From 2a3c93ea91af09107b776d91d2bd2d6bedf88d76 Mon Sep 17 00:00:00 2001
From: Justin Lulejian <jlulejian@chromium.org>
Date: Thu, 7 Nov 2024 00:39:18 +0000
Subject: [PATCH] [M126-LTS][Extensions][ServiceWorker] Skip worker for
 isolated world module fetch

Before this change, an isolated world (e.g. extension content script,
but also others) could dynamically import a script from an accessible
resource (for extensions this is possible with web accessible
resources and a matching site). When this occurs a web service worker
could intercept that request and respond with arbitrary content.

After this change, isolated world module requests skip triggering the
worker fetch handler. This includes extension content scripts, but also
includes any other scripts that execute in the isolated world context.

(cherry picked from commit 2c501634c1191be1e509720103f06d51b94e6311)

Bug: 371011220
Change-Id: I37eda47324b6933a93d2a44792a06ff91399981f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5917013
Auto-Submit: Justin Lulejian <jlulejian@chromium.org>
Commit-Queue: Justin Lulejian <jlulejian@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1365918}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5962436
Commit-Queue: Dan Clark <daniec@microsoft.com>
Auto-Submit: Roger Felipe Zanoni da Silva (xWF) <rzanoni@google.com>
Reviewed-by: Dan Clark <daniec@microsoft.com>
Reviewed-by: Justin Lulejian <jlulejian@chromium.org>
Reviewed-by: Mohamed Omar <mohamedaomar@google.com>
Owners-Override: Mohamed Omar <mohamedaomar@google.com>
Cr-Commit-Position: refs/branch-heads/6478@{#1991}
Cr-Branched-From: e6143acc03189c5e52959545b110d6d17ecd5286-refs/heads/main@{#1300313}
---
 .../core/loader/modulescript/module_script_loader.cc   | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc b/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc
index b3d861555d8ec..fe2ac5f0d5157 100644
--- a/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc
+++ b/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc
@@ -153,12 +153,20 @@ void ModuleScriptLoader::FetchInternal(
   url_ = module_request.Url();
 #endif
 
+  DOMWrapperWorld& request_world = modulator_->GetScriptState()->World();
+
+  // Prevents web service workers from intercepting isolated world dynamic
+  // script imports requests and responding with different contents.
+  // TODO(crbug.com/1296102): Link to documentation that describes the criteria
+  // where module imports are handled by service worker fetch handler.
+  resource_request.SetSkipServiceWorker(request_world.IsIsolatedWorld());
+
   // <spec step="9">Set request 's destination to the result of running the
   // fetch destination from module type steps given destination and
   // moduleType.</spec>
   SetFetchDestinationFromModuleType(resource_request, module_request);
 
-  ResourceLoaderOptions options(&modulator_->GetScriptState()->World());
+  ResourceLoaderOptions options(&request_world);
 
   // <spec step="11">Set request's initiator type to "script".</spec>
   options.initiator_info.name = fetch_initiator_type_names::kScript;
-- 
GitLab