Chromium Code Reviews

Unified Diff: content/browser/web_contents/web_contents_impl.cc

Issue 11193051: To fix the cross-site post submission bug. Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix Structure and Tests Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
« content/browser/renderer_host/render_view_host_delegate.h ('K') | « content/browser/web_contents/web_contents_impl.h ('k') | content/common/view_messages.h » ('j') | content/common/view_messages.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/web_contents/web_contents_impl.cc
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index c4bb81bd89f424e150f7d490c74d6878cc253710..baaa0dde695a0ccfd775d582b211ebea6e5bd18e 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -212,11 +212,8 @@ void MakeNavigateParams(const NavigationEntryImpl& entry,
params->allow_download = !entry.IsViewSourceMode();
params->is_post = entry.GetHasPostData();
if(entry.GetBrowserInitiatedPostData()) {
- params->browser_initiated_post_data.assign(
- entry.GetBrowserInitiatedPostData()->front(),
- entry.GetBrowserInitiatedPostData()->front() +
- entry.GetBrowserInitiatedPostData()->size());
-
+ params->browser_initiated_post_data =
+ entry.GetBrowserInitiatedPostData();
}
if (reload_type == NavigationControllerImpl::RELOAD_ORIGINAL_REQUEST_URL &&
@@ -2875,6 +2872,26 @@ void WebContentsImpl::RequestOpenURL(RenderViewHost* rvh,
GlobalRequestID());
}
+void WebContentsImpl::RequestOpenPostURL(
+ RenderViewHost* rvh,
+ const GURL& url,
+ const Referrer& referrer,
+ WindowOpenDisposition disposition,
+ int64 source_frame_id,
+ const ViewMsg_PostRequest_Params& request) {
+ // If this came from a swapped out RenderViewHost, we only allow the request
+ // if we are still in the same BrowsingInstance.
+ if (static_cast<RenderViewHostImpl*>(rvh)->is_swapped_out() &&
+ !rvh->GetSiteInstance()->IsRelatedSiteInstance(GetSiteInstance())) {
+ return;
+ }
+
+ // Delegate to RequestTransferURL because this is just the generic
+ // case where |old_request_id| is empty.
+ RequestTransferPostURL(url, referrer, disposition, source_frame_id,
+ GlobalRequestID(), request);
+}
+
void WebContentsImpl::RequestTransferURL(
const GURL& url,
const Referrer& referrer,
@@ -2916,6 +2933,53 @@ void WebContentsImpl::RequestTransferURL(
}
}
+void WebContentsImpl::RequestTransferPostURL(
+ const GURL& url,
+ const content::Referrer& referrer,
+ WindowOpenDisposition disposition,
+ int64 source_frame_id,
+ const GlobalRequestID& old_request_id,
+ const ViewMsg_PostRequest_Params& request) {
+ WebContents* new_contents = NULL;
+ content::PageTransition transition_type = content::PAGE_TRANSITION_LINK;
+ if (render_manager_.web_ui()) {
+ // When we're a Web UI, it will provide a page transition type for us (this
+ // is so the new tab page can specify AUTO_BOOKMARK for automatically
+ // generated suggestions).
+ //
+ // Note also that we hide the referrer for Web UI pages. We don't really
+ // want web sites to see a referrer of "chrome://blah" (and some
+ // chrome: URLs might have search terms or other stuff we don't want to
+ // send to the site), so we send no referrer.
+ OpenURLParams params(url, content::Referrer(), source_frame_id, disposition,
+ render_manager_.web_ui()->GetLinkTransitionType(),
+ false /* is_renderer_initiated */);
+ params.transferred_global_request_id = old_request_id;
+ new_contents = OpenURL(params);
+ transition_type = render_manager_.web_ui()->GetLinkTransitionType();
+ } else {
+ OpenURLParams params(url, referrer, source_frame_id, disposition,
+ content::PAGE_TRANSITION_LINK, true /* is_renderer_initiated */);
+ params.transition = content::PAGE_TRANSITION_FORM_SUBMIT;
+
+ params.browser_initiated_post_data = request.request_body;
+ params.extra_headers = request.extra_header;
+
+ params.transferred_global_request_id = old_request_id;
+ new_contents = OpenURL(params);
+ }
+ if (new_contents) {
+ // Notify observers.
+ FOR_EACH_OBSERVER(WebContentsObserver, observers_,
+ DidOpenRequestedURL(new_contents,
+ url,
+ referrer,
+ disposition,
+ transition_type,
+ source_frame_id));
+ }
+}
+
void WebContentsImpl::RouteCloseEvent(RenderViewHost* rvh) {
// Tell the active RenderViewHost to run unload handlers and close, as long
// as the request came from a RenderViewHost in the same BrowsingInstance.
« content/browser/renderer_host/render_view_host_delegate.h ('K') | « content/browser/web_contents/web_contents_impl.h ('k') | content/common/view_messages.h » ('j') | content/common/view_messages.h » ('J')

Powered by Google App Engine