Index: content/browser/loader/resource_loader.cc |
diff --git a/content/browser/loader/resource_loader.cc b/content/browser/loader/resource_loader.cc |
index 2d35482a5f9290fa8ee3a92251985d1462ba2f31..4c4959005a73a21b8bc4518ffc1723bb77b19040 100644 |
--- a/content/browser/loader/resource_loader.cc |
+++ b/content/browser/loader/resource_loader.cc |
@@ -4,6 +4,7 @@ |
#include "content/browser/loader/resource_loader.h" |
+#include "base/command_line.h" |
#include "base/message_loop.h" |
#include "base/time.h" |
#include "content/browser/child_process_security_policy_impl.h" |
@@ -15,6 +16,8 @@ |
#include "content/common/ssl_status_serialization.h" |
#include "content/public/browser/cert_store.h" |
#include "content/public/browser/resource_dispatcher_host_login_delegate.h" |
+#include "content/public/common/content_client.h" |
+#include "content/public/common/content_switches.h" |
#include "content/public/common/resource_response.h" |
#include "net/base/load_flags.h" |
#include "net/http/http_response_headers.h" |
@@ -303,6 +306,19 @@ void ResourceLoader::OnResponseStarted(net::URLRequest* unused) { |
VLOG(1) << "OnResponseStarted: " << request_->url().spec(); |
+ // The CanLoadPage check should take place after any server redirects have |
+ // finished, at the point in time that we know a page will commit in the |
+ // renderer process. |
+ ResourceRequestInfoImpl* info = GetRequestInfo(); |
+ ChildProcessSecurityPolicyImpl* policy = |
+ ChildProcessSecurityPolicyImpl::GetInstance(); |
+ if (!policy->CanLoadPage(info->GetChildID(), |
+ request_->url(), |
+ info->GetResourceType())) { |
+ Cancel(); |
+ return; |
+ } |
+ |
if (!request_->status().is_success()) { |
ResponseCompleted(); |
return; |