Prevent cross-site pages when --site-per-process is passed

content/browser/renderer_host/resource_dispatcher_host_impl.cc

Index: content/browser/renderer_host/resource_dispatcher_host_impl.cc
diff --git a/content/browser/renderer_host/resource_dispatcher_host_impl.cc b/content/browser/renderer_host/resource_dispatcher_host_impl.cc
index 111edc5a9fdabf7eed215daf838f2d97c91f399b..b24a92ba562aec30c1b81c9dd2907c61db8cf683 100644
--- a/content/browser/renderer_host/resource_dispatcher_host_impl.cc
+++ b/content/browser/renderer_host/resource_dispatcher_host_impl.cc
@@ -162,7 +162,8 @@ bool ShouldServiceRequest(ProcessType process_type,
       ChildProcessSecurityPolicyImpl::GetInstance();
 
   // Check if the renderer is permitted to request the requested URL.
-  if (!policy->CanRequestURL(child_id, request_data.url)) {
+  if (!policy->CanRequestURL(child_id, request_data.url,
+                             request_data.resource_type)) {
     VLOG(1) << "Denied unauthorized request for "
             << request_data.url.possibly_invalid_spec();
     return false;
@@ -526,8 +527,10 @@ net::Error ResourceDispatcherHostImpl::BeginDownload(
   }
   request->set_load_flags(request->load_flags() | extra_load_flags);
   // Check if the renderer is permitted to request the requested URL.
+  // TODO: ResourceType::LAST_TYPE is the place holder, I think it is the
+  // best type to pass.
   if (!ChildProcessSecurityPolicyImpl::GetInstance()->
-          CanRequestURL(child_id, url)) {
+          CanRequestURL(child_id, url, ResourceType::LAST_TYPE)) {

[Charlie Reis, 2012/11/28 18:58:26]

This is also making me second guess my suggestion to change CanRequestURL.

     VLOG(1) << "Denied unauthorized download request for "
             << url.possibly_invalid_spec();
     return CallbackAndReturn(started_callback, net::ERR_ACCESS_DENIED);