies->Clone())) {Shivani Sharma . resolved
Also made this change since creator_policies is being used further again in this function so std::move was incorrect to be used here.
Related details
Attention set is empty
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Shivani Sharma (Gerrit)
Feb 13, 2026, 11:07:40 AMFeb 13
to Arthur Sonzogni, Mike West, Yoshisato Yanagisawa, Wang, Wei4, Arnaud Mandy, Kenneth R Christiansen, Andrew Verge, Chromium LUCI CQ, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Shivani Sharma voted Commit-Queue+2![]( "Open in Gerrit")
| Commit-Queue | +2 |
Chromium LUCI CQ (Gerrit)
Feb 13, 2026, 11:21:03 AMFeb 13
to Shivani Sharma, Arthur Sonzogni, Mike West, Yoshisato Yanagisawa, Wang, Wei4, Arnaud Mandy, Kenneth R Christiansen, Andrew Verge, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Chromium LUCI CQ submitted the change with unreviewed changes![]( "Open in Gerrit")
Unreviewed changes
12 is the latest approved patch-set.
The change was submitted with unreviewed changes in the following files:
```
The name of the file: content/browser/service_worker/embedded_worker_instance.cc
Insertions: 3, Deletions: 1.
@@ -880,6 +880,8 @@
factory_type == ContentBrowserClient::URLLoaderFactoryType::
kServiceWorkerSubResource);
+ // TODO(crbug.com/447954811): Pass network_restrictions_id so script fetch
+ // can be restricted based on connection allowlist.
network::mojom::URLLoaderFactoryParamsPtr factory_params =
URLLoaderFactoryParamsHelper::CreateForWorker(
rph, origin, isolation_info, std::move(coep_reporter),
@@ -889,7 +891,7 @@
ToOriginatingProcess(rph->GetID()), origin),
NetworkServiceDevToolsObserver::MakeSelfOwned(devtools_worker_token),
std::move(client_security_state),
- /*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,
+ /*network_restrictions_id=*/std::nullopt,
"EmbeddedWorkerInstance::CreateFactoryBundle",
/*require_cross_site_request_for_cookies=*/false,
/*is_for_service_worker=*/true);
```
```
The name of the file: content/browser/worker_host/shared_worker_host.cc
Insertions: 4, Deletions: 1.
@@ -524,6 +524,9 @@
if (dip_reporter_) {
dip_reporter_->Clone(dip_reporter.InitWithNewPipeAndPassReceiver());
}
+
+ // TODO(crbug.com/447954811): Pass network_restrictions_id so script fetch
+ // can be restricted based on connection allowlist.
network::mojom::URLLoaderFactoryParamsPtr factory_params =
URLLoaderFactoryParamsHelper::CreateForWorker(
GetProcessHost(), origin, GetStorageKey().ToPartialNetIsolationInfo(),
@@ -533,7 +536,7 @@
ToOriginatingProcess(GetProcessHost()->GetID()), origin),
/*devtools_observer=*/mojo::NullRemote(),
mojo::Clone(worker_client_security_state_),
- /*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,
+ /*network_restrictions_id=*/std::nullopt,
/*debug_tag=*/
"SharedWorkerHost::CreateNetworkFactoryForSubresource",
instance_.DoesRequireCrossSiteRequestForCookies(),
```
```
The name of the file: content/browser/worker_host/worker_script_fetcher.cc
Insertions: 4, Deletions: 1.
@@ -169,6 +169,9 @@
// The load succeeded iff `main_script_load_params` is not nullptr.
if (main_script_load_params) {
+ // TODO(crbug.com/41478971): Pass the PolicyContainerPolicies. It can
+ // be built from the
+ // `main_script_load_params.response_head->parsed_headers`.
PolicyContainerPolicies policies;
if (final_response_url.SchemeIsLocal() && creator_policies) {
policies.connection_allowlists =
@@ -539,7 +542,7 @@
if (worker_network_restrictions_id && creator_policies) {
if (auto throttle = NetworkRestrictionsWorkerThrottle::Create(
factory_process->GetStoragePartition(),
- *worker_network_restrictions_id, std::move(*creator_policies))) {
+ *worker_network_restrictions_id, creator_policies->Clone())) {
throttles.push_back(std::move(throttle));
}
}
```
```
The name of the file: content/browser/compute_pressure/pressure_service_for_worker_unittest.cc
Insertions: 1, Deletions: 1.
@@ -150,7 +150,7 @@
rfh->BuildClientSecurityState(),
rfh->policy_container_host()->policies(),
/*creator_coep_reporter=*/nullptr,
- /* network_restrictions_id= */ std::nullopt,
+ /*network_restrictions_id=*/std::nullopt,
mojo::PendingReceiver<blink::mojom::DedicatedWorkerHost>(),
net::StorageAccessApiStatus::kNone);
mojo::Receiver<blink::mojom::BrowserInterfaceBroker>& bib =
```
```
The name of the file: content/browser/worker_host/shared_worker_service_impl.cc
Insertions: 6, Deletions: 4.
@@ -428,6 +428,10 @@
worker_origin == host->instance().storage_key().origin())
<< worker_origin << " and " << host->instance().storage_key().origin()
<< " should be the same.";
+
+ // TODO(crbug.com/447954811): Pass worker_network_restrictions_id and
+ // creator_network_restrictions_id so subresources and script fetch
+ // can be restricted based on connection allowlist.
WorkerScriptFetcher::CreateAndStart(
worker_process_host->GetDeprecatedID(), host->token(),
host->instance().url(), creator, &creator,
@@ -445,10 +449,8 @@
SharedWorkerDevToolsAgentHost::GetFor(host), host->GetDevToolsToken(),
host->instance().DoesRequireCrossSiteRequestForCookies(),
storage_access_api_status,
- /*TODO(crbug.com/447954811): worker_network_restrictions_id*/
- std::nullopt,
- /*TODO(crbug.com/447954811): creator_network_restrictions_id*/
- std::nullopt, std::nullopt,
+ /*worker_network_restrictions_id=*/std::nullopt,
+ /*creator_network_restrictions_id=*/std::nullopt, std::nullopt,
base::BindOnce(&SharedWorkerServiceImpl::StartWorker,
weak_factory_.GetWeakPtr(), weak_host, message_port,
std::move(cloned_outside_fetch_client_settings_object)));
```
```
The name of the file: content/browser/devtools/service_worker_devtools_agent_host.cc
Insertions: 3, Deletions: 1.
@@ -438,6 +438,8 @@
const auto* version = context_wrapper_->GetLiveVersion(version_id_);
// TODO(crbug.com/40190528): make sure client_security_state is no longer
// nullptr anywhere.
+ // TODO(crbug.com/447954811): Pass network_restrictions_id so script fetch
+ // can be restricted based on connection allowlist.
auto factory = URLLoaderFactoryParamsHelper::CreateForWorker(
rph, origin, version->key().ToPartialNetIsolationInfo(),
/*coep_reporter=*/mojo::NullRemote(),
@@ -447,7 +449,7 @@
ToOriginatingProcess(rph->GetID()), origin),
NetworkServiceDevToolsObserver::MakeSelfOwned(GetId()),
/*client_security_state=*/nullptr,
- /*TODO(crbug.com/447954811): network_restrictions_id*/ std::nullopt,
+ /*network_restrictions_id=*/std::nullopt,
/*debug_tag=*/"SWDTAH::CreateNetworkFactoryParamsForDevTools",
/*require_cross_site_request_for_cookies=*/false,
/*is_for_service_worker_=*/false);
```
Change information
Commit message:
[Connection-Allowlist] Dedicated workers local and network based
1. Updated `URLLoaderFactoryParamsHelper::CreateForWorker`: Added a
network_restrictions_id parameter to allow URLLoaderFactories created
for workers to be subject to network restrictions.
2. Inheritance in `DedicatedWorkerHost`:
- The DedicatedWorkerHost now accepts and stores a
creator_network_restrictions_id representing the restrictions of the
frame or worker that created it.
- creator_network_restrictions_id is passed to
WorkerScriptFetcher::CreateAndStart to ensure the initial fetch of the
worker's main script is subject to the restrictions of the creator.
- For nested workers, the parent worker passes its own network_restrictions_id_ as the creator_network_restrictions_id for the
nested worker.
3. Refined `WorkerScriptFetcher`:
- CreateAndStart and CreateScriptLoader now handle both a
worker_network_restrictions_id (to be used by the response throttle to
restrict the fetches from the worker) and a
creator_network_restrictions_id (to restrict the fetch of the script).
- Updated DidCreateScriptLoader to correctly initialize
PolicyContainerPolicies for the worker, ensuring local workers inherit
from their creator.
4. Registration in the network service:
- Added NetworkRestrictionsWorkerThrottle which handles calling
RevokeNetworkForNoncesInNetworkContext. By passing the worker's network
restrictions id to this throttle, the policy found in the script
response is automatically registered for the worker.
5. Updated Call Sites:
- RenderFrameHostImpl now passes its network restriction id when
creating a dedicated worker factory.
- SharedWorkerServiceImpl, EmbeddedWorkerInstance, and
ServiceWorkerDevToolsAgentHost have been updated to pass std::nullopt
for the restriction IDs with a TODO for future implementation.
6. Enhanced WPT Tests:
- Added tests in dedicated-worker.sub.window.js verifying that:
-- Main script fetches are blocked if they are cross-origin relative to
a restricted creator.
-- Workers created with an empty Connection-Allowlist: () header are
unable to perform any fetches.
Bug: 447954811
Change-Id: I755252a9841dccf819d098b0485bc66dee231263
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7535781
Commit-Queue: Shivani Sharma <shiva...@chromium.org>
Reviewed-by: Arthur Sonzogni <arthurs...@chromium.org>
Reviewed-by: Yoshisato Yanagisawa <yyana...@chromium.org>
Reviewed-by: Mike West <mk...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1584680}
Files:
- M content/browser/BUILD.gn
- M content/browser/compute_pressure/pressure_service_for_worker_unittest.cc
- M content/browser/devtools/service_worker_devtools_agent_host.cc
- M content/browser/renderer_host/render_frame_host_impl.cc
- M content/browser/service_worker/embedded_worker_instance.cc
- M content/browser/url_loader_factory_params_helper.cc
- M content/browser/url_loader_factory_params_helper.h
- M content/browser/worker_host/dedicated_worker_host.cc
- M content/browser/worker_host/dedicated_worker_host.h
- M content/browser/worker_host/dedicated_worker_host_factory_impl.cc
- M content/browser/worker_host/dedicated_worker_host_factory_impl.h
- M content/browser/worker_host/dedicated_worker_service_impl_unittest.cc
- A content/browser/worker_host/network_restrictions_worker_throttle.cc
- A content/browser/worker_host/network_restrictions_worker_throttle.h
- M content/browser/worker_host/shared_worker_host.cc
- M content/browser/worker_host/shared_worker_service_impl.cc
- M content/browser/worker_host/worker_script_fetcher.cc
- M content/browser/worker_host/worker_script_fetcher.h
- M third_party/blink/web_tests/external/wpt/connection-allowlist/tentative/dedicated-worker.sub.window.js
- A third_party/blink/web_tests/external/wpt/connection-allowlist/tentative/resources/worker-fetch-script-empty.js
- A third_party/blink/web_tests/external/wpt/connection-allowlist/tentative/resources/worker-fetch-script-empty.js.headers
- A third_party/blink/web_tests/external/wpt/connection-allowlist/tentative/resources/worker-fetch-script.js
Change size: L
Delta: 22 files changed, 344 insertions(+), 21 deletions(-)
Branch: refs/heads/main
Submit Requirements:
Code-Review: +1 by Yoshisato Yanagisawa, +1 by Mike West, +1 by Arthur Sonzogni
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Blink W3C Test Autoroller (Gerrit)
Feb 13, 2026, 12:13:52 PMFeb 13
to Shivani Sharma, Chromium LUCI CQ, Arthur Sonzogni, Mike West, Yoshisato Yanagisawa, Wang, Wei4, Arnaud Mandy, Kenneth R Christiansen, Andrew Verge, Hiroki Nakagawa, AyeAye, chromium...@chromium.org, horo+...@chromium.org, shimazu+se...@chromium.org, devtools...@chromium.org, servicewor...@chromium.org, kinuko+ser...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org
Message from Blink W3C Test Autoroller![]( "Open in Gerrit")
The WPT PR for this CL has been merged upstream! https://github.com/web-platform-tests/wpt/pull/57780
Related details
Attention set is empty
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages