content/renderer/render_view_impl.cc - Issue 8496027: Enhance --enable-strict-site-isolation to prevent a site-isolated renderer

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/renderer/render_view_impl.cc

Issue 8496027: Enhance --enable-strict-site-isolation to prevent a site-isolated renderer (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/renderer/render_view_impl.cc

===================================================================

--- content/renderer/render_view_impl.cc (revision 110345)

+++ content/renderer/render_view_impl.cc (working copy)

@@ -2021,11 +2021,17 @@

// boundaries. This is currently expected to break some script calls and

// navigations, such as form submissions.

const CommandLine& command_line = *CommandLine::ForCurrentProcess();

- if (!frame->parent() && (is_content_initiated || is_redirect) &&

- command_line.HasSwitch(switches::kEnableStrictSiteIsolation)) {

- GURL referrer(request.httpHeaderField(WebString::fromUTF8("Referer")));

- OpenURL(frame, url, referrer, default_policy);

- return WebKit::WebNavigationPolicyIgnore;

+ if (command_line.HasSwitch(switches::kEnableStrictSiteIsolation) &&

+ !frame->parent() && (is_content_initiated || is_redirect)) {

+ WebString origin_str = frame->document().securityOrigin().toString();

+ GURL frame_url(origin_str.utf8().data());

+ // TODO(cevans): revisit whether this workaround is still necessary once

Charlie Reis 2011/11/22 19:06:59 nit: workaround -> origin check

+ // crbug.com/101395 is fixed.

+ if (frame_url.GetOrigin() != url.GetOrigin()) {

+ GURL referrer(request.httpHeaderField(WebString::fromUTF8("Referer")));

+ OpenURL(frame, url, referrer, default_policy);

+ return WebKit::WebNavigationPolicyIgnore;

+ }

}

// If the browser is interested, then give it a chance to look at top level

« content/browser/site_instance.cc ('K') | « content/public/common/content_switches.cc ('k') | no next file » | no next file with comments »