Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(29)

Unified Diff: content/browser/webui/url_data_manager_backend.cc

Issue 134263005: Implement inline signin with iframe (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: fix for various iframe bugs Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/chrome_tests.gypi ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/webui/url_data_manager_backend.cc
diff --git a/content/browser/webui/url_data_manager_backend.cc b/content/browser/webui/url_data_manager_backend.cc
index 3f24b6c5f0b24d84c1ee6dd21901ecd12f039e2a..22f275e55a23417d4da5613e15b87b780e6efd11 100644
--- a/content/browser/webui/url_data_manager_backend.cc
+++ b/content/browser/webui/url_data_manager_backend.cc
@@ -26,6 +26,7 @@
#include "content/browser/tcmalloc_internals_request_job.h"
#include "content/browser/webui/shared_resources_data_source.h"
#include "content/browser/webui/url_data_source_impl.h"
+#include "content/public/browser/browser_context.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/content_browser_client.h"
#include "content/public/browser/render_process_host.h"
@@ -160,7 +161,13 @@ class URLRequestChromeJob : public net::URLRequestJob,
// Helper for Start(), to let us start asynchronously.
// (This pattern is shared by most net::URLRequestJob implementations.)
- void StartAsync();
+ void StartAsync(bool allowed);
+
+ // Called on the UI thread to check if this request is allowed.
+ static void CheckStoragePartitionMatches(
+ int render_process_id,
+ const GURL& url,
+ const base::WeakPtr<URLRequestChromeJob>& job);
// Do the actual copy from data_ (the data we're serving) into |buf|.
// Separate from ReadRawData so we can handle async I/O.
@@ -229,12 +236,14 @@ URLRequestChromeJob::~URLRequestChromeJob() {
}
void URLRequestChromeJob::Start() {
- // Start reading asynchronously so that all error reporting and data
- // callbacks happen as they would for network requests.
- base::MessageLoop::current()->PostTask(
+ int render_process_id, unused;
+ ResourceRequestInfo::GetRenderFrameForRequest(
+ request_, &render_process_id, &unused);
+ BrowserThread::PostTask(
+ BrowserThread::UI,
FROM_HERE,
- base::Bind(&URLRequestChromeJob::StartAsync, weak_factory_.GetWeakPtr()));
-
+ base::Bind(&URLRequestChromeJob::CheckStoragePartitionMatches,
+ render_process_id, request_->url(), AsWeakPtr()));
TRACE_EVENT_ASYNC_BEGIN1("browser", "DataManager:Request", this, "URL",
request_->url().possibly_invalid_spec());
}
@@ -338,11 +347,47 @@ void URLRequestChromeJob::CompleteRead(net::IOBuffer* buf, int buf_size,
*bytes_read = buf_size;
}
-void URLRequestChromeJob::StartAsync() {
+void URLRequestChromeJob::CheckStoragePartitionMatches(
+ int render_process_id,
+ const GURL& url,
+ const base::WeakPtr<URLRequestChromeJob>& job) {
+ // The embedder could put some webui pages in separate storage partition.
+ // RenderProcessHostImpl::IsSuitableHost would guard against top level pages
+ // being in the same process. We do an extra check to guard against an
+ // exploited renderer pretending to add them as a subframe. We skip this check
+ // for resources.
+ // TODO(guohui): move URL constants for favicon, theme, thumb, thumb and
+ // thumbnails from chrome/common/url_constants.h to
+ // content/public/common/url_constants.h, so that they could be reused here.
+ bool allowed = false;
+ if (url.SchemeIs(kChromeUIScheme) &&
+ (url.host() == kChromeUIResourcesHost ||
+ url.host() == "favicon" ||
+ url.host() == "theme" ||
+ url.host() == "thumb" ||
+ url.host() == "thumb2" ||
+ url.host() == "thumbnails")) {
+ allowed = true;
+ } else {
+ RenderProcessHost* process = RenderProcessHost::FromID(render_process_id);
+ if (process) {
+ StoragePartition* partition = BrowserContext::GetStoragePartitionForSite(
+ process->GetBrowserContext(), url);
+ allowed = partition == process->GetStoragePartition();
+ }
+ }
+
+ BrowserThread::PostTask(
+ BrowserThread::IO,
+ FROM_HERE,
+ base::Bind(&URLRequestChromeJob::StartAsync, job, allowed));
+}
+
+void URLRequestChromeJob::StartAsync(bool allowed) {
if (!request_)
return;
- if (!backend_->StartRequest(request_, this)) {
+ if (!allowed || !backend_->StartRequest(request_, this)) {
NotifyStartError(net::URLRequestStatus(net::URLRequestStatus::FAILED,
net::ERR_INVALID_URL));
}
« no previous file with comments | « chrome/chrome_tests.gypi ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698