Prevent cross-site pages when --site-per-process is passed

content/browser/renderer_host/render_view_host_impl.cc

Index: content/browser/renderer_host/render_view_host_impl.cc
diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc
index 60edf72f5a339f196864b52838442dad8188fc78..3be3b79ad6707bba0e64a68df1f265b3f954f82e 100644
--- a/content/browser/renderer_host/render_view_host_impl.cc
+++ b/content/browser/renderer_host/render_view_host_impl.cc
@@ -1737,7 +1737,9 @@ void RenderViewHostImpl::FilterURL(ChildProcessSecurityPolicyImpl* policy,
   bool non_web_url_in_guest = process->IsGuest() &&
       !(url->is_valid() && policy->IsWebSafeScheme(url->scheme()));
 
-  if (non_web_url_in_guest || !policy->CanRequestURL(process->GetID(), *url)) {
+  if (non_web_url_in_guest ||
+      !policy->CanRequestURL(process->GetID(),
+                             *url, ResourceType::MAIN_FRAME)) {

[irobert, 2012/11/28 01:27:57]

It is hard to tell whether this navigation is main frame or iframe. But it
doesn't affect our access control decision.

[Charlie Reis, 2012/11/28 18:58:26]

Hmm, actually, this is problematic.  FilterURL gets called for all sorts of
things, like referrers, form URLs, link URLs, etc.  Maybe we should rethink the
decision to change CanRequestURL if it's used here...

[irobert, 2012/11/28 22:50:41]

Done.

     // If this renderer is not permitted to request this URL, we invalidate the
     // URL.  This prevents us from storing the blocked URL and becoming confused
     // later.