Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(10)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/renderer_host/resource_dispatcher_host.cc

Issue 8496027: Enhance --enable-strict-site-isolation to prevent a site-isolated renderer (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« content/browser/child_process_security_policy.cc ('K') | « content/browser/renderer_host/render_message_filter.cc ('k') | content/browser/site_instance.cc » ('j') | content/public/common/content_switches.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading
6 6
7 #include "content/browser/renderer_host/resource_dispatcher_host.h" 7 #include "content/browser/renderer_host/resource_dispatcher_host.h"
8 8
9 #include <set> 9 #include <set>
10 #include <vector> 10 #include <vector>
(...skipping 522 matching lines...) Expand 10 before | Expand all | Expand 10 after
533 load_flags |= net::LOAD_SUB_FRAME; 533 load_flags |= net::LOAD_SUB_FRAME;
534 } else if (request_data.resource_type == ResourceType::PREFETCH) { 534 } else if (request_data.resource_type == ResourceType::PREFETCH) {
535 load_flags |= (net::LOAD_PREFETCH | net::LOAD_DO_NOT_PROMPT_FOR_LOGIN); 535 load_flags |= (net::LOAD_PREFETCH | net::LOAD_DO_NOT_PROMPT_FOR_LOGIN);
536 } else if (request_data.resource_type == ResourceType::FAVICON) { 536 } else if (request_data.resource_type == ResourceType::FAVICON) {
537 load_flags |= net::LOAD_DO_NOT_PROMPT_FOR_LOGIN; 537 load_flags |= net::LOAD_DO_NOT_PROMPT_FOR_LOGIN;
538 } 538 }
539 539
540 if (sync_result) 540 if (sync_result)
541 load_flags |= net::LOAD_IGNORE_LIMITS; 541 load_flags |= net::LOAD_IGNORE_LIMITS;
542 542
543 ChildProcessSecurityPolicy* policy =
544 ChildProcessSecurityPolicy::GetInstance();
545 if (!policy->CanUseCookiesForOrigin(child_id, request_data.url)) {
546 load_flags |= (net::LOAD_DO_NOT_SEND_COOKIES |
547 net::LOAD_DO_NOT_SEND_AUTH_DATA |
548 net::LOAD_DO_NOT_SAVE_COOKIES);
549 }
550
543 // Raw headers are sensitive, as they inclide Cookie/Set-Cookie, so only 551 // Raw headers are sensitive, as they inclide Cookie/Set-Cookie, so only
544 // allow requesting them if requestor has ReadRawCookies permission. 552 // allow requesting them if requestor has ReadRawCookies permission.
545 if ((load_flags & net::LOAD_REPORT_RAW_HEADERS) 553 if ((load_flags & net::LOAD_REPORT_RAW_HEADERS)
546 && !ChildProcessSecurityPolicy::GetInstance()-> 554 && !policy->CanReadRawCookies(child_id)) {
547 CanReadRawCookies(child_id)) {
548 VLOG(1) << "Denied unathorized request for raw headers"; 555 VLOG(1) << "Denied unathorized request for raw headers";
549 load_flags &= ~net::LOAD_REPORT_RAW_HEADERS; 556 load_flags &= ~net::LOAD_REPORT_RAW_HEADERS;
550 } 557 }
551 558
552 request->set_load_flags(load_flags); 559 request->set_load_flags(load_flags);
553 request->set_context( 560 request->set_context(
554 filter_->GetURLRequestContext(request_data.resource_type)); 561 filter_->GetURLRequestContext(request_data.resource_type));
555 request->set_priority(DetermineRequestPriority(request_data.resource_type)); 562 request->set_priority(DetermineRequestPriority(request_data.resource_type));
556 563
557 // Set upload data. 564 // Set upload data.
(...skipping 1598 matching lines...) Expand 10 before | Expand all | Expand 10 after
2156 return HTTP_AUTH_RESOURCE_BLOCKED_CROSS; 2163 return HTTP_AUTH_RESOURCE_BLOCKED_CROSS;
2157 } 2164 }
2158 2165
2159 bool ResourceDispatcherHost::allow_cross_origin_auth_prompt() { 2166 bool ResourceDispatcherHost::allow_cross_origin_auth_prompt() {
2160 return allow_cross_origin_auth_prompt_; 2167 return allow_cross_origin_auth_prompt_;
2161 } 2168 }
2162 2169
2163 void ResourceDispatcherHost::set_allow_cross_origin_auth_prompt(bool value) { 2170 void ResourceDispatcherHost::set_allow_cross_origin_auth_prompt(bool value) {
2164 allow_cross_origin_auth_prompt_ = value; 2171 allow_cross_origin_auth_prompt_ = value;
2165 } 2172 }
OLDNEW
« content/browser/child_process_security_policy.cc ('K') | « content/browser/renderer_host/render_message_filter.cc ('k') | content/browser/site_instance.cc » ('j') | content/public/common/content_switches.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698