Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1830)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/public/common/content_switches.cc

Issue 1144253003: Remove --enable-strict-site-isolation (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Set correct upstream Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/site_instance_impl_unittest.cc ('K') | « content/public/common/content_switches.h ('k') | content/renderer/render_frame_impl.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/public/common/content_switches.cc
diff --git a/content/public/common/content_switches.cc b/content/public/common/content_switches.cc
index f7c94dde293d6a073cd00434928d7faef4a285aa..3c4416e71493f1a7958db9ef42c67edcfc74ec44 100644
--- a/content/public/common/content_switches.cc
+++ b/content/public/common/content_switches.cc
@@ -437,18 +437,6 @@ const char kEnableStaleWhileRevalidate[] = "enable-stale-while-revalidate";
// Enables StatsTable, logging statistics to a global named shared memory table.
const char kEnableStatsTable[] = "enable-stats-table";
-// Experimentally ensures that each renderer process:
-// 1) Only handles rendering for pages from a single site, apart from iframes.
-// (Note that a page can reference content from multiple origins due to images,
-// JavaScript files, etc. Cross-site iframes are also loaded in-process.)
-// 2) Only has authority to see or use cookies for the page's top-level origin.
-// (So if a.com iframes b.com, the b.com network request will be sent without
-// cookies.)
-// This is expected to break compatibility with many pages for now. Unlike the
-// --site-per-process flag, this allows cross-site iframes, but it blocks all
-// cookies on cross-site requests.
-const char kEnableStrictSiteIsolation[] = "enable-strict-site-isolation";
-
// Blocks all insecure requests from secure contexts, and prevents the user
// from overriding that decision.
const char kEnableStrictMixedContentChecking[] =
@@ -749,15 +737,16 @@ const char kShowPaintRects[] = "show-paint-rects";
// Runs the renderer and plugins in the same process as the browser
const char kSingleProcess[] = "single-process";
-// Experimentally enforces a one-site-per-process security policy.
-// All cross-site navigations force process swaps, and we can restrict a
-// renderer process's access rights based on its site. For details, see:
-// http://www.chromium.org/developers/design-documents/site-isolation
+// Enforces a one-site-per-process security policy:
+// * Each renderer process, for its whole lifetime, is dedicated to rendering
+// pages for just one site.
+// * Thus, pages from different sites are never in the same process.
+// * A renderer process's access rights are restricted based on its site.
+// * All cross-site navigations force process swaps.
+// * <iframe>s are rendered out-of-process whenever the src= is cross-site.
//
-// Unlike --enable-strict-site-isolation (which allows cross-site iframes),
-// this flag does not affect which cookies are attached to cross-site requests.
-// Support is being added to render cross-site iframes in a different process
-// than their parent pages.
+// More details here:
+// http://www.chromium.org/developers/design-documents/site-isolation
const char kSitePerProcess[] = "site-per-process";
// Skip gpu info collection, blacklist loading, and blacklist auto-update
« content/browser/site_instance_impl_unittest.cc ('K') | « content/public/common/content_switches.h ('k') | content/renderer/render_frame_impl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698