OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/webui/url_data_manager_backend.h" | 5 #include "content/browser/webui/url_data_manager_backend.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 251 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
262 URLRequestChromeJob::~URLRequestChromeJob() { | 262 URLRequestChromeJob::~URLRequestChromeJob() { |
263 CHECK(!backend_->HasPendingJob(this)); | 263 CHECK(!backend_->HasPendingJob(this)); |
264 } | 264 } |
265 | 265 |
266 void URLRequestChromeJob::Start() { | 266 void URLRequestChromeJob::Start() { |
267 int render_process_id, unused; | 267 int render_process_id, unused; |
268 bool is_renderer_request = ResourceRequestInfo::GetRenderFrameForRequest( | 268 bool is_renderer_request = ResourceRequestInfo::GetRenderFrameForRequest( |
269 request_, &render_process_id, &unused); | 269 request_, &render_process_id, &unused); |
270 if (!is_renderer_request) | 270 if (!is_renderer_request) |
271 render_process_id = kNoRenderProcessId; | 271 render_process_id = kNoRenderProcessId; |
272 BrowserThread::PostTask( | 272 |
273 BrowserThread::UI, | 273 if (!is_renderer_request || request_->url().SchemeIs(kChromeUIScheme)) { |
274 FROM_HERE, | 274 StartAsync(true); |
275 base::Bind(&URLRequestChromeJob::CheckStoragePartitionMatches, | 275 } else { |
276 render_process_id, request_->url(), | 276 BrowserThread::PostTask( |
277 weak_factory_.GetWeakPtr())); | 277 BrowserThread::UI, |
278 FROM_HERE, | |
279 base::Bind(&URLRequestChromeJob::CheckStoragePartitionMatches, | |
280 render_process_id, request_->url(), | |
281 weak_factory_.GetWeakPtr())); | |
282 } | |
283 | |
278 TRACE_EVENT_ASYNC_BEGIN1("browser", "DataManager:Request", this, "URL", | 284 TRACE_EVENT_ASYNC_BEGIN1("browser", "DataManager:Request", this, "URL", |
279 request_->url().possibly_invalid_spec()); | 285 request_->url().possibly_invalid_spec()); |
280 } | 286 } |
281 | 287 |
282 void URLRequestChromeJob::Kill() { | 288 void URLRequestChromeJob::Kill() { |
283 weak_factory_.InvalidateWeakPtrs(); | 289 weak_factory_.InvalidateWeakPtrs(); |
284 backend_->RemoveRequest(this); | 290 backend_->RemoveRequest(this); |
285 URLRequestJob::Kill(); | 291 URLRequestJob::Kill(); |
286 } | 292 } |
287 | 293 |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
389 void URLRequestChromeJob::CheckStoragePartitionMatches( | 395 void URLRequestChromeJob::CheckStoragePartitionMatches( |
390 int render_process_id, | 396 int render_process_id, |
391 const GURL& url, | 397 const GURL& url, |
392 const base::WeakPtr<URLRequestChromeJob>& job) { | 398 const base::WeakPtr<URLRequestChromeJob>& job) { |
393 // The embedder could put some webui pages in separate storage partition. | 399 // The embedder could put some webui pages in separate storage partition. |
394 // RenderProcessHostImpl::IsSuitableHost would guard against top level pages | 400 // RenderProcessHostImpl::IsSuitableHost would guard against top level pages |
395 // being in the same process. We do an extra check to guard against an | 401 // being in the same process. We do an extra check to guard against an |
396 // exploited renderer pretending to add them as a subframe. We skip this check | 402 // exploited renderer pretending to add them as a subframe. We skip this check |
397 // for resources. | 403 // for resources. |
398 bool allowed = false; | 404 bool allowed = false; |
399 std::vector<std::string> hosts; | 405 RenderProcessHost* process = RenderProcessHost::FromID(render_process_id); |
400 GetContentClient()-> | 406 if (process) { |
401 browser()->GetAdditionalWebUIHostsToIgnoreParititionCheck(&hosts); | 407 StoragePartition* partition = BrowserContext::GetStoragePartitionForSite( |
402 if (url.SchemeIs(kChromeUIScheme) && | 408 process->GetBrowserContext(), url); |
403 (url.SchemeIs(kChromeUIScheme) || | 409 allowed = partition == process->GetStoragePartition(); |
404 std::find(hosts.begin(), hosts.end(), url.host()) != hosts.end())) { | |
Dan Beam
2016/05/17 03:24:14
|hosts| was never used because
if (thing && (th
Avi (use Gerrit)
2016/05/17 03:30:20
Right, but what CL introduced this silliness? What
Dan Beam
2016/05/17 03:32:16
https://codereview.chromium.org/183803023/#msg10
Charlie Reis
2016/05/17 21:08:10
Yeah, this code is definitely broken after https:/
| |
405 allowed = true; | |
406 } else if (render_process_id == kNoRenderProcessId) { | |
407 // Request was not issued by renderer. | |
408 allowed = true; | |
409 } else { | |
410 RenderProcessHost* process = RenderProcessHost::FromID(render_process_id); | |
411 if (process) { | |
412 StoragePartition* partition = BrowserContext::GetStoragePartitionForSite( | |
413 process->GetBrowserContext(), url); | |
414 allowed = partition == process->GetStoragePartition(); | |
415 } | |
416 } | 410 } |
417 | |
418 BrowserThread::PostTask( | 411 BrowserThread::PostTask( |
419 BrowserThread::IO, | 412 BrowserThread::IO, |
420 FROM_HERE, | 413 FROM_HERE, |
421 base::Bind(&URLRequestChromeJob::StartAsync, job, allowed)); | 414 base::Bind(&URLRequestChromeJob::StartAsync, job, allowed)); |
422 } | 415 } |
423 | 416 |
424 void URLRequestChromeJob::StartAsync(bool allowed) { | 417 void URLRequestChromeJob::StartAsync(bool allowed) { |
425 if (!request_) | 418 if (!request_) |
426 return; | 419 return; |
427 | 420 |
(...skipping 368 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
796 | 789 |
797 } // namespace | 790 } // namespace |
798 | 791 |
799 net::URLRequestJobFactory::ProtocolHandler* | 792 net::URLRequestJobFactory::ProtocolHandler* |
800 CreateDevToolsProtocolHandler(content::ResourceContext* resource_context, | 793 CreateDevToolsProtocolHandler(content::ResourceContext* resource_context, |
801 bool is_incognito) { | 794 bool is_incognito) { |
802 return new DevToolsJobFactory(resource_context, is_incognito); | 795 return new DevToolsJobFactory(resource_context, is_incognito); |
803 } | 796 } |
804 | 797 |
805 } // namespace content | 798 } // namespace content |
OLD | NEW |