| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | 5 #include <set> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "content/browser/child_process_security_policy_impl.h" | 10 #include "content/browser/child_process_security_policy_impl.h" |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 148 | 148 |
| 149 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme)); | 149 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme)); |
| 150 } | 150 } |
| 151 | 151 |
| 152 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { | 152 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { |
| 153 ChildProcessSecurityPolicyImpl* p = | 153 ChildProcessSecurityPolicyImpl* p = |
| 154 ChildProcessSecurityPolicyImpl::GetInstance(); | 154 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 155 | 155 |
| 156 p->Add(kRendererID); | 156 p->Add(kRendererID); |
| 157 | 157 |
| 158 // Safe | 158 // Safe to request or commit. |
| 159 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); | 159 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); |
| 160 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); | 160 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); |
| 161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); | 161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); |
| 162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | 162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
| 163 EXPECT_TRUE(p->CanRequestURL( |
| 164 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
| 165 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/"))); |
| 166 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/"))); |
| 167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); |
| 168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
| 169 EXPECT_TRUE(p->CanCommitURL( |
| 170 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
| 171 |
| 172 // Safe to request but not commit. |
| 163 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 173 EXPECT_TRUE(p->CanRequestURL(kRendererID, |
| 164 GURL("view-source:http://www.google.com/"))); | 174 GURL("view-source:http://www.google.com/"))); |
| 165 EXPECT_TRUE(p->CanRequestURL( | 175 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
| 166 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); | 176 GURL("view-source:http://www.google.com/"))); |
| 167 | 177 |
| 168 // Dangerous | 178 // Dangerous to request or commit. |
| 169 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 179 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| 170 GURL("file:///etc/passwd"))); | 180 GURL("file:///etc/passwd"))); |
| 171 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 181 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| 172 GURL("chrome://foo/bar"))); | 182 GURL("chrome://foo/bar"))); |
| 183 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
| 184 GURL("file:///etc/passwd"))); |
| 185 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
| 186 GURL("chrome://foo/bar"))); |
| 173 | 187 |
| 174 p->Remove(kRendererID); | 188 p->Remove(kRendererID); |
| 175 } | 189 } |
| 176 | 190 |
| 177 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { | 191 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { |
| 178 ChildProcessSecurityPolicyImpl* p = | 192 ChildProcessSecurityPolicyImpl* p = |
| 179 ChildProcessSecurityPolicyImpl::GetInstance(); | 193 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 180 | 194 |
| 181 p->Add(kRendererID); | 195 p->Add(kRendererID); |
| 182 | 196 |
| 183 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); | 197 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); |
| 184 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); | 198 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); |
| 185 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); | 199 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); |
| 186 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); | 200 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); |
| 201 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank"))); |
| 202 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK"))); |
| 203 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK"))); |
| 204 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank"))); |
| 187 | 205 |
| 188 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); | 206 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); |
| 189 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 207 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
| 190 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); | 208 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); |
| 191 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); | 209 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); |
| 210 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:memory"))); |
| 211 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); |
| 212 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache"))); |
| 213 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang"))); |
| 192 | 214 |
| 193 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); | 215 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); |
| 194 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); | 216 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); |
| 195 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); | 217 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); |
| 218 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:memory"))); |
| 219 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh"))); |
| 220 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe"))); |
| 196 | 221 |
| 197 // Requests for about: pages should be denied. | 222 // Requests for about: pages should be denied. |
| 198 p->GrantRequestURL(kRendererID, GURL("about:crash")); | 223 p->GrantRequestURL(kRendererID, GURL("about:crash")); |
| 199 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 224 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
| 225 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash"))); |
| 200 | 226 |
| 201 // These requests for chrome:// pages should be granted. | 227 // These requests for chrome:// pages should be granted. |
| 202 GURL chrome_url("chrome://foo"); | 228 GURL chrome_url("chrome://foo"); |
| 203 p->GrantRequestURL(kRendererID, chrome_url); | 229 p->GrantRequestURL(kRendererID, chrome_url); |
| 204 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); | 230 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); |
| 231 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url)); |
| 205 | 232 |
| 206 p->Remove(kRendererID); | 233 p->Remove(kRendererID); |
| 207 } | 234 } |
| 208 | 235 |
| 209 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { | 236 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { |
| 210 ChildProcessSecurityPolicyImpl* p = | 237 ChildProcessSecurityPolicyImpl* p = |
| 211 ChildProcessSecurityPolicyImpl::GetInstance(); | 238 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 212 | 239 |
| 213 p->Add(kRendererID); | 240 p->Add(kRendererID); |
| 214 | 241 |
| 215 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 242 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| 243 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); |
| 216 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); | 244 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); |
| 217 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 245 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| 246 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); |
| 218 | 247 |
| 219 p->Remove(kRendererID); | 248 p->Remove(kRendererID); |
| 220 } | 249 } |
| 221 | 250 |
| 222 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { | 251 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { |
| 223 ChildProcessSecurityPolicyImpl* p = | 252 ChildProcessSecurityPolicyImpl* p = |
| 224 ChildProcessSecurityPolicyImpl::GetInstance(); | 253 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 225 | 254 |
| 226 p->Add(kRendererID); | 255 p->Add(kRendererID); |
| 227 | 256 |
| 228 // Currently, "asdf" is destined for ShellExecute, so it is allowed. | 257 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be |
| 258 // requested but not committed. |
| 229 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 259 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| 260 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
| 230 | 261 |
| 231 // Once we register "asdf", we default to deny. | 262 // Once we register "asdf", we default to deny. |
| 232 RegisterTestScheme("asdf"); | 263 RegisterTestScheme("asdf"); |
| 233 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 264 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| 265 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
| 234 | 266 |
| 235 // We can allow new schemes by adding them to the whitelist. | 267 // We can allow new schemes by adding them to the whitelist. |
| 236 p->RegisterWebSafeScheme("asdf"); | 268 p->RegisterWebSafeScheme("asdf"); |
| 237 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 269 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| 270 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
| 238 | 271 |
| 239 // Cleanup. | 272 // Cleanup. |
| 240 p->Remove(kRendererID); | 273 p->Remove(kRendererID); |
| 241 } | 274 } |
| 242 | 275 |
| 243 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { | 276 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { |
| 244 ChildProcessSecurityPolicyImpl* p = | 277 ChildProcessSecurityPolicyImpl* p = |
| 245 ChildProcessSecurityPolicyImpl::GetInstance(); | 278 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 246 | 279 |
| 247 p->Add(kRendererID); | 280 p->Add(kRendererID); |
| 248 | 281 |
| 249 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 282 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 283 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 250 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); | 284 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); |
| 251 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 285 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 286 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 252 | 287 |
| 253 // We should forget our state if we repeat a renderer id. | 288 // We should forget our state if we repeat a renderer id. |
| 254 p->Remove(kRendererID); | 289 p->Remove(kRendererID); |
| 255 p->Add(kRendererID); | 290 p->Add(kRendererID); |
| 256 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 291 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 292 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 257 p->Remove(kRendererID); | 293 p->Remove(kRendererID); |
| 258 } | 294 } |
| 259 | 295 |
| 260 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { | 296 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { |
| 261 ChildProcessSecurityPolicyImpl* p = | 297 ChildProcessSecurityPolicyImpl* p = |
| 262 ChildProcessSecurityPolicyImpl::GetInstance(); | 298 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 263 | 299 |
| 264 p->Add(kRendererID); | 300 p->Add(kRendererID); |
| 265 | 301 |
| 266 // View source is determined by the embedded scheme. | 302 // View source is determined by the embedded scheme. |
| 267 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 303 EXPECT_TRUE(p->CanRequestURL(kRendererID, |
| 268 GURL("view-source:http://www.google.com/"))); | 304 GURL("view-source:http://www.google.com/"))); |
| 269 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 305 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| 270 GURL("view-source:file:///etc/passwd"))); | 306 GURL("view-source:file:///etc/passwd"))); |
| 271 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 307 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 272 EXPECT_FALSE(p->CanRequestURL( | 308 EXPECT_FALSE(p->CanRequestURL( |
| 273 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); | 309 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
| 274 | 310 |
| 311 // View source URLs don't actually commit; the renderer is put into view |
| 312 // source mode, and the inner URL commits. |
| 313 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
| 314 GURL("view-source:http://www.google.com/"))); |
| 315 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
| 316 GURL("view-source:file:///etc/passwd"))); |
| 317 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 318 EXPECT_FALSE(p->CanCommitURL( |
| 319 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
| 320 |
| 321 |
| 275 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); | 322 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); |
| 276 // View source needs to be able to request the embedded scheme. | 323 // View source needs to be able to request the embedded scheme. |
| 324 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 325 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 277 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 326 EXPECT_TRUE(p->CanRequestURL(kRendererID, |
| 278 GURL("view-source:file:///etc/passwd"))); | 327 GURL("view-source:file:///etc/passwd"))); |
| 279 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 328 EXPECT_FALSE(p->CanCommitURL(kRendererID, |
| 329 GURL("view-source:file:///etc/passwd"))); |
| 280 | 330 |
| 281 p->Remove(kRendererID); | 331 p->Remove(kRendererID); |
| 282 } | 332 } |
| 283 | 333 |
| 284 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { | 334 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { |
| 285 ChildProcessSecurityPolicyImpl* p = | 335 ChildProcessSecurityPolicyImpl* p = |
| 286 ChildProcessSecurityPolicyImpl::GetInstance(); | 336 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 287 | 337 |
| 288 p->Add(kRendererID); | 338 p->Add(kRendererID); |
| 289 | 339 |
| 290 GURL icon_url("file:///tmp/foo.png"); | 340 GURL icon_url("file:///tmp/foo.png"); |
| 291 GURL sensitive_url("file:///etc/passwd"); | 341 GURL sensitive_url("file:///etc/passwd"); |
| 292 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); | 342 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); |
| 293 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); | 343 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
| 344 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url)); |
| 345 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); |
| 294 | 346 |
| 295 p->GrantRequestSpecificFileURL(kRendererID, icon_url); | 347 p->GrantRequestSpecificFileURL(kRendererID, icon_url); |
| 296 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 348 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
| 297 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); | 349 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
| 350 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); |
| 351 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); |
| 298 | 352 |
| 299 p->GrantRequestURL(kRendererID, icon_url); | 353 p->GrantRequestURL(kRendererID, icon_url); |
| 300 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 354 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
| 301 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); | 355 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); |
| 356 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); |
| 357 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url)); |
| 302 | 358 |
| 303 p->Remove(kRendererID); | 359 p->Remove(kRendererID); |
| 304 } | 360 } |
| 305 | 361 |
| 306 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { | 362 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { |
| 307 ChildProcessSecurityPolicyImpl* p = | 363 ChildProcessSecurityPolicyImpl* p = |
| 308 ChildProcessSecurityPolicyImpl::GetInstance(); | 364 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 309 | 365 |
| 310 p->Add(kRendererID); | 366 p->Add(kRendererID); |
| 311 std::string read_id = | 367 std::string read_id = |
| (...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 635 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 691 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
| 636 // prepared to answer policy questions about renderers who no longer exist. | 692 // prepared to answer policy questions about renderers who no longer exist. |
| 637 | 693 |
| 638 // In this case, we default to secure behavior. | 694 // In this case, we default to secure behavior. |
| 639 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 695 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 640 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 696 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
| 641 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 697 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| 642 } | 698 } |
| 643 | 699 |
| 644 } // namespace content | 700 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1270663002:
Validate the Origin HTTP header in the browser process. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master