OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading | 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading |
6 | 6 |
7 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 7 #include "content/browser/loader/resource_dispatcher_host_impl.h" |
8 | 8 |
9 #include <stddef.h> | 9 #include <stddef.h> |
10 | 10 |
(...skipping 1892 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1903 // Since we're just saving some resources we need, disallow downloading. | 1903 // Since we're just saving some resources we need, disallow downloading. |
1904 ResourceRequestInfoImpl* extra_info = | 1904 ResourceRequestInfoImpl* extra_info = |
1905 CreateRequestInfo(child_id, render_view_route_id, | 1905 CreateRequestInfo(child_id, render_view_route_id, |
1906 render_frame_route_id, false, context); | 1906 render_frame_route_id, false, context); |
1907 extra_info->AssociateWithRequest(request.get()); // Request takes ownership. | 1907 extra_info->AssociateWithRequest(request.get()); // Request takes ownership. |
1908 | 1908 |
1909 std::unique_ptr<ResourceHandler> handler(new SaveFileResourceHandler( | 1909 std::unique_ptr<ResourceHandler> handler(new SaveFileResourceHandler( |
1910 request.get(), save_item_id, save_package_id, child_id, | 1910 request.get(), save_item_id, save_package_id, child_id, |
1911 render_frame_route_id, url, save_file_manager_.get())); | 1911 render_frame_route_id, url, save_file_manager_.get())); |
1912 | 1912 |
1913 // Check if the renderer is permitted to request the requested URL. | |
1914 if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL(child_id, | |
1915 url)) { | |
Łukasz Anforowicz
2016/06/18 00:37:20
This is based on a check done by ResourceDispatche
asanka
2016/06/20 20:24:18
Other things to check (you've probably got this co
Łukasz Anforowicz
2016/06/21 16:39:34
This sounds like something that can be tested via
asanka
2016/06/21 16:53:28
Yeah. From the same origin, source an image or som
Łukasz Anforowicz
2016/07/18 23:18:26
This was broken, but this seems to be a separate i
| |
1916 VLOG(1) << "Denied unauthorized save of " << url.possibly_invalid_spec(); | |
1917 handler->OnResponseCompleted( | |
1918 net::URLRequestStatus::FromError(net::ERR_ACCESS_DENIED), | |
1919 "", // |security_info|; ignored by SaveFileResourceHandler. | |
1920 nullptr); // |defer|; ignored by SaveFileResourceHandler. | |
1921 return; | |
1922 } | |
1923 | |
1913 BeginRequestInternal(std::move(request), std::move(handler)); | 1924 BeginRequestInternal(std::move(request), std::move(handler)); |
1914 } | 1925 } |
1915 | 1926 |
1916 void ResourceDispatcherHostImpl::MarkAsTransferredNavigation( | 1927 void ResourceDispatcherHostImpl::MarkAsTransferredNavigation( |
1917 const GlobalRequestID& id, | 1928 const GlobalRequestID& id, |
1918 const scoped_refptr<ResourceResponse>& response) { | 1929 const scoped_refptr<ResourceResponse>& response) { |
1919 GetLoader(id)->MarkAsTransferring(response); | 1930 GetLoader(id)->MarkAsTransferring(response); |
1920 } | 1931 } |
1921 | 1932 |
1922 void ResourceDispatcherHostImpl::CancelTransferringNavigation( | 1933 void ResourceDispatcherHostImpl::CancelTransferringNavigation( |
(...skipping 717 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2640 ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id); | 2651 ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id); |
2641 response->head.security_info = SerializeSecurityInfo(ssl); | 2652 response->head.security_info = SerializeSecurityInfo(ssl); |
2642 } | 2653 } |
2643 | 2654 |
2644 CertStore* ResourceDispatcherHostImpl::GetCertStore() { | 2655 CertStore* ResourceDispatcherHostImpl::GetCertStore() { |
2645 return cert_store_for_testing_ ? cert_store_for_testing_ | 2656 return cert_store_for_testing_ ? cert_store_for_testing_ |
2646 : CertStore::GetInstance(); | 2657 : CertStore::GetInstance(); |
2647 } | 2658 } |
2648 | 2659 |
2649 } // namespace content | 2660 } // namespace content |
OLD | NEW |