OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading | 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading |
6 | 6 |
7 #include "content/browser/renderer_host/resource_dispatcher_host_impl.h" | 7 #include "content/browser/renderer_host/resource_dispatcher_host_impl.h" |
8 | 8 |
9 #include <set> | 9 #include <set> |
10 #include <vector> | 10 #include <vector> |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
161 ChildProcessSecurityPolicyImpl* policy = | 161 ChildProcessSecurityPolicyImpl* policy = |
162 ChildProcessSecurityPolicyImpl::GetInstance(); | 162 ChildProcessSecurityPolicyImpl::GetInstance(); |
163 | 163 |
164 // Check if the renderer is permitted to request the requested URL. | 164 // Check if the renderer is permitted to request the requested URL. |
165 if (!policy->CanRequestURL(child_id, request_data.url)) { | 165 if (!policy->CanRequestURL(child_id, request_data.url)) { |
166 VLOG(1) << "Denied unauthorized request for " | 166 VLOG(1) << "Denied unauthorized request for " |
167 << request_data.url.possibly_invalid_spec(); | 167 << request_data.url.possibly_invalid_spec(); |
168 return false; | 168 return false; |
169 } | 169 } |
170 | 170 |
171 if (!policy->CanLoadPage(child_id, request_data.url, | |
172 request_data.resource_type)) { | |
173 VLOG(1) << "Denied unauthorized request for " | |
174 << request_data.url.possibly_invalid_spec() | |
175 << "because --site-per-process flag is used."; | |
176 return false; | |
177 } | |
Charlie Reis
2012/11/29 22:00:54
This looks good, but I wonder if it's the right pl
| |
178 | |
171 // Check if the renderer is permitted to upload the requested files. | 179 // Check if the renderer is permitted to upload the requested files. |
172 if (request_data.request_body) { | 180 if (request_data.request_body) { |
173 const std::vector<ResourceRequestBody::Element>* uploads = | 181 const std::vector<ResourceRequestBody::Element>* uploads = |
174 request_data.request_body->elements(); | 182 request_data.request_body->elements(); |
175 std::vector<ResourceRequestBody::Element>::const_iterator iter; | 183 std::vector<ResourceRequestBody::Element>::const_iterator iter; |
176 for (iter = uploads->begin(); iter != uploads->end(); ++iter) { | 184 for (iter = uploads->begin(); iter != uploads->end(); ++iter) { |
177 if (iter->type() == ResourceRequestBody::Element::TYPE_FILE && | 185 if (iter->type() == ResourceRequestBody::Element::TYPE_FILE && |
178 !policy->CanReadFile(child_id, iter->path())) { | 186 !policy->CanReadFile(child_id, iter->path())) { |
179 NOTREACHED() << "Denied unauthorized upload of " | 187 NOTREACHED() << "Denied unauthorized upload of " |
180 << iter->path().value(); | 188 << iter->path().value(); |
(...skipping 338 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
519 // validating the entry if present. | 527 // validating the entry if present. |
520 if (request->get_upload() != NULL) | 528 if (request->get_upload() != NULL) |
521 extra_load_flags |= net::LOAD_ONLY_FROM_CACHE; | 529 extra_load_flags |= net::LOAD_ONLY_FROM_CACHE; |
522 else | 530 else |
523 extra_load_flags |= net::LOAD_PREFERRING_CACHE; | 531 extra_load_flags |= net::LOAD_PREFERRING_CACHE; |
524 } else { | 532 } else { |
525 extra_load_flags |= net::LOAD_DISABLE_CACHE; | 533 extra_load_flags |= net::LOAD_DISABLE_CACHE; |
526 } | 534 } |
527 request->set_load_flags(request->load_flags() | extra_load_flags); | 535 request->set_load_flags(request->load_flags() | extra_load_flags); |
528 // Check if the renderer is permitted to request the requested URL. | 536 // Check if the renderer is permitted to request the requested URL. |
537 // TODO(irobert): Should we call CanRequestPage for download request? | |
irobert
2012/11/28 22:50:41
I think you have already answered this question. W
Charlie Reis
2012/11/29 22:00:54
Correct. We only want to block cross-site pages f
| |
529 if (!ChildProcessSecurityPolicyImpl::GetInstance()-> | 538 if (!ChildProcessSecurityPolicyImpl::GetInstance()-> |
530 CanRequestURL(child_id, url)) { | 539 CanRequestURL(child_id, url)) { |
531 VLOG(1) << "Denied unauthorized download request for " | 540 VLOG(1) << "Denied unauthorized download request for " |
532 << url.possibly_invalid_spec(); | 541 << url.possibly_invalid_spec(); |
533 return CallbackAndReturn(started_callback, net::ERR_ACCESS_DENIED); | 542 return CallbackAndReturn(started_callback, net::ERR_ACCESS_DENIED); |
534 } | 543 } |
535 | 544 |
536 request_id_--; | 545 request_id_--; |
537 | 546 |
538 const net::URLRequestContext* request_context = context->GetRequestContext(); | 547 const net::URLRequestContext* request_context = context->GetRequestContext(); |
(...skipping 1181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1720 | 1729 |
1721 return i->second.get(); | 1730 return i->second.get(); |
1722 } | 1731 } |
1723 | 1732 |
1724 ResourceLoader* ResourceDispatcherHostImpl::GetLoader(int child_id, | 1733 ResourceLoader* ResourceDispatcherHostImpl::GetLoader(int child_id, |
1725 int request_id) const { | 1734 int request_id) const { |
1726 return GetLoader(GlobalRequestID(child_id, request_id)); | 1735 return GetLoader(GlobalRequestID(child_id, request_id)); |
1727 } | 1736 } |
1728 | 1737 |
1729 } // namespace content | 1738 } // namespace content |
OLD | NEW |