Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost.

content/browser/security_exploit_browsertest.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdint.h>
 
+#include "base/bind_helpers.h"
 #include "base/command_line.h"
 #include "base/containers/hash_tables.h"
 #include "base/macros.h"
+#include "base/process/process_handle.h"
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
 #include "content/browser/dom_storage/dom_storage_context_wrapper.h"
 #include "content/browser/dom_storage/session_storage_namespace_impl.h"
 #include "content/browser/frame_host/navigator.h"
 #include "content/browser/frame_host/render_frame_host_impl.h"
 #include "content/browser/renderer_host/render_view_host_factory.h"
 #include "content/browser/renderer_host/render_view_host_impl.h"
 #include "content/browser/web_contents/web_contents_impl.h"
 #include "content/common/frame_messages.h"
@@ skipping 374 matching lines @@
 
   // Send a second message from the interstitial page, and make sure that the
   // "evil" message doesn't arrive in the intervening period.
   ASSERT_TRUE(ExecuteScript(interstitial_page->GetMainFrame(),
                             "window.domAutomationController.send(\"okay2\");"));
   ASSERT_TRUE(message_queue.WaitForMessage(&message));
   ASSERT_EQ("\"okay2\"", message);
   ASSERT_EQ("\"okay2\"", interstitial->last_command());
 }
 
-class IsolatedAppContentBrowserClient : public TestContentBrowserClient {
- public:
-  bool IsIllegalOrigin(content::ResourceContext* resource_context,
-                       int child_process_id,
-                       const GURL& origin) override {
-    // Simulate a case where an app origin is not in an app process.
-    return true;
-  }
-};
-
 // Renderer processes should not be able to spoof Origin HTTP headers.
 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) {
   // Create a set of IPC messages with various Origin headers.
   ResourceRequest chrome_origin_msg(
       CreateXHRRequestWithOrigin("chrome://settings"));
   ResourceRequest embedder_isolated_origin_msg(
       CreateXHRRequestWithOrigin("https://isolated.bar.com"));
   ResourceRequest invalid_origin_msg(CreateXHRRequestWithOrigin("invalidurl"));
   ResourceRequest invalid_scheme_origin_msg(
       CreateXHRRequestWithOrigin("fake-scheme://foo"));
 
   GURL web_url("http://foo.com/simple_page.html");
   NavigateToURL(shell(), web_url);
   RenderFrameHost* web_rfh = shell()->web_contents()->GetMainFrame();
 
+  // Registering the https scheme and the URL with RDH leads to the
+  // embedder_isolated_origin_msg being denied
+  ResourceDispatcherHost::Get()->AddSchemeForAccessCheck("https");
+  BrowserThread::PostTask(
+      BrowserThread::IO, FROM_HERE,
+      base::Bind(
+          &ResourceDispatcherHost::RegisterOriginForAccessChecks,
+          base::Unretained(ResourceDispatcherHost::Get()),
+          shell()->web_contents()->GetBrowserContext()->GetResourceContext(),
+          "https://isolated.bar.com",
+          ResourceDispatcherHost::DENY_FOR_NON_OWNERS));
+
   // Web processes cannot make XHRs with chrome:// Origin headers.
   {
     RenderProcessHostWatcher web_process_killed(
         web_rfh->GetProcess(),
         RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
     IPC::IpcSecurityTestUtil::PwnMessageReceived(
         web_rfh->GetProcess()->GetChannel(),
         ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(),
                                         kRequestIdNotPreviouslyUsed,
                                         chrome_origin_msg));
     web_process_killed.Wait();
   }
 
   // Web processes cannot make XHRs with URLs that the content embedder expects
   // to have process isolation.  Ideally this would test chrome-extension://
   // URLs for Chrome Apps, but those can't be tested inside content/ and the
   // ResourceRequest IPC can't be created in a test outside content/.
   NavigateToURL(shell(), web_url);
   {
     // Set up a ContentBrowserClient that simulates an app URL in a non-app
     // process.
-    IsolatedAppContentBrowserClient app_client;
-    ContentBrowserClient* old_client = SetBrowserClientForTesting(&app_client);
     RenderProcessHostWatcher web_process_killed(
         web_rfh->GetProcess(),
         RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
     IPC::IpcSecurityTestUtil::PwnMessageReceived(
         web_rfh->GetProcess()->GetChannel(),
         ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(),
                                         kRequestIdNotPreviouslyUsed,
                                         embedder_isolated_origin_msg));
     web_process_killed.Wait();
-    SetBrowserClientForTesting(old_client);
   }
 
   // Web processes cannot make XHRs with invalid Origin headers.
   NavigateToURL(shell(), web_url);
   {
     RenderProcessHostWatcher web_process_killed(
         web_rfh->GetProcess(),
         RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
     IPC::IpcSecurityTestUtil::PwnMessageReceived(
         web_rfh->GetProcess()->GetChannel(),
@@ skipping 78 matching lines @@
   // separate task of the message loop, so ensure that the process is still
   // considered alive.
   EXPECT_TRUE(root->current_frame_host()->GetProcess()->HasConnection());
 
   exit_observer.Wait();
   EXPECT_FALSE(exit_observer.did_exit_normally());
   ResourceDispatcherHost::Get()->SetDelegate(nullptr);
 }
 
 }  // namespace content