Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(211)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 2062523002: Fixing renderer's access to a file from HTTP POST (after a xsite transfer). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Moving FileChooserDelegate into content_browser_test_utils_*internal*.h Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/frame_host/render_frame_host_impl.h ('k') | content/browser/frame_host/render_frame_host_manager_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/frame_host/render_frame_host_impl.h" 5 #include "content/browser/frame_host/render_frame_host_impl.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 2739 matching lines...) Expand 10 before | Expand all | Expand 10 after
2750 if (!permission_manager) 2750 if (!permission_manager)
2751 return; 2751 return;
2752 2752
2753 permission_manager->RegisterPermissionUsage( 2753 permission_manager->RegisterPermissionUsage(
2754 PermissionType::GEOLOCATION, 2754 PermissionType::GEOLOCATION,
2755 last_committed_url().GetOrigin(), 2755 last_committed_url().GetOrigin(),
2756 frame_tree_node()->frame_tree()->GetMainFrame() 2756 frame_tree_node()->frame_tree()->GetMainFrame()
2757 ->last_committed_url().GetOrigin()); 2757 ->last_committed_url().GetOrigin());
2758 } 2758 }
2759 2759
2760 void RenderFrameHostImpl::GrantFileAccessFromResourceRequestBody(
2761 const ResourceRequestBodyImpl& body) {
2762 ChildProcessSecurityPolicyImpl* policy =
2763 ChildProcessSecurityPolicyImpl::GetInstance();
2764
2765 std::vector<base::FilePath> file_paths = body.GetReferencedFiles();
2766 for (const auto& file : file_paths) {
2767 if (!policy->CanReadFile(GetProcess()->GetID(), file))
2768 policy->GrantReadFile(GetProcess()->GetID(), file);
2769 }
2770 }
2771
2760 void RenderFrameHostImpl::UpdatePermissionsForNavigation( 2772 void RenderFrameHostImpl::UpdatePermissionsForNavigation(
2761 const CommonNavigationParams& common_params, 2773 const CommonNavigationParams& common_params,
2762 const RequestNavigationParams& request_params) { 2774 const RequestNavigationParams& request_params) {
2763 // Browser plugin guests are not allowed to navigate outside web-safe schemes, 2775 // Browser plugin guests are not allowed to navigate outside web-safe schemes,
2764 // so do not grant them the ability to request additional URLs. 2776 // so do not grant them the ability to request additional URLs.
2765 if (!GetProcess()->IsForGuestsOnly()) { 2777 if (!GetProcess()->IsForGuestsOnly()) {
2766 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( 2778 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
2767 GetProcess()->GetID(), common_params.url); 2779 GetProcess()->GetID(), common_params.url);
2768 if (common_params.url.SchemeIs(url::kDataScheme) && 2780 if (common_params.url.SchemeIs(url::kDataScheme) &&
2769 common_params.base_url_for_data_url.SchemeIs(url::kFileScheme)) { 2781 common_params.base_url_for_data_url.SchemeIs(url::kFileScheme)) {
2770 // If 'data:' is used, and we have a 'file:' base url, grant access to 2782 // If 'data:' is used, and we have a 'file:' base url, grant access to
2771 // local files. 2783 // local files.
2772 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( 2784 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
2773 GetProcess()->GetID(), common_params.base_url_for_data_url); 2785 GetProcess()->GetID(), common_params.base_url_for_data_url);
2774 } 2786 }
2775 } 2787 }
2776 2788
2777 // We may be returning to an existing NavigationEntry that had been granted 2789 // We may be returning to an existing NavigationEntry that had been granted
2778 // file access. If this is a different process, we will need to grant the 2790 // file access. If this is a different process, we will need to grant the
2779 // access again. The files listed in the page state are validated when they 2791 // access again. Abuse is prevented, because the files listed in the page
2780 // are received from the renderer to prevent abuse. 2792 // state are validated earlier, when they are received from the renderer (in
2781 if (request_params.page_state.IsValid()) { 2793 // RenderFrameHostImpl::CanAccessFilesOfPageState).
2794 if (request_params.page_state.IsValid())
2782 render_view_host_->GrantFileAccessFromPageState(request_params.page_state); 2795 render_view_host_->GrantFileAccessFromPageState(request_params.page_state);
2783 } 2796
2797 // We may be here after transferring navigation to a different renderer
2798 // process. In this case, we need to ensure that the new renderer retains
2799 // ability to access files that the old renderer could access. Abuse is
2800 // prevented, because the files listed in ResourceRequestBody are validated
2801 // earlier, when they are recieved from the renderer (in ShouldServiceRequest
2802 // called from ResourceDispatcherHostImpl::BeginRequest).
2803 if (common_params.post_data)
2804 GrantFileAccessFromResourceRequestBody(*common_params.post_data);
2784 } 2805 }
2785 2806
2786 bool RenderFrameHostImpl::CanExecuteJavaScript() { 2807 bool RenderFrameHostImpl::CanExecuteJavaScript() {
2787 return g_allow_injecting_javascript || 2808 return g_allow_injecting_javascript ||
2788 !frame_tree_node_->current_url().is_valid() || 2809 !frame_tree_node_->current_url().is_valid() ||
2789 frame_tree_node_->current_url().SchemeIs(kChromeDevToolsScheme) || 2810 frame_tree_node_->current_url().SchemeIs(kChromeDevToolsScheme) ||
2790 ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings( 2811 ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings(
2791 GetProcess()->GetID()) || 2812 GetProcess()->GetID()) ||
2792 // It's possible to load about:blank in a Web UI renderer. 2813 // It's possible to load about:blank in a Web UI renderer.
2793 // See http://crbug.com/42547 2814 // See http://crbug.com/42547
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after
2906 // handler after it's destroyed so it can't run after the RFHI is destroyed. 2927 // handler after it's destroyed so it can't run after the RFHI is destroyed.
2907 web_bluetooth_service_->SetClientConnectionErrorHandler(base::Bind( 2928 web_bluetooth_service_->SetClientConnectionErrorHandler(base::Bind(
2908 &RenderFrameHostImpl::DeleteWebBluetoothService, base::Unretained(this))); 2929 &RenderFrameHostImpl::DeleteWebBluetoothService, base::Unretained(this)));
2909 } 2930 }
2910 2931
2911 void RenderFrameHostImpl::DeleteWebBluetoothService() { 2932 void RenderFrameHostImpl::DeleteWebBluetoothService() {
2912 web_bluetooth_service_.reset(); 2933 web_bluetooth_service_.reset();
2913 } 2934 }
2914 2935
2915 } // namespace content 2936 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/frame_host/render_frame_host_impl.h ('k') | content/browser/frame_host/render_frame_host_manager_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698