| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc
e-loading | 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc
e-loading |
| 6 | 6 |
| 7 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 7 #include "content/browser/loader/resource_dispatcher_host_impl.h" |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <set> | 10 #include <set> |
| (...skipping 2334 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2345 load_flags |= net::LOAD_MAIN_FRAME; | 2345 load_flags |= net::LOAD_MAIN_FRAME; |
| 2346 } else if (request_data.resource_type == RESOURCE_TYPE_PREFETCH) { | 2346 } else if (request_data.resource_type == RESOURCE_TYPE_PREFETCH) { |
| 2347 load_flags |= net::LOAD_PREFETCH; | 2347 load_flags |= net::LOAD_PREFETCH; |
| 2348 } | 2348 } |
| 2349 | 2349 |
| 2350 if (is_sync_load) | 2350 if (is_sync_load) |
| 2351 load_flags |= net::LOAD_IGNORE_LIMITS; | 2351 load_flags |= net::LOAD_IGNORE_LIMITS; |
| 2352 | 2352 |
| 2353 ChildProcessSecurityPolicyImpl* policy = | 2353 ChildProcessSecurityPolicyImpl* policy = |
| 2354 ChildProcessSecurityPolicyImpl::GetInstance(); | 2354 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 2355 if (!policy->CanSendCookiesForOrigin(child_id, request_data.url)) { | |
| 2356 load_flags |= (net::LOAD_DO_NOT_SEND_COOKIES | | |
| 2357 net::LOAD_DO_NOT_SEND_AUTH_DATA | | |
| 2358 net::LOAD_DO_NOT_SAVE_COOKIES); | |
| 2359 } | |
| 2360 | 2355 |
| 2361 // Raw headers are sensitive, as they include Cookie/Set-Cookie, so only | 2356 // Raw headers are sensitive, as they include Cookie/Set-Cookie, so only |
| 2362 // allow requesting them if requester has ReadRawCookies permission. | 2357 // allow requesting them if requester has ReadRawCookies permission. |
| 2363 if ((load_flags & net::LOAD_REPORT_RAW_HEADERS) | 2358 if ((load_flags & net::LOAD_REPORT_RAW_HEADERS) |
| 2364 && !policy->CanReadRawCookies(child_id)) { | 2359 && !policy->CanReadRawCookies(child_id)) { |
| 2365 VLOG(1) << "Denied unauthorized request for raw headers"; | 2360 VLOG(1) << "Denied unauthorized request for raw headers"; |
| 2366 load_flags &= ~net::LOAD_REPORT_RAW_HEADERS; | 2361 load_flags &= ~net::LOAD_REPORT_RAW_HEADERS; |
| 2367 } | 2362 } |
| 2368 | 2363 |
| 2369 // Add a flag to selectively bypass the data reduction proxy if the resource | 2364 // Add a flag to selectively bypass the data reduction proxy if the resource |
| 2370 // type is not an image. | 2365 // type is not an image. |
| 2371 if (request_data.resource_type != RESOURCE_TYPE_IMAGE) | 2366 if (request_data.resource_type != RESOURCE_TYPE_IMAGE) |
| 2372 load_flags |= net::LOAD_BYPASS_DATA_REDUCTION_PROXY; | 2367 load_flags |= net::LOAD_BYPASS_DATA_REDUCTION_PROXY; |
| 2373 | 2368 |
| 2374 return load_flags; | 2369 return load_flags; |
| 2375 } | 2370 } |
| 2376 | 2371 |
| 2377 } // namespace content | 2372 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1144253003:
Remove --enable-strict-site-isolation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master