Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(148)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/renderer_host/resource_dispatcher_host.cc

Issue 8496027: Enhance --enable-strict-site-isolation to prevent a site-isolated renderer (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/browser/renderer_host/render_message_filter.cc ('k') | content/browser/site_instance.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading
6 6
7 #include "content/browser/renderer_host/resource_dispatcher_host.h" 7 #include "content/browser/renderer_host/resource_dispatcher_host.h"
8 8
9 #include <set> 9 #include <set>
10 #include <vector> 10 #include <vector>
(...skipping 526 matching lines...) Expand 10 before | Expand all | Expand 10 after
537 load_flags |= net::LOAD_SUB_FRAME; 537 load_flags |= net::LOAD_SUB_FRAME;
538 } else if (request_data.resource_type == ResourceType::PREFETCH) { 538 } else if (request_data.resource_type == ResourceType::PREFETCH) {
539 load_flags |= (net::LOAD_PREFETCH | net::LOAD_DO_NOT_PROMPT_FOR_LOGIN); 539 load_flags |= (net::LOAD_PREFETCH | net::LOAD_DO_NOT_PROMPT_FOR_LOGIN);
540 } else if (request_data.resource_type == ResourceType::FAVICON) { 540 } else if (request_data.resource_type == ResourceType::FAVICON) {
541 load_flags |= net::LOAD_DO_NOT_PROMPT_FOR_LOGIN; 541 load_flags |= net::LOAD_DO_NOT_PROMPT_FOR_LOGIN;
542 } 542 }
543 543
544 if (sync_result) 544 if (sync_result)
545 load_flags |= net::LOAD_IGNORE_LIMITS; 545 load_flags |= net::LOAD_IGNORE_LIMITS;
546 546
547 ChildProcessSecurityPolicy* policy =
548 ChildProcessSecurityPolicy::GetInstance();
549 if (!policy->CanUseCookiesForOrigin(child_id, request_data.url)) {
550 load_flags |= (net::LOAD_DO_NOT_SEND_COOKIES |
551 net::LOAD_DO_NOT_SEND_AUTH_DATA |
552 net::LOAD_DO_NOT_SAVE_COOKIES);
553 }
554
547 // Raw headers are sensitive, as they inclide Cookie/Set-Cookie, so only 555 // Raw headers are sensitive, as they inclide Cookie/Set-Cookie, so only
548 // allow requesting them if requestor has ReadRawCookies permission. 556 // allow requesting them if requestor has ReadRawCookies permission.
549 if ((load_flags & net::LOAD_REPORT_RAW_HEADERS) 557 if ((load_flags & net::LOAD_REPORT_RAW_HEADERS)
550 && !ChildProcessSecurityPolicy::GetInstance()-> 558 && !policy->CanReadRawCookies(child_id)) {
551 CanReadRawCookies(child_id)) {
552 VLOG(1) << "Denied unathorized request for raw headers"; 559 VLOG(1) << "Denied unathorized request for raw headers";
553 load_flags &= ~net::LOAD_REPORT_RAW_HEADERS; 560 load_flags &= ~net::LOAD_REPORT_RAW_HEADERS;
554 } 561 }
555 562
556 request->set_load_flags(load_flags); 563 request->set_load_flags(load_flags);
557 request->set_context( 564 request->set_context(
558 filter_->GetURLRequestContext(request_data.resource_type)); 565 filter_->GetURLRequestContext(request_data.resource_type));
559 request->set_priority(DetermineRequestPriority(request_data.resource_type)); 566 request->set_priority(DetermineRequestPriority(request_data.resource_type));
560 567
561 // Set upload data. 568 // Set upload data.
(...skipping 1600 matching lines...) Expand 10 before | Expand all | Expand 10 after
2162 return HTTP_AUTH_RESOURCE_BLOCKED_CROSS; 2169 return HTTP_AUTH_RESOURCE_BLOCKED_CROSS;
2163 } 2170 }
2164 2171
2165 bool ResourceDispatcherHost::allow_cross_origin_auth_prompt() { 2172 bool ResourceDispatcherHost::allow_cross_origin_auth_prompt() {
2166 return allow_cross_origin_auth_prompt_; 2173 return allow_cross_origin_auth_prompt_;
2167 } 2174 }
2168 2175
2169 void ResourceDispatcherHost::set_allow_cross_origin_auth_prompt(bool value) { 2176 void ResourceDispatcherHost::set_allow_cross_origin_auth_prompt(bool value) {
2170 allow_cross_origin_auth_prompt_ = value; 2177 allow_cross_origin_auth_prompt_ = value;
2171 } 2178 }
OLDNEW
« no previous file with comments | « content/browser/renderer_host/render_message_filter.cc ('k') | content/browser/site_instance.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698