Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(279)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/loader/resource_dispatcher_host_impl.cc

Issue 2075273002: Resource requests from Save-Page-As should go through CanRequestURL checks. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Replace MarkAsUnauthorized with constructor argument. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/download/save_types.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading
6 6
7 #include "content/browser/loader/resource_dispatcher_host_impl.h" 7 #include "content/browser/loader/resource_dispatcher_host_impl.h"
8 8
9 #include <stddef.h> 9 #include <stddef.h>
10 10
(...skipping 1869 matching lines...) Expand 10 before | Expand all | Expand 10 after
1880 // So far, for saving page, we need fetch content from cache, in the 1880 // So far, for saving page, we need fetch content from cache, in the
1881 // future, maybe we can use a configuration to configure this behavior. 1881 // future, maybe we can use a configuration to configure this behavior.
1882 request->SetLoadFlags(net::LOAD_PREFERRING_CACHE); 1882 request->SetLoadFlags(net::LOAD_PREFERRING_CACHE);
1883 1883
1884 // Since we're just saving some resources we need, disallow downloading. 1884 // Since we're just saving some resources we need, disallow downloading.
1885 ResourceRequestInfoImpl* extra_info = 1885 ResourceRequestInfoImpl* extra_info =
1886 CreateRequestInfo(child_id, render_view_route_id, 1886 CreateRequestInfo(child_id, render_view_route_id,
1887 render_frame_route_id, false, context); 1887 render_frame_route_id, false, context);
1888 extra_info->AssociateWithRequest(request.get()); // Request takes ownership. 1888 extra_info->AssociateWithRequest(request.get()); // Request takes ownership.
1889 1889
1890 std::unique_ptr<ResourceHandler> handler(new SaveFileResourceHandler( 1890 // Check if the renderer is permitted to request the requested URL.
1891 using AuthorizationState = SaveFileResourceHandler::AuthorizationState;
1892 AuthorizationState authorization_state = AuthorizationState::AUTHORIZED;
1893 if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL(child_id,
1894 url)) {
1895 DVLOG(1) << "Denying unauthorized save of " << url.possibly_invalid_spec();
1896 authorization_state = AuthorizationState::NOT_AUTHORIZED;
1897 // No need to return here (i.e. okay to begin processing the request below),
1898 // because NOT_AUTHORIZED will cause the request to be cancelled. See also
1899 // doc comments for AuthorizationState enum.
1900 }
1901
1902 std::unique_ptr<SaveFileResourceHandler> handler(new SaveFileResourceHandler(
1891 request.get(), save_item_id, save_package_id, child_id, 1903 request.get(), save_item_id, save_package_id, child_id,
1892 render_frame_route_id, url, save_file_manager_.get())); 1904 render_frame_route_id, url, save_file_manager_.get(),
1905 authorization_state));
1893 1906
1894 BeginRequestInternal(std::move(request), std::move(handler)); 1907 BeginRequestInternal(std::move(request), std::move(handler));
1895 } 1908 }
1896 1909
1897 void ResourceDispatcherHostImpl::MarkAsTransferredNavigation( 1910 void ResourceDispatcherHostImpl::MarkAsTransferredNavigation(
1898 const GlobalRequestID& id, 1911 const GlobalRequestID& id,
1899 const scoped_refptr<ResourceResponse>& response) { 1912 const scoped_refptr<ResourceResponse>& response) {
1900 GetLoader(id)->MarkAsTransferring(response); 1913 GetLoader(id)->MarkAsTransferring(response);
1901 } 1914 }
1902 1915
(...skipping 698 matching lines...) Expand 10 before | Expand all | Expand 10 after
2601 ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id); 2614 ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id);
2602 response->head.security_info = SerializeSecurityInfo(ssl); 2615 response->head.security_info = SerializeSecurityInfo(ssl);
2603 } 2616 }
2604 2617
2605 CertStore* ResourceDispatcherHostImpl::GetCertStore() { 2618 CertStore* ResourceDispatcherHostImpl::GetCertStore() {
2606 return cert_store_for_testing_ ? cert_store_for_testing_ 2619 return cert_store_for_testing_ ? cert_store_for_testing_
2607 : CertStore::GetInstance(); 2620 : CertStore::GetInstance();
2608 } 2621 }
2609 2622
2610 } // namespace content 2623 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/download/save_types.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698