Index: content/browser/renderer_host/resource_dispatcher_host_impl.cc |
diff --git a/content/browser/renderer_host/resource_dispatcher_host_impl.cc b/content/browser/renderer_host/resource_dispatcher_host_impl.cc |
index 111edc5a9fdabf7eed215daf838f2d97c91f399b..cb224bd12fa7e21fa6be90249f4fac6f94077070 100644 |
--- a/content/browser/renderer_host/resource_dispatcher_host_impl.cc |
+++ b/content/browser/renderer_host/resource_dispatcher_host_impl.cc |
@@ -168,6 +168,14 @@ bool ShouldServiceRequest(ProcessType process_type, |
return false; |
} |
+ if (!policy->CanLoadPage(child_id, request_data.url, |
+ request_data.resource_type)) { |
+ VLOG(1) << "Denied unauthorized request for " |
+ << request_data.url.possibly_invalid_spec() |
+ << "because --site-per-process flag is used."; |
+ return false; |
+ } |
Charlie Reis
2012/11/29 22:00:54
This looks good, but I wonder if it's the right pl
|
+ |
// Check if the renderer is permitted to upload the requested files. |
if (request_data.request_body) { |
const std::vector<ResourceRequestBody::Element>* uploads = |
@@ -526,6 +534,7 @@ net::Error ResourceDispatcherHostImpl::BeginDownload( |
} |
request->set_load_flags(request->load_flags() | extra_load_flags); |
// Check if the renderer is permitted to request the requested URL. |
+ // TODO(irobert): Should we call CanRequestPage for download request? |
irobert
2012/11/28 22:50:41
I think you have already answered this question. W
Charlie Reis
2012/11/29 22:00:54
Correct. We only want to block cross-site pages f
|
if (!ChildProcessSecurityPolicyImpl::GetInstance()-> |
CanRequestURL(child_id, url)) { |
VLOG(1) << "Denied unauthorized download request for " |