Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3410)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/renderer/render_view_impl.cc

Issue 11193051: To fix the cross-site post submission bug. Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix Comments Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/renderer/render_view_impl.h ('K') | « content/renderer/render_view_impl.h ('k') | net/tools/testserver/testserver.py » ('j') | net/tools/testserver/testserver.py » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/renderer/render_view_impl.cc
diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc
index 1fd96d45e429c87a9f05899a621aa9a250519122..db2635336817c7a31280c0d12f1624ceda08f5a8 100644
--- a/content/renderer/render_view_impl.cc
+++ b/content/renderer/render_view_impl.cc
@@ -183,6 +183,7 @@
#include "webkit/glue/alt_error_page_resource_fetcher.h"
#include "webkit/glue/dom_operations.h"
#include "webkit/glue/glue_serialize.h"
+#include "webkit/glue/resource_request_body.h"
#include "webkit/glue/web_intent_service_data.h"
#include "webkit/glue/webdropdata.h"
#include "webkit/glue/webkit_constants.h"
@@ -318,6 +319,7 @@ using base::TimeDelta;
using webkit_glue::AltErrorPageResourceFetcher;
using webkit_glue::ResourceFetcher;
+using webkit_glue::ResourceRequestBody;
using webkit_glue::WebPreferences;
using webkit_glue::WebURLResponseExtraDataImpl;
@@ -1136,22 +1138,53 @@ void RenderViewImpl::OnNavigate(const ViewMsg_Navigate_Params& params) {
}
}
- if (params.is_post) {
- request.setHTTPMethod(WebString::fromUTF8("POST"));
-
- // Set post data.
+ if(params.is_post) {
Charlie Reis 2012/11/20 05:46:03 nit: Space after if.
irobert 2012/11/22 01:37:00 Done.
WebHTTPBody http_body;
http_body.initialize();
- http_body.appendData(WebData(
- reinterpret_cast<const char*>(
- &params.browser_initiated_post_data.front()),
- params.browser_initiated_post_data.size()));
+ const std::vector<ResourceRequestBody::Element>* uploads =
Charlie Reis 2012/11/20 05:46:03 Note: this file still needs more review. I haven'
+ params.browser_initiated_post_data->elements();
+ std::vector<ResourceRequestBody::Element>::const_iterator iter;
+ for (iter = uploads->begin(); iter != uploads->end(); ++iter) {
+ switch (iter->type()) {
+ case ResourceRequestBody::Element::TYPE_BYTES: {
+ http_body.appendData(WebData(iter->bytes(),
+ static_cast<int>(iter->length())));
+ break;
+ }
+ case ResourceRequestBody::Element::TYPE_FILE: {
+ #if defined(OS_POSIX)
+ WebString filePath = WideToUTF16Hack(
+ base::SysNativeMBToWide(iter->path().value()));
+ #elif defined(OS_WIN)
+ WebString filePath = WideToUTF16Hack(iter->path().value());
+ #endif
+ http_body.appendFileRange(
+ filePath,
+ static_cast<long long>(iter->offset()),
+ static_cast<long long>(iter->length()),
+ iter->expected_modification_time().ToDoubleT());
+ break;
+ }
+ case ResourceRequestBody::Element::TYPE_FILE_FILESYSTEM: {
+ CHECK(false);
+ break;
+ }
+ case ResourceRequestBody::Element:: TYPE_BLOB: {
+ CHECK(false);
+ break;
+ }
+ default:
+ NOTREACHED();
+ }
+ }
request.setHTTPBody(http_body);
+ request.setHTTPMethod(WebString::fromUTF8("POST"));
+ request.setHTTPHeaderField(
+ WebString::fromUTF8("Content-Type"),
+ WebString::fromUTF8(params.extra_headers));
}
-
main_frame->loadRequest(request);
}
-
// In case LoadRequest failed before DidCreateDataSource was called.
pending_navigation_params_.reset();
}
@@ -1659,17 +1692,22 @@ void RenderViewImpl::SendUpdateState(const WebHistoryItem& item) {
void RenderViewImpl::OpenURL(WebFrame* frame,
const GURL& url,
const Referrer& referrer,
- WebNavigationPolicy policy) {
+ WebNavigationPolicy policy,
+ std::string extra_header,
+ scoped_refptr<ResourceRequestBody>
+ request_body) {
ViewHostMsg_OpenURL_Params params;
params.url = url;
params.referrer = referrer;
params.disposition = NavigationPolicyToDisposition(policy);
params.frame_id = frame->identifier();
+ params.extra_header = extra_header;
+ params.request_body = request_body;
+
DocumentState* document_state =
DocumentState::FromDataSource(frame->dataSource());
params.is_cross_site_redirect =
document_state->navigation_state()->is_redirect_in_progress();
-
Send(new ViewHostMsg_OpenURL(routing_id_, params));
}
@@ -2676,7 +2714,7 @@ void RenderViewImpl::loadURLExternally(
Send(new ViewHostMsg_DownloadUrl(routing_id_, request.url(), referrer,
suggested_name));
} else {
- OpenURL(frame, request.url(), referrer, policy);
+ OpenURL(frame, request.url(), referrer, policy, std::string(""), NULL);
Charlie Reis 2012/11/20 05:46:03 nit: No quotes.
irobert 2012/11/22 01:37:00 Done.
}
}
@@ -2694,6 +2732,59 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
GURL(request.httpHeaderField(WebString::fromUTF8("Referer"))),
GetReferrerPolicyFromRequest(frame, request));
+ std::string header;
Charlie Reis 2012/11/20 05:46:03 Can this be moved to a helper function?
+ scoped_refptr<ResourceRequestBody> request_body = NULL;
+ if(request.httpMethod() == WebString("POST") &&
+ !request.httpBody().isNull()) {
+ request_body = new ResourceRequestBody();
+ WebHTTPBody body = request.httpBody();
+ WebKit::WebHTTPBody::Element element;
+ for (int i=0; body.elementAt(i, element); i++) {
+ switch (element.type) {
+ case WebHTTPBody::Element::TypeData: {
+ if (!element.data.isEmpty())
+ request_body->AppendBytes(element.data.data(),
+ static_cast<int>(element.data.size()));
+ break;
+ }
+ case WebHTTPBody::Element::TypeFile: {
+ #if defined(OS_POSIX)
+ const FilePath::StringType kFilePath =
+ base::SysWideToNativeMB(UTF16ToWideHack(element.filePath));
+ #elif defined(OS_WIN)
+ const FilePath::StringType kFilePath =
+ UTF16ToWideHack(element.filePath);
+ #endif
+ if (element.fileLength == -1) {
+ request_body->AppendFileRange(
+ FilePath(kFilePath), 0, kuint64max, base::Time());
+ } else {
+ request_body->AppendFileRange(
+ FilePath(kFilePath),
+ static_cast<uint64>(element.fileStart),
+ static_cast<uint64>(element.fileLength),
+ base::Time::FromDoubleT(element.modificationTime));
+ }
+ break;
+ }
+ case WebHTTPBody::Element::TypeURL: {
+ CHECK(false);
+ break;
+ }
+ case WebHTTPBody::Element::TypeBlob: {
+ CHECK(false);
+ break;
+ }
+ default:
+ NOTREACHED();
+ }
+ }
+ // Extract Header Info.
+ WebString ContentType =
+ request.httpHeaderField(WebString::fromUTF8("Content-Type"));
+ header.assign(ContentType.utf8().data(), ContentType.utf8().length());
+ }
+
if (is_swapped_out_) {
if (request.url() != GURL(kSwappedOutURL)) {
// Targeted links may try to navigate a swapped out frame. Allow the
@@ -2704,10 +2795,10 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
// TODO(creis): Ensure this supports targeted form submissions when
// fixing http://crbug.com/101395.
if (frame->parent() == NULL) {
- OpenURL(frame, request.url(), referrer, default_policy);
+ OpenURL(frame, request.url(), referrer,
+ default_policy, header, request_body);
return WebKit::WebNavigationPolicyIgnore; // Suppress the load here.
}
-
// We should otherwise ignore in-process iframe navigations, if they
// arrive just after we are swapped out.
return WebKit::WebNavigationPolicyIgnore;
@@ -2746,7 +2837,7 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
if (!net::RegistryControlledDomainService::SameDomainOrHost(frame_url,
url) ||
frame_url.scheme() != url.scheme()) {
- OpenURL(frame, url, referrer, default_policy);
+ OpenURL(frame, url, referrer, default_policy, header, request_body);
return WebKit::WebNavigationPolicyIgnore;
}
}
@@ -2767,7 +2858,7 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
// navigation.
page_id_ = -1;
last_page_id_sent_to_browser_ = -1;
- OpenURL(frame, url, referrer, default_policy);
+ OpenURL(frame, url, referrer, default_policy, header, request_body);
return WebKit::WebNavigationPolicyIgnore; // Suppress the load here.
}
}
@@ -2829,15 +2920,13 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
// http://crbug.com/101395 is more likely to cause compatibility issues
// with hosted apps and extensions than WebUI pages. We will remove this
// check when cross-process POST submissions are supported.
- if (request.httpMethod() == "GET") {
should_fork = GetContentClient()->renderer()->ShouldFork(
frame, url, is_initial_navigation, &send_referrer);
- }
}
if (should_fork) {
- OpenURL(
- frame, url, send_referrer ? referrer : Referrer(), default_policy);
+ OpenURL(frame, url, send_referrer ? referrer : Referrer(),
+ default_policy, header, request_body);
return WebKit::WebNavigationPolicyIgnore; // Suppress the load here.
}
}
@@ -2876,10 +2965,9 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation(
if (is_fork) {
// Open the URL via the browser, not via WebKit.
- OpenURL(frame, url, Referrer(), default_policy);
+ OpenURL(frame, url, Referrer(), default_policy, header, request_body);
return WebKit::WebNavigationPolicyIgnore;
}
-
return default_policy;
}
« content/renderer/render_view_impl.h ('K') | « content/renderer/render_view_impl.h ('k') | net/tools/testserver/testserver.py » ('j') | net/tools/testserver/testserver.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698