| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc
e-loading | 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc
e-loading |
| 6 | 6 |
| 7 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 7 #include "content/browser/loader/resource_dispatcher_host_impl.h" |
| 8 | 8 |
| 9 #include <stddef.h> | 9 #include <stddef.h> |
| 10 | 10 |
| (...skipping 500 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 511 if (frame_host) | 511 if (frame_host) |
| 512 routing_ids->insert(frame_host->GetGlobalFrameRoutingId()); | 512 routing_ids->insert(frame_host->GetGlobalFrameRoutingId()); |
| 513 if (pending_frame_host) | 513 if (pending_frame_host) |
| 514 routing_ids->insert(pending_frame_host->GetGlobalFrameRoutingId()); | 514 routing_ids->insert(pending_frame_host->GetGlobalFrameRoutingId()); |
| 515 } | 515 } |
| 516 BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, | 516 BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, |
| 517 base::Bind(&NotifyForRouteSetOnIO, frame_callback, | 517 base::Bind(&NotifyForRouteSetOnIO, frame_callback, |
| 518 base::Passed(std::move(routing_ids)))); | 518 base::Passed(std::move(routing_ids)))); |
| 519 } | 519 } |
| 520 | 520 |
| 521 bool CanAccessFilesOfResourceRequestBody( |
| 522 int child_id, |
| 523 const scoped_refptr<ResourceRequestBody>& body) { |
| 524 if (!body) |
| 525 return true; |
| 526 |
| 527 return ChildProcessSecurityPolicyImpl::GetInstance()->CanReadAllFiles( |
| 528 child_id, body->GetReferencedFiles()); |
| 529 } |
| 530 |
| 521 } // namespace | 531 } // namespace |
| 522 | 532 |
| 523 LoaderIOThreadNotifier::LoaderIOThreadNotifier(WebContents* web_contents) | 533 LoaderIOThreadNotifier::LoaderIOThreadNotifier(WebContents* web_contents) |
| 524 : WebContentsObserver(web_contents) {} | 534 : WebContentsObserver(web_contents) {} |
| 525 | 535 |
| 526 LoaderIOThreadNotifier::~LoaderIOThreadNotifier() {} | 536 LoaderIOThreadNotifier::~LoaderIOThreadNotifier() {} |
| 527 | 537 |
| 528 void LoaderIOThreadNotifier::RenderFrameDeleted( | 538 void LoaderIOThreadNotifier::RenderFrameDeleted( |
| 529 RenderFrameHost* render_frame_host) { | 539 RenderFrameHost* render_frame_host) { |
| 530 NotifyForRouteFromUI( | 540 NotifyForRouteFromUI( |
| (...skipping 842 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1373 int process_type = filter_->process_type(); | 1383 int process_type = filter_->process_type(); |
| 1374 int child_id = filter_->child_id(); | 1384 int child_id = filter_->child_id(); |
| 1375 | 1385 |
| 1376 // Reject request id that's currently in use. | 1386 // Reject request id that's currently in use. |
| 1377 if (IsRequestIDInUse(GlobalRequestID(child_id, request_id))) { | 1387 if (IsRequestIDInUse(GlobalRequestID(child_id, request_id))) { |
| 1378 bad_message::ReceivedBadMessage(filter_, | 1388 bad_message::ReceivedBadMessage(filter_, |
| 1379 bad_message::RDH_INVALID_REQUEST_ID); | 1389 bad_message::RDH_INVALID_REQUEST_ID); |
| 1380 return; | 1390 return; |
| 1381 } | 1391 } |
| 1382 | 1392 |
| 1393 // Reject requests attempting to refer to unauthorized files. This is |
| 1394 // important, because after a cross-site transfer, the new renderer process is |
| 1395 // unconditionally granted access to files from ResourceRequestBody. |
| 1396 if (!CanAccessFilesOfResourceRequestBody(child_id, |
| 1397 request_data.request_body)) { |
| 1398 bad_message::ReceivedBadMessage( |
| 1399 filter_, bad_message::RDH_CAN_ACCESS_FILES_OF_REQUEST_BODY); |
| 1400 return; |
| 1401 } |
| 1402 |
| 1383 // PlzNavigate: reject invalid renderer main resource request. | 1403 // PlzNavigate: reject invalid renderer main resource request. |
| 1384 bool is_navigation_stream_request = | 1404 bool is_navigation_stream_request = |
| 1385 IsBrowserSideNavigationEnabled() && | 1405 IsBrowserSideNavigationEnabled() && |
| 1386 IsResourceTypeFrame(request_data.resource_type); | 1406 IsResourceTypeFrame(request_data.resource_type); |
| 1387 if (is_navigation_stream_request && | 1407 if (is_navigation_stream_request && |
| 1388 !request_data.resource_body_stream_url.SchemeIs(url::kBlobScheme)) { | 1408 !request_data.resource_body_stream_url.SchemeIs(url::kBlobScheme)) { |
| 1389 bad_message::ReceivedBadMessage(filter_, bad_message::RDH_INVALID_URL); | 1409 bad_message::ReceivedBadMessage(filter_, bad_message::RDH_INVALID_URL); |
| 1390 return; | 1410 return; |
| 1391 } | 1411 } |
| 1392 | 1412 |
| (...skipping 1300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2693 ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id); | 2713 ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id); |
| 2694 response->head.security_info = SerializeSecurityInfo(ssl); | 2714 response->head.security_info = SerializeSecurityInfo(ssl); |
| 2695 } | 2715 } |
| 2696 | 2716 |
| 2697 CertStore* ResourceDispatcherHostImpl::GetCertStore() { | 2717 CertStore* ResourceDispatcherHostImpl::GetCertStore() { |
| 2698 return cert_store_for_testing_ ? cert_store_for_testing_ | 2718 return cert_store_for_testing_ ? cert_store_for_testing_ |
| 2699 : CertStore::GetInstance(); | 2719 : CertStore::GetInstance(); |
| 2700 } | 2720 } |
| 2701 | 2721 |
| 2702 } // namespace content | 2722 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2062523002:
Fixing renderer's access to a file from HTTP POST (after a xsite transfer). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master