Chromium Code Reviews Chromium Code Reviews
Issue 11193051:
To fix the cross-site post submission bug.
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: content/browser/web_contents/web_contents_impl.cc |
| diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc |
| index c09ad4df91122d240b7d91f9a9d0893a74823af9..e5f92c9b199212e93e41a822ee6ddc41ef397ce3 100644 |
| --- a/content/browser/web_contents/web_contents_impl.cc |
| +++ b/content/browser/web_contents/web_contents_impl.cc |
| @@ -4,6 +4,8 @@ |
| #include "content/browser/web_contents/web_contents_impl.h" |
| +#include "content/public/common/frame_navigate_params.h" |
| + |
| #include <utility> |
| #include "base/command_line.h" |
| @@ -171,6 +173,7 @@ using content::WebUI; |
| using content::WebUIController; |
| using content::WebUIControllerFactory; |
| using webkit_glue::WebPreferences; |
| +using content::WebHTTPPOSTBodyParams; |
| namespace { |
| @@ -362,7 +365,7 @@ WebContentsImpl::WebContentsImpl( |
| static_cast<int>(content::kMaximumZoomFactor * 100)), |
| temporary_zoom_settings_(false), |
| content_restrictions_(0), |
| - color_chooser_(NULL) { |
| + color_chooser_(NULL) { |
| } |
| WebContentsImpl::~WebContentsImpl() { |
| @@ -1642,6 +1645,9 @@ bool WebContentsImpl::NavigateToEntry( |
| embedder_channel_name, |
| embedder_container_id, |
| &navigate_params); |
| + |
| + navigate_params.post_data = entry.post_data; |
|
michaeln
2012/10/23 23:22:18
another copy
|
| + |
| dest_render_view_host->Navigate(navigate_params); |
| if (entry.GetPageID() == -1) { |
| @@ -2951,6 +2957,26 @@ void WebContentsImpl::RequestOpenURL(RenderViewHost* rvh, |
| GlobalRequestID()); |
| } |
| +void WebContentsImpl::RequestOpenPostURL(RenderViewHost* rvh, |
| + const GURL& url, |
| + const content::Referrer& referrer, |
| + WindowOpenDisposition disposition, |
| + int64 source_frame_id, |
| + bool is_post, |
| + std::vector<content::WebHTTPPOSTBodyParams> data) { |
| + // If this came from a swapped out RenderViewHost, we only allow the request |
| + // if we are still in the same BrowsingInstance. |
| + if (static_cast<RenderViewHostImpl*>(rvh)->is_swapped_out() && |
| + !rvh->GetSiteInstance()->IsRelatedSiteInstance(GetSiteInstance())) { |
| + return; |
| + } |
| + |
| + // Delegate to RequestTransferURL because this is just the generic |
| + // case where |old_request_id| is empty. |
| + RequestTransferPostURL(url, referrer, disposition, source_frame_id, |
| + GlobalRequestID(), is_post, data); |
| +} |
| + |
| void WebContentsImpl::RequestTransferURL( |
| const GURL& url, |
| const content::Referrer& referrer, |
| @@ -2992,6 +3018,54 @@ void WebContentsImpl::RequestTransferURL( |
| } |
| } |
| +void WebContentsImpl::RequestTransferPostURL( |
| + const GURL& url, |
| + const content::Referrer& referrer, |
| + WindowOpenDisposition disposition, |
| + int64 source_frame_id, |
| + const GlobalRequestID& old_request_id, |
| + bool is_post, |
| + std::vector<content::WebHTTPPOSTBodyParams> post_data) { |
| + WebContents* new_contents = NULL; |
| + content::PageTransition transition_type = content::PAGE_TRANSITION_LINK; |
| + if (render_manager_.web_ui()) { |
| + // When we're a Web UI, it will provide a page transition type for us (this |
| + // is so the new tab page can specify AUTO_BOOKMARK for automatically |
| + // generated suggestions). |
| + // |
| + // Note also that we hide the referrer for Web UI pages. We don't really |
| + // want web sites to see a referrer of "chrome://blah" (and some |
| + // chrome: URLs might have search terms or other stuff we don't want to |
| + // send to the site), so we send no referrer. |
| + OpenURLParams params(url, content::Referrer(), source_frame_id, disposition, |
| + render_manager_.web_ui()->GetLinkTransitionType(), |
| + false /* is_renderer_initiated */); |
| + params.transferred_global_request_id = old_request_id; |
| + new_contents = OpenURL(params); |
| + transition_type = render_manager_.web_ui()->GetLinkTransitionType(); |
| + } else { |
| + OpenURLParams params(url, referrer, source_frame_id, disposition, |
| + content::PAGE_TRANSITION_LINK, true /* is_renderer_initiated */); |
| + if (is_post) { |
| + // Todo: Don't know whether this will conflict with other unexpect situation or not. |
| + params.transition = content::PAGE_TRANSITION_FORM_SUBMIT; |
| + params.post_data = post_data/*.front()*/; |
| + } |
| + params.transferred_global_request_id = old_request_id; |
| + new_contents = OpenURL(params); |
| + } |
| + if (new_contents) { |
| + // Notify observers. |
| + FOR_EACH_OBSERVER(WebContentsObserver, observers_, |
| + DidOpenRequestedURL(new_contents, |
| + url, |
| + referrer, |
| + disposition, |
| + transition_type, |
| + source_frame_id)); |
| + } |
| +} |
| + |
| void WebContentsImpl::RouteCloseEvent(RenderViewHost* rvh) { |
| // Tell the active RenderViewHost to run unload handlers and close, as long |
| // as the request came from a RenderViewHost in the same BrowsingInstance. |
