Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(220)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/loader/resource_dispatcher_host_impl.cc

Issue 2075273002: Resource requests from Save-Page-As should go through CanRequestURL checks. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Added comments + added DCHECK(!is_pending) to MarkAsUnauthorized. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/download/save_types.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading
6 6
7 #include "content/browser/loader/resource_dispatcher_host_impl.h" 7 #include "content/browser/loader/resource_dispatcher_host_impl.h"
8 8
9 #include <stddef.h> 9 #include <stddef.h>
10 10
(...skipping 1869 matching lines...) Expand 10 before | Expand all | Expand 10 after
1880 // So far, for saving page, we need fetch content from cache, in the 1880 // So far, for saving page, we need fetch content from cache, in the
1881 // future, maybe we can use a configuration to configure this behavior. 1881 // future, maybe we can use a configuration to configure this behavior.
1882 request->SetLoadFlags(net::LOAD_PREFERRING_CACHE); 1882 request->SetLoadFlags(net::LOAD_PREFERRING_CACHE);
1883 1883
1884 // Since we're just saving some resources we need, disallow downloading. 1884 // Since we're just saving some resources we need, disallow downloading.
1885 ResourceRequestInfoImpl* extra_info = 1885 ResourceRequestInfoImpl* extra_info =
1886 CreateRequestInfo(child_id, render_view_route_id, 1886 CreateRequestInfo(child_id, render_view_route_id,
1887 render_frame_route_id, false, context); 1887 render_frame_route_id, false, context);
1888 extra_info->AssociateWithRequest(request.get()); // Request takes ownership. 1888 extra_info->AssociateWithRequest(request.get()); // Request takes ownership.
1889 1889
1890 std::unique_ptr<ResourceHandler> handler(new SaveFileResourceHandler( 1890 std::unique_ptr<SaveFileResourceHandler> handler(new SaveFileResourceHandler(
1891 request.get(), save_item_id, save_package_id, child_id, 1891 request.get(), save_item_id, save_package_id, child_id,
1892 render_frame_route_id, url, save_file_manager_.get())); 1892 render_frame_route_id, url, save_file_manager_.get()));
1893 1893
1894 // Check if the renderer is permitted to request the requested URL.
1895 if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL(child_id,
1896 url)) {
1897 DVLOG(1) << "Denying unauthorized save of " << url.possibly_invalid_spec();
1898 handler->MarkAsUnauthorized();
1899 // We still begin request processing below (rather than returning here),
1900 // because we know MarkAsUnauthorized will cause the request to be
mmenke 2016/07/27 18:55:59 nit (x2): Avoid "we" in comments, due to ambiguit
Łukasz Anforowicz 2016/07/27 19:16:50 Done :-)
1901 // cancelled. See also doc comments for MarkAsUnauthorized.
1902 }
1903
1894 BeginRequestInternal(std::move(request), std::move(handler)); 1904 BeginRequestInternal(std::move(request), std::move(handler));
1895 } 1905 }
1896 1906
1897 void ResourceDispatcherHostImpl::MarkAsTransferredNavigation( 1907 void ResourceDispatcherHostImpl::MarkAsTransferredNavigation(
1898 const GlobalRequestID& id, 1908 const GlobalRequestID& id,
1899 const scoped_refptr<ResourceResponse>& response) { 1909 const scoped_refptr<ResourceResponse>& response) {
1900 GetLoader(id)->MarkAsTransferring(response); 1910 GetLoader(id)->MarkAsTransferring(response);
1901 } 1911 }
1902 1912
1903 void ResourceDispatcherHostImpl::CancelTransferringNavigation( 1913 void ResourceDispatcherHostImpl::CancelTransferringNavigation(
(...skipping 697 matching lines...) Expand 10 before | Expand all | Expand 10 after
2601 ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id); 2611 ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id);
2602 response->head.security_info = SerializeSecurityInfo(ssl); 2612 response->head.security_info = SerializeSecurityInfo(ssl);
2603 } 2613 }
2604 2614
2605 CertStore* ResourceDispatcherHostImpl::GetCertStore() { 2615 CertStore* ResourceDispatcherHostImpl::GetCertStore() {
2606 return cert_store_for_testing_ ? cert_store_for_testing_ 2616 return cert_store_for_testing_ ? cert_store_for_testing_
2607 : CertStore::GetInstance(); 2617 : CertStore::GetInstance();
2608 } 2618 }
2609 2619
2610 } // namespace content 2620 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/download/save_types.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698