Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1068)

Unified Diff: content/browser/renderer_host/resource_loader.cc

Issue 11416121: Prevent cross-site pages when --site-per-process is passed (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix Iframe Redirect Flaw Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/browser/renderer_host/resource_loader.cc
diff --git a/content/browser/renderer_host/resource_loader.cc b/content/browser/renderer_host/resource_loader.cc
index be893d7c97440ff2068932fe1b17f50374fdd48b..f167ad440e95c57f016845ee99ba4ff503c0e19a 100644
--- a/content/browser/renderer_host/resource_loader.cc
+++ b/content/browser/renderer_host/resource_loader.cc
@@ -211,6 +211,28 @@ void ResourceLoader::OnReceivedRedirect(net::URLRequest* unused,
return;
}
+ // This will block all of the Cross-site redirect for Sub_Frame.
+ // TODO(irobert): We should allow the following case:
+ // Iframe page (a.com/svrRedirect.php) in page (a.com/index.html)
+ // do the server-side redirect to page (b.com/svrRedirect.php) which
+ // eventually redirect the iframe back to page (a.com/static.html).
+ // Since server-side redirect does not load the page into the render
+ // process, we are safe in this situation and should allow it.
+ //
+ // But we need to block the following case:
+ // Iframe page (a.com/svrRedirect.php) in page (a.com/index.html)
+ // do the server-side redirect to page (b.com/clientRedirect.php) which
+ // eventually redirect the iframe back to page (a.com/static.html).
+ // Since client-side redirect DOES load the page into the render
+ // process, we should block it.
Charlie Reis 2012/11/29 22:00:54 This comment is correct. That makes me think we s
+ if (!ChildProcessSecurityPolicyImpl::GetInstance()->
+ CanLoadPage(info->GetChildID(), new_url,
+ info->GetResourceType())) {
+ // Tell the renderer that this request was disallowed.
+ Cancel();
+ return;
+ }
+
delegate_->DidReceiveRedirect(this, new_url);
if (delegate_->HandleExternalProtocol(this, new_url)) {

Powered by Google App Engine
This is Rietveld 408576698