| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/loader/cross_site_resource_handler.h" | 5 #include "content/browser/loader/cross_site_resource_handler.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/command_line.h" | 11 #include "base/command_line.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "content/browser/appcache/appcache_interceptor.h" | 13 #include "content/browser/appcache/appcache_interceptor.h" |
| 14 #include "content/browser/child_process_security_policy_impl.h" | 14 #include "content/browser/child_process_security_policy_impl.h" |
| 15 #include "content/browser/frame_host/cross_site_transferring_request.h" | 15 #include "content/browser/frame_host/cross_site_transferring_request.h" |
| 16 #include "content/browser/frame_host/render_frame_host_impl.h" | 16 #include "content/browser/frame_host/render_frame_host_impl.h" |
| 17 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 17 #include "content/browser/loader/resource_dispatcher_host_impl.h" |
| 18 #include "content/browser/loader/resource_request_info_impl.h" | 18 #include "content/browser/loader/resource_request_info_impl.h" |
| 19 #include "content/browser/site_instance_impl.h" | 19 #include "content/browser/site_instance_impl.h" |
| 20 #include "content/browser/web_contents/web_contents_impl.h" | 20 #include "content/browser/web_contents/web_contents_impl.h" |
| 21 #include "content/common/resource_request_body.h" |
| 21 #include "content/common/site_isolation_policy.h" | 22 #include "content/common/site_isolation_policy.h" |
| 22 #include "content/public/browser/browser_thread.h" | 23 #include "content/public/browser/browser_thread.h" |
| 23 #include "content/public/browser/content_browser_client.h" | 24 #include "content/public/browser/content_browser_client.h" |
| 24 #include "content/public/browser/global_request_id.h" | 25 #include "content/public/browser/global_request_id.h" |
| 25 #include "content/public/browser/resource_controller.h" | 26 #include "content/public/browser/resource_controller.h" |
| 26 #include "content/public/browser/site_instance.h" | 27 #include "content/public/browser/site_instance.h" |
| 27 #include "content/public/common/content_switches.h" | 28 #include "content/public/common/content_switches.h" |
| 28 #include "content/public/common/resource_response.h" | 29 #include "content/public/common/resource_response.h" |
| 29 #include "content/public/common/url_constants.h" | 30 #include "content/public/common/url_constants.h" |
| 30 #include "net/http/http_response_headers.h" | 31 #include "net/http/http_response_headers.h" |
| 31 #include "net/url_request/url_request.h" | 32 #include "net/url_request/url_request.h" |
| 32 | 33 |
| 33 namespace content { | 34 namespace content { |
| 34 | 35 |
| 35 namespace { | 36 namespace { |
| 36 | 37 |
| 37 bool leak_requests_for_testing_ = false; | 38 bool leak_requests_for_testing_ = false; |
| 38 | 39 |
| 39 // The parameters to OnCrossSiteResponseHelper exceed the number of arguments | 40 // The parameters to OnCrossSiteResponseHelper exceed the number of arguments |
| 40 // base::Bind supports. | 41 // base::Bind supports. |
| 41 struct CrossSiteResponseParams { | 42 struct CrossSiteResponseParams { |
| 42 CrossSiteResponseParams( | 43 CrossSiteResponseParams( |
| 43 int render_frame_id, | 44 int render_frame_id, |
| 44 const GlobalRequestID& global_request_id, | 45 const GlobalRequestID& global_request_id, |
| 45 const std::vector<GURL>& transfer_url_chain, | 46 const std::vector<GURL>& transfer_url_chain, |
| 46 const Referrer& referrer, | 47 const Referrer& referrer, |
| 47 ui::PageTransition page_transition, | 48 ui::PageTransition page_transition, |
| 48 bool should_replace_current_entry) | 49 bool should_replace_current_entry, |
| 50 const scoped_refptr<ResourceRequestBody> resource_request_body) |
| 49 : render_frame_id(render_frame_id), | 51 : render_frame_id(render_frame_id), |
| 50 global_request_id(global_request_id), | 52 global_request_id(global_request_id), |
| 51 transfer_url_chain(transfer_url_chain), | 53 transfer_url_chain(transfer_url_chain), |
| 52 referrer(referrer), | 54 referrer(referrer), |
| 53 page_transition(page_transition), | 55 page_transition(page_transition), |
| 54 should_replace_current_entry(should_replace_current_entry) { | 56 should_replace_current_entry(should_replace_current_entry), |
| 55 } | 57 resource_request_body(resource_request_body) {} |
| 56 | 58 |
| 57 int render_frame_id; | 59 int render_frame_id; |
| 58 GlobalRequestID global_request_id; | 60 GlobalRequestID global_request_id; |
| 59 std::vector<GURL> transfer_url_chain; | 61 std::vector<GURL> transfer_url_chain; |
| 60 Referrer referrer; | 62 Referrer referrer; |
| 61 ui::PageTransition page_transition; | 63 ui::PageTransition page_transition; |
| 62 bool should_replace_current_entry; | 64 bool should_replace_current_entry; |
| 65 scoped_refptr<ResourceRequestBody> resource_request_body; |
| 63 }; | 66 }; |
| 64 | 67 |
| 65 void OnCrossSiteResponseHelper(const CrossSiteResponseParams& params) { | 68 void OnCrossSiteResponseHelper(const CrossSiteResponseParams& params) { |
| 66 std::unique_ptr<CrossSiteTransferringRequest> cross_site_transferring_request( | 69 std::unique_ptr<CrossSiteTransferringRequest> cross_site_transferring_request( |
| 67 new CrossSiteTransferringRequest(params.global_request_id)); | 70 new CrossSiteTransferringRequest(params.global_request_id)); |
| 68 | 71 |
| 69 RenderFrameHostImpl* rfh = | 72 RenderFrameHostImpl* rfh = |
| 70 RenderFrameHostImpl::FromID(params.global_request_id.child_id, | 73 RenderFrameHostImpl::FromID(params.global_request_id.child_id, |
| 71 params.render_frame_id); | 74 params.render_frame_id); |
| 72 if (rfh && rfh->is_active()) { | 75 if (rfh && rfh->is_active()) { |
| 73 if (rfh->GetParent()) { | 76 if (rfh->GetParent()) { |
| 74 // We should only swap processes for subframes in --site-per-process mode. | 77 // We should only swap processes for subframes in --site-per-process mode. |
| 75 // CrossSiteResourceHandler is not installed on subframe requests in | 78 // CrossSiteResourceHandler is not installed on subframe requests in |
| 76 // default Chrome. | 79 // default Chrome. |
| 77 CHECK(SiteIsolationPolicy::AreCrossProcessFramesPossible()); | 80 CHECK(SiteIsolationPolicy::AreCrossProcessFramesPossible()); |
| 78 } | 81 } |
| 82 |
| 83 // TODO(lukasza): DO NOT SUBMIT: Double-check that post body is cleared |
| 84 // upon redirect - otherwise we would leak post body to a cross-site |
| 85 // renderer (violating site isolation goals). |
| 86 |
| 79 rfh->OnCrossSiteResponse( | 87 rfh->OnCrossSiteResponse( |
| 80 params.global_request_id, std::move(cross_site_transferring_request), | 88 params.global_request_id, std::move(cross_site_transferring_request), |
| 81 params.transfer_url_chain, params.referrer, params.page_transition, | 89 params.transfer_url_chain, params.referrer, params.page_transition, |
| 82 params.should_replace_current_entry); | 90 params.should_replace_current_entry, params.resource_request_body); |
| 83 } else if (leak_requests_for_testing_) { | 91 } else if (leak_requests_for_testing_) { |
| 84 // Some unit tests expect requests to be leaked in this case, so they can | 92 // Some unit tests expect requests to be leaked in this case, so they can |
| 85 // pass them along manually. | 93 // pass them along manually. |
| 86 cross_site_transferring_request->ReleaseRequest(); | 94 cross_site_transferring_request->ReleaseRequest(); |
| 87 } | 95 } |
| 88 } | 96 } |
| 89 | 97 |
| 90 // Returns whether a transfer is needed by doing a check on the UI thread. | 98 // Returns whether a transfer is needed by doing a check on the UI thread. |
| 91 CrossSiteResourceHandler::NavigationDecision | 99 CrossSiteResourceHandler::NavigationDecision |
| 92 CheckNavigationPolicyOnUI(GURL real_url, int process_id, int render_frame_id) { | 100 CheckNavigationPolicyOnUI(GURL real_url, int process_id, int render_frame_id) { |
| (...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 324 // occurred, plus the destination URL at the end. | 332 // occurred, plus the destination URL at the end. |
| 325 std::vector<GURL> transfer_url_chain; | 333 std::vector<GURL> transfer_url_chain; |
| 326 Referrer referrer; | 334 Referrer referrer; |
| 327 int render_frame_id = info->GetRenderFrameID(); | 335 int render_frame_id = info->GetRenderFrameID(); |
| 328 transfer_url_chain = request()->url_chain(); | 336 transfer_url_chain = request()->url_chain(); |
| 329 referrer = Referrer(GURL(request()->referrer()), info->GetReferrerPolicy()); | 337 referrer = Referrer(GURL(request()->referrer()), info->GetReferrerPolicy()); |
| 330 ResourceDispatcherHostImpl::Get()->MarkAsTransferredNavigation(global_id, | 338 ResourceDispatcherHostImpl::Get()->MarkAsTransferredNavigation(global_id, |
| 331 response_); | 339 response_); |
| 332 | 340 |
| 333 BrowserThread::PostTask( | 341 BrowserThread::PostTask( |
| 334 BrowserThread::UI, | 342 BrowserThread::UI, FROM_HERE, |
| 335 FROM_HERE, | 343 base::Bind(&OnCrossSiteResponseHelper, |
| 336 base::Bind( | 344 CrossSiteResponseParams( |
| 337 &OnCrossSiteResponseHelper, | 345 render_frame_id, global_id, transfer_url_chain, referrer, |
| 338 CrossSiteResponseParams(render_frame_id, | 346 info->GetPageTransition(), |
| 339 global_id, | 347 info->should_replace_current_entry(), info->body()))); |
| 340 transfer_url_chain, | |
| 341 referrer, | |
| 342 info->GetPageTransition(), | |
| 343 info->should_replace_current_entry()))); | |
| 344 } | 348 } |
| 345 | 349 |
| 346 bool CrossSiteResourceHandler::DeferForNavigationPolicyCheck( | 350 bool CrossSiteResourceHandler::DeferForNavigationPolicyCheck( |
| 347 ResourceRequestInfoImpl* info, | 351 ResourceRequestInfoImpl* info, |
| 348 ResourceResponse* response, | 352 ResourceResponse* response, |
| 349 bool* defer) { | 353 bool* defer) { |
| 350 // Store the response_ object internally, since the navigation is deferred | 354 // Store the response_ object internally, since the navigation is deferred |
| 351 // regardless of whether it will be a transfer or not. | 355 // regardless of whether it will be a transfer or not. |
| 352 response_ = response; | 356 response_ = response; |
| 353 | 357 |
| (...skipping 28 matching lines...) Expand all Loading... |
| 382 controller()->Resume(); | 386 controller()->Resume(); |
| 383 } | 387 } |
| 384 } | 388 } |
| 385 | 389 |
| 386 void CrossSiteResourceHandler::OnDidDefer() { | 390 void CrossSiteResourceHandler::OnDidDefer() { |
| 387 did_defer_ = true; | 391 did_defer_ = true; |
| 388 request()->LogBlockedBy("CrossSiteResourceHandler"); | 392 request()->LogBlockedBy("CrossSiteResourceHandler"); |
| 389 } | 393 } |
| 390 | 394 |
| 391 } // namespace content | 395 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1956383003:
Forwarding POST body into renderer after a cross-site transfer. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master