Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(685)

Unified Diff: content/browser/renderer_host/resource_loader.cc

Issue 11416121: Prevent cross-site pages when --site-per-process is passed (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix Redirect Bug and Tests Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/browser/renderer_host/resource_loader.cc
diff --git a/content/browser/renderer_host/resource_loader.cc b/content/browser/renderer_host/resource_loader.cc
index be893d7c97440ff2068932fe1b17f50374fdd48b..f3f2effd500a5f71fd02d2cede419d4555ba7098 100644
--- a/content/browser/renderer_host/resource_loader.cc
+++ b/content/browser/renderer_host/resource_loader.cc
@@ -303,6 +303,29 @@ void ResourceLoader::OnResponseStarted(net::URLRequest* unused) {
VLOG(1) << "OnResponseStarted: " << request_->url().spec();
+ // We should allow the following case:
+ // Iframe page (a.com/svrRedirect.php) in page (a.com/index.html)
+ // do the server-side redirect to page (b.com/svrRedirect.php) which
+ // eventually redirect the iframe back to page (a.com/static.html).
+ // Since server-side redirect does not load the page into the render
+ // process, we are safe in this situation and should allow it.
+ //
+ // But we need to block the following case:
+ // Iframe page (a.com/svrRedirect.php) in page (a.com/index.html)
+ // do the server-side redirect to page (b.com/clientRedirect.php) which
+ // eventually redirect the iframe back to page (a.com/static.html).
+ // Since client-side redirect DOES load the page into the render
+ // process, we should block it.
Charlie Reis 2012/12/05 02:02:58 This is a nice comment but it's kind of out of pla
irobert 2012/12/05 19:00:03 Done.
+ ResourceRequestInfoImpl* info = GetRequestInfo();
+ ChildProcessSecurityPolicyImpl* policy =
+ ChildProcessSecurityPolicyImpl::GetInstance();
+ if (!policy->CanLoadPage(info->GetChildID(),
+ request_->url(),
+ info->GetResourceType())) {
+ Cancel();
+ return;
+ }
+
if (!request_->status().is_success()) {
ResponseCompleted();
return;

Powered by Google App Engine
This is Rietveld 408576698