Chromium Code Reviews Chromium Code Reviews
Issue 2080653002:
SameSite: Correctly set requests' initiator for new tabs. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/render_frame_impl.h" | 5 #include "content/renderer/render_frame_impl.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 3885 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3896 if (request.url().isEmpty()) | 3896 if (request.url().isEmpty()) |
| 3897 return; | 3897 return; |
| 3898 | 3898 |
| 3899 // Set the first party for cookies url if it has not been set yet (new | 3899 // Set the first party for cookies url if it has not been set yet (new |
| 3900 // requests). This value will be updated during redirects, consistent with | 3900 // requests). This value will be updated during redirects, consistent with |
| 3901 // https://tools.ietf.org/html/draft-west-first-party-cookies-04#section-2.1.1 | 3901 // https://tools.ietf.org/html/draft-west-first-party-cookies-04#section-2.1.1 |
| 3902 if (request.firstPartyForCookies().isEmpty()) { | 3902 if (request.firstPartyForCookies().isEmpty()) { |
| 3903 if (request.getFrameType() == blink::WebURLRequest::FrameTypeTopLevel) { | 3903 if (request.getFrameType() == blink::WebURLRequest::FrameTypeTopLevel) { |
| 3904 request.setFirstPartyForCookies(request.url()); | 3904 request.setFirstPartyForCookies(request.url()); |
| 3905 } else { | 3905 } else { |
| 3906 // TODO(nasko): When the top-level frame is remote, there is no document. | 3906 request.setFirstPartyForCookies(frame->document().firstPartyForCookies()); |
|
Mike West
2016/06/20 10:22:15
Drive-by: We don't need to poke only at the top-le
| |
| 3907 // This is broken and should be fixed to propagate the first party. | |
| 3908 WebFrame* top = frame->top(); | |
| 3909 if (top->isWebLocalFrame()) { | |
| 3910 request.setFirstPartyForCookies( | |
| 3911 frame->top()->document().firstPartyForCookies()); | |
| 3912 } | |
| 3913 } | 3907 } |
| 3908 } | |
| 3914 | 3909 |
| 3915 // If we need to set the first party, then we need to set the request's | 3910 // Set the requestor origin to the same origin as the frame's document if it |
| 3916 // initiator as well; it will not be updated during redirects. | 3911 // hasn't yet been set. |
| 3912 // | |
| 3913 // TODO(mkwst): It would be cleaner to adjust blink::ResourceRequest to | |
| 3914 // initialize itself with a `nullptr` initiator so that this can be a simple | |
| 3915 // `isNull()` check. | |
| 3916 if (request.requestorOrigin().isUnique() && | |
| 3917 !frame->document().getSecurityOrigin().isUnique()) { | |
| 3917 request.setRequestorOrigin(frame->document().getSecurityOrigin()); | 3918 request.setRequestorOrigin(frame->document().getSecurityOrigin()); |
| 3918 } | 3919 } |
| 3919 | 3920 |
| 3920 WebDataSource* provisional_data_source = frame->provisionalDataSource(); | 3921 WebDataSource* provisional_data_source = frame->provisionalDataSource(); |
| 3921 WebDataSource* data_source = | 3922 WebDataSource* data_source = |
| 3922 provisional_data_source ? provisional_data_source : frame->dataSource(); | 3923 provisional_data_source ? provisional_data_source : frame->dataSource(); |
| 3923 | 3924 |
| 3924 DocumentState* document_state = DocumentState::FromDataSource(data_source); | 3925 DocumentState* document_state = DocumentState::FromDataSource(data_source); |
| 3925 DCHECK(document_state); | 3926 DCHECK(document_state); |
| 3926 InternalDocumentStateData* internal_data = | 3927 InternalDocumentStateData* internal_data = |
| (...skipping 1519 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5446 common_params.should_replace_current_entry | 5447 common_params.should_replace_current_entry |
| 5447 ? blink::WebFrameLoadType::ReplaceCurrentItem | 5448 ? blink::WebFrameLoadType::ReplaceCurrentItem |
| 5448 : blink::WebFrameLoadType::Standard; | 5449 : blink::WebFrameLoadType::Standard; |
| 5449 blink::WebHistoryLoadType history_load_type = | 5450 blink::WebHistoryLoadType history_load_type = |
| 5450 blink::WebHistoryDifferentDocumentLoad; | 5451 blink::WebHistoryDifferentDocumentLoad; |
| 5451 bool should_load_request = false; | 5452 bool should_load_request = false; |
| 5452 WebHistoryItem item_for_history_navigation; | 5453 WebHistoryItem item_for_history_navigation; |
| 5453 WebURLRequest request = | 5454 WebURLRequest request = |
| 5454 CreateURLRequestForNavigation(common_params, std::move(stream_params), | 5455 CreateURLRequestForNavigation(common_params, std::move(stream_params), |
| 5455 frame_->isViewSourceModeEnabled()); | 5456 frame_->isViewSourceModeEnabled()); |
| 5457 request.setFrameType(IsTopLevelNavigation(frame_) | |
| 5458 ? blink::WebURLRequest::FrameTypeTopLevel | |
| 5459 : blink::WebURLRequest::FrameTypeNested); | |
| 5456 | 5460 |
| 5457 if (IsBrowserSideNavigationEnabled() && common_params.post_data) | 5461 if (IsBrowserSideNavigationEnabled() && common_params.post_data) |
| 5458 request.setHTTPBody(GetWebHTTPBodyForRequestBody(common_params.post_data)); | 5462 request.setHTTPBody(GetWebHTTPBodyForRequestBody(common_params.post_data)); |
| 5459 | 5463 |
| 5460 // Used to determine whether this frame is actually loading a request as part | 5464 // Used to determine whether this frame is actually loading a request as part |
| 5461 // of a history navigation. | 5465 // of a history navigation. |
| 5462 bool has_history_navigation_in_frame = false; | 5466 bool has_history_navigation_in_frame = false; |
| 5463 | 5467 |
| 5464 #if defined(OS_ANDROID) | 5468 #if defined(OS_ANDROID) |
| 5465 request.setHasUserGesture(start_params.has_user_gesture); | 5469 request.setHasUserGesture(start_params.has_user_gesture); |
| (...skipping 789 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 6255 // event target. Potentially a Pepper plugin will receive the event. | 6259 // event target. Potentially a Pepper plugin will receive the event. |
| 6256 // In order to tell whether a plugin gets the last mouse event and which it | 6260 // In order to tell whether a plugin gets the last mouse event and which it |
| 6257 // is, we set |pepper_last_mouse_event_target_| to null here. If a plugin gets | 6261 // is, we set |pepper_last_mouse_event_target_| to null here. If a plugin gets |
| 6258 // the event, it will notify us via DidReceiveMouseEvent() and set itself as | 6262 // the event, it will notify us via DidReceiveMouseEvent() and set itself as |
| 6259 // |pepper_last_mouse_event_target_|. | 6263 // |pepper_last_mouse_event_target_|. |
| 6260 pepper_last_mouse_event_target_ = nullptr; | 6264 pepper_last_mouse_event_target_ = nullptr; |
| 6261 #endif | 6265 #endif |
| 6262 } | 6266 } |
| 6263 | 6267 |
| 6264 } // namespace content | 6268 } // namespace content |
| OLD | NEW |
