third_party/WebKit/Source/core/frame/RemoteFrame.cpp - Issue 1999573003: OOPIFs: Fixing submitting forms targeting a remote frame.

Side by Side Diff: third_party/WebKit/Source/core/frame/RemoteFrame.cpp

Issue 1999573003: OOPIFs: Fixing submitting forms targeting a remote frame. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@form-target-is-cross-site-frame

Patch Set: populate... -> createFrameLoadRequest + going through RemoteFrame::navigate(FrameLoadRequest&) Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-post-expected.txt ('k') | third_party/WebKit/Source/core/html/HTMLFormElement.cpp » ('j') | third_party/WebKit/Source/core/loader/FormSubmission.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "core/frame/RemoteFrame.h"	5 #include "core/frame/RemoteFrame.h"

6	6

7 #include "bindings/core/v8/WindowProxy.h"	7 #include "bindings/core/v8/WindowProxy.h"

8 #include "bindings/core/v8/WindowProxyManager.h"	8 #include "bindings/core/v8/WindowProxyManager.h"

9 #include "core/dom/RemoteSecurityContext.h"	9 #include "core/dom/RemoteSecurityContext.h"

10 #include "core/frame/LocalFrame.h"	10 #include "core/frame/LocalFrame.h"

11 #include "core/frame/RemoteDOMWindow.h"	11 #include "core/frame/RemoteDOMWindow.h"

12 #include "core/frame/RemoteFrameClient.h"	12 #include "core/frame/RemoteFrameClient.h"

13 #include "core/frame/RemoteFrameView.h"	13 #include "core/frame/RemoteFrameView.h"

14 #include "core/html/HTMLFrameOwnerElement.h"	14 #include "core/html/HTMLFrameOwnerElement.h"

15 #include "core/loader/FrameLoadRequest.h"	15 #include "core/loader/FrameLoadRequest.h"

	16 #include "core/loader/FrameLoader.h"

16 #include "core/paint/PaintLayer.h"	17 #include "core/paint/PaintLayer.h"

17 #include "platform/PluginScriptForbiddenScope.h"	18 #include "platform/PluginScriptForbiddenScope.h"

18 #include "platform/UserGestureIndicator.h"	19 #include "platform/UserGestureIndicator.h"

19 #include "platform/graphics/GraphicsLayer.h"	20 #include "platform/graphics/GraphicsLayer.h"

	21 #include "platform/network/ResourceRequest.h"

20 #include "platform/weborigin/SecurityPolicy.h"	22 #include "platform/weborigin/SecurityPolicy.h"

21 #include "public/platform/WebLayer.h"	23 #include "public/platform/WebLayer.h"

22	24

23 namespace blink {	25 namespace blink {

24	26

25 inline RemoteFrame::RemoteFrame(RemoteFrameClient* client, FrameHost* host, Fram eOwner* owner)	27 inline RemoteFrame::RemoteFrame(RemoteFrameClient* client, FrameHost* host, Fram eOwner* owner)

26 : Frame(client, host, owner)	28 : Frame(client, host, owner)

27 , m_view(nullptr)	29 , m_view(nullptr)

28 , m_securityContext(RemoteSecurityContext::create())	30 , m_securityContext(RemoteSecurityContext::create())

29 , m_domWindow(RemoteDOMWindow::create(*this))	31 , m_domWindow(RemoteDOMWindow::create(*this))

(...skipping 29 matching lines...) Expand all Loading...
59 WindowProxy* RemoteFrame::windowProxy(DOMWrapperWorld& world)	61 WindowProxy* RemoteFrame::windowProxy(DOMWrapperWorld& world)

60 {	62 {

61 WindowProxy* windowProxy = m_windowProxyManager->windowProxy(world);	63 WindowProxy* windowProxy = m_windowProxyManager->windowProxy(world);

62 ASSERT(windowProxy);	64 ASSERT(windowProxy);

63 windowProxy->initializeIfNeeded();	65 windowProxy->initializeIfNeeded();

64 return windowProxy;	66 return windowProxy;

65 }	67 }

66	68

67 void RemoteFrame::navigate(Document& originDocument, const KURL& url, bool repla ceCurrentItem, UserGestureStatus userGestureStatus)	69 void RemoteFrame::navigate(Document& originDocument, const KURL& url, bool repla ceCurrentItem, UserGestureStatus userGestureStatus)

68 {	70 {

69 // The process where this frame actually lives won't have sufficient informa tion to determine	71 FrameLoadRequest frameRequest(&originDocument);
	Nate Chapin 2016/06/09 23:40:43 frameRequest(&originDocument, url) is fine here in frameRequest(&originDocument, url) is fine here instead of calling setURL() later, KURL->ResourceRequest is a permitted implicit conversion. Łukasz Anforowicz 2016/06/10 16:17:25 Done. Show quoted text On 2016/06/09 23:40:43, Nate Chapin wrote: > frameRequest(&originDocument, url) is fine here instead of calling setURL() > later, KURL->ResourceRequest is a permitted implicit conversion. Done.
70 // correct referrer, since it won't have access to the originDocument. Set i t now.	72 frameRequest.setReplacesCurrentItem(replaceCurrentItem);

71 ResourceRequest request(url);	73 frameRequest.resourceRequest().setURL(url);

72 request.setHTTPReferrer(SecurityPolicy::generateReferrer(originDocument.getR eferrerPolicy(), url, originDocument.outgoingReferrer()));	74 frameRequest.resourceRequest().setHasUserGesture(userGestureStatus == UserGe stureStatus::Active);
Łukasz Anforowicz 2016/06/08 20:32:43 In theory, I could have just moved this setHTTPRef In theory, I could have just moved this setHTTPReferrer call to the other ::navigate overload, but instead I decided to replace it with a call to FrameLoader::setReferrerForFrameRequest. This is because FrameLoader::setReferrerForFrameRequest seems more complete + calling it seems good from code deduplication / DRY perspective. For example FrameLoader::setReferrerForFrameRequest also calls ResourceRequest::addHTTPOriginIfNeeded + consults FrameLoadRequest::getShouldSendReferrer (which defaults to MaybeSendReferrer, but still...).	Łukasz Anforowicz 2016/06/08 20:32:43 Calling setHasUserGesture twice (in both overloads Calling setHasUserGesture twice (in both overloads of ::navigate) seems ok - once it this method flips \|m_hasUserGesture\| to true, it will stay set to true going forward: void ResourceRequest::setHasUserGesture(bool hasUserGesture) { m_hasUserGesture \|= hasUserGesture; } Calling setHasUserGesture twice (in both overloads of ::navigate) is needed to: 1) preserve behavior of ::navigate(Document&, KURL&, ...) overload, which needs to use the \|userGestureStatus\| argument. 2) make sure we also set user gesture indicator when going only through ::navigate(FrameLoadRequest&) overload (something that wasn't possible before this CL). OTOH, I am not sure how important this is - after all, this ResourceRequest is only ever passed to RemoteFrameProxy::navigate which doesn't look at the contents of the user gesture indicator inside ResourceRequest / WebURLRequest, but instead directly inspects WebUserGestureIndicator::isProcessingUserGesture() and unconditionally calls WebUserGestureIndicator::consumeUserGesture().
73 request.setHasUserGesture(userGestureStatus == UserGestureStatus::Active);	75 navigate(frameRequest);

74 client()->navigate(request, replaceCurrentItem);

75 }	76 }

76	77

77 void RemoteFrame::navigate(const FrameLoadRequest& passedRequest)	78 void RemoteFrame::navigate(const FrameLoadRequest& passedRequest)

78 {	79 {

79 UserGestureStatus gesture = UserGestureIndicator::processingUserGesture() ? UserGestureStatus::Active : UserGestureStatus::None;	80 FrameLoadRequest frameRequest(passedRequest);

80 navigate(*passedRequest.originDocument(), passedRequest.resourceRequest().ur l(), passedRequest.replacesCurrentItem(), gesture);	81

	82 // The process where this frame actually lives won't have sufficient informa tion to determine

	83 // correct referrer, since it won't have access to the originDocument. Set i t now.

	84 FrameLoader::setReferrerForFrameRequest(frameRequest);

	85

	86 frameRequest.resourceRequest().setHasUserGesture(UserGestureIndicator::proce ssingUserGesture());

	87 client()->navigate(frameRequest.resourceRequest(), frameRequest.replacesCurr entItem());

81 }	88 }
Łukasz Anforowicz 2016/06/08 20:32:43 The changes here make navigate(const FrameLoadRequ The changes here make navigate(const FrameLoadRequest&) the main overload that everything goes through (i.e. the overload that actually calls out into RemoteFrameClient::navigate(ResourceRequest&, bool). I've talked to Nasko and he says that it is accidental that the old code of navigate(const FrameLoadRequest&) used to copy only a few pieces from the old request (i.e. there were no security reasons for doing this / this was mostly done for code reuse). This is great - in this CL we actually need to forward the whole request (i.e. we care about keeping the HTTP body).
82	89

83 void RemoteFrame::reload(FrameLoadType frameLoadType, ClientRedirectPolicy clien tRedirectPolicy)	90 void RemoteFrame::reload(FrameLoadType frameLoadType, ClientRedirectPolicy clien tRedirectPolicy)

84 {	91 {

85 client()->reload(frameLoadType, clientRedirectPolicy);	92 client()->reload(frameLoadType, clientRedirectPolicy);

86 }	93 }

87	94

88 void RemoteFrame::detach(FrameDetachType type)	95 void RemoteFrame::detach(FrameDetachType type)

89 {	96 {

90 PluginScriptForbiddenScope forbidPluginDestructorScripting;	97 PluginScriptForbiddenScope forbidPluginDestructorScripting;

91 detachChildren();	98 detachChildren();

(...skipping 92 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
184 ASSERT(owner());	191 ASSERT(owner());

185 toHTMLFrameOwnerElement(owner())->setNeedsCompositingUpdate();	192 toHTMLFrameOwnerElement(owner())->setNeedsCompositingUpdate();

186 }	193 }

187	194

188 void RemoteFrame::advanceFocus(WebFocusType type, LocalFrame* source)	195 void RemoteFrame::advanceFocus(WebFocusType type, LocalFrame* source)

189 {	196 {

190 client()->advanceFocus(type, source);	197 client()->advanceFocus(type, source);

191 }	198 }

192	199

193 } // namespace blink	200 } // namespace blink

OLD	NEW