Chromium Code Reviews Chromium Code Reviews
Issue 2151323003:
Add a check for mismatching URL and origin in the renderer process. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/renderer/render_frame_impl.cc |
| diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc |
| index 1ababbbe32c6b05884bfe936730cea01f86bd89b..131cfd6c9c32f070a018cae0c0292ff88a95ceba 100644 |
| --- a/content/renderer/render_frame_impl.cc |
| +++ b/content/renderer/render_frame_impl.cc |
| @@ -4772,6 +4772,12 @@ void RenderFrameImpl::SendDidCommitProvisionalLoad( |
| render_view_->SetZoomLevel(render_view_->page_zoom_level()); |
| } |
| + // Standard URLs must match the reported origin. |
| + // TODO(nasko): Remove this check once the root cause of |
| + // https://crbug.com/628677 is understood. |
|
Charlie Reis
2016/07/15 17:49:18
Why not leave it in? :) Seems like it could help
nasko
2016/07/15 17:51:18
Sure :).
|
| + if (params.url.IsStandard()) |
| + CHECK(params.origin.IsSameOriginWith(url::Origin(params.url))); |
| + |
| // This message needs to be sent before any of allowScripts(), |
| // allowImages(), allowPlugins() is called for the new page, so that when |
| // these functions send a ViewHostMsg_ContentBlocked message, it arrives |
