Chromium Code Reviews Chromium Code Reviews
Issue 2182633007:
Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdint.h> | 5 #include <stdint.h> |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/containers/hash_tables.h" | 8 #include "base/containers/hash_tables.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| (...skipping 383 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 394 | 394 |
| 395 // Send a second message from the interstitial page, and make sure that the | 395 // Send a second message from the interstitial page, and make sure that the |
| 396 // "evil" message doesn't arrive in the intervening period. | 396 // "evil" message doesn't arrive in the intervening period. |
| 397 ASSERT_TRUE(ExecuteScript(interstitial_page->GetMainFrame(), | 397 ASSERT_TRUE(ExecuteScript(interstitial_page->GetMainFrame(), |
| 398 "window.domAutomationController.send(\"okay2\");")); | 398 "window.domAutomationController.send(\"okay2\");")); |
| 399 ASSERT_TRUE(message_queue.WaitForMessage(&message)); | 399 ASSERT_TRUE(message_queue.WaitForMessage(&message)); |
| 400 ASSERT_EQ("\"okay2\"", message); | 400 ASSERT_EQ("\"okay2\"", message); |
| 401 ASSERT_EQ("\"okay2\"", interstitial->last_command()); | 401 ASSERT_EQ("\"okay2\"", interstitial->last_command()); |
| 402 } | 402 } |
| 403 | 403 |
| 404 class IsolatedAppContentBrowserClient : public TestContentBrowserClient { | 404 class IsolatedAppContentBrowserClient : public TestContentBrowserClient { |
|
jam
2016/08/01 20:06:01
not needed anymore
ananta
2016/08/02 00:40:50
Done.
| |
| 405 public: | 405 public: |
| 406 bool IsIllegalOrigin(content::ResourceContext* resource_context, | 406 bool IsIllegalOrigin(content::ResourceContext* resource_context, |
| 407 int child_process_id, | 407 int child_process_id, |
| 408 const GURL& origin) override { | 408 const GURL& origin) override { |
| 409 // Simulate a case where an app origin is not in an app process. | 409 // Simulate a case where an app origin is not in an app process. |
| 410 return true; | 410 return true; |
| 411 } | 411 } |
| 412 }; | 412 }; |
| 413 | 413 |
| 414 // Renderer processes should not be able to spoof Origin HTTP headers. | 414 // Renderer processes should not be able to spoof Origin HTTP headers. |
| 415 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { | 415 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { |
| 416 // Create a set of IPC messages with various Origin headers. | 416 // Create a set of IPC messages with various Origin headers. |
| 417 ResourceRequest chrome_origin_msg( | 417 ResourceRequest chrome_origin_msg( |
| 418 CreateXHRRequestWithOrigin("chrome://settings")); | 418 CreateXHRRequestWithOrigin("chrome://settings")); |
| 419 ResourceRequest embedder_isolated_origin_msg( | 419 ResourceRequest embedder_isolated_origin_msg( |
| 420 CreateXHRRequestWithOrigin("https://isolated.bar.com")); | 420 CreateXHRRequestWithOrigin("https://isolated.bar.com")); |
| 421 ResourceRequest invalid_origin_msg(CreateXHRRequestWithOrigin("invalidurl")); | 421 ResourceRequest invalid_origin_msg(CreateXHRRequestWithOrigin("invalidurl")); |
| 422 ResourceRequest invalid_scheme_origin_msg( | 422 ResourceRequest invalid_scheme_origin_msg( |
| 423 CreateXHRRequestWithOrigin("fake-scheme://foo")); | 423 CreateXHRRequestWithOrigin("fake-scheme://foo")); |
| 424 | 424 |
| 425 GURL web_url("http://foo.com/simple_page.html"); | 425 GURL web_url("http://foo.com/simple_page.html"); |
| 426 NavigateToURL(shell(), web_url); | 426 NavigateToURL(shell(), web_url); |
| 427 RenderFrameHost* web_rfh = shell()->web_contents()->GetMainFrame(); | 427 RenderFrameHost* web_rfh = shell()->web_contents()->GetMainFrame(); |
| 428 | 428 |
| 429 ResourceDispatcherHost::Get()->AddSchemeForAccessCheck("https"); | |
| 430 | |
| 431 ResourceDispatcherHost::Get()->AddOriginAccessInformation( | |
| 432 shell()->web_contents()->GetBrowserContext()->GetResourceContext(), | |
| 433 "https://isolated.bar.com"); | |
| 434 | |
| 429 // Web processes cannot make XHRs with chrome:// Origin headers. | 435 // Web processes cannot make XHRs with chrome:// Origin headers. |
| 430 { | 436 { |
| 431 RenderProcessHostWatcher web_process_killed( | 437 RenderProcessHostWatcher web_process_killed( |
| 432 web_rfh->GetProcess(), | 438 web_rfh->GetProcess(), |
| 433 RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); | 439 RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); |
| 434 IPC::IpcSecurityTestUtil::PwnMessageReceived( | 440 IPC::IpcSecurityTestUtil::PwnMessageReceived( |
| 435 web_rfh->GetProcess()->GetChannel(), | 441 web_rfh->GetProcess()->GetChannel(), |
| 436 ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(), | 442 ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(), |
| 437 kRequestIdNotPreviouslyUsed, | 443 kRequestIdNotPreviouslyUsed, |
| 438 chrome_origin_msg)); | 444 chrome_origin_msg)); |
| (...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 550 // separate task of the message loop, so ensure that the process is still | 556 // separate task of the message loop, so ensure that the process is still |
| 551 // considered alive. | 557 // considered alive. |
| 552 EXPECT_TRUE(root->current_frame_host()->GetProcess()->HasConnection()); | 558 EXPECT_TRUE(root->current_frame_host()->GetProcess()->HasConnection()); |
| 553 | 559 |
| 554 exit_observer.Wait(); | 560 exit_observer.Wait(); |
| 555 EXPECT_FALSE(exit_observer.did_exit_normally()); | 561 EXPECT_FALSE(exit_observer.did_exit_normally()); |
| 556 ResourceDispatcherHost::Get()->SetDelegate(nullptr); | 562 ResourceDispatcherHost::Get()->SetDelegate(nullptr); |
| 557 } | 563 } |
| 558 | 564 |
| 559 } // namespace content | 565 } // namespace content |
| OLD | NEW |
