| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
| (...skipping 497 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 508 } | 508 } |
| 509 | 509 |
| 510 bool ChildProcessSecurityPolicyImpl::CanLoadPage( | 510 bool ChildProcessSecurityPolicyImpl::CanLoadPage( |
| 511 int child_id, | 511 int child_id, |
| 512 const GURL& url, | 512 const GURL& url, |
| 513 ResourceType::Type resource_type) { | 513 ResourceType::Type resource_type) { |
| 514 // If --site-per-process flag is passed, we should enforce | 514 // If --site-per-process flag is passed, we should enforce |
| 515 // stronger security restrictions on page navigation. | 515 // stronger security restrictions on page navigation. |
| 516 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kSitePerProcess) && | 516 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kSitePerProcess) && |
| 517 ResourceType::IsFrame(resource_type)) { | 517 ResourceType::IsFrame(resource_type)) { |
| 518 // TODO(irobert): This currently breaks some WebUI page such as | 518 // TODO(nasko): Do the proper check for site-per-process, once |
| 519 // "chrome://extensions/" (belongs to site chrome://chrome/) which | 519 // out-of-process iframes is ready to go. |
| 520 // will load an iframe for the page "chrome://uber-frame/" | 520 return true; |
| 521 // (belongs to site chrome://uber-frame/). | |
| 522 base::AutoLock lock(lock_); | |
| 523 SecurityStateMap::iterator state = security_state_.find(child_id); | |
| 524 if (state == security_state_.end()) | |
| 525 return false; | |
| 526 return state->second->CanLoadPage(url); | |
| 527 } | 521 } |
| 528 return true; | 522 return true; |
| 529 } | 523 } |
| 530 | 524 |
| 531 bool ChildProcessSecurityPolicyImpl::CanRequestURL( | 525 bool ChildProcessSecurityPolicyImpl::CanRequestURL( |
| 532 int child_id, const GURL& url) { | 526 int child_id, const GURL& url) { |
| 533 if (!url.is_valid()) | 527 if (!url.is_valid()) |
| 534 return false; // Can't request invalid URLs. | 528 return false; // Can't request invalid URLs. |
| 535 | 529 |
| 536 if (IsDisabledScheme(url.scheme())) | 530 if (IsDisabledScheme(url.scheme())) |
| (...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 707 int permission) { | 701 int permission) { |
| 708 base::AutoLock lock(lock_); | 702 base::AutoLock lock(lock_); |
| 709 | 703 |
| 710 SecurityStateMap::iterator state = security_state_.find(child_id); | 704 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 711 if (state == security_state_.end()) | 705 if (state == security_state_.end()) |
| 712 return false; | 706 return false; |
| 713 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); | 707 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); |
| 714 } | 708 } |
| 715 | 709 |
| 716 } // namespace content | 710 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11772005:
Implement a prototype to render cross-site iframes in a separate process from their parent. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src