| Index: content/browser/loader/resource_loader.cc
|
| diff --git a/content/browser/loader/resource_loader.cc b/content/browser/loader/resource_loader.cc
|
| index 2d35482a5f9290fa8ee3a92251985d1462ba2f31..f9cd754370b918b331801942aabbc1f8f2f8edab 100644
|
| --- a/content/browser/loader/resource_loader.cc
|
| +++ b/content/browser/loader/resource_loader.cc
|
| @@ -303,6 +303,19 @@ void ResourceLoader::OnResponseStarted(net::URLRequest* unused) {
|
|
|
| VLOG(1) << "OnResponseStarted: " << request_->url().spec();
|
|
|
| + // The CanLoadPage check should take place after any server redirects have
|
| + // finished, at the point in time that we know a page will commit in the
|
| + // renderer process.
|
| + ResourceRequestInfoImpl* info = GetRequestInfo();
|
| + ChildProcessSecurityPolicyImpl* policy =
|
| + ChildProcessSecurityPolicyImpl::GetInstance();
|
| + if (!policy->CanLoadPage(info->GetChildID(),
|
| + request_->url(),
|
| + info->GetResourceType())) {
|
| + Cancel();
|
| + return;
|
| + }
|
| +
|
| if (!request_->status().is_success()) {
|
| ResponseCompleted();
|
| return;
|
|
|
Chromium Code Reviews
Issue 11416121:
Prevent cross-site pages when --site-per-process is passed (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src