Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1241)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/web_contents/web_contents_impl.cc

Issue 11193051: To fix the cross-site post submission bug. Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Reuse ResourceRequestBody Struct Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/web_contents/navigation_entry_impl.h ('K') | « content/browser/web_contents/web_contents_impl.h ('k') | content/common/view_messages.h » ('j') | content/common/view_messages.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/web_contents/web_contents_impl.cc
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index 3d3dfaedca59c5d16c8b2e0edb37ac36cf6452b3..20718eff13a0febd8763da00b24439c13e47f087 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -67,6 +67,7 @@
#include "content/public/common/content_constants.h"
#include "content/public/common/content_restriction.h"
#include "content/public/common/content_switches.h"
+#include "content/public/common/frame_navigate_params.h"
#include "content/public/common/url_constants.h"
#include "net/base/mime_util.h"
#include "net/base/net_util.h"
@@ -1594,6 +1595,9 @@ bool WebContentsImpl::NavigateToEntry(
ViewMsg_Navigate_Params navigate_params;
MakeNavigateParams(entry, controller_, delegate_, reload_type,
&navigate_params);
+
+ navigate_params.request = entry.request;
+
dest_render_view_host->Navigate(navigate_params);
if (entry.GetPageID() == -1) {
@@ -2882,6 +2886,25 @@ void WebContentsImpl::RequestOpenURL(RenderViewHost* rvh,
GlobalRequestID());
}
+void WebContentsImpl::RequestOpenPostURL(RenderViewHost* rvh,
+ const GURL& url,
+ const content::Referrer& referrer,
+ WindowOpenDisposition disposition,
+ int64 source_frame_id,
+ const ViewMsg_Request& request) {
+ // If this came from a swapped out RenderViewHost, we only allow the request
+ // if we are still in the same BrowsingInstance.
+ if (static_cast<RenderViewHostImpl*>(rvh)->is_swapped_out() &&
+ !rvh->GetSiteInstance()->IsRelatedSiteInstance(GetSiteInstance())) {
+ return;
+ }
+
+ // Delegate to RequestTransferURL because this is just the generic
+ // case where |old_request_id| is empty.
+ RequestTransferPostURL(url, referrer, disposition, source_frame_id,
+ GlobalRequestID(), request);
+}
+
void WebContentsImpl::RequestTransferURL(
const GURL& url,
const Referrer& referrer,
@@ -2923,6 +2946,52 @@ void WebContentsImpl::RequestTransferURL(
}
}
+void WebContentsImpl::RequestTransferPostURL(
+ const GURL& url,
+ const content::Referrer& referrer,
+ WindowOpenDisposition disposition,
+ int64 source_frame_id,
+ const GlobalRequestID& old_request_id,
+ const ViewMsg_Request& request) {
+ WebContents* new_contents = NULL;
+ content::PageTransition transition_type = content::PAGE_TRANSITION_LINK;
+ if (render_manager_.web_ui()) {
+ // When we're a Web UI, it will provide a page transition type for us (this
+ // is so the new tab page can specify AUTO_BOOKMARK for automatically
+ // generated suggestions).
+ //
+ // Note also that we hide the referrer for Web UI pages. We don't really
+ // want web sites to see a referrer of "chrome://blah" (and some
+ // chrome: URLs might have search terms or other stuff we don't want to
+ // send to the site), so we send no referrer.
+ OpenURLParams params(url, content::Referrer(), source_frame_id, disposition,
+ render_manager_.web_ui()->GetLinkTransitionType(),
+ false /* is_renderer_initiated */);
+ params.transferred_global_request_id = old_request_id;
+ new_contents = OpenURL(params);
+ transition_type = render_manager_.web_ui()->GetLinkTransitionType();
+ } else {
+ OpenURLParams params(url, referrer, source_frame_id, disposition,
+ content::PAGE_TRANSITION_LINK, true /* is_renderer_initiated */);
+ if (request.method == "POST") {
+ params.transition = content::PAGE_TRANSITION_FORM_SUBMIT;
+ params.request = request;
+ }
+ params.transferred_global_request_id = old_request_id;
+ new_contents = OpenURL(params);
+ }
+ if (new_contents) {
+ // Notify observers.
+ FOR_EACH_OBSERVER(WebContentsObserver, observers_,
+ DidOpenRequestedURL(new_contents,
+ url,
+ referrer,
+ disposition,
+ transition_type,
+ source_frame_id));
+ }
+}
+
void WebContentsImpl::RouteCloseEvent(RenderViewHost* rvh) {
// Tell the active RenderViewHost to run unload handlers and close, as long
// as the request came from a RenderViewHost in the same BrowsingInstance.
« content/browser/web_contents/navigation_entry_impl.h ('K') | « content/browser/web_contents/web_contents_impl.h ('k') | content/common/view_messages.h » ('j') | content/common/view_messages.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698