content/browser/child_process_security_policy.h - Issue 7873007: Restricting redirects to chrome:

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/child_process_security_policy.h

Issue 7873007: Restricting redirects to chrome: (Closed) Base URL: http://git.chromium.org/git/chromium.git@trunk

Patch Set: Improving that path so it doesn't break things Created 9 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/browser/child_process_security_policy.h

diff --git a/content/browser/child_process_security_policy.h b/content/browser/child_process_security_policy.h

index 943fd2d469d044906bbe21ae8ec2533c0186696b..2e7c106c3dcf36531eac45744f41c1fca25c3fec 100644

--- a/content/browser/child_process_security_policy.h

+++ b/content/browser/child_process_security_policy.h

@@ -46,6 +46,14 @@ class CONTENT_EXPORT ChildProcessSecurityPolicy {

// Returns true iff |scheme| has been registered as a web-safe scheme.

bool IsWebSafeScheme(const std::string& scheme);

+ // WebUI schemes are any to which access should be restricted to child

+ // processes that have been granted WebUIBindings. There is no mechanism for

+ // revoking WebUI schemes.

+ void RegisterWebUIScheme(const std::string& scheme);

+ // Returns true iff |scheme| has been registered as a WebUI scheme

+ bool IsWebUIScheme(const std::string& scheme);

// Pseudo schemes are treated differently than other schemes because they

// cannot be requested like normal URLs. There is no mechanism for revoking

// pseudo schemes.

@@ -121,6 +129,12 @@ class CONTENT_EXPORT ChildProcessSecurityPolicy {

// request the URL.

bool CanRequestURL(int child_id, const GURL& url);

+ // Before servicing a child process's request to redirect to a URL, the

+ // browser should call this method to determine whether the process has the

+ // capability to redirect to it. This is slightly more restrictive than

+ // CanRequestURL.

+ bool CanRedirectURL(int child_id, const GURL& url);

abarth-chromium 2011/09/19 06:46:39 I'm not sure I understand why CanRedirectURL is an

// Before servicing a child process's request to upload a file to the web, the

// browser should call this method to determine whether the process has the

// capability to upload the requested file.

@@ -181,6 +195,10 @@ class CONTENT_EXPORT ChildProcessSecurityPolicy {

// protected by |lock_|.

SchemeSet web_safe_schemes_;

+ // These schemes are only accessible by children with WebUI bindings. This

+ // set is protected by |lock_|.

+ SchemeSet webui_schemes_;

// These schemes do not actually represent retrievable URLs. For example,

// the the URLs in the "about" scheme are aliases to other URLs. This set is

// protected by |lock_|.

« no previous file with comments | « no previous file | content/browser/child_process_security_policy.cc » ('j') | content/browser/child_process_security_policy.cc » ('J')