Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(673)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 2046593003: Fix Document::firstPartyForCookies() for OOPIFs. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Use the top frame in the remote case and add a test Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/platform/weborigin/SchemeRegistry.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.
7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.
(...skipping 4160 matching lines...) Expand 10 before | Expand all | Expand 10 after
4171 // system. 4171 // system.
4172 if (!foundDate) 4172 if (!foundDate)
4173 date.setMillisecondsSinceEpochForDateTime(convertToLocalTime(currentTime MS())); 4173 date.setMillisecondsSinceEpochForDateTime(convertToLocalTime(currentTime MS()));
4174 return String::format("%02d/%02d/%04d %02d:%02d:%02d", date.month() + 1, dat e.monthDay(), date.fullYear(), date.hour(), date.minute(), date.second()); 4174 return String::format("%02d/%02d/%04d %02d:%02d:%02d", date.month() + 1, dat e.monthDay(), date.fullYear(), date.hour(), date.minute(), date.second());
4175 } 4175 }
4176 4176
4177 const KURL Document::firstPartyForCookies() const 4177 const KURL Document::firstPartyForCookies() const
4178 { 4178 {
4179 // TODO(mkwst): This doesn't correctly handle sandboxed documents; we want t o look at their URL, 4179 // TODO(mkwst): This doesn't correctly handle sandboxed documents; we want t o look at their URL,
4180 // but we can't because we don't know what it is. 4180 // but we can't because we don't know what it is.
4181 KURL topDocumentURL = frame()->tree().top()->isLocalFrame() 4181 Frame* top = frame()->tree().top();
4182 ? topDocument().url() 4182 KURL topDocumentURL = top->isLocalFrame()
4183 : KURL(KURL(), frame()->securityContext()->getSecurityOrigin()->toString ()); 4183 ? toLocalFrame(top)->document()->url()
4184 : KURL(KURL(), top->securityContext()->getSecurityOrigin()->toString());
4184 if (SchemeRegistry::shouldTreatURLSchemeAsFirstPartyWhenTopLevel(topDocument URL.protocol())) 4185 if (SchemeRegistry::shouldTreatURLSchemeAsFirstPartyWhenTopLevel(topDocument URL.protocol()))
4185 return topDocumentURL; 4186 return topDocumentURL;
4186 4187
4187 // We're intentionally using the URL of each document rather than the docume nt's SecurityOrigin. 4188 // We're intentionally using the URL of each document rather than the docume nt's SecurityOrigin.
4188 // Sandboxing a document into a unique origin shouldn't effect first-/third- party status for 4189 // Sandboxing a document into a unique origin shouldn't effect first-/third- party status for
4189 // cookies and site data. 4190 // cookies and site data.
4190 const OriginAccessEntry& accessEntry = frame()->tree().top()->isLocalFrame() 4191 const OriginAccessEntry& accessEntry = top->isLocalFrame()
4191 ? topDocument().accessEntryFromURL() 4192 ? toLocalFrame(top)->document()->accessEntryFromURL()
4192 : OriginAccessEntry(topDocumentURL.protocol(), topDocumentURL.host(), Or iginAccessEntry::AllowRegisterableDomains); 4193 : OriginAccessEntry(topDocumentURL.protocol(), topDocumentURL.host(), Or iginAccessEntry::AllowRegisterableDomains);
4193 const Frame* currentFrame = frame(); 4194 const Frame* currentFrame = frame();
4194 while (currentFrame) { 4195 while (currentFrame) {
4195 // Skip over srcdoc documents, as they are always same-origin with their closest non-srcdoc parent. 4196 // Skip over srcdoc documents, as they are always same-origin with their closest non-srcdoc parent.
4196 while (currentFrame->isLocalFrame() && toLocalFrame(currentFrame)->docum ent()->isSrcdocDocument()) 4197 while (currentFrame->isLocalFrame() && toLocalFrame(currentFrame)->docum ent()->isSrcdocDocument())
4197 currentFrame = currentFrame->tree().parent(); 4198 currentFrame = currentFrame->tree().parent();
4198 DCHECK(currentFrame); 4199 DCHECK(currentFrame);
4199 4200
4200 // We use 'matchesDomain' here, as it turns out that some folks embed HT TPS login forms 4201 // We use 'matchesDomain' here, as it turns out that some folks embed HT TPS login forms
4201 // into HTTP pages; we should allow this kind of upgrade. 4202 // into HTTP pages; we should allow this kind of upgrade.
(...skipping 1804 matching lines...) Expand 10 before | Expand all | Expand 10 after
6006 #ifndef NDEBUG 6007 #ifndef NDEBUG
6007 using namespace blink; 6008 using namespace blink;
6008 void showLiveDocumentInstances() 6009 void showLiveDocumentInstances()
6009 { 6010 {
6010 WeakDocumentSet& set = liveDocumentSet(); 6011 WeakDocumentSet& set = liveDocumentSet();
6011 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); 6012 fprintf(stderr, "There are %u documents currently alive:\n", set.size());
6012 for (Document* document : set) 6013 for (Document* document : set)
6013 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().get String().utf8().data()); 6014 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().get String().utf8().data());
6014 } 6015 }
6015 #endif 6016 #endif
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/platform/weborigin/SchemeRegistry.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698