Chromium Code Reviews Chromium Code Reviews
Issue 11416121:
Prevent cross-site pages when --site-per-process is passed (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: content/browser/renderer_host/resource_dispatcher_host_impl.cc |
| diff --git a/content/browser/renderer_host/resource_dispatcher_host_impl.cc b/content/browser/renderer_host/resource_dispatcher_host_impl.cc |
| index 111edc5a9fdabf7eed215daf838f2d97c91f399b..cb224bd12fa7e21fa6be90249f4fac6f94077070 100644 |
| --- a/content/browser/renderer_host/resource_dispatcher_host_impl.cc |
| +++ b/content/browser/renderer_host/resource_dispatcher_host_impl.cc |
| @@ -168,6 +168,14 @@ bool ShouldServiceRequest(ProcessType process_type, |
| return false; |
| } |
| + if (!policy->CanLoadPage(child_id, request_data.url, |
| + request_data.resource_type)) { |
| + VLOG(1) << "Denied unauthorized request for " |
| + << request_data.url.possibly_invalid_spec() |
| + << "because --site-per-process flag is used."; |
| + return false; |
| + } |
|
Charlie Reis
2012/11/29 22:00:54
This looks good, but I wonder if it's the right pl
|
| + |
| // Check if the renderer is permitted to upload the requested files. |
| if (request_data.request_body) { |
| const std::vector<ResourceRequestBody::Element>* uploads = |
| @@ -526,6 +534,7 @@ net::Error ResourceDispatcherHostImpl::BeginDownload( |
| } |
| request->set_load_flags(request->load_flags() | extra_load_flags); |
| // Check if the renderer is permitted to request the requested URL. |
| + // TODO(irobert): Should we call CanRequestPage for download request? |
|
irobert
2012/11/28 22:50:41
I think you have already answered this question. W
Charlie Reis
2012/11/29 22:00:54
Correct. We only want to block cross-site pages f
|
| if (!ChildProcessSecurityPolicyImpl::GetInstance()-> |
| CanRequestURL(child_id, url)) { |
| VLOG(1) << "Denied unauthorized download request for " |
