foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-21 21:50:00 -05:00
Code Issues Packages 1 Wiki Activity

fix: Use "none" instead of false to sandbox Workers (#9034)

Browse source
This commit is contained in:
Nayeem Rahman 2021-01-07 10:52:30 +00:00 committed by GitHub
parent cb658f5ce5
commit b5f1d257a3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 11 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
cli/dts/lib.deno.shared_globals.d.ts vendored
View file

@ -666,7 +666,7 @@ declare class Worker extends EventTarget {
* *
* Set deno.namespace to `true` to make `Deno` namespace and all of its methods * Set deno.namespace to `true` to make `Deno` namespace and all of its methods
* available to worker thread. The namespace is disabled by default. * available to worker thread. The namespace is disabled by default.
* *
* Configure deno.permissions options to change the level of access the worker will * Configure deno.permissions options to change the level of access the worker will
* have. By default it will inherit the permissions of its parent thread. The permissions * have. By default it will inherit the permissions of its parent thread. The permissions
* of a worker can't be extended beyond its parent's permissions reach. * of a worker can't be extended beyond its parent's permissions reach.
@ -718,17 +718,16 @@ declare class Worker extends EventTarget {
*/ */
// TODO(Soremwar) // TODO(Soremwar)
// `deno: true` is kept for backwards compatibility with the previous worker // `deno: true` is kept for backwards compatibility with the previous worker
// options implementation. Remove for 2.0 // options implementation. Remove for 2.0.
deno?: true | { deno?: true | {
namespace?: boolean; namespace?: boolean;
/** Set to false to disable all the permissions in the worker */ /** Set to `"none"` to disable all the permissions in the worker. */
permissions?: "inherit" | false | { permissions?: "inherit" | "none" | {
env?: "inherit" | boolean; env?: "inherit" | boolean;
hrtime?: "inherit" | boolean; hrtime?: "inherit" | boolean;
/** /** The format of the net access list must be `hostname[:port]`
* The format of the net access list must be `hostname[:port]` * in order to be resolved.
* in order to be resolved *
*
* ``` * ```
* net: ["https://deno.land", "localhost:8080"], * net: ["https://deno.land", "localhost:8080"],
* ``` * ```

2
cli/tests/workers_test.ts
View file

@ -600,7 +600,7 @@ Deno.test("Worker with disabled permissions", async function () {
type: "module", type: "module",
deno: { deno: {
namespace: true, namespace: true,
permissions: false, permissions: "none",
}, },
}, },
); );

2
docs/runtime/workers.md
View file

@ -241,7 +241,7 @@ the `deno.permissions` option in the worker API.
type: "module", type: "module",
deno: { deno: {
namespace: true, namespace: true,
permissions: false, permissions: "none",
}, },
}); });
``` ```

4
runtime/js/11_workers.js
View file

@ -152,9 +152,9 @@
: deno?.permissions, : deno?.permissions,
}; };
// If the permission option is set to false, all permissions // If the permission option is set to "none", all permissions
// must be removed from the worker // must be removed from the worker
if (workerDenoAttributes.permissions === false) { if (workerDenoAttributes.permissions === "none") {
workerDenoAttributes.permissions = { workerDenoAttributes.permissions = {
env: false, env: false,
hrtime: false, hrtime: false,