Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(373)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/child_process_security_policy_impl.cc

Issue 11416121: Prevent cross-site pages when --site-per-process is passed (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix Comments Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/child_process_security_policy_impl.h ('K') | « content/browser/child_process_security_policy_impl.h ('k') | content/browser/loader/resource_loader.cc » ('j') | content/browser/site_per_process_browsertest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/child_process_security_policy_impl.cc
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index e86ccaede0d8cf29f508d71c6a58dbe80844c1c2..d3050bdfee8108f9916139ae423bbdc96f5b1e6f 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -167,6 +167,16 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
return false;
}
+ bool CanLoadPage(const GURL& gurl){
Charlie Reis 2012/12/06 01:42:45 nit: Space before {
irobert 2012/12/06 19:10:40 Done.
+ if (origin_lock_.is_empty())
+ return true;
+ // TODO(creis): We must pass the valid browser_context to convert hosted
nasko 2012/12/06 17:20:15 nit: Having a blank line before the comment seems
irobert 2012/12/06 19:10:40 Done.
+ // apps URLs. Currently, hosted apps cannot be loaded in this mode.
+ // See http://crbug.com/160576.
+ GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl);
nasko 2012/12/06 17:20:15 Is NULL valid input? It seems to me that it will c
Charlie Reis 2012/12/06 18:07:17 This is the same setup as CanAccessCookiesForOrigi
+ return origin_lock_ == site_gurl;
+ }
+
bool CanAccessCookiesForOrigin(const GURL& gurl) {
if (origin_lock_.is_empty())
return true;
@@ -487,6 +497,27 @@ void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) {
state->second->RevokeReadRawCookies();
}
+bool ChildProcessSecurityPolicyImpl::CanLoadPage(
+ int child_id,
+ const GURL& url,
+ ResourceType::Type resource_type) {
+ // If --site-per-process flag is passed, we should enforce
+ // stronger security restrictions on page navigation.
+ if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kSitePerProcess) &&
+ ResourceType::IsFrame(resource_type)) {
+ // TODO(irobert): This currently breaks some WebUI page such as
+ // "chrome://extensions/" (belongs to site chrome://chrome/) which
+ // will load an iframe for the page "chrome://uber-frame/"
+ // (belongs to site chrome://uber-frame/).
+ base::AutoLock lock(lock_);
+ SecurityStateMap::iterator state = security_state_.find(child_id);
+ if (state == security_state_.end())
+ return false;
+ return state->second->CanLoadPage(url);
+ }
+ return true;
+}
+
bool ChildProcessSecurityPolicyImpl::CanRequestURL(
int child_id, const GURL& url) {
if (!url.is_valid())
« content/browser/child_process_security_policy_impl.h ('K') | « content/browser/child_process_security_policy_impl.h ('k') | content/browser/loader/resource_loader.cc » ('j') | content/browser/site_per_process_browsertest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698