Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(140)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/loader/resource_loader.cc

Issue 11416121: Prevent cross-site pages when --site-per-process is passed (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/browser/child_process_security_policy_impl.cc ('k') | content/browser/site_per_process_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/loader/resource_loader.h" 5 #include "content/browser/loader/resource_loader.h"
6 6
7 #include "base/command_line.h"
7 #include "base/message_loop.h" 8 #include "base/message_loop.h"
8 #include "base/time.h" 9 #include "base/time.h"
9 #include "content/browser/child_process_security_policy_impl.h" 10 #include "content/browser/child_process_security_policy_impl.h"
10 #include "content/browser/loader/doomed_resource_handler.h" 11 #include "content/browser/loader/doomed_resource_handler.h"
11 #include "content/browser/loader/resource_loader_delegate.h" 12 #include "content/browser/loader/resource_loader_delegate.h"
12 #include "content/browser/loader/resource_request_info_impl.h" 13 #include "content/browser/loader/resource_request_info_impl.h"
13 #include "content/browser/ssl/ssl_client_auth_handler.h" 14 #include "content/browser/ssl/ssl_client_auth_handler.h"
14 #include "content/browser/ssl/ssl_manager.h" 15 #include "content/browser/ssl/ssl_manager.h"
15 #include "content/common/ssl_status_serialization.h" 16 #include "content/common/ssl_status_serialization.h"
16 #include "content/public/browser/cert_store.h" 17 #include "content/public/browser/cert_store.h"
17 #include "content/public/browser/resource_dispatcher_host_login_delegate.h" 18 #include "content/public/browser/resource_dispatcher_host_login_delegate.h"
19 #include "content/public/common/content_client.h"
20 #include "content/public/common/content_switches.h"
18 #include "content/public/common/resource_response.h" 21 #include "content/public/common/resource_response.h"
19 #include "net/base/load_flags.h" 22 #include "net/base/load_flags.h"
20 #include "net/http/http_response_headers.h" 23 #include "net/http/http_response_headers.h"
21 #include "webkit/appcache/appcache_interceptor.h" 24 #include "webkit/appcache/appcache_interceptor.h"
22 25
23 using base::TimeDelta; 26 using base::TimeDelta;
24 using base::TimeTicks; 27 using base::TimeTicks;
25 28
26 namespace content { 29 namespace content {
27 namespace { 30 namespace {
(...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after
296 render_view_id, 299 render_view_id,
297 ssl_info, 300 ssl_info,
298 fatal); 301 fatal);
299 } 302 }
300 303
301 void ResourceLoader::OnResponseStarted(net::URLRequest* unused) { 304 void ResourceLoader::OnResponseStarted(net::URLRequest* unused) {
302 DCHECK_EQ(request_.get(), unused); 305 DCHECK_EQ(request_.get(), unused);
303 306
304 VLOG(1) << "OnResponseStarted: " << request_->url().spec(); 307 VLOG(1) << "OnResponseStarted: " << request_->url().spec();
305 308
309 // The CanLoadPage check should take place after any server redirects have
310 // finished, at the point in time that we know a page will commit in the
311 // renderer process.
312 ResourceRequestInfoImpl* info = GetRequestInfo();
313 ChildProcessSecurityPolicyImpl* policy =
314 ChildProcessSecurityPolicyImpl::GetInstance();
315 if (!policy->CanLoadPage(info->GetChildID(),
316 request_->url(),
317 info->GetResourceType())) {
318 Cancel();
319 return;
320 }
321
306 if (!request_->status().is_success()) { 322 if (!request_->status().is_success()) {
307 ResponseCompleted(); 323 ResponseCompleted();
308 return; 324 return;
309 } 325 }
310 326
311 // We want to send a final upload progress message prior to sending the 327 // We want to send a final upload progress message prior to sending the
312 // response complete message even if we're waiting for an ack to to a 328 // response complete message even if we're waiting for an ack to to a
313 // previous upload progress message. 329 // previous upload progress message.
314 waiting_for_upload_progress_ack_ = false; 330 waiting_for_upload_progress_ack_ = false;
315 ReportUploadProgress(); 331 ReportUploadProgress();
(...skipping 257 matching lines...) Expand 10 before | Expand all | Expand 10 after
573 // we resume. 589 // we resume.
574 deferred_stage_ = DEFERRED_FINISH; 590 deferred_stage_ = DEFERRED_FINISH;
575 } 591 }
576 } 592 }
577 593
578 void ResourceLoader::CallDidFinishLoading() { 594 void ResourceLoader::CallDidFinishLoading() {
579 delegate_->DidFinishLoading(this); 595 delegate_->DidFinishLoading(this);
580 } 596 }
581 597
582 } // namespace content 598 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/child_process_security_policy_impl.cc ('k') | content/browser/site_per_process_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698